| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware: CitadelWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.05.2013, 22:25
| #16 |
 |  Malware: Citadel Upss hier isser Code:
ATTFilter GMER Logfile: |
|
16.05.2013, 22:31
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware: Citadel aswMBR
__________________Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
17.05.2013, 17:10
| #18 |
| | Malware: Citadel Ok hier erstmal der Log zu aswMBR
__________________Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-17 17:50:50
-----------------------------
17:50:50.685 OS Version: Windows x64 6.1.7601 Service Pack 1
17:50:50.685 Number of processors: 4 586 0x1001
17:50:50.685 ComputerName: ALI-PC UserName: Ali
17:50:51.730 Initialize success
17:53:15.733 AVAST engine defs: 13051700
17:53:25.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
17:53:25.437 Disk 0 Vendor: ST1000DM CC4B Size: 953869MB BusType: 11
17:53:25.546 Disk 0 MBR read successfully
17:53:25.546 Disk 0 MBR scan
17:53:25.561 Disk 0 Windows 7 default MBR code
17:53:25.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:53:25.577 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901543 MB offset 206848
17:53:25.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846566912
17:53:25.671 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 1951424512
17:53:25.702 Disk 0 scanning C:\Windows\system32\drivers
17:53:39.118 Service scanning
17:54:03.189 Modules scanning
17:54:03.189 Disk 0 trace - called modules:
17:54:03.220 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:54:03.235 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800501f060]
17:54:03.235 3 CLASSPNP.SYS[fffff880015ad43f] -> nt!IofCallDriver -> [0xfffffa8003ff1ac0]
17:54:03.251 5 amd_xata.sys[fffff880010b4d00] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8004d47060]
17:54:04.281 AVAST engine scan C:\Windows
17:54:07.182 AVAST engine scan C:\Windows\system32
17:57:19.593 AVAST engine scan C:\Windows\system32\drivers
17:57:31.730 AVAST engine scan C:\Users\Ali
18:02:38.785 AVAST engine scan C:\ProgramData
18:04:47.035 Scan finished successfully
18:05:00.124 Disk 0 MBR has been saved successfully to "C:\Users\Ali\Desktop\MBR.dat"
18:05:00.124 The log file has been saved successfully to "C:\Users\Ali\Desktop\aswMBR.txt"
Dann noch der Log zu TDSS Killer, wurden allerdings wohl nichts gefunden. Code:
ATTFilter 18:07:49.0471 5640 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:07:49.0986 5640 ============================================================
18:07:49.0986 5640 Current date / time: 2013/05/17 18:07:49.0986
18:07:49.0986 5640 SystemInfo:
18:07:49.0986 5640
18:07:49.0986 5640 OS Version: 6.1.7601 ServicePack: 1.0
18:07:49.0986 5640 Product type: Workstation
18:07:49.0986 5640 ComputerName: ALI-PC
18:07:49.0986 5640 UserName: Ali
18:07:49.0986 5640 Windows directory: C:\Windows
18:07:49.0986 5640 System windows directory: C:\Windows
18:07:49.0986 5640 Running under WOW64
18:07:49.0986 5640 Processor architecture: Intel x64
18:07:49.0986 5640 Number of processors: 4
18:07:49.0986 5640 Page size: 0x1000
18:07:49.0986 5640 Boot type: Normal boot
18:07:49.0986 5640 ============================================================
18:07:50.0391 5640 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:50.0423 5640 ============================================================
18:07:50.0423 5640 \Device\Harddisk0\DR0:
18:07:50.0423 5640 MBR partitions:
18:07:50.0423 5640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:07:50.0423 5640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
18:07:50.0423 5640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
18:07:50.0423 5640 ============================================================
18:07:50.0454 5640 C: <-> \Device\Harddisk0\DR0\Partition2
18:07:50.0485 5640 D: <-> \Device\Harddisk0\DR0\Partition3
18:07:50.0485 5640 ============================================================
18:07:50.0485 5640 Initialize success
18:07:50.0485 5640 ============================================================
18:07:52.0170 5744 ============================================================
18:07:52.0170 5744 Scan started
18:07:52.0170 5744 Mode: Manual;
18:07:52.0170 5744 ============================================================
18:07:52.0310 5744 ================ Scan system memory ========================
18:07:52.0310 5744 Scan interrupted by user!
18:07:52.0310 5744 ================ Scan services =============================
18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ================ Scan global ===============================
18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ================ Scan MBR ==================================
18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ================ Scan VBR ==================================
18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ============================================================
18:07:52.0326 5744 Scan finished
18:07:52.0326 5744 ============================================================
18:07:52.0326 5440 Detected object count: 0
18:07:52.0326 5440 Actual detected object count: 0
18:07:56.0741 3048 ============================================================
18:07:56.0741 3048 Scan started
18:07:56.0741 3048 Mode: Manual;
18:07:56.0741 3048 ============================================================
18:07:56.0865 3048 ================ Scan system memory ========================
18:07:56.0865 3048 System memory - ok
18:07:56.0865 3048 ================ Scan services =============================
18:07:56.0959 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:07:56.0959 3048 1394ohci - ok
18:07:56.0990 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:07:56.0990 3048 ACPI - ok
18:07:57.0006 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:07:57.0006 3048 AcpiPmi - ok
18:07:57.0084 3048 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:07:57.0084 3048 AdobeARMservice - ok
18:07:57.0193 3048 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:57.0193 3048 AdobeFlashPlayerUpdateSvc - ok
18:07:57.0224 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:07:57.0224 3048 adp94xx - ok
18:07:57.0240 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:07:57.0255 3048 adpahci - ok
18:07:57.0271 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:07:57.0271 3048 adpu320 - ok
18:07:57.0287 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:07:57.0302 3048 AeLookupSvc - ok
18:07:57.0333 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:07:57.0333 3048 AFD - ok
18:07:57.0365 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:07:57.0365 3048 agp440 - ok
18:07:57.0380 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:07:57.0380 3048 ALG - ok
18:07:57.0411 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:07:57.0411 3048 aliide - ok
18:07:57.0427 3048 [ 8893C00A6D0A5820D4608202F99E8AD6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:07:57.0443 3048 AMD External Events Utility - ok
18:07:57.0474 3048 AMD FUEL Service - ok
18:07:57.0505 3048 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
18:07:57.0505 3048 amdhub30 - ok
18:07:57.0521 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:07:57.0521 3048 amdide - ok
18:07:57.0536 3048 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:07:57.0536 3048 amdiox64 - ok
18:07:57.0552 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:07:57.0552 3048 AmdK8 - ok
18:07:57.0692 3048 [ ACF6058602D202F36C0A2C0C97DB5E3B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:07:57.0755 3048 amdkmdag - ok
18:07:57.0786 3048 [ 1E55EA0AD65688EB43CCE6AED573E82C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:07:57.0786 3048 amdkmdap - ok
18:07:57.0801 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:07:57.0817 3048 AmdPPM - ok
18:07:57.0833 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:07:57.0833 3048 amdsata - ok
18:07:57.0848 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:07:57.0848 3048 amdsbs - ok
18:07:57.0879 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:07:57.0879 3048 amdxata - ok
18:07:57.0895 3048 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
18:07:57.0895 3048 amdxhc - ok
18:07:57.0911 3048 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
18:07:57.0911 3048 amd_sata - ok
18:07:57.0911 3048 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
18:07:57.0911 3048 amd_xata - ok
18:07:57.0973 3048 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:07:57.0973 3048 AntiVirSchedulerService - ok
18:07:57.0989 3048 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:07:58.0004 3048 AntiVirService - ok
18:07:58.0035 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:07:58.0035 3048 AppID - ok
18:07:58.0067 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:07:58.0067 3048 AppIDSvc - ok
18:07:58.0082 3048 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
18:07:58.0082 3048 Appinfo - ok
18:07:58.0098 3048 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:58.0098 3048 Apple Mobile Device - ok
18:07:58.0129 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:07:58.0129 3048 arc - ok
18:07:58.0145 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:07:58.0145 3048 arcsas - ok
18:07:58.0160 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:58.0160 3048 AsyncMac - ok
18:07:58.0191 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:07:58.0191 3048 atapi - ok
18:07:58.0223 3048 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:07:58.0223 3048 AtiHDAudioService - ok
18:07:58.0238 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:07:58.0254 3048 AudioEndpointBuilder - ok
18:07:58.0254 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:07:58.0269 3048 AudioSrv - ok
18:07:58.0285 3048 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:07:58.0285 3048 avgntflt - ok
18:07:58.0301 3048 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:07:58.0316 3048 avipbb - ok
18:07:58.0332 3048 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:07:58.0332 3048 avkmgr - ok
18:07:58.0347 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:07:58.0347 3048 AxInstSV - ok
18:07:58.0363 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:07:58.0379 3048 b06bdrv - ok
18:07:58.0394 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:07:58.0394 3048 b57nd60a - ok
18:07:58.0425 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:07:58.0425 3048 BDESVC - ok
18:07:58.0441 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:07:58.0441 3048 Beep - ok
18:07:58.0472 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:07:58.0488 3048 BFE - ok
18:07:58.0519 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:07:58.0519 3048 BITS - ok
18:07:58.0535 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:58.0535 3048 blbdrive - ok
18:07:58.0550 3048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:07:58.0550 3048 Bonjour Service - ok
18:07:58.0581 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:07:58.0581 3048 bowser - ok
18:07:58.0597 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:07:58.0597 3048 BrFiltLo - ok
18:07:58.0628 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:07:58.0628 3048 BrFiltUp - ok
18:07:58.0644 3048 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:07:58.0659 3048 BridgeMP - ok
18:07:58.0675 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:07:58.0675 3048 Browser - ok
18:07:58.0691 3048 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
18:07:58.0706 3048 BrSerIb - ok
18:07:58.0706 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:07:58.0706 3048 Brserid - ok
18:07:58.0722 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:58.0722 3048 BrSerWdm - ok
18:07:58.0753 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:58.0753 3048 BrUsbMdm - ok
18:07:58.0769 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:58.0769 3048 BrUsbSer - ok
18:07:58.0800 3048 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
18:07:58.0800 3048 BrUsbSIb - ok
18:07:58.0800 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:07:58.0800 3048 BTHMODEM - ok
18:07:58.0815 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:07:58.0831 3048 bthserv - ok
18:07:58.0847 3048 catchme - ok
18:07:58.0862 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:07:58.0862 3048 cdfs - ok
18:07:58.0878 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:07:58.0878 3048 cdrom - ok
18:07:58.0893 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:07:58.0893 3048 CertPropSvc - ok
18:07:58.0925 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:07:58.0925 3048 circlass - ok
18:07:58.0940 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:07:58.0940 3048 CLFS - ok
18:07:58.0971 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:58.0971 3048 clr_optimization_v2.0.50727_32 - ok
18:07:59.0034 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:59.0034 3048 clr_optimization_v2.0.50727_64 - ok
18:07:59.0065 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:59.0065 3048 clr_optimization_v4.0.30319_32 - ok
18:07:59.0096 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:59.0096 3048 clr_optimization_v4.0.30319_64 - ok
18:07:59.0112 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:07:59.0112 3048 CmBatt - ok
18:07:59.0127 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:07:59.0127 3048 cmdide - ok
18:07:59.0159 3048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:07:59.0159 3048 CNG - ok
18:07:59.0174 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:07:59.0174 3048 Compbatt - ok
18:07:59.0190 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:07:59.0190 3048 CompositeBus - ok
18:07:59.0205 3048 COMSysApp - ok
18:07:59.0283 3048 [ A2E0A490F1F49ED6E3B83DB52679B036 ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
18:07:59.0283 3048 CoordinatorServiceHost - ok
18:07:59.0283 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:07:59.0283 3048 crcdisk - ok
18:07:59.0330 3048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:07:59.0330 3048 CryptSvc - ok
18:07:59.0377 3048 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:07:59.0393 3048 cvhsvc - ok
18:07:59.0424 3048 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
18:07:59.0424 3048 CyberLink PowerDVD 10 MS Monitor Service - ok
18:07:59.0439 3048 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
18:07:59.0439 3048 CyberLink PowerDVD 10 MS Service - ok
18:07:59.0471 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:07:59.0486 3048 DcomLaunch - ok
18:07:59.0517 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:07:59.0517 3048 defragsvc - ok
18:07:59.0533 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:07:59.0533 3048 DfsC - ok
18:07:59.0549 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:07:59.0549 3048 Dhcp - ok
18:07:59.0549 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:07:59.0564 3048 discache - ok
18:07:59.0580 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:07:59.0595 3048 Disk - ok
18:07:59.0611 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:07:59.0611 3048 Dnscache - ok
18:07:59.0627 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:07:59.0627 3048 dot3svc - ok
18:07:59.0642 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:07:59.0642 3048 DPS - ok
18:07:59.0673 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:07:59.0673 3048 drmkaud - ok
18:07:59.0720 3048 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:07:59.0720 3048 DXGKrnl - ok
18:07:59.0736 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:07:59.0736 3048 EapHost - ok
18:07:59.0783 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:07:59.0798 3048 ebdrv - ok
18:07:59.0829 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:07:59.0845 3048 EFS - ok
18:07:59.0892 3048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:07:59.0892 3048 ehRecvr - ok
18:07:59.0907 3048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:07:59.0907 3048 ehSched - ok
18:07:59.0939 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:07:59.0954 3048 elxstor - ok
18:07:59.0970 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:07:59.0970 3048 ErrDev - ok
18:08:00.0001 3048 esgiguard - ok
18:08:00.0017 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:08:00.0032 3048 EventSystem - ok
18:08:00.0048 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:08:00.0048 3048 exfat - ok
18:08:00.0063 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:08:00.0063 3048 fastfat - ok
18:08:00.0095 3048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:08:00.0110 3048 Fax - ok
18:08:00.0126 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:08:00.0126 3048 fdc - ok
