Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ihavenet.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2012, 00:52   #1
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



Hallöchen ich habe ein Problem was schon mehrfach im Forum beschrieben ist.Wenn ich über Mozilla Firefox google werde ich mehrfach über ihavenet.com auf ganz andere Seiten geleitet,leider bin ich nicht ganz so firm bei PC Sachen,Mein Avira Internet Security und auch Microsoft Security Essentiel haben weder Viren,Trojaner oder anderes angezeigt,vielleicht kann mir hier wer helfen,Danke


Mein OTL.Txt:

OTL logfile created on: 14.12.2012 01:30:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 61,11% Memory free
7,72 Gb Paging File | 5,88 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 252,13 Gb Free Space | 84,04% Space Free | Partition Type: NTFS
Drive D: | 395,00 Gb Total Space | 390,86 Gb Free Space | 98,95% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.14 01:05:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012.08.08 11:10:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.16 10:48:56 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.16 10:48:56 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.16 10:48:56 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.16 10:48:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.16 10:48:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.15 18:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.06.03 15:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.02.24 00:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009.07.28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2010.03.15 08:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.12 20:02:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.07 21:13:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.11 18:13:02 | 001,494,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2012.08.17 02:39:36 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.16 10:48:56 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.16 10:48:56 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.16 10:48:56 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.16 10:48:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.16 10:48:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.17 13:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.13 10:50:42 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.11.13 10:50:42 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.16 10:48:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.16 10:48:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.14 20:32:10 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.14 19:18:42 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.04.14 19:06:52 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.15 09:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.15 08:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.10 14:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.12 13:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.07 08:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.02 14:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 21:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.11.09 04:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&tt=290312_bexdll&babsrc=HP_ss&mntrId=54b795ba000000000000b482fef9f998
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 6C 5B AE 6B 1A CD 01 [binary data]
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290312_bexdll&babsrc=SP_ss&mntrId=54b795ba000000000000b482fef9f998
IE - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MakeMeBabies 2.0 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=CT3027459&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 21:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 21:13:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.04.14 20:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012.12.14 00:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\z8a0ry7z.default\extensions
[2012.12.14 00:28:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\z8a0ry7z.default\extensions\firefox@ghostery.com
[2012.12.14 00:28:25 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\z8a0ry7z.default\extensions\browserprotect@browserprotect.com.xpi
[2012.11.05 22:11:15 | 000,000,915 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\z8a0ry7z.default\searchplugins\conduit.xml
[2012.12.07 21:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 21:13:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.14 23:09:43 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.09 15:28:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [qoqshfycz] C:\Users\Nicole\AppData\Roaming\C_20871B.dll ()
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [Rgjlivmmdc] C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll ()
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [SMASH] C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe (SoftMaker Software GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9B7B90F-C0C4-463A-8404-8E807146542B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.13 23:45:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.13 23:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.12.13 23:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.12.07 21:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012.12.14 01:24:54 | 000,024,347 | ---- | M] () -- C:\Users\Nicole\Documents\Trojaner.odt
[2012.12.14 01:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.13 23:24:57 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 23:24:57 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 23:22:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.13 22:31:13 | 001,498,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.13 22:31:13 | 000,654,346 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.13 22:31:13 | 000,616,188 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.13 22:31:13 | 000,130,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.13 22:31:13 | 000,106,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 22:25:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 22:25:39 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.12 15:31:14 | 005,110,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.12 00:40:16 | 000,114,688 | RHS- | M] () -- C:\Users\Nicole\AppData\Roaming\C_20871B.dll
[2012.12.12 00:40:03 | 000,114,688 | RHS- | M] () -- C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll
[2012.12.03 19:42:46 | 000,009,728 | ---- | M] () -- C:\Users\Nicole\nICOLES RATENzahlungen.xlr

========== Files Created - No Company Name ==========

[2012.12.14 01:24:51 | 000,024,347 | ---- | C] () -- C:\Users\Nicole\Documents\Trojaner.odt
[2012.12.13 23:22:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.12.13 23:18:30 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.12.12 00:40:16 | 000,114,688 | RHS- | C] () -- C:\Users\Nicole\AppData\Roaming\C_20871B.dll
[2012.12.12 00:40:03 | 000,114,688 | RHS- | C] () -- C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll
[2012.11.15 06:54:38 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 06:48:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.11 19:45:04 | 000,493,598 | ---- | C] () -- C:\Users\Nicole\DSC00437.JPG
[2012.04.14 18:47:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.14 18:44:24 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.04.14 18:41:47 | 001,766,670 | ---- | C] () -- C:\Users\Nicole\BG leasing.tif
[2012.04.14 18:41:47 | 000,752,074 | ---- | C] () -- C:\Users\Nicole\Dauerauftrag.tif
[2012.04.14 18:41:47 | 000,265,308 | ---- | C] () -- C:\Users\Nicole\Vereinbarung Ratenzahlung 001.jpg
[2012.04.14 18:41:47 | 000,041,472 | ---- | C] () -- C:\Users\Nicole\Torschützenliste SG Abus.wps
[2012.04.14 18:41:47 | 000,013,312 | -H-- | C] () -- C:\Users\Nicole\photothumb.db
[2012.04.14 18:41:47 | 000,012,920 | ---- | C] () -- C:\Users\Nicole\3270211_anmeldung_eines_hundes.pdf
[2012.04.14 18:41:47 | 000,010,752 | ---- | C] () -- C:\Users\Nicole\ratenzahlung 2009.xlr
[2012.04.14 18:41:47 | 000,009,728 | ---- | C] () -- C:\Users\Nicole\nICOLES RATENzahlungen.xlr
[2012.04.14 18:41:47 | 000,000,074 | --S- | C] () -- C:\Users\Nicole\Eigene Bilder
[2012.04.14 18:41:47 | 000,000,070 | --S- | C] () -- C:\Users\Nicole\Eigene Videos
[2012.04.14 18:41:47 | 000,000,068 | --S- | C] () -- C:\Users\Nicole\Eigene Musik

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.04.19 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Amazon
[2012.04.14 23:09:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Babylon
[2012.04.14 23:14:05 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\InstallShare
[2012.04.14 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\LibreOffice
[2012.11.05 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PDAppFlex
[2012.07.19 23:21:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PhotoScape
[2012.11.05 22:26:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftMaker
[2012.04.14 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WinBatch

========== Purity Check ==========

Alt 14.12.2012, 12:18   #2
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [qoqshfycz] C:\Users\Nicole\AppData\Roaming\C_20871B.dll ()
O4 - HKU\S-1-5-21-2224495918-2310542094-2501334353-1000..\Run: [Rgjlivmmdc] C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll ()
 :Files
C:\Users\Nicole\AppData\Roaming\C_20871B.dll
C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.


Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________

Alt 14.12.2012, 22:00   #3
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



Also hab soweit alles gemacht,hier das Ergebniss:

OTL:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2224495918-2310542094-2501334353-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qoqshfycz deleted successfully.
C:\Users\Nicole\AppData\Roaming\C_20871B.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2224495918-2310542094-2501334353-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Rgjlivmmdc deleted successfully.
C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nicole
->Flash cache emptied: 136414 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nicole
->Temp folder emptied: 1019648985 bytes
->Temporary Internet Files folder emptied: 155681104 bytes
->FireFox cache emptied: 1105415775 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 251409045 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.415,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12142012_223630

Files\Folders moved on Reboot...
C:\Users\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20121214222226814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(20121214222228814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20121214222226814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20121214222231814).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






Summary-info:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2224495918-2310542094-2501334353-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qoqshfycz deleted successfully.
C:\Users\Nicole\AppData\Roaming\C_20871B.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2224495918-2310542094-2501334353-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Rgjlivmmdc deleted successfully.
C:\Users\Nicole\AppData\Roaming\korwbrkrr.dll moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nicole
->Flash cache emptied: 136414 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nicole
->Temp folder emptied: 1019648985 bytes
->Temporary Internet Files folder emptied: 155681104 bytes
->FireFox cache emptied: 1105415775 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 251409045 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.415,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12142012_223630

Files\Folders moved on Reboot...
C:\Users\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20121214222226814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(20121214222228814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20121214222226814).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20121214222231814).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________

Alt 15.12.2012, 17:59   #4
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



Hi
du hast 2 mal das selbe Log gepostet, sumary info fehlt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 18:17   #5
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



Das hab ich noch bei summay-info geunden:


System volume information: dwHighDateTime = 0x1cd1a60,dwLowDateTime = 0xeb8886bd
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x54b795ba


Alt 15.12.2012, 18:21   #6
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



Hi
passt, danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> ihavenet.com

Alt 15.12.2012, 18:33   #7
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



So nun das Ergebniss:

Er hat ein Unsigned file
Service:Switchboard
Suspicios Object,medium risk gefunden

Alt 15.12.2012, 18:34   #8
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



Öffne c:
TDSS-Killer-Version-Datum.txt
Inhalt bitte posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 18:43   #9
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



1.Teil:

