| |
| |||||||
Log-Analyse und Auswertung: LPD BM.I TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.05.2013, 11:18
| #1 |
 |  LPD BM.I Trojaner meine Lieben, nachdem einige Zeit eine Ruh war, hab ich nun wieder den LT meines alten Herrn bekommen :-) Der "lustige" Trojaner des BM.I der auch die Kamera aktiviert hat ihn befallen. Abgesichert mit Netzwerk geht noch. Ist jemand so lieb und führt mich durch den Entfernungs-Dschungel? Danke schonmal für Eure Hilfe |
|
16.05.2013, 12:43
| #2 |
| /// Malware-holic   | LPD BM.I Trojaner hi
__________________dann mal in den abges mit Netzwerk: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
16.05.2013, 15:02
| #3 |
| | LPD BM.I Trojaner Servus Markus,
__________________vielen Dank für deine rasche Antwort, hier die beiden files als Anhang lG Georg |
|
16.05.2013, 16:16
| #4 |
| /// Malware-holic | LPD BM.I Trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\rbjml.dat ()
O4 - HKCU..\Run: [User] C:\System\user.exe ()
[2013.05.16 13:29:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.16 15:35:18 | 095,023,320 | ---- | M] () -- C:\ProgramData\lmjbr.pad
[2013.05.15 13:27:55 | 000,001,030 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.05.15 13:27:39 | 000,002,609 | ---- | M] () -- C:\ProgramData\lmjbr.js
[2013.05.15 13:27:39 | 000,000,151 | ---- | M] () -- C:\ProgramData\lmjbr.reg
[2013.05.15 13:27:39 | 000,000,055 | ---- | M] () -- C:\ProgramData\lmjbr.bat
[2013.05.15 13:27:14 | 000,126,976 | ---- | M] () -- C:\Users\Besitzer\8810213.dll
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2013, 19:14
| #5 |
| | LPD BM.I Trojaner So, alles erledigt. Danke soweit. Auch für die ultraraschen Antworten... die movedfiles.zip hab ich (hoffentlich richtig) hochgeladen. Warte auf neue Befehle :-) |
|
16.05.2013, 19:17
| #6 |
| /// Malware-holic | LPD BM.I Trojaner danke fürs hochladen Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> LPD BM.I Trojaner |
|
16.05.2013, 19:41
| #7 |
| | LPD BM.I Trojaner ok. TDSSKiller ist gelaufen... log file hab ich in den raufladekanal gestellt |
|
16.05.2013, 19:52
| #8 |
| /// Malware-holic | LPD BM.I Trojaner bitte logs hier anhängen bzw posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2013, 20:05
| #9 |
| | LPD BM.I Trojaner Entschuldigung, ich bin glaube ich zu doof dafür. Code:
ATTFilter 22:35:18.0166 6120 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:35:18.0300 6120 ============================================================
22:35:18.0300 6120 Current date / time: 2013/05/16 22:35:18.0300
22:35:18.0300 6120 SystemInfo:
22:35:18.0300 6120
22:35:18.0300 6120 OS Version: 6.1.7600 ServicePack: 0.0
22:35:18.0300 6120 Product type: Workstation
22:35:18.0301 6120 ComputerName: BESITZER-TOSH
22:35:18.0301 6120 UserName: Besitzer
22:35:18.0301 6120 Windows directory: C:\Windows
22:35:18.0301 6120 System windows directory: C:\Windows
22:35:18.0301 6120 Running under WOW64
22:35:18.0301 6120 Processor architecture: Intel x64
22:35:18.0301 6120 Number of processors: 4
22:35:18.0301 6120 Page size: 0x1000
22:35:18.0301 6120 Boot type: Normal boot
22:35:18.0301 6120 ============================================================
22:35:18.0698 6120 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:18.0706 6120 ============================================================
22:35:18.0706 6120 \Device\Harddisk0\DR0:
22:35:18.0707 6120 MBR partitions:
22:35:18.0707 6120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
22:35:18.0707 6120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
22:35:18.0707 6120 ============================================================
22:35:18.0980 6120 C: <-> \Device\Harddisk0\DR0\Partition1
22:35:19.0011 6120 D: <-> \Device\Harddisk0\DR0\Partition2
22:35:19.0011 6120 ============================================================
22:35:19.0011 6120 Initialize success
22:35:19.0011 6120 ============================================================
22:35:31.0149 2508 ============================================================
22:35:31.0149 2508 Scan started
22:35:31.0149 2508 Mode: Manual; SigCheck; TDLFS;
22:35:31.0149 2508 ============================================================
22:35:31.0607 2508 ================ Scan system memory ========================
22:35:31.0607 2508 System memory - ok
22:35:31.0608 2508 ================ Scan services =============================
22:35:31.0812 2508 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:35:31.0942 2508 1394ohci - ok
22:35:31.0968 2508 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:35:31.0986 2508 ACPI - ok
22:35:32.0022 2508 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:35:32.0107 2508 AcpiPmi - ok
22:35:32.0232 2508 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:35:32.0258 2508 AdobeARMservice - ok
22:35:32.0430 2508 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:35:32.0459 2508 AdobeFlashPlayerUpdateSvc - ok
22:35:32.0495 2508 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:35:32.0517 2508 adp94xx - ok
22:35:32.0540 2508 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:35:32.0559 2508 adpahci - ok
22:35:32.0572 2508 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:35:32.0587 2508 adpu320 - ok
22:35:32.0616 2508 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:35:32.0759 2508 AeLookupSvc - ok
22:35:32.0803 2508 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:35:32.0883 2508 AFD - ok
22:35:32.0911 2508 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:35:32.0931 2508 agp440 - ok
22:35:32.0957 2508 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:35:33.0034 2508 ALG - ok
22:35:33.0066 2508 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:35:33.0087 2508 aliide - ok
22:35:33.0124 2508 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:35:33.0205 2508 AMD External Events Utility - ok
22:35:33.0244 2508 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:35:33.0269 2508 amdide - ok
22:35:33.0289 2508 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:35:33.0331 2508 AmdK8 - ok
22:35:33.0485 2508 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
22:35:33.0677 2508 amdkmdag - ok
22:35:33.0711 2508 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:35:33.0748 2508 amdkmdap - ok
22:35:33.0778 2508 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:35:33.0828 2508 AmdPPM - ok