18:08:00.0141 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:08:00.0141 3048 fdPHost - ok
18:08:00.0141 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:08:00.0141 3048 FDResPub - ok
18:08:00.0157 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:08:00.0157 3048 FileInfo - ok
18:08:00.0173 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:08:00.0173 3048 Filetrace - ok
18:08:00.0204 3048 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:08:00.0219 3048 FLEXnet Licensing Service - ok
18:08:00.0251 3048 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:08:00.0266 3048 FLEXnet Licensing Service 64 - ok
18:08:00.0266 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:08:00.0282 3048 flpydisk - ok
18:08:00.0297 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:08:00.0297 3048 FltMgr - ok
18:08:00.0344 3048 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:08:00.0344 3048 FontCache - ok
18:08:00.0375 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:08:00.0375 3048 FontCache3.0.0.0 - ok
18:08:00.0375 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:08:00.0375 3048 FsDepends - ok
18:08:00.0407 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:08:00.0407 3048 Fs_Rec - ok
18:08:00.0422 3048 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:08:00.0438 3048 fvevol - ok
18:08:00.0438 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:08:00.0438 3048 gagp30kx - ok
18:08:00.0453 3048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:00.0453 3048 GEARAspiWDM - ok
18:08:00.0485 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:08:00.0485 3048 gpsvc - ok
18:08:00.0531 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:00.0531 3048 gupdate - ok
18:08:00.0563 3048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:00.0563 3048 gupdatem - ok
18:08:00.0578 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:08:00.0578 3048 hcw85cir - ok
18:08:00.0609 3048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:08:00.0625 3048 HdAudAddService - ok
18:08:00.0625 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:08:00.0641 3048 HDAudBus - ok
18:08:00.0656 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:08:00.0656 3048 HidBatt - ok
18:08:00.0672 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:08:00.0672 3048 HidBth - ok
18:08:00.0687 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:08:00.0687 3048 HidIr - ok
18:08:00.0703 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:08:00.0703 3048 hidserv - ok
18:08:00.0703 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:08:00.0719 3048 HidUsb - ok
18:08:00.0734 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:08:00.0734 3048 hkmsvc - ok
18:08:00.0750 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:08:00.0750 3048 HomeGroupListener - ok
18:08:00.0765 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:08:00.0765 3048 HomeGroupProvider - ok
18:08:00.0765 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:08:00.0765 3048 HpSAMD - ok
18:08:00.0781 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:08:00.0797 3048 HTTP - ok
18:08:00.0797 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:08:00.0797 3048 hwpolicy - ok
18:08:00.0828 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:08:00.0828 3048 i8042prt - ok
18:08:00.0843 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:08:00.0843 3048 iaStorV - ok
18:08:00.0890 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:08:00.0906 3048 idsvc - ok
18:08:01.0015 3048 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:08:01.0046 3048 igfx - ok
18:08:01.0062 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:08:01.0062 3048 iirsp - ok
18:08:01.0077 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:08:01.0093 3048 IKEEXT - ok
18:08:01.0171 3048 [ 21F54139C93FC595902B58ED947D47D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:08:01.0202 3048 IntcAzAudAddService - ok
18:08:01.0218 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:08:01.0218 3048 intelide - ok
18:08:01.0218 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:08:01.0218 3048 intelppm - ok
18:08:01.0233 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:08:01.0233 3048 IPBusEnum - ok
18:08:01.0249 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:01.0249 3048 IpFilterDriver - ok
18:08:01.0280 3048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:08:01.0280 3048 iphlpsvc - ok
18:08:01.0296 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:08:01.0296 3048 IPMIDRV - ok
18:08:01.0311 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:08:01.0311 3048 IPNAT - ok
18:08:01.0343 3048 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:08:01.0358 3048 iPod Service - ok
18:08:01.0358 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:08:01.0358 3048 IRENUM - ok
18:08:01.0374 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:08:01.0374 3048 isapnp - ok
18:08:01.0405 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:08:01.0405 3048 iScsiPrt - ok
18:08:01.0436 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:08:01.0436 3048 kbdclass - ok
18:08:01.0452 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:08:01.0452 3048 kbdhid - ok
18:08:01.0452 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:08:01.0467 3048 KeyIso - ok
18:08:01.0483 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:08:01.0483 3048 KSecDD - ok
18:08:01.0499 3048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:08:01.0499 3048 KSecPkg - ok
18:08:01.0514 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:08:01.0514 3048 ksthunk - ok
18:08:01.0530 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:08:01.0530 3048 KtmRm - ok
18:08:01.0561 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:08:01.0561 3048 LanmanServer - ok
18:08:01.0577 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:08:01.0577 3048 LanmanWorkstation - ok
18:08:01.0608 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:08:01.0608 3048 lltdio - ok
18:08:01.0623 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:08:01.0623 3048 lltdsvc - ok
18:08:01.0639 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:08:01.0639 3048 lmhosts - ok
18:08:01.0655 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:08:01.0655 3048 LSI_FC - ok
18:08:01.0670 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:08:01.0670 3048 LSI_SAS - ok
18:08:01.0686 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:08:01.0686 3048 LSI_SAS2 - ok
18:08:01.0717 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:08:01.0717 3048 LSI_SCSI - ok
18:08:01.0733 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:08:01.0733 3048 luafv - ok
18:08:01.0764 3048 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:08:01.0764 3048 MBAMProtector - ok
18:08:01.0779 3048 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:08:01.0779 3048 MBAMScheduler - ok
18:08:01.0826 3048 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:08:01.0826 3048 MBAMService - ok
18:08:01.0826 3048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:08:01.0842 3048 Mcx2Svc - ok
18:08:01.0842 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:08:01.0842 3048 megasas - ok
18:08:01.0873 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:08:01.0873 3048 MegaSR - ok
18:08:01.0904 3048 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
18:08:01.0904 3048 MemeoBackgroundService - ok
18:08:01.0904 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:08:01.0904 3048 MMCSS - ok
18:08:01.0920 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:08:01.0920 3048 Modem - ok
18:08:01.0935 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:08:01.0935 3048 monitor - ok
18:08:01.0951 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:08:01.0951 3048 mouclass - ok
18:08:01.0967 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:08:01.0967 3048 mouhid - ok
18:08:01.0982 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:08:01.0982 3048 mountmgr - ok
18:08:01.0982 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:08:01.0982 3048 mpio - ok
18:08:02.0013 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:08:02.0013 3048 mpsdrv - ok
18:08:02.0029 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:08:02.0029 3048 MpsSvc - ok
18:08:02.0060 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:08:02.0060 3048 MRxDAV - ok
18:08:02.0076 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:02.0076 3048 mrxsmb - ok
18:08:02.0076 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:02.0091 3048 mrxsmb10 - ok
18:08:02.0091 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:02.0091 3048 mrxsmb20 - ok
18:08:02.0107 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:08:02.0123 3048 msahci - ok
18:08:02.0123 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:08:02.0123 3048 msdsm - ok
18:08:02.0138 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:08:02.0154 3048 MSDTC - ok
18:08:02.0154 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:08:02.0154 3048 Msfs - ok
18:08:02.0169 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:08:02.0169 3048 mshidkmdf - ok
18:08:02.0185 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:08:02.0185 3048 msisadrv - ok
18:08:02.0201 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:08:02.0201 3048 MSiSCSI - ok
18:08:02.0201 3048 msiserver - ok
18:08:02.0216 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:08:02.0216 3048 MSKSSRV - ok
18:08:02.0232 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:02.0232 3048 MSPCLOCK - ok
18:08:02.0247 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:08:02.0247 3048 MSPQM - ok
18:08:02.0263 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:08:02.0263 3048 MsRPC - ok
18:08:02.0279 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:08:02.0279 3048 mssmbios - ok
18:08:02.0279 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:08:02.0279 3048 MSTEE - ok
18:08:02.0294 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:08:02.0294 3048 MTConfig - ok
18:08:02.0310 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:08:02.0310 3048 Mup - ok
18:08:02.0325 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:08:02.0325 3048 napagent - ok
18:08:02.0341 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:08:02.0341 3048 NativeWifiP - ok
18:08:02.0388 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:08:02.0403 3048 NDIS - ok
18:08:02.0419 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:08:02.0419 3048 NdisCap - ok
18:08:02.0435 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:02.0435 3048 NdisTapi - ok
18:08:02.0435 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:02.0435 3048 Ndisuio - ok
18:08:02.0450 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:02.0450 3048 NdisWan - ok
18:08:02.0450 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:08:02.0466 3048 NDProxy - ok
18:08:02.0466 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:08:02.0466 3048 NetBIOS - ok
18:08:02.0481 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:08:02.0481 3048 NetBT - ok
18:08:02.0497 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:08:02.0497 3048 Netlogon - ok
18:08:02.0513 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:08:02.0528 3048 Netman - ok
18:08:02.0528 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:08:02.0544 3048 netprofm - ok
18:08:02.0544 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:02.0559 3048 NetTcpPortSharing - ok
18:08:02.0575 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:08:02.0575 3048 nfrd960 - ok
18:08:02.0606 3048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:08:02.0606 3048 NlaSvc - ok
18:08:02.0622 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:08:02.0622 3048 Npfs - ok
18:08:02.0622 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:08:02.0622 3048 nsi - ok
18:08:02.0637 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:08:02.0637 3048 nsiproxy - ok
18:08:02.0669 3048 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:08:02.0669 3048 Ntfs - ok
18:08:02.0684 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:08:02.0684 3048 Null - ok
18:08:02.0715 3048 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:08:02.0715 3048 NVENETFD - ok
18:08:02.0903 3048 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:08:02.0949 3048 nvlddmkm - ok
18:08:02.0981 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:08:02.0996 3048 nvraid - ok
18:08:02.0996 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:08:02.0996 3048 nvstor - ok
18:08:03.0027 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:08:03.0027 3048 nv_agp - ok
18:08:03.0043 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:08:03.0043 3048 ohci1394 - ok
18:08:03.0074 3048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:03.0074 3048 ose - ok
18:08:03.0183 3048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:08:03.0199 3048 osppsvc - ok
18:08:03.0230 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:08:03.0230 3048 p2pimsvc - ok
18:08:03.0246 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:08:03.0246 3048 p2psvc - ok
18:08:03.0261 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:08:03.0261 3048 Parport - ok
18:08:03.0277 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:08:03.0277 3048 partmgr - ok
18:08:03.0293 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:08:03.0293 3048 PcaSvc - ok
18:08:03.0308 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:08:03.0308 3048 pci - ok
18:08:03.0324 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:08:03.0324 3048 pciide - ok
18:08:03.0339 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:08:03.0339 3048 pcmcia - ok
18:08:03.0355 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:08:03.0355 3048 pcw - ok
18:08:03.0371 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:08:03.0371 3048 PEAUTH - ok
18:08:03.0402 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:08:03.0402 3048 PerfHost - ok
18:08:03.0433 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:08:03.0433 3048 pla - ok
18:08:03.0464 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:08:03.0480 3048 PlugPlay - ok
18:08:03.0480 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:08:03.0480 3048 PNRPAutoReg - ok
18:08:03.0495 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:08:03.0495 3048 PNRPsvc - ok
18:08:03.0527 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:08:03.0527 3048 PolicyAgent - ok
18:08:03.0542 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:08:03.0542 3048 Power - ok
18:08:03.0558 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:08:03.0558 3048 PptpMiniport - ok
18:08:03.0573 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:08:03.0573 3048 Processor - ok
18:08:03.0573 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:08:03.0589 3048 ProfSvc - ok
18:08:03.0589 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:08:03.0589 3048 ProtectedStorage - ok
18:08:03.0605 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:08:03.0605 3048 Psched - ok
18:08:03.0636 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:08:03.0651 3048 ql2300 - ok
18:08:03.0651 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:08:03.0651 3048 ql40xx - ok
18:08:03.0667 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:08:03.0667 3048 QWAVE - ok
18:08:03.0683 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:08:03.0683 3048 QWAVEdrv - ok
18:08:03.0683 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:08:03.0683 3048 RasAcd - ok
18:08:03.0698 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:03.0714 3048 RasAgileVpn - ok
18:08:03.0714 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:08:03.0714 3048 RasAuto - ok
18:08:03.0729 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:03.0729 3048 Rasl2tp - ok
18:08:03.0745 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:08:03.0761 3048 RasMan - ok
18:08:03.0761 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:03.0761 3048 RasPppoe - ok
18:08:03.0776 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:08:03.0776 3048 RasSstp - ok
18:08:03.0776 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:08:03.0776 3048 rdbss - ok
18:08:03.0792 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:08:03.0792 3048 rdpbus - ok
18:08:03.0792 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:03.0792 3048 RDPCDD - ok
18:08:03.0823 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:08:03.0823 3048 RDPENCDD - ok
18:08:03.0839 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:08:03.0839 3048 RDPREFMP - ok
18:08:03.0854 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:08:03.0854 3048 RDPWD - ok