19:27:14.0198 1084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:27:16.0211 1084 ============================================================
19:27:16.0211 1084 Current date / time: 2012/12/15 19:27:16.0211
19:27:16.0211 1084 SystemInfo:
19:27:16.0211 1084
19:27:16.0211 1084 OS Version: 6.1.7601 ServicePack: 1.0
19:27:16.0211 1084 Product type: Workstation
19:27:16.0211 1084 ComputerName: NICOLE-PC
19:27:16.0211 1084 UserName: Nicole
19:27:16.0211 1084 Windows directory: C:\Windows
19:27:16.0211 1084 System windows directory: C:\Windows
19:27:16.0211 1084 Running under WOW64
19:27:16.0211 1084 Processor architecture: Intel x64
19:27:16.0211 1084 Number of processors: 4
19:27:16.0211 1084 Page size: 0x1000
19:27:16.0211 1084 Boot type: Normal boot
19:27:16.0211 1084 ============================================================
19:27:18.0020 1084 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:18.0114 1084 ============================================================
19:27:18.0114 1084 \Device\Harddisk0\DR0:
19:27:18.0114 1084 MBR partitions:
19:27:18.0114 1084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x200000, BlocksNum 0x25800000
19:27:18.0114 1084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C00000, BlocksNum 0x31600000
19:27:18.0114 1084 ============================================================
19:27:18.0129 1084 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:18.0161 1084 D: <-> \Device\Harddisk0\DR0\Partition2
19:27:18.0161 1084 ============================================================
19:27:18.0161 1084 Initialize success
19:27:18.0161 1084 ============================================================
19:28:34.0710 3764 ============================================================
19:28:34.0710 3764 Scan started
19:28:34.0710 3764 Mode: Manual; SigCheck; TDLFS;
19:28:34.0710 3764 ============================================================
19:28:36.0176 3764 ================ Scan system memory ========================
19:28:36.0176 3764 System memory - ok
19:28:36.0176 3764 ================ Scan services =============================
19:28:36.0379 3764 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:28:36.0504 3764 1394ohci - ok
19:28:36.0535 3764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:28:36.0551 3764 ACPI - ok
19:28:36.0582 3764 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:28:36.0660 3764 AcpiPmi - ok
19:28:36.0769 3764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:28:36.0785 3764 AdobeARMservice - ok
19:28:36.0878 3764 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:28:36.0910 3764 AdobeFlashPlayerUpdateSvc - ok
19:28:36.0956 3764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:36.0988 3764 adp94xx - ok
19:28:37.0019 3764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:28:37.0034 3764 adpahci - ok
19:28:37.0066 3764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:28:37.0081 3764 adpu320 - ok
19:28:37.0112 3764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:28:37.0253 3764 AeLookupSvc - ok
19:28:37.0300 3764 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:28:37.0362 3764 AFD - ok
19:28:37.0393 3764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:28:37.0424 3764 agp440 - ok
19:28:37.0456 3764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:28:37.0518 3764 ALG - ok
19:28:37.0565 3764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:28:37.0580 3764 aliide - ok
19:28:37.0612 3764 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:28:37.0674 3764 AMD External Events Utility - ok
19:28:37.0705 3764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:28:37.0721 3764 amdide - ok
19:28:37.0752 3764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:28:37.0830 3764 AmdK8 - ok
19:28:37.0986 3764 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
19:28:38.0204 3764 amdkmdag - ok
19:28:38.0251 3764 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:28:38.0267 3764 amdkmdap - ok
19:28:38.0298 3764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:28:38.0345 3764 AmdPPM - ok
19:28:38.0392 3764 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:28:38.0407 3764 amdsata - ok
19:28:38.0454 3764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:38.0470 3764 amdsbs - ok
19:28:38.0501 3764 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:28:38.0501 3764 amdxata - ok
19:28:38.0563 3764 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
19:28:38.0610 3764 AntiVirFirewallService - ok
19:28:38.0626 3764 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:28:38.0641 3764 AntiVirMailService - ok
19:28:38.0657 3764 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:28:38.0688 3764 AntiVirSchedulerService - ok
19:28:38.0704 3764 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:28:38.0719 3764 AntiVirService - ok
19:28:38.0750 3764 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:28:38.0766 3764 AntiVirWebService - ok
19:28:38.0797 3764 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:28:38.0969 3764 AppID - ok
19:28:39.0000 3764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:28:39.0078 3764 AppIDSvc - ok
19:28:39.0125 3764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:28:39.0187 3764 Appinfo - ok
19:28:39.0218 3764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:28:39.0234 3764 arc - ok
19:28:39.0250 3764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:28:39.0265 3764 arcsas - ok
19:28:39.0281 3764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:39.0374 3764 AsyncMac - ok
19:28:39.0406 3764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:28:39.0421 3764 atapi - ok
19:28:39.0484 3764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:28:39.0562 3764 AudioEndpointBuilder - ok
19:28:39.0577 3764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:28:39.0608 3764 AudioSrv - ok
19:28:39.0655 3764 [ C5B223B2C174147D00F64E0D783459C7 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
19:28:39.0718 3764 avfwim - ok
19:28:39.0749 3764 [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
19:28:39.0827 3764 avfwot - ok
19:28:39.0842 3764 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:28:39.0920 3764 avgntflt - ok
19:28:39.0936 3764 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:28:40.0014 3764 avipbb - ok
19:28:40.0030 3764 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:28:40.0076 3764 avkmgr - ok
19:28:40.0123 3764 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:28:40.0186 3764 AxInstSV - ok
19:28:40.0232 3764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:28:40.0279 3764 b06bdrv - ok
19:28:40.0310 3764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:28:40.0342 3764 b57nd60a - ok
19:28:40.0451 3764 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:28:40.0560 3764 BCM43XX - ok
19:28:40.0607 3764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:28:40.0685 3764 BDESVC - ok
19:28:40.0716 3764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:28:40.0794 3764 Beep - ok
19:28:40.0856 3764 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:28:40.0934 3764 BFE - ok
19:28:40.0966 3764 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:28:41.0028 3764 BITS - ok
19:28:41.0044 3764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:41.0075 3764 blbdrive - ok
19:28:41.0106 3764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:28:41.0153 3764 bowser - ok
19:28:41.0200 3764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:41.0293 3764 BrFiltLo - ok
19:28:41.0309 3764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:41.0324 3764 BrFiltUp - ok
19:28:41.0371 3764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:28:41.0418 3764 Browser - ok
19:28:41.0449 3764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:28:41.0527 3764 Brserid - ok
19:28:41.0558 3764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:41.0605 3764 BrSerWdm - ok
19:28:41.0621 3764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:41.0652 3764 BrUsbMdm - ok
19:28:41.0652 3764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:41.0668 3764 BrUsbSer - ok
19:28:41.0714 3764 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:28:41.0777 3764 BthEnum - ok
19:28:41.0792 3764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:41.0839 3764 BTHMODEM - ok
19:28:41.0870 3764 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:28:41.0917 3764 BthPan - ok
19:28:41.0948 3764 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:28:42.0026 3764 BTHPORT - ok
19:28:42.0058 3764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:28:42.0120 3764 bthserv - ok
19:28:42.0151 3764 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:28:42.0182 3764 BTHUSB - ok
19:28:42.0214 3764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:28:42.0292 3764 cdfs - ok
19:28:42.0338 3764 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:28:42.0370 3764 cdrom - ok
19:28:42.0401 3764 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
19:28:42.0463 3764 CeKbFilter - ok
19:28:42.0510 3764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:28:42.0572 3764 CertPropSvc - ok
19:28:42.0650 3764 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:28:42.0666 3764 cfWiMAXService - ok
19:28:42.0697 3764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:28:42.0744 3764 circlass - ok
19:28:42.0775 3764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:28:42.0822 3764 CLFS - ok
19:28:42.0884 3764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:42.0900 3764 clr_optimization_v2.0.50727_32 - ok
19:28:42.0947 3764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:28:42.0962 3764 clr_optimization_v2.0.50727_64 - ok
19:28:43.0025 3764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:43.0056 3764 clr_optimization_v4.0.30319_32 - ok
19:28:43.0072 3764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:28:43.0103 3764 clr_optimization_v4.0.30319_64 - ok
19:28:43.0134 3764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:43.0165 3764 CmBatt - ok
19:28:43.0181 3764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:28:43.0196 3764 cmdide - ok
19:28:43.0259 3764 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:28:43.0306 3764 CNG - ok
19:28:43.0352 3764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:28:43.0368 3764 Compbatt - ok
19:28:43.0415 3764 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:28:43.0462 3764 CompositeBus - ok
19:28:43.0477 3764 COMSysApp - ok
19:28:43.0508 3764 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:28:43.0508 3764 ConfigFree Service - ok
19:28:43.0540 3764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:43.0555 3764 crcdisk - ok
19:28:43.0602 3764 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:28:43.0649 3764 CryptSvc - ok
19:28:43.0727 3764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:28:43.0805 3764 DcomLaunch - ok
19:28:43.0852 3764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:28:43.0898 3764 defragsvc - ok
19:28:43.0930 3764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:28:43.0976 3764 DfsC - ok
19:28:44.0023 3764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:28:44.0086 3764 Dhcp - ok
19:28:44.0117 3764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:28:44.0179 3764 discache - ok
19:28:44.0226 3764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:28:44.0242 3764 Disk - ok
19:28:44.0273 3764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:28:44.0320 3764 Dnscache - ok
19:28:44.0351 3764 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:28:44.0413 3764 dot3svc - ok
19:28:44.0429 3764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:28:44.0491 3764 DPS - ok
19:28:44.0507 3764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:28:44.0522 3764 drmkaud - ok
19:28:44.0585 3764 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:28:44.0632 3764 DXGKrnl - ok
19:28:44.0663 3764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:28:44.0725 3764 EapHost - ok
19:28:44.0803 3764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:28:44.0897 3764 ebdrv - ok
19:28:44.0928 3764 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:28:44.0975 3764 EFS - ok
19:28:45.0037 3764 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:28:45.0100 3764 ehRecvr - ok
19:28:45.0115 3764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:28:45.0162 3764 ehSched - ok
19:28:45.0193 3764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:28:45.0224 3764 elxstor - ok
19:28:45.0240 3764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:28:45.0271 3764 ErrDev - ok
19:28:45.0318 3764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:28:45.0380 3764 EventSystem - ok
19:28:45.0412 3764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:28:45.0458 3764 exfat - ok
19:28:45.0474 3764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:28:45.0521 3764 fastfat - ok
19:28:45.0552 3764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:28:45.0630 3764 Fax - ok
19:28:45.0646 3764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:28:45.0692 3764 fdc - ok
19:28:45.0692 3764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:28:45.0739 3764 fdPHost - ok
19:28:45.0770 3764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:28:45.0817 3764 FDResPub - ok
19:28:45.0833 3764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:28:45.0848 3764 FileInfo - ok
19:28:45.0864 3764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:28:45.0926 3764 Filetrace - ok
19:28:45.0942 3764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:45.0958 3764 flpydisk - ok
19:28:46.0004 3764 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:28:46.0036 3764 FltMgr - ok
19:28:46.0067 3764 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:28:46.0129 3764 FontCache - ok
19:28:46.0160 3764 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:28:46.0160 3764 FontCache3.0.0.0 - ok
19:28:46.0192 3764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:28:46.0207 3764 FsDepends - ok
19:28:46.0238 3764 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:28:46.0238 3764 Fs_Rec - ok
19:28:46.0379 3764 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:28:46.0472 3764 fvevol - ok
19:28:46.0660 3764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:46.0691 3764 gagp30kx - ok
19:28:46.0722 3764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:28:46.0784 3764 gpsvc - ok
19:28:46.0816 3764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:28:46.0862 3764 hcw85cir - ok
19:28:46.0909 3764 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:28:46.0956 3764 HdAudAddService - ok
19:28:46.0972 3764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:28:46.0987 3764 HDAudBus - ok
19:28:47.0034 3764 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:28:47.0096 3764 HECIx64 - ok
19:28:47.0112 3764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:47.0143 3764 HidBatt - ok
19:28:47.0174 3764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:28:47.0206 3764 HidBth - ok
19:28:47.0237 3764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:28:47.0268 3764 HidIr - ok
19:28:47.0299 3764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:28:47.0346 3764 hidserv - ok
19:28:47.0393 3764 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:28:47.0393 3764 HidUsb - ok
19:28:47.0424 3764 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:28:47.0502 3764 hkmsvc - ok
19:28:47.0549 3764 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:28:47.0580 3764 HomeGroupListener - ok
19:28:47.0611 3764 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:28:47.0642 3764 HomeGroupProvider - ok
19:28:47.0674 3764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:28:47.0705 3764 HpSAMD - ok
19:28:47.0752 3764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:28:47.0814 3764 HTTP - ok
19:28:47.0830 3764 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:28:47.0845 3764 hwpolicy - ok
19:28:47.0892 3764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:28:47.0923 3764 i8042prt - ok
19:28:47.0970 3764 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:28:48.0001 3764 iaStorV - ok
19:28:48.0064 3764 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:28:48.0095 3764 idsvc - ok
19:28:48.0126 3764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:28:48.0142 3764 iirsp - ok
19:28:48.0173 3764 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:28:48.0251 3764 IKEEXT - ok
19:28:48.0313 3764 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:28:48.0360 3764 Impcd - ok
19:28:48.0438 3764 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:28:48.0547 3764 IntcAzAudAddService - ok
19:28:48.0578 3764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:28:48.0594 3764 intelide - ok
19:28:48.0625 3764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:28:48.0656 3764 intelppm - ok
19:28:48.0688 3764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:28:48.0750 3764 IPBusEnum - ok
19:28:48.0797 3764 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:48.0844 3764 IpFilterDriver - ok
19:28:48.0906 3764 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:28:48.0937 3764 iphlpsvc - ok
19:28:48.0968 3764 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:28:49.0000 3764 IPMIDRV - ok
19:28:49.0015 3764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:28:49.0093 3764 IPNAT - ok
19:28:49.0109 3764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:28:49.0187 3764 IRENUM - ok
19:28:49.0218 3764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:28:49.0218 3764 isapnp - ok
19:28:49.0249 3764 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:28:49.0280 3764 iScsiPrt - ok
19:28:49.0280 3764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:49.0296 3764 kbdclass - ok
19:28:49.0312 3764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:28:49.0343 3764 kbdhid - ok
19:28:49.0343 3764 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:28:49.0358 3764 KeyIso - ok
19:28:49.0390 3764 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:28:49.0390 3764 KSecDD - ok
19:28:49.0421 3764 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:28:49.0436 3764 KSecPkg - ok
19:28:49.0452 3764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:28:49.0499 3764 ksthunk - ok
19:28:49.0546 3764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:28:49.0624 3764 KtmRm - ok
19:28:49.0655 3764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:28:49.0686 3764 LanmanServer - ok
19:28:49.0717 3764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:28:49.0764 3764 LanmanWorkstation - ok
19:28:49.0811 3764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:28:49.0858 3764 lltdio - ok
19:28:49.0889 3764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:28:49.0951 3764 lltdsvc - ok
19:28:49.0967 3764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:28:49.0998 3764 lmhosts - ok
19:28:50.0060 3764 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:28:50.0123 3764 LMS - ok
19:28:50.0170 3764 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
19:28:50.0248 3764 LPCFilter - ok
19:28:50.0279 3764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:50.0294 3764 LSI_FC - ok
19:28:50.0326 3764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:50.0341 3764 LSI_SAS - ok
19:28:50.0357 3764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:50.0372 3764 LSI_SAS2 - ok
19:28:50.0372 3764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:50.0388 3764 LSI_SCSI - ok
19:28:50.0419 3764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:28:50.0466 3764 luafv - ok
19:28:50.0513 3764 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:28:50.0544 3764 Mcx2Svc - ok
19:28:50.0560 3764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:28:50.0560 3764 megasas - ok
19:28:50.0591 3764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:50.0606 3764 MegaSR - ok
19:28:50.0638 3764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:28:50.0700 3764 MMCSS - ok