22:35:33.0855 2508 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:35:33.0870 2508 amdsata - ok
22:35:33.0903 2508 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:35:33.0921 2508 amdsbs - ok
22:35:33.0931 2508 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:35:33.0942 2508 amdxata - ok
22:35:34.0029 2508 [ 05676A56207CA37F3E76FAB3CEB97BD7 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
22:35:34.0055 2508 AntiVirMailService - ok
22:35:34.0129 2508 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:35:34.0149 2508 AntiVirSchedulerService - ok
22:35:34.0220 2508 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:35:34.0241 2508 AntiVirService - ok
22:35:34.0312 2508 [ 3370240F20C2AA5E17CD73F065D02FC1 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:35:34.0346 2508 AntiVirWebService - ok
22:35:34.0392 2508 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:35:34.0492 2508 AppID - ok
22:35:34.0544 2508 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:35:34.0610 2508 AppIDSvc - ok
22:35:34.0640 2508 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:35:34.0692 2508 Appinfo - ok
22:35:34.0766 2508 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:35:34.0787 2508 Apple Mobile Device - ok
22:35:34.0837 2508 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:35:34.0858 2508 arc - ok
22:35:34.0871 2508 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:35:34.0885 2508 arcsas - ok
22:35:34.0905 2508 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:34.0960 2508 AsyncMac - ok
22:35:35.0005 2508 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:35:35.0029 2508 atapi - ok
22:35:35.0184 2508 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:35:35.0378 2508 atikmdag - ok
22:35:35.0415 2508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:35:35.0462 2508 AudioEndpointBuilder - ok
22:35:35.0471 2508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:35:35.0517 2508 AudioSrv - ok
22:35:35.0573 2508 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:35:35.0606 2508 avgntflt - ok
22:35:35.0655 2508 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:35:35.0681 2508 avipbb - ok
22:35:35.0725 2508 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:35:35.0749 2508 avkmgr - ok
22:35:35.0790 2508 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:35:35.0884 2508 AxInstSV - ok
22:35:35.0930 2508 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:35:35.0986 2508 b06bdrv - ok
22:35:36.0019 2508 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:35:36.0073 2508 b57nd60a - ok
22:35:36.0197 2508 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:35:36.0228 2508 BBSvc - ok
22:35:36.0265 2508 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:35:36.0299 2508 BBUpdate - ok
22:35:36.0422 2508 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:35:36.0486 2508 BCM43XX - ok
22:35:36.0516 2508 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:35:36.0546 2508 BDESVC - ok
22:35:36.0582 2508 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:35:36.0675 2508 Beep - ok
22:35:36.0721 2508 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:35:36.0825 2508 BFE - ok
22:35:36.0862 2508 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:35:36.0927 2508 BITS - ok
22:35:36.0962 2508 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:35:36.0997 2508 blbdrive - ok
22:35:37.0076 2508 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:35:37.0108 2508 Bonjour Service - ok
22:35:37.0146 2508 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:35:37.0203 2508 bowser - ok
22:35:37.0233 2508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:35:37.0292 2508 BrFiltLo - ok
22:35:37.0308 2508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:35:37.0332 2508 BrFiltUp - ok
22:35:37.0386 2508 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:35:37.0459 2508 BridgeMP - ok
22:35:37.0513 2508 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:35:37.0556 2508 Browser - ok
22:35:37.0603 2508 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:35:37.0657 2508 Brserid - ok
22:35:37.0683 2508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:35:37.0722 2508 BrSerWdm - ok
22:35:37.0747 2508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:35:37.0799 2508 BrUsbMdm - ok
22:35:37.0822 2508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:35:37.0853 2508 BrUsbSer - ok
22:35:37.0868 2508 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:35:37.0901 2508 BTHMODEM - ok
22:35:37.0945 2508 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:35:38.0006 2508 bthserv - ok
22:35:38.0025 2508 catchme - ok
22:35:38.0062 2508 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:35:38.0121 2508 cdfs - ok
22:35:38.0147 2508 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:35:38.0172 2508 cdrom - ok
22:35:38.0206 2508 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:35:38.0248 2508 CertPropSvc - ok
22:35:38.0352 2508 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:35:38.0377 2508 cfWiMAXService - ok
22:35:38.0418 2508 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:35:38.0458 2508 circlass - ok
22:35:38.0501 2508 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:35:38.0531 2508 CLFS - ok
22:35:38.0593 2508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:38.0615 2508 clr_optimization_v2.0.50727_32 - ok
22:35:38.0654 2508 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:35:38.0674 2508 clr_optimization_v2.0.50727_64 - ok
22:35:38.0761 2508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:35:38.0789 2508 clr_optimization_v4.0.30319_32 - ok
22:35:38.0854 2508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:35:38.0879 2508 clr_optimization_v4.0.30319_64 - ok
22:35:38.0897 2508 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:35:38.0924 2508 CmBatt - ok
22:35:38.0942 2508 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:35:38.0956 2508 cmdide - ok
22:35:39.0000 2508 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:35:39.0041 2508 CNG - ok
22:35:39.0084 2508 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:35:39.0096 2508 Compbatt - ok
22:35:39.0124 2508 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:35:39.0159 2508 CompositeBus - ok
22:35:39.0184 2508 COMSysApp - ok