18:08:03.0870 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:08:03.0870 3048 rdyboost - ok
18:08:03.0932 3048 [ 6713253B37D6DCFC442A286F1D7B5350 ] Remote Solver for Flow Simulation 2012 C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
18:08:03.0932 3048 Remote Solver for Flow Simulation 2012 - ok
18:08:03.0948 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:08:03.0963 3048 RemoteAccess - ok
18:08:03.0963 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:08:03.0963 3048 RemoteRegistry - ok
18:08:03.0979 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:08:03.0979 3048 RpcEptMapper - ok
18:08:03.0995 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:08:03.0995 3048 RpcLocator - ok
18:08:04.0010 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:08:04.0010 3048 RpcSs - ok
18:08:04.0026 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:08:04.0026 3048 rspndr - ok
18:08:04.0041 3048 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:08:04.0057 3048 RTL8167 - ok
18:08:04.0088 3048 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
18:08:04.0088 3048 RTL8192su - ok
18:08:04.0104 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:08:04.0104 3048 SamSs - ok
18:08:04.0119 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:08:04.0119 3048 sbp2port - ok
18:08:04.0135 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:08:04.0135 3048 SCardSvr - ok
18:08:04.0151 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:08:04.0151 3048 scfilter - ok
18:08:04.0166 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:08:04.0166 3048 Schedule - ok
18:08:04.0182 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:08:04.0197 3048 SCPolicySvc - ok
18:08:04.0197 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:08:04.0197 3048 SDRSVC - ok
18:08:04.0213 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:08:04.0213 3048 secdrv - ok
18:08:04.0213 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:08:04.0213 3048 seclogon - ok
18:08:04.0229 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:08:04.0229 3048 SENS - ok
18:08:04.0244 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:08:04.0260 3048 SensrSvc - ok
18:08:04.0275 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:08:04.0275 3048 Serenum - ok
18:08:04.0291 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:08:04.0291 3048 Serial - ok
18:08:04.0322 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:08:04.0322 3048 sermouse - ok
18:08:04.0338 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:08:04.0353 3048 SessionEnv - ok
18:08:04.0353 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:08:04.0353 3048 sffdisk - ok
18:08:04.0385 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:08:04.0385 3048 sffp_mmc - ok
18:08:04.0385 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:08:04.0400 3048 sffp_sd - ok
18:08:04.0416 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:08:04.0416 3048 sfloppy - ok
18:08:04.0447 3048 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:08:04.0463 3048 Sftfs - ok
18:08:04.0494 3048 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:08:04.0494 3048 sftlist - ok
18:08:04.0509 3048 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:08:04.0509 3048 Sftplay - ok
18:08:04.0525 3048 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:08:04.0525 3048 Sftredir - ok
18:08:04.0525 3048 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:08:04.0525 3048 Sftvol - ok
18:08:04.0541 3048 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:08:04.0541 3048 sftvsa - ok
18:08:04.0572 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:08:04.0572 3048 SharedAccess - ok
18:08:04.0587 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:08:04.0587 3048 ShellHWDetection - ok
18:08:04.0587 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:08:04.0587 3048 SiSRaid2 - ok
18:08:04.0619 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:08:04.0619 3048 SiSRaid4 - ok
18:08:04.0650 3048 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:08:04.0650 3048 SkypeUpdate - ok
18:08:04.0665 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:08:04.0681 3048 Smb - ok
18:08:04.0697 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:08:04.0697 3048 SNMPTRAP - ok
18:08:04.0728 3048 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:08:04.0728 3048 SolidWorks Licensing Service - ok
18:08:04.0728 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:08:04.0728 3048 spldr - ok
18:08:04.0759 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:08:04.0759 3048 Spooler - ok
18:08:04.0806 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:08:04.0821 3048 sppsvc - ok
18:08:04.0853 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:08:04.0853 3048 sppuinotify - ok
18:08:04.0884 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:08:04.0884 3048 srv - ok
18:08:04.0899 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:08:04.0899 3048 srv2 - ok
18:08:04.0899 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:08:04.0915 3048 srvnet - ok
18:08:04.0931 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:08:04.0931 3048 SSDPSRV - ok
18:08:04.0946 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:08:04.0946 3048 SstpSvc - ok
18:08:04.0962 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:08:04.0962 3048 stexstor - ok
18:08:04.0977 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:08:04.0977 3048 stisvc - ok
18:08:05.0009 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:08:05.0009 3048 swenum - ok
18:08:05.0024 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:08:05.0024 3048 swprv - ok
18:08:05.0055 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:08:05.0055 3048 SysMain - ok
18:08:05.0071 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:08:05.0071 3048 TabletInputService - ok
18:08:05.0087 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:08:05.0087 3048 TapiSrv - ok
18:08:05.0102 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:08:05.0102 3048 TBS - ok
18:08:05.0149 3048 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:08:05.0165 3048 Tcpip - ok
18:08:05.0196 3048 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:08:05.0196 3048 TCPIP6 - ok
18:08:05.0227 3048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:08:05.0227 3048 tcpipreg - ok
18:08:05.0227 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:08:05.0227 3048 TDPIPE - ok
18:08:05.0258 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:08:05.0258 3048 TDTCP - ok
18:08:05.0258 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:08:05.0258 3048 tdx - ok
18:08:05.0274 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:08:05.0274 3048 TermDD - ok
18:08:05.0289 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:08:05.0289 3048 TermService - ok
18:08:05.0305 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:08:05.0305 3048 Themes - ok
18:08:05.0321 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:08:05.0321 3048 THREADORDER - ok
18:08:05.0336 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:08:05.0352 3048 TrkWks - ok
18:08:05.0383 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:08:05.0383 3048 TrustedInstaller - ok
18:08:05.0399 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:05.0399 3048 tssecsrv - ok
18:08:05.0414 3048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:08:05.0414 3048 TsUsbFlt - ok
18:08:05.0445 3048 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:08:05.0445 3048 TsUsbGD - ok
18:08:05.0461 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:08:05.0461 3048 tunnel - ok
18:08:05.0477 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:08:05.0477 3048 uagp35 - ok
18:08:05.0492 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:08:05.0492 3048 udfs - ok
18:08:05.0508 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:08:05.0523 3048 UI0Detect - ok
18:08:05.0539 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:08:05.0539 3048 uliagpkx - ok
18:08:05.0555 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:08:05.0555 3048 umbus - ok
18:08:05.0570 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:08:05.0570 3048 UmPass - ok
18:08:05.0586 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:08:05.0586 3048 upnphost - ok
18:08:05.0617 3048 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:08:05.0617 3048 USBAAPL64 - ok
18:08:05.0633 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:05.0633 3048 usbccgp - ok
18:08:05.0664 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:08:05.0664 3048 usbcir - ok
18:08:05.0679 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:08:05.0679 3048 usbehci - ok
18:08:05.0679 3048 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:08:05.0679 3048 usbfilter - ok
18:08:05.0695 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:08:05.0695 3048 usbhub - ok
18:08:05.0711 3048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:08:05.0711 3048 usbohci - ok
18:08:05.0726 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:08:05.0726 3048 usbprint - ok
18:08:05.0742 3048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:08:05.0742 3048 usbscan - ok
18:08:05.0773 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:05.0773 3048 USBSTOR - ok
18:08:05.0789 3048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:08:05.0789 3048 usbuhci - ok
18:08:05.0820 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:08:05.0835 3048 UxSms - ok
18:08:05.0835 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:08:05.0835 3048 VaultSvc - ok
18:08:05.0851 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:08:05.0851 3048 vdrvroot - ok
18:08:05.0882 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:08:05.0898 3048 vds - ok
18:08:05.0898 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:05.0898 3048 vga - ok
18:08:05.0898 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:08:05.0913 3048 VgaSave - ok
18:08:05.0929 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:08:05.0945 3048 vhdmp - ok
18:08:05.0976 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:08:05.0976 3048 viaide - ok
18:08:05.0991 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:08:05.0991 3048 volmgr - ok
18:08:06.0007 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:08:06.0007 3048 volmgrx - ok
18:08:06.0038 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:08:06.0038 3048 volsnap - ok
18:08:06.0069 3048 [ 193D323A88F442334D652AC5C1F56414 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
18:08:06.0069 3048 vpnagent - ok
18:08:06.0085 3048 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
18:08:06.0085 3048 vpnva - ok
18:08:06.0085 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:08:06.0101 3048 vsmraid - ok
18:08:06.0147 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:08:06.0147 3048 VSS - ok
18:08:06.0163 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:08:06.0163 3048 vwifibus - ok
18:08:06.0194 3048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:08:06.0194 3048 vwififlt - ok
18:08:06.0225 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:08:06.0225 3048 W32Time - ok
18:08:06.0241 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:08:06.0241 3048 WacomPen - ok
18:08:06.0272 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:08:06.0272 3048 WANARP - ok
18:08:06.0288 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:08:06.0288 3048 Wanarpv6 - ok
18:08:06.0319 3048 [ 63D7250ED2C2E3CD9B11139A608D6C39 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
18:08:06.0319 3048 watchmi - ok
18:08:06.0350 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:08:06.0366 3048 wbengine - ok
18:08:06.0397 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:08:06.0397 3048 WbioSrvc - ok
18:08:06.0413 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:08:06.0413 3048 wcncsvc - ok
18:08:06.0428 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:08:06.0428 3048 WcsPlugInService - ok
18:08:06.0444 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:08:06.0444 3048 Wd - ok
18:08:06.0475 3048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:08:06.0491 3048 Wdf01000 - ok
18:08:06.0491 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:08:06.0506 3048 WdiServiceHost - ok
18:08:06.0506 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:08:06.0506 3048 WdiSystemHost - ok
18:08:06.0522 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:08:06.0522 3048 WebClient - ok
18:08:06.0537 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:08:06.0537 3048 Wecsvc - ok
18:08:06.0553 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:08:06.0553 3048 wercplsupport - ok
18:08:06.0569 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:08:06.0569 3048 WerSvc - ok
18:08:06.0584 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:08:06.0584 3048 WfpLwf - ok
18:08:06.0584 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:08:06.0584 3048 WIMMount - ok
18:08:06.0600 3048 WinDefend - ok
18:08:06.0615 3048 WinHttpAutoProxySvc - ok
18:08:06.0647 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:08:06.0647 3048 Winmgmt - ok
18:08:06.0693 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:08:06.0709 3048 WinRM - ok
18:08:06.0756 3048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:08:06.0756 3048 WinUsb - ok
18:08:06.0771 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:08:06.0787 3048 Wlansvc - ok
18:08:06.0818 3048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:08:06.0818 3048 wlcrasvc - ok
18:08:06.0865 3048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:08:06.0865 3048 wlidsvc - ok
18:08:06.0881 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:08:06.0881 3048 WmiAcpi - ok
18:08:06.0896 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:08:06.0896 3048 wmiApSrv - ok
18:08:06.0912 3048 WMPNetworkSvc - ok
18:08:06.0927 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:08:06.0927 3048 WPCSvc - ok
18:08:06.0927 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:08:06.0943 3048 WPDBusEnum - ok
18:08:06.0943 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:08:06.0943 3048 ws2ifsl - ok
18:08:06.0959 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:08:06.0959 3048 wscsvc - ok
18:08:06.0959 3048 WSearch - ok
18:08:06.0974 3048 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
18:08:06.0974 3048 wsvd - ok
18:08:07.0052 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:08:07.0068 3048 wuauserv - ok
18:08:07.0083 3048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:08:07.0083 3048 WudfPf - ok
18:08:07.0099 3048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:07.0099 3048 WUDFRd - ok
18:08:07.0115 3048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:08:07.0115 3048 wudfsvc - ok
18:08:07.0130 3048 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:08:07.0146 3048 WwanSvc - ok
18:08:07.0161 3048 ================ Scan global ===============================
18:08:07.0193 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:08:07.0208 3048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:08:07.0208 3048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:08:07.0224 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:08:07.0239 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:08:07.0239 3048 [Global] - ok
18:08:07.0239 3048 ================ Scan MBR ==================================
18:08:07.0255 3048 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
18:08:07.0349 3048 \Device\Harddisk0\DR0 - ok
18:08:07.0349 3048 ================ Scan VBR ==================================
18:08:07.0349 3048 [ 521BA6E06CF73128BB0825C3637A31E0 ] \Device\Harddisk0\DR0\Partition1
18:08:07.0364 3048 \Device\Harddisk0\DR0\Partition1 - ok
18:08:07.0364 3048 [ 4993626D5E885B3541AE4E9A7F708F20 ] \Device\Harddisk0\DR0\Partition2
18:08:07.0364 3048 \Device\Harddisk0\DR0\Partition2 - ok
18:08:07.0380 3048 [ A39A13EC2C80736C96AE795F1E13A7A9 ] \Device\Harddisk0\DR0\Partition3
18:08:07.0380 3048 \Device\Harddisk0\DR0\Partition3 - ok
18:08:07.0380 3048 ============================================================
18:08:07.0380 3048 Scan finished
18:08:07.0380 3048 ============================================================
18:08:07.0395 3492 Detected object count: 0
18:08:07.0395 3492 Actual detected object count: 0
|
|
17.05.2013, 18:42
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: Citadel Was zum Geier hast du da beim tdsskiller gemacht??  Code:
ATTFilter 18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ================ Scan MBR ==================================
18:07:52.0326 5744 Scan interrupted by user!