19:28:50.0731 3764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:28:50.0794 3764 Modem - ok
19:28:50.0825 3764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:28:50.0872 3764 monitor - ok
19:28:50.0903 3764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:28:50.0918 3764 mouclass - ok
19:28:50.0965 3764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:28:50.0996 3764 mouhid - ok
19:28:51.0028 3764 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:28:51.0059 3764 mountmgr - ok
19:28:51.0106 3764 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:28:51.0137 3764 MozillaMaintenance - ok
19:28:51.0168 3764 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:28:51.0184 3764 MpFilter - ok
19:28:51.0215 3764 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:28:51.0230 3764 mpio - ok
19:28:51.0277 3764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:28:51.0324 3764 mpsdrv - ok
19:28:51.0355 3764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:28:51.0433 3764 MpsSvc - ok
19:28:51.0449 3764 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:28:51.0480 3764 MRxDAV - ok
19:28:51.0511 3764 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:51.0542 3764 mrxsmb - ok
19:28:51.0574 3764 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:51.0589 3764 mrxsmb10 - ok
19:28:51.0620 3764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:51.0714 3764 mrxsmb20 - ok
19:28:51.0745 3764 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:28:51.0761 3764 msahci - ok
19:28:51.0792 3764 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:28:51.0808 3764 msdsm - ok
19:28:51.0823 3764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:28:51.0854 3764 MSDTC - ok
19:28:51.0886 3764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:28:51.0932 3764 Msfs - ok
19:28:51.0948 3764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:28:51.0995 3764 mshidkmdf - ok
19:28:52.0010 3764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:28:52.0026 3764 msisadrv - ok
19:28:52.0073 3764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:28:52.0104 3764 MSiSCSI - ok
19:28:52.0120 3764 msiserver - ok
19:28:52.0151 3764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:28:52.0198 3764 MSKSSRV - ok
19:28:52.0276 3764 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:28:52.0291 3764 MsMpSvc - ok
19:28:52.0322 3764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:52.0369 3764 MSPCLOCK - ok
19:28:52.0400 3764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:28:52.0447 3764 MSPQM - ok
19:28:52.0478 3764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:28:52.0494 3764 MsRPC - ok
19:28:52.0525 3764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:28:52.0541 3764 mssmbios - ok
19:28:52.0588 3764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:28:52.0650 3764 MSTEE - ok
19:28:52.0650 3764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:52.0666 3764 MTConfig - ok
19:28:52.0681 3764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:28:52.0697 3764 Mup - ok
19:28:52.0728 3764 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:28:52.0790 3764 napagent - ok
19:28:52.0837 3764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:28:52.0884 3764 NativeWifiP - ok
19:28:52.0931 3764 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:28:52.0978 3764 NDIS - ok
19:28:53.0009 3764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:53.0056 3764 NdisCap - ok
19:28:53.0071 3764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:53.0118 3764 NdisTapi - ok
19:28:53.0165 3764 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:53.0227 3764 Ndisuio - ok
19:28:53.0258 3764 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:53.0305 3764 NdisWan - ok
19:28:53.0336 3764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:28:53.0383 3764 NDProxy - ok
19:28:53.0414 3764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:28:53.0461 3764 NetBIOS - ok
19:28:53.0492 3764 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:28:53.0555 3764 NetBT - ok
19:28:53.0586 3764 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:28:53.0586 3764 Netlogon - ok
19:28:53.0633 3764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:28:53.0680 3764 Netman - ok
19:28:53.0695 3764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:28:53.0742 3764 netprofm - ok
19:28:53.0758 3764 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:53.0773 3764 NetTcpPortSharing - ok
19:28:53.0820 3764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:53.0836 3764 nfrd960 - ok
19:28:53.0882 3764 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:28:53.0914 3764 NisDrv - ok
19:28:53.0945 3764 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:28:53.0976 3764 NisSrv - ok
19:28:54.0007 3764 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:28:54.0038 3764 NlaSvc - ok
19:28:54.0054 3764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:28:54.0116 3764 Npfs - ok
19:28:54.0132 3764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:28:54.0179 3764 nsi - ok
19:28:54.0194 3764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:28:54.0241 3764 nsiproxy - ok
19:28:54.0304 3764 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:28:54.0366 3764 Ntfs - ok
19:28:54.0382 3764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:28:54.0460 3764 Null - ok
19:28:54.0491 3764 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:28:54.0506 3764 nvraid - ok
19:28:54.0538 3764 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:28:54.0584 3764 nvstor - ok
19:28:54.0600 3764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:28:54.0616 3764 nv_agp - ok
19:28:54.0694 3764 [ 71C97F97A909A990C7F60C77908BAFF9 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
19:28:54.0740 3764 OfficeSvc - ok
19:28:54.0772 3764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:28:54.0803 3764 ohci1394 - ok
19:28:54.0896 3764 [ FF93D67903FDEABCD4470CD82F44ACFA ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:54.0912 3764 ose - ok
19:28:55.0052 3764 [ 31DC8D825D2C4EB0FF7ED021BB92C541 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:28:55.0193 3764 osppsvc - ok
19:28:55.0224 3764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:28:55.0255 3764 p2pimsvc - ok
19:28:55.0271 3764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:28:55.0318 3764 p2psvc - ok
19:28:55.0333 3764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:28:55.0380 3764 Parport - ok
19:28:55.0411 3764 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:28:55.0442 3764 partmgr - ok
19:28:55.0458 3764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:28:55.0474 3764 PcaSvc - ok
19:28:55.0505 3764 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:28:55.0520 3764 pci - ok
19:28:55.0536 3764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:28:55.0552 3764 pciide - ok
19:28:55.0583 3764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:55.0598 3764 pcmcia - ok
19:28:55.0614 3764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:28:55.0630 3764 pcw - ok
19:28:55.0645 3764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:28:55.0692 3764 PEAUTH - ok
19:28:55.0754 3764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:28:55.0801 3764 PerfHost - ok
19:28:55.0848 3764 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
19:28:55.0910 3764 PGEffect - ok
19:28:55.0957 3764 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:28:56.0035 3764 pla - ok
19:28:56.0098 3764 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:28:56.0129 3764 PlugPlay - ok
19:28:56.0160 3764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:28:56.0160 3764 PNRPAutoReg - ok
19:28:56.0191 3764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:28:56.0207 3764 PNRPsvc - ok
19:28:56.0238 3764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:28:56.0285 3764 PolicyAgent - ok
19:28:56.0300 3764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:28:56.0347 3764 Power - ok
19:28:56.0363 3764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:28:56.0425 3764 PptpMiniport - ok
19:28:56.0456 3764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:28:56.0456 3764 Processor - ok
19:28:56.0488 3764 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:28:56.0534 3764 ProfSvc - ok
19:28:56.0550 3764 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:28:56.0581 3764 ProtectedStorage - ok
19:28:56.0628 3764 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:28:56.0675 3764 Psched - ok
19:28:56.0722 3764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:28:56.0768 3764 ql2300 - ok
19:28:56.0800 3764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:56.0815 3764 ql40xx - ok
19:28:56.0831 3764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:28:56.0846 3764 QWAVE - ok
19:28:56.0862 3764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:28:56.0893 3764 QWAVEdrv - ok
19:28:56.0909 3764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:28:56.0956 3764 RasAcd - ok
19:28:56.0987 3764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:57.0018 3764 RasAgileVpn - ok
19:28:57.0049 3764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:28:57.0096 3764 RasAuto - ok
19:28:57.0127 3764 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:57.0205 3764 Rasl2tp - ok
19:28:57.0221 3764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:28:57.0299 3764 RasMan - ok
19:28:57.0330 3764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:57.0392 3764 RasPppoe - ok
19:28:57.0408 3764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:28:57.0439 3764 RasSstp - ok
19:28:57.0470 3764 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:28:57.0548 3764 rdbss - ok
19:28:57.0548 3764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:57.0580 3764 rdpbus - ok
19:28:57.0595 3764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:57.0642 3764 RDPCDD - ok
19:28:57.0658 3764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:28:57.0704 3764 RDPENCDD - ok
19:28:57.0720 3764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:28:57.0751 3764 RDPREFMP - ok
19:28:57.0814 3764 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:28:57.0845 3764 RdpVideoMiniport - ok
19:28:57.0876 3764 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:28:57.0923 3764 RDPWD - ok
19:28:57.0970 3764 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:28:58.0001 3764 rdyboost - ok
19:28:58.0016 3764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:28:58.0063 3764 RemoteAccess - ok
19:28:58.0094 3764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:28:58.0141 3764 RemoteRegistry - ok
19:28:58.0172 3764 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:58.0188 3764 RFCOMM - ok
19:28:58.0219 3764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:28:58.0266 3764 RpcEptMapper - ok
19:28:58.0282 3764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:28:58.0313 3764 RpcLocator - ok
19:28:58.0344 3764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:28:58.0391 3764 RpcSs - ok
19:28:58.0422 3764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:28:58.0484 3764 rspndr - ok
19:28:58.0531 3764 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:28:58.0578 3764 RSUSBSTOR - ok
19:28:58.0625 3764 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:28:58.0687 3764 RTHDMIAzAudService - ok
19:28:58.0718 3764 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:28:58.0765 3764 RTL8167 - ok
19:28:58.0781 3764 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:28:58.0796 3764 SamSs - ok
19:28:58.0812 3764 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:28:58.0828 3764 sbp2port - ok
19:28:58.0859 3764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:28:58.0906 3764 SCardSvr - ok
19:28:58.0937 3764 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:28:58.0984 3764 scfilter - ok
19:28:59.0030 3764 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:28:59.0124 3764 Schedule - ok
19:28:59.0140 3764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:28:59.0186 3764 SCPolicySvc - ok
19:28:59.0202 3764 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:28:59.0233 3764 SDRSVC - ok
19:28:59.0264 3764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:28:59.0311 3764 secdrv - ok
19:28:59.0342 3764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:28:59.0389 3764 seclogon - ok
19:28:59.0405 3764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:28:59.0452 3764 SENS - ok
19:28:59.0483 3764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:28:59.0530 3764 SensrSvc - ok
19:28:59.0545 3764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:28:59.0561 3764 Serenum - ok
19:28:59.0592 3764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:28:59.0623 3764 Serial - ok
19:28:59.0670 3764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:28:59.0686 3764 sermouse - ok
19:28:59.0732 3764 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:28:59.0810 3764 SessionEnv - ok
19:28:59.0842 3764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:28:59.0873 3764 sffdisk - ok
19:28:59.0888 3764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:28:59.0920 3764 sffp_mmc - ok
19:28:59.0920 3764 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:28:59.0951 3764 sffp_sd - ok
19:28:59.0966 3764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:59.0982 3764 sfloppy - ok
19:29:00.0029 3764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:29:00.0076 3764 SharedAccess - ok
19:29:00.0107 3764 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:00.0185 3764 ShellHWDetection - ok
19:29:00.0216 3764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:00.0232 3764 SiSRaid2 - ok
19:29:00.0263 3764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:00.0263 3764 SiSRaid4 - ok
19:29:00.0294 3764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:29:00.0341 3764 Smb - ok
19:29:00.0372 3764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:29:00.0388 3764 SNMPTRAP - ok
19:29:00.0419 3764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:29:00.0419 3764 spldr - ok
19:29:00.0466 3764 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:29:00.0528 3764 Spooler - ok
19:29:00.0622 3764 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:29:00.0715 3764 sppsvc - ok
19:29:00.0746 3764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:29:00.0824 3764 sppuinotify - ok
19:29:00.0856 3764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:29:00.0918 3764 srv - ok
19:29:00.0934 3764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:29:00.0980 3764 srv2 - ok
19:29:01.0012 3764 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:29:01.0043 3764 srvnet - ok
19:29:01.0090 3764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:29:01.0168 3764 SSDPSRV - ok
19:29:01.0183 3764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:29:01.0214 3764 SstpSvc - ok
19:29:01.0230 3764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:29:01.0246 3764 stexstor - ok
19:29:01.0277 3764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:29:01.0324 3764 stisvc - ok
19:29:01.0355 3764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:29:01.0355 3764 swenum - ok
19:29:01.0464 3764 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:29:01.0589 3764 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:29:01.0589 3764 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:29:01.0620 3764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:29:01.0667 3764 swprv - ok
19:29:01.0729 3764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:29:01.0792 3764 SysMain - ok
19:29:01.0807 3764 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:01.0838 3764 TabletInputService - ok
19:29:01.0870 3764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:29:01.0932 3764 TapiSrv - ok
19:29:01.0948 3764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:29:01.0994 3764 TBS - ok
19:29:02.0072 3764 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:29:02.0119 3764 Tcpip - ok
19:29:02.0150 3764 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:29:02.0182 3764 TCPIP6 - ok
19:29:02.0197 3764 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:29:02.0228 3764 tcpipreg - ok
19:29:02.0275 3764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:29:02.0306 3764 TDPIPE - ok
19:29:02.0338 3764 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:29:02.0384 3764 TDTCP - ok
19:29:02.0416 3764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:29:02.0462 3764 tdx - ok
19:29:02.0478 3764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:29:02.0494 3764 TermDD - ok
19:29:02.0540 3764 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:29:02.0587 3764 TermService - ok
19:29:02.0618 3764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:29:02.0634 3764 Themes - ok
19:29:02.0650 3764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:29:02.0696 3764 THREADORDER - ok
19:29:02.0790 3764 [ 38C0CF9740C5AFA3EAFFE2699891B992 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:29:02.0806 3764 TOSHIBA Bluetooth Service - ok
19:29:02.0852 3764 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:29:02.0868 3764 TOSHIBA HDD SSD Alert Service - ok
19:29:02.0884 3764 Tosrfcom - ok
19:29:02.0915 3764 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
19:29:02.0915 3764 tosrfec - ok
19:29:02.0946 3764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:29:02.0993 3764 TrkWks - ok
19:29:03.0055 3764 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:03.0118 3764 TrustedInstaller - ok
19:29:03.0149 3764 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:03.0180 3764 tssecsrv - ok
19:29:03.0211 3764 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:29:03.0258 3764 TsUsbFlt - ok
19:29:03.0320 3764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:29:03.0383 3764 tunnel - ok
19:29:03.0430 3764 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:29:03.0492 3764 TVALZ - ok
19:29:03.0523 3764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:29:03.0539 3764 uagp35 - ok
19:29:03.0570 3764 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:29:03.0648 3764 udfs - ok
19:29:03.0679 3764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:29:03.0710 3764 UI0Detect - ok
19:29:03.0726 3764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:29:03.0742 3764 uliagpkx - ok
19:29:03.0788 3764 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:29:03.0804 3764 umbus - ok
19:29:03.0835 3764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:29:03.0866 3764 UmPass - ok
19:29:03.0976 3764 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:29:04.0054 3764 UNS - ok
19:29:04.0085 3764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:29:04.0132 3764 upnphost - ok
19:29:04.0147 3764 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:04.0178 3764 usbccgp - ok
19:29:04.0210 3764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:29:04.0225 3764 usbcir - ok
19:29:04.0241 3764 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:29:04.0256 3764 usbehci - ok
19:29:04.0288 3764 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:29:04.0303 3764 usbhub - ok
19:29:04.0319 3764 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:29:04.0350 3764 usbohci - ok
19:29:04.0366 3764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:29:04.0412 3764 usbprint - ok
19:29:04.0444 3764 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:29:04.0475 3764 usbscan - ok
19:29:04.0490 3764 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:04.0537 3764 USBSTOR - ok
19:29:04.0568 3764 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:29:04.0600 3764 usbuhci - ok
19:29:04.0646 3764 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:29:04.0662 3764 usbvideo - ok
19:29:04.0678 3764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:29:04.0740 3764 UxSms - ok
19:29:04.0740 3764 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