22:35:39.0222 2508 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:35:39.0232 2508 ConfigFree Service - ok
22:35:39.0262 2508 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:35:39.0284 2508 crcdisk - ok
22:35:39.0334 2508 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:35:39.0388 2508 CryptSvc - ok
22:35:39.0453 2508 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:35:39.0524 2508 DcomLaunch - ok
22:35:39.0554 2508 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:35:39.0612 2508 defragsvc - ok
22:35:39.0648 2508 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:35:39.0695 2508 DfsC - ok
22:35:39.0732 2508 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:35:39.0817 2508 Dhcp - ok
22:35:39.0845 2508 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:35:39.0912 2508 discache - ok
22:35:39.0946 2508 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:35:39.0958 2508 Disk - ok
22:35:39.0995 2508 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:35:40.0031 2508 Dnscache - ok
22:35:40.0065 2508 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:35:40.0126 2508 dot3svc - ok
22:35:40.0141 2508 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:35:40.0193 2508 DPS - ok
22:35:40.0227 2508 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:35:40.0263 2508 drmkaud - ok
22:35:40.0307 2508 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:35:40.0337 2508 DXGKrnl - ok
22:35:40.0358 2508 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:35:40.0424 2508 EapHost - ok
22:35:40.0508 2508 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:35:40.0632 2508 ebdrv - ok
22:35:40.0681 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:35:40.0729 2508 EFS - ok
22:35:40.0801 2508 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:35:40.0875 2508 ehRecvr - ok
22:35:40.0922 2508 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:35:40.0966 2508 ehSched - ok
22:35:41.0018 2508 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:35:41.0053 2508 elxstor - ok
22:35:41.0071 2508 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:35:41.0095 2508 ErrDev - ok
22:35:41.0147 2508 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:35:41.0210 2508 EventSystem - ok
22:35:41.0245 2508 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:35:41.0295 2508 exfat - ok
22:35:41.0310 2508 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:35:41.0364 2508 fastfat - ok
22:35:41.0411 2508 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:35:41.0461 2508 Fax - ok
22:35:41.0493 2508 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:35:41.0509 2508 fdc - ok
22:35:41.0532 2508 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:35:41.0612 2508 fdPHost - ok
22:35:41.0626 2508 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:35:41.0673 2508 FDResPub - ok
22:35:41.0696 2508 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:35:41.0709 2508 FileInfo - ok
22:35:41.0743 2508 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:35:41.0811 2508 Filetrace - ok
22:35:41.0837 2508 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:35:41.0878 2508 flpydisk - ok
22:35:41.0907 2508 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:35:41.0937 2508 FltMgr - ok
22:35:41.0990 2508 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:35:42.0071 2508 FontCache - ok
22:35:42.0149 2508 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:35:42.0170 2508 FontCache3.0.0.0 - ok
22:35:42.0184 2508 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:35:42.0200 2508 FsDepends - ok
22:35:42.0246 2508 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:35:42.0270 2508 Fs_Rec - ok
22:35:42.0319 2508 [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:35:42.0342 2508 fvevol - ok
22:35:42.0380 2508 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:35:42.0396 2508 gagp30kx - ok
22:35:42.0449 2508 [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:35:42.0477 2508 GameConsoleService - ok
22:35:42.0521 2508 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:35:42.0539 2508 GEARAspiWDM - ok
22:35:42.0587 2508 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:35:42.0649 2508 gpsvc - ok
22:35:42.0721 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:35:42.0744 2508 gupdate - ok
22:35:42.0777 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:35:42.0798 2508 gupdatem - ok
22:35:42.0837 2508 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:35:42.0862 2508 gusvc - ok
22:35:42.0895 2508 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:35:42.0948 2508 hcw85cir - ok
22:35:42.0986 2508 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:35:43.0041 2508 HdAudAddService - ok
22:35:43.0058 2508 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:35:43.0086 2508 HDAudBus - ok
22:35:43.0125 2508 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:35:43.0137 2508 HECIx64 - ok
22:35:43.0162 2508 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:35:43.0191 2508 HidBatt - ok
22:35:43.0208 2508 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:35:43.0245 2508 HidBth - ok
22:35:43.0275 2508 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:35:43.0293 2508 HidIr - ok
22:35:43.0313 2508 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:35:43.0380 2508 hidserv - ok
22:35:43.0411 2508 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:35:43.0443 2508 HidUsb - ok
22:35:43.0478 2508 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:35:43.0558 2508 hkmsvc - ok
22:35:43.0603 2508 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:35:43.0671 2508 HomeGroupListener - ok
22:35:43.0689 2508 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:35:43.0714 2508 HomeGroupProvider - ok
22:35:43.0754 2508 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:35:43.0771 2508 HpSAMD - ok
22:35:43.0812 2508 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:35:43.0874 2508 HTTP - ok
22:35:44.0180 2508 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:35:44.0202 2508 hwpolicy - ok
22:35:44.0238 2508 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:35:44.0255 2508 i8042prt - ok
22:35:44.0296 2508 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:35:44.0318 2508 iaStor - ok
22:35:44.0362 2508 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:35:44.0386 2508 iaStorV - ok