18:07:52.0326 5744 ================ Scan VBR ==================================
18:07:52.0326 5744 Scan interrupted by user!
Code:
ATTFilter 18:07:56.0741 3048 Scan started
18:07:56.0741 3048 Mode: Manual;
Bitte die Anleitungen richtig lesen, dann nochmal machen aber richtig
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.05.2013, 10:48
| #20 |
| | Malware: Citadel Der hat 2 Logs gespeichert. Code:
ATTFilter 11:38:01.0381 5692 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:38:01.0630 5692 ============================================================
11:38:01.0630 5692 Current date / time: 2013/05/18 11:38:01.0630
11:38:01.0630 5692 SystemInfo:
11:38:01.0630 5692
11:38:01.0630 5692 OS Version: 6.1.7601 ServicePack: 1.0
11:38:01.0630 5692 Product type: Workstation
11:38:01.0630 5692 ComputerName: ALI-PC
11:38:01.0630 5692 UserName: Ali
11:38:01.0630 5692 Windows directory: C:\Windows
11:38:01.0630 5692 System windows directory: C:\Windows
11:38:01.0630 5692 Running under WOW64
11:38:01.0630 5692 Processor architecture: Intel x64
11:38:01.0630 5692 Number of processors: 4
11:38:01.0630 5692 Page size: 0x1000
11:38:01.0630 5692 Boot type: Normal boot
11:38:01.0630 5692 ============================================================
11:38:02.0894 5692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:02.0910 5692 ============================================================
11:38:02.0910 5692 \Device\Harddisk0\DR0:
11:38:02.0910 5692 MBR partitions:
11:38:02.0910 5692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:38:02.0910 5692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
11:38:02.0910 5692 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
11:38:02.0910 5692 ============================================================
11:38:02.0925 5692 C: <-> \Device\Harddisk0\DR0\Partition2
11:38:02.0956 5692 D: <-> \Device\Harddisk0\DR0\Partition3
11:38:02.0956 5692 ============================================================
11:38:02.0956 5692 Initialize success
11:38:02.0956 5692 ============================================================
11:38:54.0998 5400 ============================================================
11:38:54.0998 5400 Scan started
11:38:54.0998 5400 Mode: Manual; SigCheck; TDLFS;
11:38:54.0998 5400 ============================================================
11:38:56.0184 5400 ================ Scan system memory ========================
11:38:56.0184 5400 System memory - ok
11:38:56.0184 5400 ================ Scan services =============================
11:38:56.0449 5400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:38:56.0558 5400 1394ohci - ok
11:38:56.0589 5400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:38:56.0605 5400 ACPI - ok
11:38:56.0620 5400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:38:56.0683 5400 AcpiPmi - ok
11:38:56.0761 5400 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:38:56.0792 5400 AdobeARMservice - ok
11:38:56.0901 5400 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:38:56.0932 5400 AdobeFlashPlayerUpdateSvc - ok
11:38:56.0995 5400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:38:57.0026 5400 adp94xx - ok
11:38:57.0057 5400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:38:57.0088 5400 adpahci - ok
11:38:57.0135 5400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:38:57.0166 5400 adpu320 - ok
11:38:57.0198 5400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:38:57.0291 5400 AeLookupSvc - ok
11:38:57.0338 5400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:38:57.0400 5400 AFD - ok
11:38:57.0432 5400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:38:57.0447 5400 agp440 - ok
11:38:57.0478 5400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:38:57.0510 5400 ALG - ok
11:38:57.0541 5400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:38:57.0556 5400 aliide - ok
11:38:57.0588 5400 [ 8893C00A6D0A5820D4608202F99E8AD6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:38:57.0634 5400 AMD External Events Utility - ok
11:38:57.0697 5400 AMD FUEL Service - ok
11:38:57.0728 5400 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
11:38:57.0744 5400 amdhub30 - ok
11:38:57.0759 5400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:38:57.0759 5400 amdide - ok
11:38:57.0775 5400 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:38:57.0790 5400 amdiox64 - ok
11:38:57.0822 5400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:38:57.0853 5400 AmdK8 - ok
11:38:58.0040 5400 [ ACF6058602D202F36C0A2C0C97DB5E3B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:38:58.0274 5400 amdkmdag - ok
11:38:58.0305 5400 [ 1E55EA0AD65688EB43CCE6AED573E82C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:38:58.0336 5400 amdkmdap - ok
11:38:58.0368 5400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:38:58.0383 5400 AmdPPM - ok
11:38:58.0399 5400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:38:58.0414 5400 amdsata - ok
11:38:58.0446 5400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:38:58.0461 5400 amdsbs - ok
11:38:58.0461 5400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:38:58.0477 5400 amdxata - ok
11:38:58.0508 5400 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
11:38:58.0524 5400 amdxhc - ok
11:38:58.0539 5400 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
11:38:58.0555 5400 amd_sata - ok
11:38:58.0570 5400 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
11:38:58.0586 5400 amd_xata - ok
11:38:58.0633 5400 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:38:58.0648 5400 AntiVirSchedulerService - ok
11:38:58.0680 5400 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:38:58.0680 5400 AntiVirService - ok
11:38:58.0726 5400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:38:58.0836 5400 AppID - ok
11:38:58.0851 5400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:38:58.0898 5400 AppIDSvc - ok
11:38:58.0976 5400 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
11:38:59.0023 5400 Appinfo - ok
11:38:59.0054 5400 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:38:59.0085 5400 Apple Mobile Device - ok
11:38:59.0116 5400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:38:59.0132 5400 arc - ok
11:38:59.0163 5400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:38:59.0179 5400 arcsas - ok
11:38:59.0210 5400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:38:59.0257 5400 AsyncMac - ok
11:38:59.0288 5400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:38:59.0304 5400 atapi - ok
11:38:59.0350 5400 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:38:59.0350 5400 AtiHDAudioService - ok
11:38:59.0413 5400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:38:59.0475 5400 AudioEndpointBuilder - ok
11:38:59.0491 5400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:38:59.0522 5400 AudioSrv - ok
11:38:59.0584 5400 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:38:59.0616 5400 avgntflt - ok
11:38:59.0678 5400 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:38:59.0709 5400 avipbb - ok
11:38:59.0740 5400 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:38:59.0740 5400 avkmgr - ok
11:38:59.0803 5400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:38:59.0896 5400 AxInstSV - ok
11:38:59.0928 5400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:38:59.0959 5400 b06bdrv - ok
11:39:00.0006 5400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:00.0052 5400 b57nd60a - ok
11:39:00.0099 5400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:39:00.0146 5400 BDESVC - ok
11:39:00.0177 5400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:39:00.0240 5400 Beep - ok
11:39:00.0318 5400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:39:00.0380 5400 BFE - ok
11:39:00.0396 5400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:39:00.0458 5400 BITS - ok
11:39:00.0474 5400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:00.0520 5400 blbdrive - ok
11:39:00.0552 5400 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:39:00.0567 5400 Bonjour Service - ok
11:39:00.0645 5400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:39:00.0692 5400 bowser - ok
11:39:00.0708 5400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:39:00.0739 5400 BrFiltLo - ok
11:39:00.0770 5400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:39:00.0801 5400 BrFiltUp - ok
11:39:00.0848 5400 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:39:00.0926 5400 BridgeMP - ok
11:39:00.0942 5400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:39:00.0957 5400 Browser - ok
11:39:00.0988 5400 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
11:39:01.0020 5400 BrSerIb - ok
11:39:01.0035 5400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:39:01.0066 5400 Brserid - ok
11:39:01.0082 5400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:01.0098 5400 BrSerWdm - ok
11:39:01.0129 5400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:01.0144 5400 BrUsbMdm - ok
11:39:01.0176 5400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:01.0191 5400 BrUsbSer - ok
11:39:01.0222 5400 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
11:39:01.0254 5400 BrUsbSIb - ok
11:39:01.0254 5400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:39:01.0285 5400 BTHMODEM - ok
11:39:01.0300 5400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:39:01.0332 5400 bthserv - ok
11:39:01.0347 5400 catchme - ok
11:39:01.0363 5400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:39:01.0425 5400 cdfs - ok
11:39:01.0472 5400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:39:01.0503 5400 cdrom - ok
11:39:01.0534 5400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:39:01.0612 5400 CertPropSvc - ok
11:39:01.0644 5400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:39:01.0659 5400 circlass - ok
11:39:01.0675 5400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:39:01.0690 5400 CLFS - ok
11:39:01.0768 5400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:39:01.0800 5400 clr_optimization_v2.0.50727_32 - ok
11:39:01.0846 5400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:39:01.0878 5400 clr_optimization_v2.0.50727_64 - ok
11:39:01.0956 5400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:39:02.0002 5400 clr_optimization_v4.0.30319_32 - ok
11:39:02.0080 5400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:39:02.0096 5400 clr_optimization_v4.0.30319_64 - ok
11:39:02.0112 5400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:39:02.0127 5400 CmBatt - ok
11:39:02.0143 5400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:39:02.0143 5400 cmdide - ok
11:39:02.0174 5400 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:39:02.0205 5400 CNG - ok
11:39:02.0221 5400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:39:02.0236 5400 Compbatt - ok
11:39:02.0252 5400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:39:02.0283 5400 CompositeBus - ok
11:39:02.0299 5400 COMSysApp - ok
11:39:02.0346 5400 [ A2E0A490F1F49ED6E3B83DB52679B036 ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
11:39:02.0377 5400 CoordinatorServiceHost - ok
11:39:02.0392 5400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:39:02.0392 5400 crcdisk - ok
11:39:02.0424 5400 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:39:02.0470 5400 CryptSvc - ok
11:39:02.0533 5400 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:39:02.0548 5400 cvhsvc - ok
11:39:02.0658 5400 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
11:39:02.0689 5400 CyberLink PowerDVD 10 MS Monitor Service - ok
11:39:02.0720 5400 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
11:39:02.0736 5400 CyberLink PowerDVD 10 MS Service - ok
11:39:02.0767 5400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:39:02.0829 5400 DcomLaunch - ok
11:39:02.0876 5400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:39:02.0938 5400 defragsvc - ok
11:39:02.0954 5400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:39:03.0001 5400 DfsC - ok
11:39:03.0032 5400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:39:03.0063 5400 Dhcp - ok
11:39:03.0063 5400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:39:03.0110 5400 discache - ok
11:39:03.0126 5400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:39:03.0141 5400 Disk - ok
11:39:03.0172 5400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:39:03.0219 5400 Dnscache - ok
11:39:03.0250 5400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:39:03.0313 5400 dot3svc - ok
11:39:03.0313 5400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:39:03.0344 5400 DPS - ok
11:39:03.0375 5400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:39:03.0422 5400 drmkaud - ok
11:39:03.0453 5400 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:39:03.0484 5400 DXGKrnl - ok
11:39:03.0516 5400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:39:03.0547 5400 EapHost - ok
11:39:03.0609 5400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:39:03.0703 5400 ebdrv - ok
11:39:03.0718 5400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:39:03.0750 5400 EFS - ok
11:39:03.0796 5400 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:39:03.0859 5400 ehRecvr - ok
11:39:03.0874 5400 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:39:03.0921 5400 ehSched - ok
11:39:03.0937 5400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:39:03.0968 5400 elxstor - ok
11:39:03.0984 5400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:39:03.0999 5400 ErrDev - ok
11:39:04.0046 5400 esgiguard - ok
11:39:04.0077 5400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:39:04.0124 5400 EventSystem - ok
11:39:04.0155 5400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:39:04.0202 5400 exfat - ok
11:39:04.0218 5400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:39:04.0280 5400 fastfat - ok
11:39:04.0311 5400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:39:04.0358 5400 Fax - ok
11:39:04.0374 5400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:39:04.0420 5400 fdc - ok
11:39:04.0436 5400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:39:04.0498 5400 fdPHost - ok
11:39:04.0514 5400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:39:04.0545 5400 FDResPub - ok
11:39:04.0561 5400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:39:04.0576 5400 FileInfo - ok
11:39:04.0576 5400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:39:04.0623 5400 Filetrace - ok
11:39:04.0670 5400 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:39:04.0701 5400 FLEXnet Licensing Service - ok
11:39:04.0764 5400 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:39:04.0826 5400 FLEXnet Licensing Service 64 - ok
11:39:04.0857 5400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:39:04.0873 5400 flpydisk - ok
11:39:04.0888 5400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:39:04.0920 5400 FltMgr - ok
11:39:04.0966 5400 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
11:39:05.0044 5400 FontCache - ok