Alt 15.12.2012, 18:44   #10
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



2.Teil:

19:29:04.0756 3764 VaultSvc - ok
19:29:04.0771 3764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:29:04.0787 3764 vdrvroot - ok
19:29:04.0818 3764 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:29:04.0865 3764 vds - ok
19:29:04.0896 3764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:04.0912 3764 vga - ok
19:29:04.0927 3764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:29:04.0958 3764 VgaSave - ok
19:29:05.0005 3764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:29:05.0005 3764 vhdmp - ok
19:29:05.0021 3764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:29:05.0036 3764 viaide - ok
19:29:05.0052 3764 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:29:05.0068 3764 volmgr - ok
19:29:05.0099 3764 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:29:05.0114 3764 volmgrx - ok
19:29:05.0146 3764 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:29:05.0161 3764 volsnap - ok
19:29:05.0192 3764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:05.0208 3764 vsmraid - ok
19:29:05.0286 3764 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:29:05.0348 3764 VSS - ok
19:29:05.0380 3764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:05.0411 3764 vwifibus - ok
19:29:05.0426 3764 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:05.0442 3764 vwififlt - ok
19:29:05.0473 3764 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:29:05.0520 3764 vwifimp - ok
19:29:05.0567 3764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:29:05.0629 3764 W32Time - ok
19:29:05.0645 3764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:29:05.0692 3764 WacomPen - ok
19:29:05.0738 3764 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:29:05.0785 3764 WANARP - ok
19:29:05.0785 3764 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:29:05.0816 3764 Wanarpv6 - ok
19:29:05.0863 3764 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:29:05.0941 3764 wbengine - ok
19:29:05.0972 3764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:29:06.0004 3764 WbioSrvc - ok
19:29:06.0035 3764 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:29:06.0097 3764 wcncsvc - ok
19:29:06.0113 3764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:06.0144 3764 WcsPlugInService - ok
19:29:06.0175 3764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:29:06.0191 3764 Wd - ok
19:29:06.0222 3764 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:29:06.0253 3764 Wdf01000 - ok
19:29:06.0269 3764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:29:06.0362 3764 WdiServiceHost - ok
19:29:06.0378 3764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:29:06.0394 3764 WdiSystemHost - ok
19:29:06.0425 3764 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:29:06.0456 3764 WebClient - ok
19:29:06.0487 3764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:29:06.0550 3764 Wecsvc - ok
19:29:06.0565 3764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:29:06.0628 3764 wercplsupport - ok
19:29:06.0628 3764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:29:06.0690 3764 WerSvc - ok
19:29:06.0721 3764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:06.0768 3764 WfpLwf - ok
19:29:06.0784 3764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:29:06.0799 3764 WIMMount - ok
19:29:06.0815 3764 WinDefend - ok
19:29:06.0815 3764 WinHttpAutoProxySvc - ok
19:29:06.0862 3764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:29:06.0908 3764 Winmgmt - ok
19:29:06.0955 3764 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:29:07.0018 3764 WinRM - ok
19:29:07.0049 3764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:29:07.0096 3764 Wlansvc - ok
19:29:07.0127 3764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:29:07.0158 3764 WmiAcpi - ok
19:29:07.0189 3764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:29:07.0220 3764 wmiApSrv - ok
19:29:07.0252 3764 WMPNetworkSvc - ok
19:29:07.0283 3764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:29:07.0314 3764 WPCSvc - ok
19:29:07.0345 3764 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:29:07.0392 3764 WPDBusEnum - ok
19:29:07.0408 3764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:29:07.0486 3764 ws2ifsl - ok
19:29:07.0517 3764 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:29:07.0548 3764 wscsvc - ok
19:29:07.0548 3764 WSearch - ok
19:29:07.0626 3764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:29:07.0704 3764 wuauserv - ok
19:29:07.0735 3764 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:29:07.0798 3764 WudfPf - ok
19:29:07.0829 3764 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:07.0844 3764 WUDFRd - ok
19:29:07.0891 3764 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:29:07.0907 3764 wudfsvc - ok
19:29:07.0922 3764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:29:07.0954 3764 WwanSvc - ok
19:29:07.0969 3764 ================ Scan global ===============================
19:29:07.0985 3764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:29:08.0016 3764 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:08.0032 3764 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:08.0047 3764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:29:08.0078 3764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:29:08.0078 3764 [Global] - ok
19:29:08.0078 3764 ================ Scan MBR ==================================
19:29:08.0094 3764 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:29:09.0077 3764 \Device\Harddisk0\DR0 - ok
19:29:09.0077 3764 ================ Scan VBR ==================================
19:29:09.0108 3764 [ 7E466C2B02C08B4F07172A629C5A37F3 ] \Device\Harddisk0\DR0\Partition1
19:29:09.0108 3764 \Device\Harddisk0\DR0\Partition1 - ok
19:29:09.0124 3764 [ F214AA564238520DD7B7AE6AD3FDB8A3 ] \Device\Harddisk0\DR0\Partition2
19:29:09.0124 3764 \Device\Harddisk0\DR0\Partition2 - ok
19:29:09.0139 3764 ============================================================
19:29:09.0139 3764 Scan finished
19:29:09.0139 3764 ============================================================
19:29:09.0139 0220 Detected object count: 1
19:29:09.0139 0220 Actual detected object count: 1
19:29:26.0034 0220 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:26.0034 0220 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:34.0021 4000 ============================================================
19:29:34.0021 4000 Scan started
19:29:34.0021 4000 Mode: Manual; SigCheck; TDLFS;
19:29:34.0021 4000 ============================================================
19:29:34.0364 4000 ================ Scan system memory ========================
19:29:34.0364 4000 System memory - ok
19:29:34.0380 4000 ================ Scan services =============================
19:29:34.0505 4000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:29:34.0536 4000 1394ohci - ok
19:29:34.0552 4000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:29:34.0567 4000 ACPI - ok
19:29:34.0583 4000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:29:34.0598 4000 AcpiPmi - ok
19:29:34.0692 4000 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:29:34.0708 4000 AdobeARMservice - ok
19:29:34.0786 4000 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:34.0817 4000 AdobeFlashPlayerUpdateSvc - ok
19:29:34.0832 4000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:34.0864 4000 adp94xx - ok
19:29:34.0879 4000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:29:34.0895 4000 adpahci - ok
19:29:34.0910 4000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:29:34.0926 4000 adpu320 - ok
19:29:34.0942 4000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:29:34.0973 4000 AeLookupSvc - ok
19:29:35.0004 4000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:29:35.0035 4000 AFD - ok
19:29:35.0082 4000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:29:35.0098 4000 agp440 - ok
19:29:35.0113 4000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:29:35.0129 4000 ALG - ok
19:29:35.0144 4000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:29:35.0160 4000 aliide - ok
19:29:35.0176 4000 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:29:35.0191 4000 AMD External Events Utility - ok
19:29:35.0222 4000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:29:35.0222 4000 amdide - ok
19:29:35.0254 4000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:29:35.0285 4000 AmdK8 - ok
19:29:35.0425 4000 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
19:29:35.0503 4000 amdkmdag - ok
19:29:35.0519 4000 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:35.0534 4000 amdkmdap - ok
19:29:35.0566 4000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:29:35.0581 4000 AmdPPM - ok
19:29:35.0597 4000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:29:35.0612 4000 amdsata - ok
19:29:35.0628 4000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:35.0644 4000 amdsbs - ok
19:29:35.0644 4000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:29:35.0659 4000 amdxata - ok
19:29:35.0722 4000 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
19:29:35.0737 4000 AntiVirFirewallService - ok
19:29:35.0768 4000 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:29:35.0784 4000 AntiVirMailService - ok
19:29:35.0815 4000 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:29:35.0815 4000 AntiVirSchedulerService - ok
19:29:35.0846 4000 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:29:35.0862 4000 AntiVirService - ok
19:29:35.0878 4000 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:29:35.0893 4000 AntiVirWebService - ok
19:29:35.0909 4000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:29:35.0956 4000 AppID - ok
19:29:35.0971 4000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:29:36.0002 4000 AppIDSvc - ok
19:29:36.0034 4000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:29:36.0080 4000 Appinfo - ok
19:29:36.0096 4000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:29:36.0112 4000 arc - ok
19:29:36.0127 4000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:29:36.0143 4000 arcsas - ok
19:29:36.0158 4000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:36.0205 4000 AsyncMac - ok
19:29:36.0221 4000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:29:36.0236 4000 atapi - ok
19:29:36.0283 4000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:29:36.0330 4000 AudioEndpointBuilder - ok
19:29:36.0346 4000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:29:36.0392 4000 AudioSrv - ok
19:29:36.0424 4000 [ C5B223B2C174147D00F64E0D783459C7 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
19:29:36.0486 4000 avfwim - ok
19:29:36.0502 4000 [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
19:29:36.0580 4000 avfwot - ok
19:29:36.0580 4000 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:29:36.0642 4000 avgntflt - ok
19:29:36.0658 4000 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:29:36.0720 4000 avipbb - ok
19:29:36.0736 4000 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:29:36.0767 4000 avkmgr - ok
19:29:36.0798 4000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:29:36.0814 4000 AxInstSV - ok
19:29:36.0845 4000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:29:36.0860 4000 b06bdrv - ok
19:29:36.0876 4000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:36.0892 4000 b57nd60a - ok
19:29:36.0970 4000 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:29:37.0063 4000 BCM43XX - ok
19:29:37.0094 4000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:29:37.0110 4000 BDESVC - ok
19:29:37.0141 4000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:29:37.0172 4000 Beep - ok
19:29:37.0204 4000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:29:37.0250 4000 BFE - ok
19:29:37.0282 4000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:29:37.0313 4000 BITS - ok
19:29:37.0328 4000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:37.0344 4000 blbdrive - ok
19:29:37.0375 4000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:29:37.0375 4000 bowser - ok
19:29:37.0406 4000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:37.0422 4000 BrFiltLo - ok
19:29:37.0422 4000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:37.0438 4000 BrFiltUp - ok
19:29:37.0469 4000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:29:37.0500 4000 Browser - ok
19:29:37.0516 4000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:29:37.0531 4000 Brserid - ok
19:29:37.0547 4000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:37.0562 4000 BrSerWdm - ok
19:29:37.0578 4000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:37.0594 4000 BrUsbMdm - ok
19:29:37.0609 4000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:37.0625 4000 BrUsbSer - ok
19:29:37.0656 4000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:29:37.0672 4000 BthEnum - ok
19:29:37.0687 4000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:37.0703 4000 BTHMODEM - ok
19:29:37.0734 4000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:29:37.0750 4000 BthPan - ok
19:29:37.0781 4000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:29:37.0812 4000 BTHPORT - ok
19:29:37.0828 4000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:29:37.0874 4000 bthserv - ok
19:29:37.0906 4000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:29:37.0921 4000 BTHUSB - ok
19:29:37.0937 4000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:29:37.0968 4000 cdfs - ok
19:29:37.0999 4000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:29:38.0015 4000 cdrom - ok
19:29:38.0046 4000 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
19:29:38.0108 4000 CeKbFilter - ok
19:29:38.0124 4000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:29:38.0155 4000 CertPropSvc - ok
19:29:38.0249 4000 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:29:38.0264 4000 cfWiMAXService - ok
19:29:38.0296 4000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:29:38.0327 4000 circlass - ok
19:29:38.0342 4000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:29:38.0358 4000 CLFS - ok
19:29:38.0420 4000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:38.0436 4000 clr_optimization_v2.0.50727_32 - ok
19:29:38.0483 4000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:38.0498 4000 clr_optimization_v2.0.50727_64 - ok
19:29:38.0545 4000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:38.0576 4000 clr_optimization_v4.0.30319_32 - ok
19:29:38.0608 4000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:38.0623 4000 clr_optimization_v4.0.30319_64 - ok
19:29:38.0654 4000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:38.0670 4000 CmBatt - ok
19:29:38.0686 4000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:29:38.0701 4000 cmdide - ok
19:29:38.0748 4000 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:29:38.0779 4000 CNG - ok
19:29:38.0795 4000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:29:38.0810 4000 Compbatt - ok
19:29:38.0826 4000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:29:38.0842 4000 CompositeBus - ok
19:29:38.0857 4000 COMSysApp - ok
19:29:38.0888 4000 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:29:38.0904 4000 ConfigFree Service - ok
19:29:38.0920 4000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:38.0935 4000 crcdisk - ok
19:29:38.0982 4000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:29:38.0998 4000 CryptSvc - ok
19:29:39.0044 4000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:29:39.0107 4000 DcomLaunch - ok
19:29:39.0138 4000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:29:39.0169 4000 defragsvc - ok
19:29:39.0200 4000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:29:39.0247 4000 DfsC - ok
19:29:39.0278 4000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:29:39.0294 4000 Dhcp - ok
19:29:39.0325 4000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:29:39.0372 4000 discache - ok
19:29:39.0388 4000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:29:39.0403 4000 Disk - ok
19:29:39.0434 4000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:29:39.0450 4000 Dnscache - ok
19:29:39.0481 4000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:29:39.0512 4000 dot3svc - ok
19:29:39.0528 4000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:29:39.0559 4000 DPS - ok
19:29:39.0575 4000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:29:39.0590 4000 drmkaud - ok
19:29:39.0637 4000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:29:39.0668 4000 DXGKrnl - ok
19:29:39.0684 4000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:29:39.0731 4000 EapHost - ok
19:29:39.0809 4000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:29:39.0856 4000 ebdrv - ok
19:29:39.0887 4000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:29:39.0887 4000 EFS - ok