22:35:44.0441 2508 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:35:44.0481 2508 idsvc - ok
22:35:44.0521 2508 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:35:44.0548 2508 iirsp - ok
22:35:44.0640 2508 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:35:44.0662 2508 IJPLMSVC - ok
22:35:44.0705 2508 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:35:44.0776 2508 IKEEXT - ok
22:35:44.0858 2508 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:35:44.0915 2508 IntcAzAudAddService - ok
22:35:44.0952 2508 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:35:44.0962 2508 intelide - ok
22:35:44.0996 2508 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:35:45.0035 2508 intelppm - ok
22:35:45.0064 2508 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:35:45.0132 2508 IPBusEnum - ok
22:35:45.0145 2508 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:35:45.0196 2508 IpFilterDriver - ok
22:35:45.0224 2508 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:35:45.0291 2508 iphlpsvc - ok
22:35:45.0323 2508 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:35:45.0355 2508 IPMIDRV - ok
22:35:45.0361 2508 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:35:45.0426 2508 IPNAT - ok
22:35:45.0502 2508 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:35:45.0544 2508 iPod Service - ok
22:35:45.0574 2508 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:35:45.0592 2508 IRENUM - ok
22:35:45.0606 2508 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:35:45.0619 2508 isapnp - ok
22:35:45.0637 2508 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:35:45.0655 2508 iScsiPrt - ok
22:35:45.0687 2508 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:35:45.0713 2508 kbdclass - ok
22:35:45.0735 2508 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:35:45.0766 2508 kbdhid - ok
22:35:45.0793 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:35:45.0809 2508 KeyIso - ok
22:35:45.0838 2508 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:35:45.0854 2508 KSecDD - ok
22:35:45.0868 2508 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:35:45.0886 2508 KSecPkg - ok
22:35:45.0912 2508 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:35:45.0965 2508 ksthunk - ok
22:35:45.0996 2508 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:35:46.0057 2508 KtmRm - ok
22:35:46.0161 2508 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:35:46.0220 2508 LanmanServer - ok
22:35:46.0249 2508 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:35:46.0326 2508 LanmanWorkstation - ok
22:35:46.0355 2508 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:35:46.0395 2508 lltdio - ok
22:35:46.0429 2508 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:35:46.0488 2508 lltdsvc - ok
22:35:46.0511 2508 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:35:46.0553 2508 lmhosts - ok
22:35:46.0627 2508 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:35:46.0649 2508 LMS - ok
22:35:46.0706 2508 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
22:35:46.0724 2508 LPCFilter - ok
22:35:46.0759 2508 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:35:46.0778 2508 LSI_FC - ok
22:35:46.0783 2508 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:35:46.0801 2508 LSI_SAS - ok
22:35:46.0806 2508 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:35:46.0818 2508 LSI_SAS2 - ok
22:35:46.0824 2508 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:35:46.0838 2508 LSI_SCSI - ok
22:35:46.0850 2508 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:35:46.0908 2508 luafv - ok
22:35:46.0949 2508 [ 7AEAC0B5B185CB5601673A0462C7EC36 ] massfilter C:\Windows\system32\drivers\massfilter.sys
22:35:46.0994 2508 massfilter - ok
22:35:47.0049 2508 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:35:47.0074 2508 MBAMProtector - ok
22:35:47.0142 2508 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:35:47.0167 2508 MBAMScheduler - ok
22:35:47.0214 2508 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:35:47.0244 2508 MBAMService - ok
22:35:47.0270 2508 McMPFSvc - ok
22:35:47.0301 2508 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:35:47.0339 2508 Mcx2Svc - ok
22:35:47.0362 2508 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:35:47.0380 2508 megasas - ok
22:35:47.0388 2508 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:35:47.0408 2508 MegaSR - ok
22:35:47.0431 2508 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:35:47.0481 2508 MMCSS - ok
22:35:47.0511 2508 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:35:47.0586 2508 Modem - ok
22:35:47.0601 2508 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:35:47.0628 2508 monitor - ok
22:35:47.0665 2508 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:35:47.0689 2508 mouclass - ok
22:35:47.0713 2508 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:35:47.0756 2508 mouhid - ok
22:35:47.0781 2508 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:35:47.0805 2508 mountmgr - ok
22:35:47.0824 2508 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:35:47.0839 2508 mpio - ok
22:35:47.0860 2508 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:35:47.0910 2508 mpsdrv - ok
22:35:47.0944 2508 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:35:48.0012 2508 MpsSvc - ok
22:35:48.0025 2508 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:35:48.0058 2508 MRxDAV - ok
22:35:48.0093 2508 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:35:48.0135 2508 mrxsmb - ok
22:35:48.0207 2508 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:35:48.0254 2508 mrxsmb10 - ok
22:35:48.0279 2508 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:35:48.0313 2508 mrxsmb20 - ok
22:35:48.0336 2508 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:35:48.0351 2508 msahci - ok
22:35:48.0373 2508 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:35:48.0387 2508 msdsm - ok
22:35:48.0398 2508 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:35:48.0428 2508 MSDTC - ok
22:35:48.0456 2508 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:35:48.0497 2508 Msfs - ok
22:35:48.0533 2508 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:35:48.0593 2508 mshidkmdf - ok
22:35:48.0608 2508 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:35:48.0619 2508 msisadrv - ok