11:39:05.0091 5400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:39:05.0107 5400 FontCache3.0.0.0 - ok
11:39:05.0107 5400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:39:05.0122 5400 FsDepends - ok
11:39:05.0154 5400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:39:05.0154 5400 Fs_Rec - ok
11:39:05.0185 5400 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:39:05.0200 5400 fvevol - ok
11:39:05.0200 5400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:39:05.0216 5400 gagp30kx - ok
11:39:05.0247 5400 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:39:05.0247 5400 GEARAspiWDM - ok
11:39:05.0278 5400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:39:05.0325 5400 gpsvc - ok
11:39:05.0372 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:39:05.0388 5400 gupdate - ok
11:39:05.0419 5400 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:39:05.0419 5400 gupdatem - ok
11:39:05.0450 5400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:39:05.0466 5400 hcw85cir - ok
11:39:05.0512 5400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:39:05.0544 5400 HdAudAddService - ok
11:39:05.0559 5400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:39:05.0575 5400 HDAudBus - ok
11:39:05.0590 5400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:39:05.0606 5400 HidBatt - ok
11:39:05.0622 5400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:39:05.0653 5400 HidBth - ok
11:39:05.0684 5400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:39:05.0700 5400 HidIr - ok
11:39:05.0715 5400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:39:05.0762 5400 hidserv - ok
11:39:05.0793 5400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:39:05.0824 5400 HidUsb - ok
11:39:05.0840 5400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:39:05.0918 5400 hkmsvc - ok
11:39:05.0934 5400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:39:05.0965 5400 HomeGroupListener - ok
11:39:05.0996 5400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:39:06.0012 5400 HomeGroupProvider - ok
11:39:06.0027 5400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:39:06.0043 5400 HpSAMD - ok
11:39:06.0090 5400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:39:06.0136 5400 HTTP - ok
11:39:06.0136 5400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:39:06.0168 5400 hwpolicy - ok
11:39:06.0214 5400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:39:06.0246 5400 i8042prt - ok
11:39:06.0292 5400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:39:06.0324 5400 iaStorV - ok
11:39:06.0370 5400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:39:06.0433 5400 idsvc - ok
11:39:06.0558 5400 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:39:06.0729 5400 igfx - ok
11:39:06.0745 5400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:39:06.0760 5400 iirsp - ok
11:39:06.0792 5400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:39:06.0854 5400 IKEEXT - ok
11:39:06.0994 5400 [ 21F54139C93FC595902B58ED947D47D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:39:07.0057 5400 IntcAzAudAddService - ok
11:39:07.0072 5400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:39:07.0088 5400 intelide - ok
11:39:07.0104 5400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:39:07.0135 5400 intelppm - ok
11:39:07.0135 5400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:39:07.0182 5400 IPBusEnum - ok
11:39:07.0197 5400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:07.0244 5400 IpFilterDriver - ok
11:39:07.0275 5400 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:39:07.0322 5400 iphlpsvc - ok
11:39:07.0338 5400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:39:07.0369 5400 IPMIDRV - ok
11:39:07.0384 5400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:39:07.0416 5400 IPNAT - ok
11:39:07.0462 5400 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:39:07.0478 5400 iPod Service - ok
11:39:07.0509 5400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:39:07.0556 5400 IRENUM - ok
11:39:07.0587 5400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:39:07.0618 5400 isapnp - ok
11:39:07.0634 5400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:39:07.0665 5400 iScsiPrt - ok
11:39:07.0712 5400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:39:07.0743 5400 kbdclass - ok
11:39:07.0743 5400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:39:07.0759 5400 kbdhid - ok
11:39:07.0774 5400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:39:07.0790 5400 KeyIso - ok
11:39:07.0821 5400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:39:07.0837 5400 KSecDD - ok
11:39:07.0852 5400 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:39:07.0868 5400 KSecPkg - ok
11:39:07.0868 5400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:39:07.0899 5400 ksthunk - ok
11:39:07.0915 5400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:39:07.0962 5400 KtmRm - ok
11:39:07.0977 5400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:39:08.0024 5400 LanmanServer - ok
11:39:08.0040 5400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:39:08.0086 5400 LanmanWorkstation - ok
11:39:08.0102 5400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:39:08.0149 5400 lltdio - ok
11:39:08.0149 5400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:39:08.0196 5400 lltdsvc - ok
11:39:08.0196 5400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:39:08.0242 5400 lmhosts - ok
11:39:08.0274 5400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:39:08.0289 5400 LSI_FC - ok
11:39:08.0305 5400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:39:08.0320 5400 LSI_SAS - ok
11:39:08.0336 5400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:39:08.0352 5400 LSI_SAS2 - ok
11:39:08.0398 5400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:39:08.0414 5400 LSI_SCSI - ok
11:39:08.0430 5400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:39:08.0461 5400 luafv - ok
11:39:08.0508 5400 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:39:08.0539 5400 MBAMProtector - ok
11:39:08.0570 5400 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:39:08.0586 5400 MBAMScheduler - ok
11:39:08.0617 5400 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:39:08.0648 5400 MBAMService - ok
11:39:08.0679 5400 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:39:08.0710 5400 Mcx2Svc - ok
11:39:08.0710 5400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:39:08.0726 5400 megasas - ok
11:39:08.0757 5400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:39:08.0773 5400 MegaSR - ok
11:39:08.0804 5400 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
11:39:08.0820 5400 MemeoBackgroundService - ok
11:39:08.0835 5400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:39:08.0882 5400 MMCSS - ok
11:39:08.0882 5400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:39:08.0929 5400 Modem - ok
11:39:08.0944 5400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:39:08.0960 5400 monitor - ok
11:39:08.0991 5400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:39:08.0991 5400 mouclass - ok
11:39:09.0038 5400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:39:09.0069 5400 mouhid - ok
11:39:09.0085 5400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:39:09.0100 5400 mountmgr - ok
11:39:09.0132 5400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:39:09.0147 5400 mpio - ok
11:39:09.0147 5400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:39:09.0178 5400 mpsdrv - ok
11:39:09.0194 5400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:39:09.0256 5400 MpsSvc - ok
11:39:09.0256 5400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:39:09.0303 5400 MRxDAV - ok
11:39:09.0319 5400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:09.0350 5400 mrxsmb - ok
11:39:09.0366 5400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:09.0397 5400 mrxsmb10 - ok
11:39:09.0412 5400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:09.0428 5400 mrxsmb20 - ok
11:39:09.0444 5400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:39:09.0459 5400 msahci - ok
11:39:09.0475 5400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:39:09.0490 5400 msdsm - ok
11:39:09.0506 5400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:39:09.0522 5400 MSDTC - ok
11:39:09.0537 5400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:39:09.0568 5400 Msfs - ok
11:39:09.0584 5400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:39:09.0631 5400 mshidkmdf - ok
11:39:09.0646 5400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:39:09.0678 5400 msisadrv - ok
11:39:09.0709 5400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:39:09.0756 5400 MSiSCSI - ok
11:39:09.0756 5400 msiserver - ok
11:39:09.0771 5400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:39:09.0802 5400 MSKSSRV - ok
11:39:09.0834 5400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:09.0865 5400 MSPCLOCK - ok
11:39:09.0880 5400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:39:09.0912 5400 MSPQM - ok
11:39:09.0927 5400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:39:09.0943 5400 MsRPC - ok
11:39:09.0958 5400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:39:09.0958 5400 mssmbios - ok
11:39:09.0974 5400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:39:10.0005 5400 MSTEE - ok
11:39:10.0052 5400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:39:10.0068 5400 MTConfig - ok
11:39:10.0083 5400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:39:10.0099 5400 Mup - ok
11:39:10.0130 5400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:39:10.0161 5400 napagent - ok
11:39:10.0208 5400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:39:10.0255 5400 NativeWifiP - ok
11:39:10.0286 5400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:39:10.0317 5400 NDIS - ok
11:39:10.0348 5400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:10.0380 5400 NdisCap - ok
11:39:10.0395 5400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:10.0426 5400 NdisTapi - ok
11:39:10.0442 5400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:10.0473 5400 Ndisuio - ok
11:39:10.0489 5400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:10.0536 5400 NdisWan - ok
11:39:10.0536 5400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:39:10.0567 5400 NDProxy - ok
11:39:10.0582 5400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:39:10.0629 5400 NetBIOS - ok
11:39:10.0645 5400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:39:10.0692 5400 NetBT - ok
11:39:10.0707 5400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:39:10.0707 5400 Netlogon - ok
11:39:10.0754 5400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:39:10.0801 5400 Netman - ok
11:39:10.0816 5400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:39:10.0863 5400 netprofm - ok
11:39:10.0879 5400 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:39:10.0894 5400 NetTcpPortSharing - ok
11:39:10.0910 5400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:39:10.0926 5400 nfrd960 - ok
11:39:10.0941 5400 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:39:10.0972 5400 NlaSvc - ok
11:39:10.0988 5400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:39:11.0019 5400 Npfs - ok
11:39:11.0019 5400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:39:11.0066 5400 nsi - ok
11:39:11.0066 5400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:39:11.0113 5400 nsiproxy - ok
11:39:11.0160 5400 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:39:11.0206 5400 Ntfs - ok
11:39:11.0222 5400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:39:11.0253 5400 Null - ok
11:39:11.0316 5400 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:39:11.0362 5400 NVENETFD - ok
11:39:11.0550 5400 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:39:11.0830 5400 nvlddmkm - ok
11:39:11.0846 5400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:39:11.0862 5400 nvraid - ok
11:39:11.0877 5400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:39:11.0893 5400 nvstor - ok
11:39:11.0908 5400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:39:11.0924 5400 nv_agp - ok
11:39:11.0955 5400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:39:11.0986 5400 ohci1394 - ok
11:39:12.0018 5400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:39:12.0033 5400 ose - ok
11:39:12.0127 5400 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:39:12.0267 5400 osppsvc - ok
11:39:12.0283 5400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:39:12.0298 5400 p2pimsvc - ok
11:39:12.0314 5400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:39:12.0345 5400 p2psvc - ok
11:39:12.0361 5400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:39:12.0376 5400 Parport - ok
11:39:12.0392 5400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:39:12.0408 5400 partmgr - ok
11:39:12.0423 5400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:39:12.0454 5400 PcaSvc - ok
11:39:12.0486 5400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:39:12.0501 5400 pci - ok
11:39:12.0517 5400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:39:12.0532 5400 pciide - ok
11:39:12.0548 5400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:39:12.0564 5400 pcmcia - ok
11:39:12.0579 5400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:39:12.0595 5400 pcw - ok
11:39:12.0610 5400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:39:12.0673 5400 PEAUTH - ok
11:39:12.0720 5400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:39:12.0751 5400 PerfHost - ok
11:39:12.0798 5400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:39:12.0845 5400 pla - ok
11:39:12.0891 5400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:39:12.0938 5400 PlugPlay - ok
11:39:12.0954 5400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:39:12.0985 5400 PNRPAutoReg - ok
11:39:12.0985 5400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:39:13.0001 5400 PNRPsvc - ok
11:39:13.0032 5400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:39:13.0063 5400 PolicyAgent - ok
11:39:13.0079 5400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:39:13.0125 5400 Power - ok
11:39:13.0141 5400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:39:13.0188 5400 PptpMiniport - ok
11:39:13.0188 5400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:39:13.0203 5400 Processor - ok
11:39:13.0250 5400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:39:13.0266 5400 ProfSvc - ok
11:39:13.0281 5400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:39:13.0297 5400 ProtectedStorage - ok
11:39:13.0313 5400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:39:13.0359 5400 Psched - ok
11:39:13.0391 5400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:39:13.0437 5400 ql2300 - ok
11:39:13.0453 5400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:39:13.0469 5400 ql40xx - ok
11:39:13.0469 5400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:39:13.0500 5400 QWAVE - ok