19:29:39.0949 4000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:29:39.0996 4000 ehRecvr - ok
19:29:40.0012 4000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:29:40.0027 4000 ehSched - ok
19:29:40.0058 4000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:29:40.0074 4000 elxstor - ok
19:29:40.0090 4000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:29:40.0105 4000 ErrDev - ok
19:29:40.0136 4000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:29:40.0199 4000 EventSystem - ok
19:29:40.0230 4000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:29:40.0261 4000 exfat - ok
19:29:40.0277 4000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:29:40.0339 4000 fastfat - ok
19:29:40.0370 4000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:29:40.0386 4000 Fax - ok
19:29:40.0402 4000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:29:40.0417 4000 fdc - ok
19:29:40.0433 4000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:29:40.0464 4000 fdPHost - ok
19:29:40.0480 4000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:29:40.0526 4000 FDResPub - ok
19:29:40.0542 4000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:29:40.0558 4000 FileInfo - ok
19:29:40.0573 4000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:29:40.0604 4000 Filetrace - ok
19:29:40.0636 4000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:40.0636 4000 flpydisk - ok
19:29:40.0698 4000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:29:40.0729 4000 FltMgr - ok
19:29:40.0776 4000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:29:40.0807 4000 FontCache - ok
19:29:40.0838 4000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:40.0854 4000 FontCache3.0.0.0 - ok
19:29:40.0870 4000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:29:40.0885 4000 FsDepends - ok
19:29:40.0916 4000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:29:40.0916 4000 Fs_Rec - ok
19:29:40.0948 4000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:29:40.0963 4000 fvevol - ok
19:29:40.0979 4000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:40.0979 4000 gagp30kx - ok
19:29:41.0026 4000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:29:41.0088 4000 gpsvc - ok
19:29:41.0104 4000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:29:41.0119 4000 hcw85cir - ok
19:29:41.0166 4000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:29:41.0197 4000 HdAudAddService - ok
19:29:41.0213 4000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:29:41.0228 4000 HDAudBus - ok
19:29:41.0260 4000 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:29:41.0306 4000 HECIx64 - ok
19:29:41.0322 4000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:41.0338 4000 HidBatt - ok
19:29:41.0353 4000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:29:41.0384 4000 HidBth - ok
19:29:41.0384 4000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:29:41.0416 4000 HidIr - ok
19:29:41.0431 4000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:29:41.0462 4000 hidserv - ok
19:29:41.0494 4000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:29:41.0509 4000 HidUsb - ok
19:29:41.0540 4000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:29:41.0572 4000 hkmsvc - ok
19:29:41.0603 4000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:29:41.0650 4000 HomeGroupListener - ok
19:29:41.0681 4000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:29:41.0696 4000 HomeGroupProvider - ok
19:29:41.0728 4000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:29:41.0743 4000 HpSAMD - ok
19:29:41.0774 4000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:29:41.0837 4000 HTTP - ok
19:29:41.0868 4000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:29:41.0899 4000 hwpolicy - ok
19:29:41.0915 4000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:29:41.0930 4000 i8042prt - ok
19:29:41.0962 4000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:29:41.0977 4000 iaStorV - ok
19:29:42.0008 4000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:42.0040 4000 idsvc - ok
19:29:42.0055 4000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:29:42.0071 4000 iirsp - ok
19:29:42.0102 4000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:29:42.0149 4000 IKEEXT - ok
19:29:42.0180 4000 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:29:42.0196 4000 Impcd - ok
19:29:42.0258 4000 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:29:42.0320 4000 IntcAzAudAddService - ok
19:29:42.0336 4000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:29:42.0352 4000 intelide - ok
19:29:42.0367 4000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:29:42.0383 4000 intelppm - ok
19:29:42.0414 4000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:29:42.0461 4000 IPBusEnum - ok
19:29:42.0476 4000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:42.0523 4000 IpFilterDriver - ok
19:29:42.0554 4000 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:29:42.0570 4000 iphlpsvc - ok
19:29:42.0601 4000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:29:42.0617 4000 IPMIDRV - ok
19:29:42.0648 4000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:29:42.0679 4000 IPNAT - ok
19:29:42.0695 4000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:29:42.0710 4000 IRENUM - ok
19:29:42.0726 4000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:29:42.0742 4000 isapnp - ok
19:29:42.0757 4000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:29:42.0773 4000 iScsiPrt - ok
19:29:42.0788 4000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:42.0804 4000 kbdclass - ok
19:29:42.0820 4000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:42.0820 4000 kbdhid - ok
19:29:42.0851 4000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:29:42.0866 4000 KeyIso - ok
19:29:42.0898 4000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:29:42.0913 4000 KSecDD - ok
19:29:42.0944 4000 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:29:42.0960 4000 KSecPkg - ok
19:29:42.0991 4000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:29:43.0022 4000 ksthunk - ok
19:29:43.0069 4000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:29:43.0116 4000 KtmRm - ok
19:29:43.0132 4000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:29:43.0178 4000 LanmanServer - ok
19:29:43.0210 4000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:29:43.0256 4000 LanmanWorkstation - ok
19:29:43.0272 4000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:29:43.0319 4000 lltdio - ok
19:29:43.0350 4000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:29:43.0397 4000 lltdsvc - ok
19:29:43.0412 4000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:29:43.0444 4000 lmhosts - ok
19:29:43.0490 4000 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:29:43.0553 4000 LMS - ok
19:29:43.0584 4000 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
19:29:43.0646 4000 LPCFilter - ok
19:29:43.0662 4000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:43.0662 4000 LSI_FC - ok
19:29:43.0693 4000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:43.0693 4000 LSI_SAS - ok
19:29:43.0709 4000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:43.0724 4000 LSI_SAS2 - ok
19:29:43.0740 4000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:43.0740 4000 LSI_SCSI - ok
19:29:43.0756 4000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:29:43.0802 4000 luafv - ok
19:29:43.0834 4000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:29:43.0849 4000 Mcx2Svc - ok
19:29:43.0865 4000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:29:43.0880 4000 megasas - ok
19:29:43.0896 4000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:43.0912 4000 MegaSR - ok
19:29:43.0927 4000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:29:43.0974 4000 MMCSS - ok
19:29:43.0990 4000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:29:44.0021 4000 Modem - ok
19:29:44.0021 4000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:29:44.0036 4000 monitor - ok
19:29:44.0068 4000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:29:44.0068 4000 mouclass - ok
19:29:44.0099 4000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:29:44.0099 4000 mouhid - ok
19:29:44.0130 4000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:29:44.0161 4000 mountmgr - ok
19:29:44.0192 4000 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:29:44.0208 4000 MozillaMaintenance - ok
19:29:44.0255 4000 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:29:44.0286 4000 MpFilter - ok
19:29:44.0302 4000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:29:44.0317 4000 mpio - ok
19:29:44.0348 4000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:29:44.0395 4000 mpsdrv - ok
19:29:44.0426 4000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:29:44.0489 4000 MpsSvc - ok
19:29:44.0504 4000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:29:44.0536 4000 MRxDAV - ok
19:29:44.0567 4000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:44.0582 4000 mrxsmb - ok
19:29:44.0598 4000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:44.0614 4000 mrxsmb10 - ok
19:29:44.0629 4000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:44.0645 4000 mrxsmb20 - ok
19:29:44.0660 4000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:29:44.0676 4000 msahci - ok
19:29:44.0707 4000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:29:44.0723 4000 msdsm - ok
19:29:44.0738 4000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:29:44.0754 4000 MSDTC - ok
19:29:44.0770 4000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:29:44.0816 4000 Msfs - ok
19:29:44.0832 4000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:29:44.0863 4000 mshidkmdf - ok
19:29:44.0879 4000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:29:44.0879 4000 msisadrv - ok
19:29:44.0910 4000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:29:44.0941 4000 MSiSCSI - ok
19:29:44.0941 4000 msiserver - ok
19:29:44.0957 4000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:29:44.0988 4000 MSKSSRV - ok
19:29:45.0050 4000 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:29:45.0082 4000 MsMpSvc - ok
19:29:45.0082 4000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:45.0128 4000 MSPCLOCK - ok
19:29:45.0160 4000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:29:45.0191 4000 MSPQM - ok
19:29:45.0222 4000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:29:45.0238 4000 MsRPC - ok
19:29:45.0269 4000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:29:45.0284 4000 mssmbios - ok
19:29:45.0316 4000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:29:45.0347 4000 MSTEE - ok
19:29:45.0347 4000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:45.0362 4000 MTConfig - ok
19:29:45.0378 4000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:29:45.0378 4000 Mup - ok
19:29:45.0425 4000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:29:45.0472 4000 napagent - ok
19:29:45.0503 4000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:29:45.0518 4000 NativeWifiP - ok
19:29:45.0565 4000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:29:45.0596 4000 NDIS - ok
19:29:45.0612 4000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:45.0659 4000 NdisCap - ok
19:29:45.0674 4000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:45.0706 4000 NdisTapi - ok
19:29:45.0721 4000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:45.0768 4000 Ndisuio - ok
19:29:45.0799 4000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:45.0830 4000 NdisWan - ok
19:29:45.0862 4000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:29:45.0893 4000 NDProxy - ok
19:29:45.0908 4000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:29:45.0955 4000 NetBIOS - ok
19:29:45.0971 4000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:29:46.0018 4000 NetBT - ok
19:29:46.0018 4000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:29:46.0033 4000 Netlogon - ok
19:29:46.0064 4000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:29:46.0111 4000 Netman - ok
19:29:46.0111 4000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:29:46.0158 4000 netprofm - ok
19:29:46.0174 4000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:29:46.0189 4000 NetTcpPortSharing - ok
19:29:46.0205 4000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:46.0220 4000 nfrd960 - ok
19:29:46.0236 4000 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:29:46.0252 4000 NisDrv - ok
19:29:46.0283 4000 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:29:46.0298 4000 NisSrv - ok
19:29:46.0314 4000 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:29:46.0330 4000 NlaSvc - ok
19:29:46.0345 4000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:29:46.0376 4000 Npfs - ok
19:29:46.0392 4000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:29:46.0439 4000 nsi - ok
19:29:46.0454 4000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:29:46.0501 4000 nsiproxy - ok
19:29:46.0548 4000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:29:46.0610 4000 Ntfs - ok
19:29:46.0610 4000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:29:46.0657 4000 Null - ok
19:29:46.0673 4000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:29:46.0688 4000 nvraid - ok
19:29:46.0704 4000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:29:46.0720 4000 nvstor - ok
19:29:46.0720 4000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:29:46.0735 4000 nv_agp - ok
19:29:46.0798 4000 [ 71C97F97A909A990C7F60C77908BAFF9 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
19:29:46.0844 4000 OfficeSvc - ok
19:29:46.0876 4000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:29:46.0891 4000 ohci1394 - ok
19:29:46.0954 4000 [ FF93D67903FDEABCD4470CD82F44ACFA ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:46.0969 4000 ose - ok
19:29:47.0110 4000 [ 31DC8D825D2C4EB0FF7ED021BB92C541 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:47.0188 4000 osppsvc - ok
19:29:47.0234 4000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:29:47.0250 4000 p2pimsvc - ok
19:29:47.0266 4000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:29:47.0281 4000 p2psvc - ok
19:29:47.0312 4000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:29:47.0328 4000 Parport - ok
19:29:47.0375 4000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:29:47.0390 4000 partmgr - ok
19:29:47.0406 4000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:29:47.0422 4000 PcaSvc - ok
19:29:47.0437 4000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:29:47.0453 4000 pci - ok
19:29:47.0468 4000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:29:47.0484 4000 pciide - ok
19:29:47.0515 4000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:47.0531 4000 pcmcia - ok
19:29:47.0546 4000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:29:47.0562 4000 pcw - ok
19:29:47.0578 4000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:29:47.0624 4000 PEAUTH - ok
19:29:47.0687 4000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:29:47.0702 4000 PerfHost - ok
19:29:47.0749 4000 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
19:29:47.0796 4000 PGEffect - ok
19:29:47.0843 4000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:29:47.0905 4000 pla - ok
19:29:47.0936 4000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:29:47.0952 4000 PlugPlay - ok
19:29:47.0983 4000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:29:47.0983 4000 PNRPAutoReg - ok
19:29:48.0014 4000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:29:48.0030 4000 PNRPsvc - ok
19:29:48.0061 4000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:29:48.0092 4000 PolicyAgent - ok
19:29:48.0124 4000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:29:48.0155 4000 Power - ok
19:29:48.0170 4000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:29:48.0202 4000 PptpMiniport - ok
19:29:48.0233 4000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:29:48.0233 4000 Processor - ok
19:29:48.0280 4000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:29:48.0295 4000 ProfSvc - ok
19:29:48.0311 4000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:29:48.0326 4000 ProtectedStorage - ok
19:29:48.0358 4000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:29:48.0389 4000 Psched - ok
19:29:48.0420 4000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:29:48.0467 4000 ql2300 - ok
19:29:48.0482 4000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:48.0498 4000 ql40xx - ok
19:29:48.0514 4000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:29:48.0529 4000 QWAVE - ok
19:29:48.0545 4000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:29:48.0560 4000 QWAVEdrv - ok
19:29:48.0576 4000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:29:48.0623 4000 RasAcd - ok
19:29:48.0638 4000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:48.0685 4000 RasAgileVpn - ok
19:29:48.0701 4000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:29:48.0732 4000 RasAuto - ok