22:35:48.0657 2508 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:35:48.0714 2508 MSiSCSI - ok
22:35:48.0717 2508 msiserver - ok
22:35:48.0746 2508 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:35:48.0791 2508 MSKSSRV - ok
22:35:48.0817 2508 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:35:48.0868 2508 MSPCLOCK - ok
22:35:48.0888 2508 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:35:48.0941 2508 MSPQM - ok
22:35:48.0964 2508 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:35:48.0982 2508 MsRPC - ok
22:35:48.0996 2508 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:35:49.0006 2508 mssmbios - ok
22:35:49.0028 2508 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:35:49.0080 2508 MSTEE - ok
22:35:49.0088 2508 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:35:49.0114 2508 MTConfig - ok
22:35:49.0139 2508 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:35:49.0153 2508 Mup - ok
22:35:49.0186 2508 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:35:49.0245 2508 napagent - ok
22:35:49.0287 2508 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:35:49.0333 2508 NativeWifiP - ok
22:35:49.0367 2508 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:35:49.0398 2508 NDIS - ok
22:35:49.0430 2508 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:35:49.0501 2508 NdisCap - ok
22:35:49.0523 2508 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:35:49.0569 2508 NdisTapi - ok
22:35:49.0587 2508 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:35:49.0646 2508 Ndisuio - ok
22:35:49.0674 2508 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:35:49.0716 2508 NdisWan - ok
22:35:49.0734 2508 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:35:49.0781 2508 NDProxy - ok
22:35:49.0856 2508 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:35:49.0898 2508 Nero BackItUp Scheduler 4.0 - ok
22:35:49.0929 2508 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:35:50.0003 2508 NetBIOS - ok
22:35:50.0022 2508 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:35:50.0122 2508 NetBT - ok
22:35:50.0148 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:35:50.0160 2508 Netlogon - ok
22:35:50.0201 2508 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:35:50.0260 2508 Netman - ok
22:35:50.0292 2508 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:35:50.0350 2508 netprofm - ok
22:35:50.0372 2508 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:50.0384 2508 NetTcpPortSharing - ok
22:35:50.0418 2508 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:35:50.0430 2508 nfrd960 - ok
22:35:50.0461 2508 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:35:50.0524 2508 NlaSvc - ok
22:35:50.0547 2508 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:35:50.0599 2508 Npfs - ok
22:35:50.0621 2508 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:35:50.0674 2508 nsi - ok
22:35:50.0694 2508 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:35:50.0741 2508 nsiproxy - ok
22:35:50.0809 2508 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:35:50.0875 2508 Ntfs - ok
22:35:50.0900 2508 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:35:50.0938 2508 Null - ok
22:35:50.0969 2508 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:35:50.0997 2508 nvraid - ok
22:35:51.0030 2508 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:35:51.0061 2508 nvstor - ok
22:35:51.0089 2508 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:35:51.0104 2508 nv_agp - ok
22:35:51.0132 2508 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:35:51.0172 2508 ohci1394 - ok
22:35:51.0237 2508 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:35:51.0264 2508 ose64 - ok
22:35:51.0462 2508 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:35:51.0683 2508 osppsvc - ok
22:35:51.0726 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:35:51.0778 2508 p2pimsvc - ok
22:35:51.0809 2508 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:35:51.0835 2508 p2psvc - ok
22:35:51.0859 2508 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:35:51.0880 2508 Parport - ok
22:35:51.0916 2508 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:35:51.0928 2508 partmgr - ok
22:35:51.0953 2508 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:35:51.0990 2508 PcaSvc - ok
22:35:52.0008 2508 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:35:52.0024 2508 pci - ok
22:35:52.0040 2508 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:35:52.0052 2508 pciide - ok
22:35:52.0070 2508 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:35:52.0087 2508 pcmcia - ok
22:35:52.0106 2508 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:35:52.0119 2508 pcw - ok
22:35:52.0145 2508 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:35:52.0208 2508 PEAUTH - ok
22:35:52.0283 2508 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:35:52.0320 2508 PerfHost - ok
22:35:52.0368 2508 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
22:35:52.0385 2508 PGEffect - ok
22:35:52.0442 2508 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:35:52.0521 2508 pla - ok
22:35:52.0570 2508 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:35:52.0610 2508 PlugPlay - ok
22:35:52.0624 2508 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:35:52.0640 2508 PNRPAutoReg - ok
22:35:52.0658 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:35:52.0677 2508 PNRPsvc - ok
22:35:52.0714 2508 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:35:52.0781 2508 PolicyAgent - ok
22:35:52.0804 2508 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:35:52.0865 2508 Power - ok
22:35:52.0899 2508 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:35:52.0972 2508 PptpMiniport - ok
22:35:52.0998 2508 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:35:53.0039 2508 Processor - ok
22:35:53.0084 2508 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:35:53.0121 2508 ProfSvc - ok
22:35:53.0137 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:35:53.0159 2508 ProtectedStorage - ok
22:35:53.0192 2508 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:35:53.0262 2508 Psched - ok
22:35:53.0323 2508 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:35:53.0376 2508 ql2300 - ok