11:39:13.0515 5400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:39:13.0531 5400 QWAVEdrv - ok
11:39:13.0547 5400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:39:13.0578 5400 RasAcd - ok
11:39:13.0609 5400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:13.0656 5400 RasAgileVpn - ok
11:39:13.0671 5400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:39:13.0718 5400 RasAuto - ok
11:39:13.0734 5400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:13.0781 5400 Rasl2tp - ok
11:39:13.0796 5400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:39:13.0827 5400 RasMan - ok
11:39:13.0859 5400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:13.0905 5400 RasPppoe - ok
11:39:13.0921 5400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:39:13.0968 5400 RasSstp - ok
11:39:13.0983 5400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:39:14.0015 5400 rdbss - ok
11:39:14.0015 5400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:39:14.0046 5400 rdpbus - ok
11:39:14.0061 5400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:14.0093 5400 RDPCDD - ok
11:39:14.0124 5400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:39:14.0155 5400 RDPENCDD - ok
11:39:14.0171 5400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:39:14.0202 5400 RDPREFMP - ok
11:39:14.0217 5400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:39:14.0264 5400 RDPWD - ok
11:39:14.0280 5400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:39:14.0295 5400 rdyboost - ok
11:39:14.0389 5400 [ 6713253B37D6DCFC442A286F1D7B5350 ] Remote Solver for Flow Simulation 2012 C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
11:39:14.0420 5400 Remote Solver for Flow Simulation 2012 - ok
11:39:14.0451 5400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:39:14.0498 5400 RemoteAccess - ok
11:39:14.0498 5400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:39:14.0545 5400 RemoteRegistry - ok
11:39:14.0561 5400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:39:14.0592 5400 RpcEptMapper - ok
11:39:14.0607 5400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:39:14.0623 5400 RpcLocator - ok
11:39:14.0639 5400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:39:14.0670 5400 RpcSs - ok
11:39:14.0685 5400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:39:14.0717 5400 rspndr - ok
11:39:14.0748 5400 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:39:14.0779 5400 RTL8167 - ok
11:39:14.0810 5400 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
11:39:14.0857 5400 RTL8192su - ok
11:39:14.0873 5400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:39:14.0873 5400 SamSs - ok
11:39:14.0904 5400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:39:14.0904 5400 sbp2port - ok
11:39:14.0919 5400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:39:14.0951 5400 SCardSvr - ok
11:39:14.0966 5400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:39:15.0013 5400 scfilter - ok
11:39:15.0029 5400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:39:15.0091 5400 Schedule - ok
11:39:15.0107 5400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:39:15.0122 5400 SCPolicySvc - ok
11:39:15.0138 5400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:39:15.0185 5400 SDRSVC - ok
11:39:15.0200 5400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:39:15.0231 5400 secdrv - ok
11:39:15.0247 5400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:39:15.0278 5400 seclogon - ok
11:39:15.0278 5400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:39:15.0325 5400 SENS - ok
11:39:15.0341 5400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:39:15.0372 5400 SensrSvc - ok
11:39:15.0403 5400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:39:15.0419 5400 Serenum - ok
11:39:15.0450 5400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:39:15.0465 5400 Serial - ok
11:39:15.0481 5400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:39:15.0512 5400 sermouse - ok
11:39:15.0528 5400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:39:15.0559 5400 SessionEnv - ok
11:39:15.0606 5400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:39:15.0637 5400 sffdisk - ok
11:39:15.0653 5400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:39:15.0668 5400 sffp_mmc - ok
11:39:15.0684 5400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:39:15.0699 5400 sffp_sd - ok
11:39:15.0715 5400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:39:15.0746 5400 sfloppy - ok
11:39:15.0777 5400 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:39:15.0809 5400 Sftfs - ok
11:39:15.0840 5400 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:39:15.0855 5400 sftlist - ok
11:39:15.0871 5400 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:39:15.0887 5400 Sftplay - ok
11:39:15.0902 5400 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:39:15.0902 5400 Sftredir - ok
11:39:15.0918 5400 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:39:15.0918 5400 Sftvol - ok
11:39:15.0933 5400 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:39:15.0949 5400 sftvsa - ok
11:39:15.0980 5400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:39:16.0011 5400 SharedAccess - ok
11:39:16.0027 5400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:39:16.0074 5400 ShellHWDetection - ok
11:39:16.0089 5400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:39:16.0089 5400 SiSRaid2 - ok
11:39:16.0121 5400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:39:16.0136 5400 SiSRaid4 - ok
11:39:16.0167 5400 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:39:16.0199 5400 SkypeUpdate - ok
11:39:16.0230 5400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:39:16.0277 5400 Smb - ok
11:39:16.0292 5400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:39:16.0308 5400 SNMPTRAP - ok
11:39:16.0323 5400 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
11:39:16.0355 5400 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:39:16.0355 5400 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:39:16.0370 5400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:39:16.0386 5400 spldr - ok
11:39:16.0417 5400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:39:16.0448 5400 Spooler - ok
11:39:16.0495 5400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:39:16.0589 5400 sppsvc - ok
11:39:16.0604 5400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:39:16.0635 5400 sppuinotify - ok
11:39:16.0682 5400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:39:16.0745 5400 srv - ok
11:39:16.0760 5400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:39:16.0807 5400 srv2 - ok
11:39:16.0807 5400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:39:16.0838 5400 srvnet - ok
11:39:16.0869 5400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:39:16.0901 5400 SSDPSRV - ok
11:39:16.0916 5400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:39:16.0963 5400 SstpSvc - ok
11:39:16.0963 5400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:39:16.0979 5400 stexstor - ok
11:39:16.0994 5400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:39:17.0025 5400 stisvc - ok
11:39:17.0041 5400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:39:17.0057 5400 swenum - ok
11:39:17.0072 5400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:39:17.0119 5400 swprv - ok
11:39:17.0150 5400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:39:17.0213 5400 SysMain - ok
11:39:17.0213 5400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:39:17.0244 5400 TabletInputService - ok
11:39:17.0259 5400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:39:17.0306 5400 TapiSrv - ok
11:39:17.0322 5400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:39:17.0353 5400 TBS - ok
11:39:17.0415 5400 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:39:17.0509 5400 Tcpip - ok
11:39:17.0556 5400 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:39:17.0587 5400 TCPIP6 - ok
11:39:17.0603 5400 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:39:17.0618 5400 tcpipreg - ok
11:39:17.0634 5400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:39:17.0665 5400 TDPIPE - ok
11:39:17.0696 5400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:39:17.0712 5400 TDTCP - ok
11:39:17.0743 5400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:39:17.0774 5400 tdx - ok
11:39:17.0774 5400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:39:17.0790 5400 TermDD - ok
11:39:17.0805 5400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:39:17.0868 5400 TermService - ok
11:39:17.0883 5400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:39:17.0899 5400 Themes - ok
11:39:17.0915 5400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:39:17.0946 5400 THREADORDER - ok
11:39:17.0961 5400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:39:17.0993 5400 TrkWks - ok
11:39:18.0039 5400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:39:18.0086 5400 TrustedInstaller - ok
11:39:18.0102 5400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:18.0133 5400 tssecsrv - ok
11:39:18.0149 5400 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:39:18.0164 5400 TsUsbFlt - ok
11:39:18.0180 5400 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:39:18.0211 5400 TsUsbGD - ok
11:39:18.0242 5400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:39:18.0289 5400 tunnel - ok
11:39:18.0320 5400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:39:18.0336 5400 uagp35 - ok
11:39:18.0351 5400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:39:18.0414 5400 udfs - ok
11:39:18.0429 5400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:39:18.0461 5400 UI0Detect - ok
11:39:18.0461 5400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:39:18.0476 5400 uliagpkx - ok
11:39:18.0492 5400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:39:18.0523 5400 umbus - ok
11:39:18.0539 5400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:39:18.0570 5400 UmPass - ok
11:39:18.0585 5400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:39:18.0632 5400 upnphost - ok
11:39:18.0663 5400 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:39:18.0695 5400 USBAAPL64 - ok
11:39:18.0726 5400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:18.0757 5400 usbccgp - ok
11:39:18.0773 5400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:39:18.0788 5400 usbcir - ok
11:39:18.0804 5400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:39:18.0835 5400 usbehci - ok
11:39:18.0851 5400 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:39:18.0851 5400 usbfilter - ok
11:39:18.0882 5400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:39:18.0913 5400 usbhub - ok
11:39:18.0929 5400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:39:18.0929 5400 usbohci - ok
11:39:18.0960 5400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:39:18.0991 5400 usbprint - ok
11:39:19.0007 5400 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:39:19.0022 5400 usbscan - ok
11:39:19.0038 5400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:39:19.0085 5400 USBSTOR - ok
11:39:19.0100 5400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:39:19.0116 5400 usbuhci - ok
11:39:19.0131 5400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:39:19.0163 5400 UxSms - ok
11:39:19.0163 5400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:39:19.0178 5400 VaultSvc - ok
11:39:19.0194 5400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:39:19.0209 5400 vdrvroot - ok
11:39:19.0225 5400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:39:19.0256 5400 vds - ok
11:39:19.0287 5400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:19.0303 5400 vga - ok
11:39:19.0319 5400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:39:19.0350 5400 VgaSave - ok
11:39:19.0365 5400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:39:19.0381 5400 vhdmp - ok
11:39:19.0397 5400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:39:19.0412 5400 viaide - ok
11:39:19.0428 5400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:39:19.0443 5400 volmgr - ok
11:39:19.0443 5400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:39:19.0459 5400 volmgrx - ok
11:39:19.0475 5400 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:39:19.0490 5400 volsnap - ok
11:39:19.0521 5400 [ 193D323A88F442334D652AC5C1F56414 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:39:19.0568 5400 vpnagent - ok
11:39:19.0584 5400 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
11:39:19.0584 5400 vpnva - ok
11:39:19.0599 5400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:39:19.0615 5400 vsmraid - ok
11:39:19.0662 5400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:39:19.0740 5400 VSS - ok
11:39:19.0740 5400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:39:19.0755 5400 vwifibus - ok
11:39:19.0787 5400 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:39:19.0818 5400 vwififlt - ok
11:39:19.0833 5400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:39:19.0865 5400 W32Time - ok
11:39:19.0880 5400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:39:19.0911 5400 WacomPen - ok
11:39:19.0927 5400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:39:19.0958 5400 WANARP - ok
11:39:19.0974 5400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:39:19.0989 5400 Wanarpv6 - ok
11:39:20.0021 5400 [ 63D7250ED2C2E3CD9B11139A608D6C39 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
11:39:20.0036 5400 watchmi ( UnsignedFile.Multi.Generic ) - warning
11:39:20.0036 5400 watchmi - detected UnsignedFile.Multi.Generic (1)
11:39:20.0083 5400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:39:20.0177 5400 wbengine - ok
11:39:20.0192 5400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:39:20.0239 5400 WbioSrvc - ok
11:39:20.0255 5400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:39:20.0301 5400 wcncsvc - ok
11:39:20.0301 5400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:39:20.0333 5400 WcsPlugInService - ok
11:39:20.0364 5400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:39:20.0379 5400 Wd - ok
11:39:20.0395 5400 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:39:20.0426 5400 Wdf01000 - ok
11:39:20.0442 5400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:39:20.0520 5400 WdiServiceHost - ok
11:39:20.0535 5400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:39:20.0551 5400 WdiSystemHost - ok
11:39:20.0567 5400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:39:20.0613 5400 WebClient - ok
11:39:20.0613 5400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:39:20.0660 5400 Wecsvc - ok
11:39:20.0676 5400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:39:20.0707 5400 wercplsupport - ok
11:39:20.0738 5400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:39:20.0785 5400 WerSvc - ok
11:39:20.0816 5400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:20.0832 5400 WfpLwf - ok
11:39:20.0847 5400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:39:20.0863 5400 WIMMount - ok