19:29:48.0763 4000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:48.0810 4000 Rasl2tp - ok
19:29:48.0841 4000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:29:48.0872 4000 RasMan - ok
19:29:48.0904 4000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:48.0935 4000 RasPppoe - ok
19:29:48.0950 4000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:29:48.0982 4000 RasSstp - ok
19:29:48.0997 4000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:29:49.0044 4000 rdbss - ok
19:29:49.0060 4000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:49.0075 4000 rdpbus - ok
19:29:49.0091 4000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:49.0122 4000 RDPCDD - ok
19:29:49.0138 4000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:29:49.0169 4000 RDPENCDD - ok
19:29:49.0184 4000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:29:49.0216 4000 RDPREFMP - ok
19:29:49.0247 4000 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:29:49.0278 4000 RdpVideoMiniport - ok
19:29:49.0294 4000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:29:49.0309 4000 RDPWD - ok
19:29:49.0340 4000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:29:49.0356 4000 rdyboost - ok
19:29:49.0387 4000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:29:49.0418 4000 RemoteAccess - ok
19:29:49.0450 4000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:29:49.0496 4000 RemoteRegistry - ok
19:29:49.0512 4000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:49.0528 4000 RFCOMM - ok
19:29:49.0543 4000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:29:49.0590 4000 RpcEptMapper - ok
19:29:49.0606 4000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:29:49.0621 4000 RpcLocator - ok
19:29:49.0652 4000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:29:49.0715 4000 RpcSs - ok
19:29:49.0730 4000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:29:49.0777 4000 rspndr - ok
19:29:49.0808 4000 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:29:49.0840 4000 RSUSBSTOR - ok
19:29:49.0871 4000 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:29:49.0933 4000 RTHDMIAzAudService - ok
19:29:49.0964 4000 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:29:50.0027 4000 RTL8167 - ok
19:29:50.0042 4000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:29:50.0074 4000 SamSs - ok
19:29:50.0089 4000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:29:50.0120 4000 sbp2port - ok
19:29:50.0152 4000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:29:50.0183 4000 SCardSvr - ok
19:29:50.0214 4000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:29:50.0245 4000 scfilter - ok
19:29:50.0308 4000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:29:50.0354 4000 Schedule - ok
19:29:50.0386 4000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:29:50.0417 4000 SCPolicySvc - ok
19:29:50.0448 4000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:29:50.0464 4000 SDRSVC - ok
19:29:50.0479 4000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:29:50.0510 4000 secdrv - ok
19:29:50.0542 4000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:29:50.0604 4000 seclogon - ok
19:29:50.0620 4000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:29:50.0666 4000 SENS - ok
19:29:50.0666 4000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:29:50.0682 4000 SensrSvc - ok
19:29:50.0698 4000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:29:50.0698 4000 Serenum - ok
19:29:50.0729 4000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:29:50.0744 4000 Serial - ok
19:29:50.0776 4000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:29:50.0776 4000 sermouse - ok
19:29:50.0807 4000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:29:50.0854 4000 SessionEnv - ok
19:29:50.0869 4000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:29:50.0885 4000 sffdisk - ok
19:29:50.0900 4000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:29:50.0900 4000 sffp_mmc - ok
19:29:50.0916 4000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:29:50.0916 4000 sffp_sd - ok
19:29:50.0947 4000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:50.0963 4000 sfloppy - ok
19:29:50.0978 4000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:29:51.0025 4000 SharedAccess - ok
19:29:51.0056 4000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:51.0103 4000 ShellHWDetection - ok
19:29:51.0119 4000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:51.0119 4000 SiSRaid2 - ok
19:29:51.0134 4000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:51.0150 4000 SiSRaid4 - ok
19:29:51.0166 4000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:29:51.0212 4000 Smb - ok
19:29:51.0244 4000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:29:51.0244 4000 SNMPTRAP - ok
19:29:51.0259 4000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:29:51.0275 4000 spldr - ok
19:29:51.0322 4000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:29:51.0337 4000 Spooler - ok
19:29:51.0431 4000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:29:51.0509 4000 sppsvc - ok
19:29:51.0540 4000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:29:51.0602 4000 sppuinotify - ok
19:29:51.0634 4000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:29:51.0649 4000 srv - ok
19:29:51.0680 4000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:29:51.0696 4000 srv2 - ok
19:29:51.0712 4000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:29:51.0727 4000 srvnet - ok
19:29:51.0743 4000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:29:51.0790 4000 SSDPSRV - ok
19:29:51.0805 4000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:29:51.0836 4000 SstpSvc - ok
19:29:51.0852 4000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:29:51.0868 4000 stexstor - ok
19:29:51.0899 4000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:29:51.0946 4000 stisvc - ok
19:29:51.0977 4000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:29:51.0977 4000 swenum - ok
19:29:52.0055 4000 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:29:52.0148 4000 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:29:52.0148 4000 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:29:52.0180 4000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:29:52.0226 4000 swprv - ok
19:29:52.0289 4000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:29:52.0336 4000 SysMain - ok
19:29:52.0382 4000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:52.0414 4000 TabletInputService - ok
19:29:52.0429 4000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:29:52.0476 4000 TapiSrv - ok
19:29:52.0507 4000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:29:52.0538 4000 TBS - ok
19:29:52.0601 4000 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:29:52.0632 4000 Tcpip - ok
19:29:52.0663 4000 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:29:52.0694 4000 TCPIP6 - ok
19:29:52.0710 4000 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:29:52.0726 4000 tcpipreg - ok
19:29:52.0757 4000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:29:52.0757 4000 TDPIPE - ok
19:29:52.0788 4000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:29:52.0804 4000 TDTCP - ok
19:29:52.0835 4000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:29:52.0866 4000 tdx - ok
19:29:52.0882 4000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:29:52.0897 4000 TermDD - ok
19:29:52.0944 4000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:29:52.0975 4000 TermService - ok
19:29:53.0006 4000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:29:53.0022 4000 Themes - ok
19:29:53.0038 4000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:29:53.0084 4000 THREADORDER - ok
19:29:53.0147 4000 [ 38C0CF9740C5AFA3EAFFE2699891B992 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:29:53.0162 4000 TOSHIBA Bluetooth Service - ok
19:29:53.0194 4000 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:29:53.0209 4000 TOSHIBA HDD SSD Alert Service - ok
19:29:53.0225 4000 Tosrfcom - ok
19:29:53.0240 4000 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
19:29:53.0256 4000 tosrfec - ok
19:29:53.0272 4000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:29:53.0318 4000 TrkWks - ok
19:29:53.0365 4000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:53.0412 4000 TrustedInstaller - ok
19:29:53.0443 4000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:53.0474 4000 tssecsrv - ok
19:29:53.0506 4000 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:29:53.0521 4000 TsUsbFlt - ok
19:29:53.0552 4000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:29:53.0599 4000 tunnel - ok
19:29:53.0630 4000 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:29:53.0677 4000 TVALZ - ok
19:29:53.0708 4000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:29:53.0724 4000 uagp35 - ok
19:29:53.0755 4000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:29:53.0802 4000 udfs - ok
19:29:53.0833 4000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:29:53.0849 4000 UI0Detect - ok
19:29:53.0864 4000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:29:53.0880 4000 uliagpkx - ok
19:29:53.0896 4000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:29:53.0911 4000 umbus - ok
19:29:53.0942 4000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:29:53.0958 4000 UmPass - ok
19:29:54.0067 4000 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:29:54.0145 4000 UNS - ok
19:29:54.0176 4000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:29:54.0208 4000 upnphost - ok
19:29:54.0239 4000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:54.0270 4000 usbccgp - ok
19:29:54.0301 4000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:29:54.0317 4000 usbcir - ok
19:29:54.0332 4000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:29:54.0348 4000 usbehci - ok
19:29:54.0364 4000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:29:54.0379 4000 usbhub - ok
19:29:54.0395 4000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:29:54.0410 4000 usbohci - ok
19:29:54.0442 4000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:29:54.0457 4000 usbprint - ok
19:29:54.0473 4000 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:29:54.0488 4000 usbscan - ok
19:29:54.0504 4000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:54.0520 4000 USBSTOR - ok
19:29:54.0551 4000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:29:54.0566 4000 usbuhci - ok
19:29:54.0598 4000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:29:54.0613 4000 usbvideo - ok
19:29:54.0644 4000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:29:54.0676 4000 UxSms - ok
19:29:54.0691 4000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:29:54.0707 4000 VaultSvc - ok
19:29:54.0707 4000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:29:54.0722 4000 vdrvroot - ok
19:29:54.0754 4000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:29:54.0800 4000 vds - ok
19:29:54.0816 4000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:54.0832 4000 vga - ok
19:29:54.0832 4000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:29:54.0878 4000 VgaSave - ok
19:29:54.0894 4000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:29:54.0910 4000 vhdmp - ok
19:29:54.0925 4000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:29:54.0941 4000 viaide - ok
19:29:54.0956 4000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:29:54.0972 4000 volmgr - ok
19:29:55.0003 4000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:29:55.0019 4000 volmgrx - ok
19:29:55.0050 4000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:29:55.0066 4000 volsnap - ok
19:29:55.0081 4000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:55.0097 4000 vsmraid - ok
19:29:55.0144 4000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:29:55.0206 4000 VSS - ok
19:29:55.0222 4000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:55.0237 4000 vwifibus - ok
19:29:55.0237 4000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:55.0253 4000 vwififlt - ok
19:29:55.0268 4000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:29:55.0284 4000 vwifimp - ok
19:29:55.0315 4000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:29:55.0362 4000 W32Time - ok
19:29:55.0393 4000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:29:55.0393 4000 WacomPen - ok
19:29:55.0424 4000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:29:55.0456 4000 WANARP - ok
19:29:55.0471 4000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:29:55.0502 4000 Wanarpv6 - ok
19:29:55.0549 4000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:29:55.0580 4000 wbengine - ok
19:29:55.0612 4000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:29:55.0643 4000 WbioSrvc - ok
19:29:55.0674 4000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:29:55.0705 4000 wcncsvc - ok
19:29:55.0721 4000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:55.0736 4000 WcsPlugInService - ok
19:29:55.0752 4000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:29:55.0768 4000 Wd - ok
19:29:55.0830 4000 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:29:55.0861 4000 Wdf01000 - ok
19:29:55.0877 4000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:29:55.0892 4000 WdiServiceHost - ok
19:29:55.0892 4000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:29:55.0908 4000 WdiSystemHost - ok
19:29:55.0939 4000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:29:55.0970 4000 WebClient - ok
19:29:56.0002 4000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:29:56.0048 4000 Wecsvc - ok
19:29:56.0048 4000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:29:56.0095 4000 wercplsupport - ok
19:29:56.0095 4000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:29:56.0142 4000 WerSvc - ok
19:29:56.0158 4000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:56.0189 4000 WfpLwf - ok
19:29:56.0220 4000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:29:56.0220 4000 WIMMount - ok
19:29:56.0236 4000 WinDefend - ok
19:29:56.0236 4000 WinHttpAutoProxySvc - ok
19:29:56.0282 4000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:29:56.0345 4000 Winmgmt - ok
19:29:56.0392 4000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:29:56.0454 4000 WinRM - ok
19:29:56.0485 4000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:29:56.0516 4000 Wlansvc - ok
19:29:56.0548 4000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:29:56.0563 4000 WmiAcpi - ok
19:29:56.0579 4000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:29:56.0594 4000 wmiApSrv - ok
19:29:56.0626 4000 WMPNetworkSvc - ok
19:29:56.0641 4000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:29:56.0657 4000 WPCSvc - ok
19:29:56.0688 4000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:29:56.0704 4000 WPDBusEnum - ok
19:29:56.0719 4000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:29:56.0766 4000 ws2ifsl - ok
19:29:56.0782 4000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:29:56.0797 4000 wscsvc - ok
19:29:56.0797 4000 WSearch - ok
19:29:56.0860 4000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:29:56.0922 4000 wuauserv - ok
19:29:56.0969 4000 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:29:56.0969 4000 WudfPf - ok
19:29:56.0984 4000 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:57.0000 4000 WUDFRd - ok
19:29:57.0031 4000 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:29:57.0047 4000 wudfsvc - ok
19:29:57.0094 4000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:29:57.0109 4000 WwanSvc - ok
19:29:57.0109 4000 ================ Scan global ===============================
19:29:57.0140 4000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:29:57.0156 4000 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:57.0172 4000 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:29:57.0203 4000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:29:57.0218 4000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:29:57.0234 4000 [Global] - ok
19:29:57.0234 4000 ================ Scan MBR ==================================
19:29:57.0250 4000 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:29:58.0310 4000 \Device\Harddisk0\DR0 - ok
19:29:58.0310 4000 ================ Scan VBR ==================================
19:29:58.0326 4000 [ 7E466C2B02C08B4F07172A629C5A37F3 ] \Device\Harddisk0\DR0\Partition1
19:29:58.0326 4000 \Device\Harddisk0\DR0\Partition1 - ok
19:29:58.0357 4000 [ F214AA564238520DD7B7AE6AD3FDB8A3 ] \Device\Harddisk0\DR0\Partition2
19:29:58.0357 4000 \Device\Harddisk0\DR0\Partition2 - ok
19:29:58.0357 4000 ============================================================
19:29:58.0357 4000 Scan finished
19:29:58.0357 4000 ============================================================
19:29:58.0373 0576 Detected object count: 1
19:29:58.0373 0576 Actual detected object count: 1