22:35:53.0403 2508 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:35:53.0417 2508 ql40xx - ok
22:35:53.0445 2508 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:35:53.0471 2508 QWAVE - ok
22:35:53.0488 2508 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:35:53.0522 2508 QWAVEdrv - ok
22:35:53.0604 2508 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:35:53.0632 2508 RapiMgr - ok
22:35:53.0663 2508 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:35:53.0746 2508 RasAcd - ok
22:35:53.0780 2508 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:35:53.0822 2508 RasAgileVpn - ok
22:35:53.0849 2508 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:35:53.0904 2508 RasAuto - ok
22:35:53.0930 2508 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:35:53.0988 2508 Rasl2tp - ok
22:35:54.0009 2508 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:35:54.0070 2508 RasMan - ok
22:35:54.0095 2508 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:35:54.0150 2508 RasPppoe - ok
22:35:54.0174 2508 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:35:54.0225 2508 RasSstp - ok
22:35:54.0253 2508 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:35:54.0304 2508 rdbss - ok
22:35:54.0321 2508 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:35:54.0336 2508 rdpbus - ok
22:35:54.0364 2508 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:35:54.0405 2508 RDPCDD - ok
22:35:54.0412 2508 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:35:54.0466 2508 RDPENCDD - ok
22:35:54.0490 2508 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:35:54.0530 2508 RDPREFMP - ok
22:35:54.0563 2508 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:35:54.0609 2508 RDPWD - ok
22:35:54.0657 2508 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:35:54.0688 2508 rdyboost - ok
22:35:54.0718 2508 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:35:54.0788 2508 RemoteAccess - ok
22:35:54.0807 2508 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:35:54.0854 2508 RemoteRegistry - ok
22:35:54.0879 2508 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:35:54.0937 2508 RpcEptMapper - ok
22:35:54.0969 2508 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:35:55.0012 2508 RpcLocator - ok
22:35:55.0040 2508 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:35:55.0090 2508 RpcSs - ok
22:35:55.0136 2508 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:35:55.0192 2508 rspndr - ok
22:35:55.0362 2508 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:35:55.0391 2508 RSUSBSTOR - ok
22:35:55.0421 2508 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:35:55.0437 2508 RTHDMIAzAudService - ok
22:35:55.0474 2508 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:35:55.0492 2508 RTL8167 - ok
22:35:55.0504 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:35:55.0518 2508 SamSs - ok
22:35:55.0537 2508 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:35:55.0551 2508 sbp2port - ok
22:35:55.0579 2508 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:35:55.0634 2508 SCardSvr - ok
22:35:55.0651 2508 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:35:55.0701 2508 scfilter - ok
22:35:55.0760 2508 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:35:55.0811 2508 Schedule - ok
22:35:55.0840 2508 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:35:55.0894 2508 SCPolicySvc - ok
22:35:55.0918 2508 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:35:55.0940 2508 SDRSVC - ok
22:35:55.0967 2508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:35:56.0053 2508 secdrv - ok
22:35:56.0070 2508 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:35:56.0134 2508 seclogon - ok
22:35:56.0154 2508 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:35:56.0210 2508 SENS - ok
22:35:56.0241 2508 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:35:56.0273 2508 SensrSvc - ok
22:35:56.0292 2508 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:35:56.0319 2508 Serenum - ok
22:35:56.0344 2508 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:35:56.0376 2508 Serial - ok
22:35:56.0403 2508 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:35:56.0434 2508 sermouse - ok
22:35:56.0478 2508 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:35:56.0531 2508 SessionEnv - ok
22:35:56.0542 2508 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:35:56.0569 2508 sffdisk - ok
22:35:56.0597 2508 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:35:56.0628 2508 sffp_mmc - ok
22:35:56.0646 2508 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:35:56.0670 2508 sffp_sd - ok
22:35:56.0697 2508 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:35:56.0725 2508 sfloppy - ok
22:35:56.0769 2508 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:35:56.0830 2508 SharedAccess - ok
22:35:56.0864 2508 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:35:56.0893 2508 ShellHWDetection - ok
22:35:56.0913 2508 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:35:56.0926 2508 SiSRaid2 - ok
22:35:56.0949 2508 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:35:56.0962 2508 SiSRaid4 - ok
22:35:57.0017 2508 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:35:57.0041 2508 SkypeUpdate - ok
22:35:57.0062 2508 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:35:57.0131 2508 Smb - ok
22:35:57.0177 2508 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:35:57.0212 2508 SNMPTRAP - ok
22:35:57.0232 2508 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:35:57.0250 2508 spldr - ok
22:35:57.0281 2508 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:35:57.0329 2508 Spooler - ok
22:35:57.0425 2508 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:35:57.0492 2508 sppsvc - ok
22:35:57.0509 2508 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:35:57.0567 2508 sppuinotify - ok
22:35:57.0597 2508 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:35:57.0632 2508 srv - ok
22:35:57.0659 2508 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:35:57.0686 2508 srv2 - ok
22:35:57.0761 2508 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:35:57.0803 2508 srvnet - ok
22:35:57.0840 2508 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:35:57.0919 2508 SSDPSRV - ok
22:35:57.0942 2508 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:35:58.0029 2508 SstpSvc - ok