11:39:20.0879 5400 WinDefend - ok
11:39:20.0879 5400 WinHttpAutoProxySvc - ok
11:39:20.0925 5400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:39:20.0972 5400 Winmgmt - ok
11:39:21.0019 5400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:39:21.0097 5400 WinRM - ok
11:39:21.0159 5400 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:39:21.0191 5400 WinUsb - ok
11:39:21.0222 5400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:39:21.0253 5400 Wlansvc - ok
11:39:21.0284 5400 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:39:21.0300 5400 wlcrasvc - ok
11:39:21.0331 5400 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:39:21.0378 5400 wlidsvc - ok
11:39:21.0409 5400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:39:21.0440 5400 WmiAcpi - ok
11:39:21.0440 5400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:39:21.0471 5400 wmiApSrv - ok
11:39:21.0487 5400 WMPNetworkSvc - ok
11:39:21.0503 5400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:39:21.0518 5400 WPCSvc - ok
11:39:21.0534 5400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:39:21.0549 5400 WPDBusEnum - ok
11:39:21.0549 5400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:39:21.0581 5400 ws2ifsl - ok
11:39:21.0596 5400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:39:21.0612 5400 wscsvc - ok
11:39:21.0612 5400 WSearch - ok
11:39:21.0659 5400 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
11:39:21.0659 5400 wsvd - ok
11:39:21.0721 5400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:39:21.0768 5400 wuauserv - ok
11:39:21.0799 5400 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:39:21.0815 5400 WudfPf - ok
11:39:21.0846 5400 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:39:21.0877 5400 WUDFRd - ok
11:39:21.0877 5400 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:39:21.0893 5400 wudfsvc - ok
11:39:21.0908 5400 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:39:21.0939 5400 WwanSvc - ok
11:39:21.0971 5400 ================ Scan global ===============================
11:39:21.0986 5400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:39:22.0017 5400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:39:22.0033 5400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:39:22.0049 5400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:39:22.0064 5400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:39:22.0080 5400 [Global] - ok
11:39:22.0080 5400 ================ Scan MBR ==================================
11:39:22.0095 5400 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
11:39:22.0314 5400 \Device\Harddisk0\DR0 - ok
11:39:22.0314 5400 ================ Scan VBR ==================================
11:39:22.0314 5400 [ 521BA6E06CF73128BB0825C3637A31E0 ] \Device\Harddisk0\DR0\Partition1
11:39:22.0314 5400 \Device\Harddisk0\DR0\Partition1 - ok
11:39:22.0345 5400 [ 4993626D5E885B3541AE4E9A7F708F20 ] \Device\Harddisk0\DR0\Partition2
11:39:22.0345 5400 \Device\Harddisk0\DR0\Partition2 - ok
11:39:22.0376 5400 [ A39A13EC2C80736C96AE795F1E13A7A9 ] \Device\Harddisk0\DR0\Partition3
11:39:22.0376 5400 \Device\Harddisk0\DR0\Partition3 - ok
11:39:22.0376 5400 ============================================================
11:39:22.0376 5400 Scan finished
11:39:22.0376 5400 ============================================================
11:39:22.0392 5596 Detected object count: 2
11:39:22.0392 5596 Actual detected object count: 2
11:40:28.0209 5596 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:28.0209 5596 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:28.0209 5596 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:28.0209 5596 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:41:19.0908 0372 Deinitialize success
und Code:
ATTFilter 11:45:43.0030 2300 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:45:45.0043 2300 ============================================================
11:45:45.0043 2300 Current date / time: 2013/05/18 11:45:45.0043
11:45:45.0043 2300 SystemInfo:
11:45:45.0043 2300
11:45:45.0043 2300 OS Version: 6.1.7601 ServicePack: 1.0
11:45:45.0043 2300 Product type: Workstation
11:45:45.0043 2300 ComputerName: ALI-PC
11:45:45.0043 2300 UserName: Ali
11:45:45.0043 2300 Windows directory: C:\Windows
11:45:45.0043 2300 System windows directory: C:\Windows
11:45:45.0043 2300 Running under WOW64
11:45:45.0043 2300 Processor architecture: Intel x64
11:45:45.0043 2300 Number of processors: 4
11:45:45.0043 2300 Page size: 0x1000
11:45:45.0043 2300 Boot type: Normal boot
11:45:45.0043 2300 ============================================================
11:45:46.0431 2300 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:45:46.0462 2300 ============================================================
11:45:46.0462 2300 \Device\Harddisk0\DR0:
11:45:46.0462 2300 MBR partitions:
11:45:46.0462 2300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:45:46.0462 2300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
11:45:46.0462 2300 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
11:45:46.0462 2300 ============================================================
11:45:46.0478 2300 C: <-> \Device\Harddisk0\DR0\Partition2
11:45:46.0509 2300 D: <-> \Device\Harddisk0\DR0\Partition3
11:45:46.0509 2300 ============================================================
11:45:46.0509 2300 Initialize success
11:45:46.0509 2300 ============================================================
|
|
19.05.2013, 02:19
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: Citadel Logs sind ok JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Malware: Citadel |
|
19.05.2013, 12:29
| #22 |
| | Malware: Citadel JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ali on 19.05.2013 at 12:47:27,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho336F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC61.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{14EAC74E-B753-442C-9817-E09CFAFF671C}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{20E34768-5806-48C5-9DBF-F3FB8B296E44}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{2A230A30-EC0A-4F9D-BBC2-5FF4EDAF4CAE}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{2C022E2E-0D64-4264-9019-6AF522A8BAF0}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{522AD0D7-90EB-4C59-AEF2-6BCDDBE526D8}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{5CE34088-BF66-4D82-98B1-5BA5C81F2F1E}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{63959D95-5E1F-44B3-B9AE-84722F314DFA}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{66D6C13A-8773-4A8E-BC61-47975B298723}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{A8D1432B-C913-40F4-A203-D92236EB18A3}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{B1A39E47-3000-4230-93C3-9CFB6076E7B6}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{F578281F-C2C0-4857-8BE3-0829A097AE2E}
Successfully deleted: [Empty Folder] C:\Users\Ali\appdata\local\{FF286E22-4084-431F-99A0-C79951C819B6}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.05.2013 at 12:51:00,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Log AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 19/05/2013 um 12:58:28 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ali - ALI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ali\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [831 octets] - [19/05/2013 12:58:28]
########## EOF - C:\AdwCleaner[S1].txt - [890 octets] ##########
[/CODE] OTL Log OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.05.2013 13:21:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ali\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,48 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 55,65% Memory free 6,95 Gb Paging File | 4,72 Gb Available in Paging File | 67,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 813,41 Gb Free Space | 92,39% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 27,01 Gb Free Space | 54,03% Space Free | Partition Type: NTFS Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ALI-PC | User Name: Ali | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ali\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\WOT\WOT.dll () MOD - C:\Program Files (x86)\Secure Banking\funcs.dll () MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe () MOD - C:\Program Files (x86)\Tobias Buchner\YouProxy\SpicIE.dll () ========== Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV:64bit: - (Remote Solver for Flow Simulation 2012) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\SearchScopes,DefaultScope = {2EE7A148-AF2C-4C37-8D9A-FA99F8A50C86} IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\SearchScopes\{2EE7A148-AF2C-4C37-8D9A-FA99F8A50C86}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393DE497 IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-732902274-989681646-235948354-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.05.14 21:16:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKU\S-1-5-21-732902274-989681646-235948354-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-732902274-989681646-235948354-1002..\Run: [Facebook Update] C:\Users\Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-732902274-989681646-235948354-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-732902274-989681646-235948354-1002..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-732902274-989681646-235948354-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-732902274-989681646-235948354-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B8E66E-4DBE-4DD5-A9B2-435B47A7B3E9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AAD6D8A-0CD9-4833-8080-E9547C00E9E4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.10 01:30:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.19 13:02:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe [2013.05.19 12:47:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.19 12:46:19 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.19 12:46:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ali\Desktop\JRT.exe [2013.05.17 18:06:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ali\Desktop\tdsskiller.exe [2013.05.17 17:49:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ali\Desktop\aswMBR.exe [2013.05.16 21:49:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.16 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\mbar [2013.05.15 21:03:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.15 21:03:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.15 21:03:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 21:03:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 21:03:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.15 21:03:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.15 21:03:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 21:03:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 21:03:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.15 21:03:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.15 21:03:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.15 21:03:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.15 21:03:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 21:03:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 21:03:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 19:05:59 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 19:05:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 19:05:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 19:05:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 19:05:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 19:05:51 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 19:05:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 18:52:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.11 00:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.11 00:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.11 00:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.11 00:10:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.10 13:06:27 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\Neuer Ordner (2) [2013.05.10 12:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.10 12:49:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.10 12:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.10 01:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.10 01:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.09 20:52:53 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Ykma [2013.05.09 20:52:53 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Idmol [2013.05.09 14:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2013.05.08 19:15:34 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\Zeichnungen [2013.05.08 19:07:27 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\TempSWBackupDirectory [2013.05.08 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\SolidWorks [2013.05.08 19:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidWorks Flow Simulation [2013.05.08 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\SolidWorks Visual Studio Tools for Applications [2013.05.08 19:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\SolidWorks Corp [2013.05.08 19:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidWorks [2013.05.08 19:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.05.08 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013.05.08 19:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.05.08 19:00:31 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\Visual Studio 2005 [2013.05.08 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 [2013.05.08 19:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.05.08 18:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2013.05.08 18:59:32 | 000,000,000 | ---D | C] -- C:\SolidWorks Data [2013.05.08 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\help_images_otherUI [2013.05.08 10:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.05.07 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\DassaultSystemes [2013.05.07 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\DassaultSystemes [2013.05.07 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes [2013.05.07 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\EDrawings [2013.05.07 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.05.07 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.05.07 21:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared [2013.05.07 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared [2013.05.07 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidWorks Corp [2013.05.07 21:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2012 [2013.05.07 21:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installations-Manager [2013.05.07 21:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager [2013.05.07 21:27:16 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\SolidWorks