Alt 15.12.2012, 18:45   #11
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 19:13   #12
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-14.01 - Nicole 15.12.2012  20:01:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3955.2525 [GMT 1:00]
ausgeführt von:: c:\users\Nicole\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-15 bis 2012-12-15  ))))))))))))))))))))))))))))))
.
.
2012-12-15 19:04 . 2012-12-15 19:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-15 18:27 . 2012-12-15 18:27	208216	----a-w-	c:\windows\system32\drivers\54221935.sys
2012-12-15 17:35 . 2012-11-08 08:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AEB87F5-C2F7-495D-BF3F-F27D658CD59A}\mpengine.dll
2012-12-14 21:36 . 2012-12-14 21:50	--------	d-----w-	C:\_OTL
2012-12-13 22:24 . 2012-12-13 22:24	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38098744-C02A-428B-81D0-468D22FB9BC4}\gapaengine.dll
2012-12-13 22:24 . 2012-11-08 08:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-13 22:18 . 2012-12-13 22:18	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-12-13 22:18 . 2012-12-13 22:18	--------	d-----w-	c:\program files\Microsoft Security Client
2012-12-12 10:53 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 10:53 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-11 09:10 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{56660370-3ABC-4122-827E-556ED1260276}\mpengine.dll
2012-11-30 19:17 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-11-30 19:17 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-11-30 19:17 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-30 19:17 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-30 19:17 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-30 19:17 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-30 19:17 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-30 19:17 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-30 19:17 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-30 19:17 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-30 19:17 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 19:02 . 2012-04-14 18:27	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 19:02 . 2012-04-14 18:27	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 11:56 . 2012-04-14 19:57	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-13 09:50 . 2012-04-14 19:34	140936	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-11-13 09:50 . 2012-04-14 19:34	114168	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-11-05 21:25 . 2012-11-05 21:26	461464	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-10-16 08:38 . 2012-11-27 18:32	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:32	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:32	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 05:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 05:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 05:17	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 05:17	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 10:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 05:16	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 05:16	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 05:16	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 05:16	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 05:16	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 05:16	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 05:16	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 05:16	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 05:16	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 05:16	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 05:16	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 05:16	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 05:16	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-05 22:10	220632	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-05 22:10	220632	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-05 22:10	220632	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-05 21:43	2042528	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-05 21:43	2042528	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-05 21:43	2042528	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMASH"="c:\program files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe" [2010-05-21 229411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2012-4-14 91464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-13 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-14 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-16 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-16 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-16 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-16 465360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-13 114168]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-04-14 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30876257
*Deregistered* - 30876257
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-05 22:10	244696	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-05 22:10	244696	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-05 22:10	244696	----a-w-	c:\users\Nicole\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-05 21:47	2860192	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-05 21:47	2860192	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-05 21:47	2860192	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=109958&tt=290312_bexdll&babsrc=HP_ss&mntrId=54b795ba000000000000b482fef9f998
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\z8a0ry7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=CT3027459&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-14 00:28; firefox@ghostery.com; c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\z8a0ry7z.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-14 00:28; browserprotect@browserprotect.com; c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\z8a0ry7z.default\extensions\browserprotect@browserprotect.com.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 54b795ba000000000000b482fef9f998
FF - user.js: extensions.BabylonToolbar_i.hardId - 54b795ba000000000000b482fef9f998
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-15  20:06:06
ComboFix-quarantined-files.txt  2012-12-15 19:06
.
Vor Suchlauf: 9 Verzeichnis(se), 271.717.359.616 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 271.569.903.616 Bytes frei
.
- - End Of File - - 5421F89357BEB1EF5766CA9859894D0A
         