22:35:58.0052 2508 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:35:58.0064 2508 stexstor - ok
22:35:58.0101 2508 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:35:58.0131 2508 stisvc - ok
22:35:58.0156 2508 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:35:58.0168 2508 swenum - ok
22:35:58.0196 2508 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:35:58.0259 2508 swprv - ok
22:35:58.0299 2508 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:35:58.0314 2508 SynTP - ok
22:35:58.0368 2508 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:35:58.0425 2508 SysMain - ok
22:35:58.0461 2508 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:35:58.0488 2508 TabletInputService - ok
22:35:58.0504 2508 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:35:58.0560 2508 TapiSrv - ok
22:35:58.0585 2508 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:35:58.0635 2508 TBS - ok
22:35:58.0717 2508 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:35:58.0781 2508 Tcpip - ok
22:35:58.0874 2508 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:35:58.0925 2508 TCPIP6 - ok
22:35:58.0950 2508 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:35:58.0989 2508 tcpipreg - ok
22:35:59.0030 2508 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:35:59.0039 2508 tdcmdpst - ok
22:35:59.0059 2508 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:35:59.0083 2508 TDPIPE - ok
22:35:59.0120 2508 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:35:59.0160 2508 TDTCP - ok
22:35:59.0192 2508 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:35:59.0265 2508 tdx - ok
22:35:59.0423 2508 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:35:59.0490 2508 TeamViewer7 - ok
22:35:59.0527 2508 [ 1B43FDBFE5A98F6B3D90595C6B2E5277 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
22:35:59.0538 2508 TemproMonitoringService - ok
22:35:59.0573 2508 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:35:59.0586 2508 TermDD - ok
22:35:59.0624 2508 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:35:59.0682 2508 TermService - ok
22:35:59.0712 2508 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:35:59.0760 2508 Themes - ok
22:35:59.0775 2508 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:35:59.0821 2508 THREADORDER - ok
22:35:59.0879 2508 [ DFE9BA871B9F3DBB591BD113611CBCC0 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:35:59.0898 2508 TMachInfo - ok
22:35:59.0939 2508 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:35:59.0964 2508 TODDSrv - ok
22:36:00.0056 2508 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:36:00.0088 2508 TosCoSrv - ok
22:36:00.0138 2508 [ 895F6972480306CB2A2A246991E34C68 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
22:36:00.0158 2508 TOSHIBA Bluetooth Service - ok
22:36:00.0206 2508 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:36:00.0232 2508 TOSHIBA eco Utility Service - ok
22:36:00.0274 2508 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:36:00.0295 2508 TOSHIBA HDD SSD Alert Service - ok
22:36:00.0339 2508 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
22:36:00.0357 2508 tosporte - ok
22:36:00.0376 2508 [ 1B09357180034639E62CF745E77AC66E ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
22:36:00.0393 2508 tosrfbd - ok
22:36:00.0433 2508 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
22:36:00.0442 2508 tosrfbnp - ok
22:36:00.0455 2508 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
22:36:00.0465 2508 Tosrfcom - ok
22:36:00.0505 2508 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
22:36:00.0520 2508 tosrfec - ok
22:36:00.0553 2508 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
22:36:00.0571 2508 Tosrfhid - ok
22:36:00.0605 2508 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
22:36:00.0618 2508 tosrfnds - ok
22:36:00.0639 2508 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
22:36:00.0654 2508 TosRfSnd - ok
22:36:00.0696 2508 [ DE44A2A2459D0504F146E599F4BD2074 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
22:36:00.0715 2508 Tosrfusb - ok
22:36:00.0761 2508 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:36:00.0788 2508 TPCHSrv - ok
22:36:00.0810 2508 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:36:00.0862 2508 TrkWks - ok
22:36:01.0182 2508 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:36:01.0222 2508 TrustedInstaller - ok
22:36:01.0244 2508 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:01.0304 2508 tssecsrv - ok
22:36:01.0335 2508 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:36:01.0390 2508 tunnel - ok
22:36:01.0428 2508 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:36:01.0438 2508 TVALZ - ok
22:36:01.0466 2508 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
22:36:01.0476 2508 TVALZFL - ok
22:36:01.0497 2508 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:36:01.0511 2508 uagp35 - ok
22:36:01.0529 2508 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:36:01.0591 2508 udfs - ok
22:36:01.0619 2508 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:36:01.0645 2508 UI0Detect - ok
22:36:01.0680 2508 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:36:01.0709 2508 uliagpkx - ok
22:36:01.0738 2508 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:36:01.0778 2508 umbus - ok
22:36:01.0823 2508 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:36:01.0843 2508 UmPass - ok
22:36:01.0976 2508 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:36:02.0033 2508 UNS - ok
22:36:02.0064 2508 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:36:02.0112 2508 upnphost - ok
22:36:02.0155 2508 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:36:02.0208 2508 USBAAPL64 - ok
22:36:02.0242 2508 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:02.0295 2508 usbccgp - ok
22:36:02.0326 2508 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:36:02.0357 2508 usbcir - ok
22:36:02.0387 2508 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:36:02.0401 2508 usbehci - ok
22:36:02.0423 2508 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:36:02.0443 2508 usbhub - ok
22:36:02.0460 2508 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:36:02.0488 2508 usbohci - ok
22:36:02.0515 2508 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:36:02.0548 2508 usbprint - ok