Downloads [2013.05.07 21:27:16 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks [2013.05.07 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\SolidWorks [2013.05.07 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Apple Computer [2013.05.07 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Apple Computer [2013.05.07 15:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.07 15:48:19 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.05.07 15:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.07 15:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.07 15:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.07 15:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.05.07 15:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.07 15:47:21 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Apple [2013.05.07 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.05.07 15:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.05.07 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.05.07 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.05.07 15:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.05.07 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.05.07 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\redsn0w [2013.05.07 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\ipod jailbreak [2013.05.06 17:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013.05.06 17:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2013.05.06 11:11:38 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 12:30:45 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\PDF24 [2013.05.05 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Cisco [2013.05.05 12:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2013.05.05 12:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2013.05.05 12:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.05.03 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\Alis Daten [2013.05.03 16:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.05.03 16:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24 [2013.05.03 16:52:48 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Programs [2013.05.02 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\Ali\Desktop\Thrpiztrum [2013.05.02 13:23:17 | 000,000,000 | R--D | C] -- C:\Users\Ali\Documents\Scanned Documents [2013.05.02 13:23:17 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\Fax [2013.04.29 08:00:10 | 000,000,000 | ---D | C] -- C:\Users\Ali\.tfo4 [2013.04.22 10:11:21 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Apps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.19 13:11:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.19 13:07:06 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.19 13:07:06 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.19 13:07:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-732902274-989681646-235948354-1002UA.job [2013.05.19 13:06:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.19 13:05:46 | 001,500,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.19 13:05:46 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.19 13:05:46 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.19 13:05:46 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.19 13:05:46 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.19 13:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe [2013.05.19 13:00:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.19 12:59:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.19 12:59:43 | 2800,545,792 | -HS- | M] () -- C:\hiberfil.sys [2013.05.19 12:57:54 | 000,632,031 | ---- | M] () -- C:\Users\Ali\Desktop\adwcleaner.exe [2013.05.19 12:46:19 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ali\Desktop\JRT.exe [2013.05.17 18:06:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ali\Desktop\tdsskiller.exe [2013.05.17 18:05:00 | 000,000,512 | ---- | M] () -- C:\Users\Ali\Desktop\MBR.dat [2013.05.17 17:50:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ali\Desktop\aswMBR.exe [2013.05.17 17:49:25 | 000,014,840 | ---- | M] () -- C:\Users\Ali\Desktop\get-mirror-server.htm [2013.05.16 22:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-732902274-989681646-235948354-1002Core.job [2013.05.16 22:06:54 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.16 22:06:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.16 21:48:58 | 459,138,601 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.16 21:22:25 | 012,917,756 | ---- | M] () -- C:\Users\Ali\Desktop\mbar-1.05.0.1001.zip [2013.05.16 21:22:17 | 000,015,041 | ---- | M] () -- C:\Users\Ali\Desktop\download-malwarebytes_anti_rootkit.htm [2013.05.16 09:31:48 | 000,309,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 21:16:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.14 21:10:26 | 000,001,130 | ---- | M] () -- C:\Users\Ali\Desktop\ComboFix - Verknüpfung.lnk [2013.05.14 20:52:13 | 000,014,152 | ---- | M] () -- C:\Users\Ali\Desktop\combofix.lnk [2013.05.12 13:28:14 | 000,000,000 | ---- | M] () -- C:\Users\Ali\AppData\Local\Temptable.xml [2013.05.10 12:49:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.10 01:30:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.08 19:03:01 | 000,002,785 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk [2013.05.08 18:50:01 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk [2013.05.08 18:48:46 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI [2013.05.08 18:48:42 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk [2013.05.07 15:48:35 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.07 12:45:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.06 11:11:28 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.03 17:21:59 | 000,182,529 | ---- | M] () -- C:\Users\Ali\Desktop\002.jpg [2013.05.03 16:44:28 | 000,005,829 | ---- | M] () -- C:\Users\Ali\Documents\LANXESSAli Isle1.odt [2013.05.03 16:27:50 | 000,005,675 | ---- | M] () -- C:\Users\Ali\Documents\CURRENTAAli Islek.odt [2013.05.03 16:13:53 | 000,005,896 | ---- | M] () -- C:\Users\Ali\Documents\LANXESSAli Islek.odt [2013.05.03 14:08:24 | 000,043,626 | -HS- | M] () -- C:\Users\Ali\Desktop\Folder.jpg [2013.05.03 14:08:24 | 000,043,626 | -HS- | M] () -- C:\Users\Ali\Desktop\AlbumArt_{BFC6AF81-D8F9-4040-835B-5D022FB48B1F}_Large.jpg [2013.05.03 14:08:24 | 000,008,788 | -HS- | M] () -- C:\Users\Ali\Desktop\AlbumArtSmall.jpg [2013.05.03 14:08:24 | 000,008,788 | -HS- | M] () -- C:\Users\Ali\Desktop\AlbumArt_{BFC6AF81-D8F9-4040-835B-5D022FB48B1F}_Small.jpg [2013.05.02 14:43:20 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.19 12:57:54 | 000,632,031 | ---- | C] () -- C:\Users\Ali\Desktop\adwcleaner.exe [2013.05.17 18:05:00 | 000,000,512 | ---- | C] () -- C:\Users\Ali\Desktop\MBR.dat [2013.05.17 17:48:38 | 000,014,840 | ---- | C] () -- C:\Users\Ali\Desktop\get-mirror-server.htm [2013.05.16 21:48:58 | 459,138,601 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.05.16 21:22:09 | 012,917,756 | ---- | C] () -- C:\Users\Ali\Desktop\mbar-1.05.0.1001.zip [2013.05.16 21:20:28 | 000,015,041 | ---- | C] () -- C:\Users\Ali\Desktop\download-malwarebytes_anti_rootkit.htm [2013.05.14 21:10:26 | 000,001,130 | ---- | C] () -- C:\Users\Ali\Desktop\ComboFix - Verknüpfung.lnk [2013.05.11 00:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.11 00:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.11 00:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.11 00:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.11 00:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.10 12:49:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.10 01:30:45 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.05.08 19:15:51 | 000,000,000 | ---- | C] () -- C:\Users\Ali\AppData\Local\Temptable.xml [2013.05.08 19:03:01 | 000,002,785 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk [2013.05.08 18:48:46 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2013.05.08 18:48:42 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk [2013.05.07 21:42:55 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk [2013.05.07 15:48:35 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.07 15:47:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.07 12:45:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.03 17:21:59 | 000,182,529 | ---- | C] () -- C:\Users\Ali\Desktop\002.jpg [2013.05.03 16:33:46 | 000,005,829 | ---- | C] () -- C:\Users\Ali\Documents\LANXESSAli Isle1.odt [2013.05.03 16:27:48 | 000,005,675 | ---- | C] () -- C:\Users\Ali\Documents\CURRENTAAli Islek.odt [2013.05.03 16:13:51 | 000,005,896 | ---- | C] () -- C:\Users\Ali\Documents\LANXESSAli Islek.odt [2013.05.03 14:08:17 | 000,043,626 | -HS- | C] () -- C:\Users\Ali\Desktop\Folder.jpg [2013.05.03 14:08:17 | 000,043,626 | -HS- | C] () -- C:\Users\Ali\Desktop\AlbumArt_{BFC6AF81-D8F9-4040-835B-5D022FB48B1F}_Large.jpg [2013.05.03 14:08:17 | 000,008,788 | -HS- | C] () -- C:\Users\Ali\Desktop\AlbumArtSmall.jpg [2013.05.03 14:08:17 | 000,008,788 | -HS- | C] () -- C:\Users\Ali\Desktop\AlbumArt_{BFC6AF81-D8F9-4040-835B-5D022FB48B1F}_Small.jpg [2013.04.12 20:20:45 | 000,000,367 | ---- | C] () -- C:\Users\Ali\Heimnetzgruppe - Verknüpfung.lnk [2013.02.24 21:56:56 | 000,121,359 | ---- | C] () -- C:\Users\Ali\541019_10151490385920622_923617879_n.jpg [2013.02.10 21:53:52 | 000,022,147 | ---- | C] () -- C:\Users\Ali\burpees-exercise.jpg [2013.02.06 00:28:11 | 000,006,875 | ---- | C] () -- C:\Users\Ali\lebenslauif2.odt [2013.02.05 23:48:40 | 000,008,234 | ---- | C] () -- C:\Users\Ali\phsio2.odt [2012.12.23 01:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Ali\defogger_reenable [2012.12.09 22:02:52 | 001,841,122 | ---- | C] () -- C:\Users\Ali\MOV00165.3gp [2012.09.03 11:03:44 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.09.03 11:03:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7320.DAT [2012.08.15 18:45:23 | 000,017,408 | ---- | C] () -- C:\Users\Ali\AppData\Local\WebpageIcons.db [2012.08.14 12:57:37 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.08.14 12:49:49 | 011,027,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.25 21:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.25 20:29:27 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.25 20:29:27 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.25 20:29:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.03.29 09:22:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.03.03 01:33:26 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.23 14:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Ashampoo [2013.05.07 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\DassaultSystemes [2012.10.03 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\e-academy Inc [2013.05.07 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\EDrawings [2012.12.22 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Foyda [2013.05.09 20:52:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Idmol [2013.05.07 14:54:57 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\redsn0w [2013.05.12 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\SoftGrid Client [2012.12.22 15:26:51 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Teza [2013.03.18 15:15:22 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Tobias Buchner [2012.08.14 12:50:55 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\TP [2012.12.08 23:50:32 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Windows Live Writer [2013.05.10 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Ykma ========== Purity Check ========== < End of report > [/CODE] |
|
19.05.2013, 20:32
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: CitadelFixen mit OTL
Code:
ATTFilter :OTL
[2012.12.22 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Foyda
[2013.05.09 20:52:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Idmol
[2013.05.10 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Ykma
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2013, 10:23
| #24 |
| | Malware: CitadelCode:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Ali\AppData\Roaming\Foyda folder moved successfully.
C:\Users\Ali\AppData\Roaming\Idmol folder moved successfully.
C:\Users\Ali\AppData\Roaming\Ykma folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ali\Desktop\cmd.bat deleted successfully.
C:\Users\Ali\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Ali
->Temp folder emptied: 85732681 bytes
->Temporary Internet Files folder emptied: 296575149 bytes
->Java cache emptied: 14660819 bytes
->Google Chrome cache emptied: 241430816 bytes
->Flash cache emptied: 59342 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715914 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50577003 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 659,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 05202013_111454
Files\Folders moved on Reboot...
C:\Users\Ali\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JX23LAB1\134730-malware-citadel-3[1].htm moved successfully.
C:\Users\Ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59EDVPT\search[1].htm moved successfully.
C:\Users\Ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.05.2013, 22:17
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: Citadel Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2013, 13:55
| #26 |
| | Malware: Citadel Anti-Malware Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.21.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ali :: ALI-PC [Administrator] 21.05.2013 12:34:10 mbam-log-2013-05-21 (12-34-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 365468 Laufzeit: 37 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\Users\Ali\AppData\Roaming\Ywiha\neick.exe.vir (Trojan.Zbot.RVgen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f005a4cf0b5de9498c5a004e2c0848a3
# engine=13879
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-21 12:46:44
# local_time=2013-05-21 02:46:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 7907 234563694 691 0
# compatibility_mode=5893 16776574 100 94 20738590 120770254 0 0
# scanned=158802
# found=0
# cleaned=0
# scan_time=4050
|
|
21.05.2013, 14:00
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: Citadel Nur ein Fund in der Q von CF, das ist harmlos Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2013, 15:45
| #28 |
| | Malware: Citadel Super, gut ich glaube das wars dann. Hoffe das ich nicht so schnell wieder hier antanzen muss  Vielen dank von meiner Seite, hast sehr sehr geholfen! |
|
21.05.2013, 19:48
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware: Citadel Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware: Citadel |
| angegeben, bedrohungen, bezüglich, citadel, daten, ereignisse, erkannt, funktionen, gefunde, gen, hinweis, malware, malware gefunden, online, online banking, programm, prozess, reagieren, status, woche |
Textbox. 
Linear-Darstellung