--- --- ---

Alt 15.12.2012, 19:19   #13
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2012, 20:21   #14
nicoledeluxe
 
ihavenet.com - Standard

ihavenet.com



Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [Administrator]

Schutz: Aktiviert

15.12.2012 20:26:02
mbam-log-2012-12-15 (20-26-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339462
Laufzeit: 52 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 15.12.2012, 20:25   #15
markusg
/// Malware-holic
 
ihavenet.com - Standard

ihavenet.com



Hi,
wir sind gut dabei, Malware ist entfernt.
Arbeit haben wir trotzdem noch zu tun!
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu ihavenet.com
.com, antivir, autorun, avg, avira, bho, desktop, excel, firefox, flash player, format, google, helper, home, ihavenet virus trojaner windows, ihavenet.com, internet, logfile, mozilla, problem, realtek, registry, scan, search the web, security, trojaner, viren, windows



Ähnliche Themen: ihavenet.com


  1. IhaveNet - Redericter
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (4)
  2. ihavenet Befall?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (8)
  3. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  4. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  5. ihavenet auf XP
    Log-Analyse und Auswertung - 27.08.2013 (11)
  6. Ihavenet-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (34)
  7. ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  8. Ihavenet-Virusbefall
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (37)
  9. ihavenet.com Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (7)
  10. IHAVENET Trojaner !
    Log-Analyse und Auswertung - 12.03.2013 (32)
  11. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (13)
  12. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  13. ihavenet.com II
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (11)
  14. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (13)
  15. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (7)
  16. Ihavenet.com
    Log-Analyse und Auswertung - 27.11.2012 (5)
  17. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)

Zum Thema ihavenet.com - Hallöchen ich habe ein Problem was schon mehrfach im Forum beschrieben ist.Wenn ich über Mozilla Firefox google werde ich mehrfach über ihavenet.com auf ganz andere Seiten geleitet,leider bin ich nicht - ihavenet.com...
Archiv
Du betrachtest: ihavenet.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.