22:36:02.0587 2508 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:36:02.0608 2508 usbscan - ok
22:36:02.0645 2508 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:02.0691 2508 USBSTOR - ok
22:36:02.0718 2508 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:36:02.0756 2508 usbuhci - ok
22:36:02.0790 2508 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:36:02.0832 2508 usbvideo - ok
22:36:02.0860 2508 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:36:02.0919 2508 UxSms - ok
22:36:02.0938 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:36:02.0951 2508 VaultSvc - ok
22:36:02.0976 2508 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:36:02.0988 2508 vdrvroot - ok
22:36:03.0026 2508 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:36:03.0082 2508 vds - ok
22:36:03.0126 2508 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:03.0147 2508 vga - ok
22:36:03.0162 2508 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:36:03.0214 2508 VgaSave - ok
22:36:03.0220 2508 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:36:03.0238 2508 vhdmp - ok
22:36:03.0267 2508 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:36:03.0279 2508 viaide - ok
22:36:03.0413 2508 [ 0A4605BA46C73B50E3F4A2F0D4BB4210 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
22:36:03.0433 2508 VMCService ( UnsignedFile.Multi.Generic ) - warning
22:36:03.0434 2508 VMCService - detected UnsignedFile.Multi.Generic (1)
22:36:03.0467 2508 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:36:03.0490 2508 volmgr - ok
22:36:03.0513 2508 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:36:03.0533 2508 volmgrx - ok
22:36:03.0568 2508 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:36:03.0602 2508 volsnap - ok
22:36:03.0642 2508 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:36:03.0657 2508 vsmraid - ok
22:36:03.0990 2508 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:36:04.0049 2508 VSS - ok
22:36:04.0405 2508 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:36:04.0451 2508 vwifibus - ok
22:36:04.0469 2508 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:36:04.0502 2508 vwififlt - ok
22:36:04.0535 2508 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:36:04.0585 2508 W32Time - ok
22:36:04.0608 2508 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:36:04.0633 2508 WacomPen - ok
22:36:04.0663 2508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:36:04.0718 2508 WANARP - ok
22:36:04.0741 2508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:36:04.0780 2508 Wanarpv6 - ok
22:36:04.0834 2508 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:36:04.0874 2508 WatAdminSvc - ok
22:36:04.0963 2508 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:36:05.0052 2508 wbengine - ok
22:36:05.0080 2508 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:36:05.0108 2508 WbioSrvc - ok
22:36:05.0172 2508 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:36:05.0199 2508 WcesComm - ok
22:36:05.0231 2508 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:36:05.0281 2508 wcncsvc - ok
22:36:05.0304 2508 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:36:05.0338 2508 WcsPlugInService - ok
22:36:05.0364 2508 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:36:05.0382 2508 Wd - ok
22:36:05.0541 2508 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:36:05.0589 2508 Wdf01000 - ok
22:36:05.0613 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:36:05.0653 2508 WdiServiceHost - ok
22:36:05.0657 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:36:05.0678 2508 WdiSystemHost - ok
22:36:05.0715 2508 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:36:05.0750 2508 WebClient - ok
22:36:05.0783 2508 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:36:05.0868 2508 Wecsvc - ok
22:36:05.0883 2508 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:36:05.0939 2508 wercplsupport - ok
22:36:05.0970 2508 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:36:06.0036 2508 WerSvc - ok
22:36:06.0068 2508 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:36:06.0108 2508 WfpLwf - ok
22:36:06.0133 2508 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:36:06.0145 2508 WIMMount - ok
22:36:06.0154 2508 WinDefend - ok
22:36:06.0159 2508 WinHttpAutoProxySvc - ok
22:36:06.0201 2508 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:36:06.0246 2508 Winmgmt - ok
22:36:06.0318 2508 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:36:06.0413 2508 WinRM - ok
22:36:06.0446 2508 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:36:06.0472 2508 WinUsb - ok
22:36:06.0504 2508 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:36:06.0554 2508 Wlansvc - ok
22:36:06.0670 2508 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:36:06.0730 2508 wlidsvc - ok
22:36:06.0759 2508 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:36:06.0796 2508 WmiAcpi - ok
22:36:06.0832 2508 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:36:06.0860 2508 wmiApSrv - ok
22:36:06.0880 2508 WMPNetworkSvc - ok
22:36:06.0916 2508 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:36:06.0948 2508 WPCSvc - ok
22:36:06.0961 2508 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:36:06.0995 2508 WPDBusEnum - ok
22:36:07.0015 2508 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:36:07.0078 2508 ws2ifsl - ok
22:36:07.0111 2508 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
22:36:07.0147 2508 wscsvc - ok
22:36:07.0151 2508 WSearch - ok
22:36:07.0234 2508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:36:07.0307 2508 wuauserv - ok
22:36:07.0341 2508 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:36:07.0362 2508 WudfPf - ok
22:36:07.0384 2508 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:07.0421 2508 WUDFRd - ok
22:36:07.0455 2508 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:36:07.0479 2508 wudfsvc - ok
22:36:07.0508 2508 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:36:07.0541 2508 WwanSvc - ok
22:36:07.0571 2508 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:36:07.0614 2508 ZTEusbmdm6k - ok
22:36:07.0647 2508 [ 788E574905A3E3A08FC218CADEDCA71F ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
22:36:07.0690 2508 ZTEusbnet - ok
22:36:07.0710 2508 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:36:07.0732 2508 ZTEusbnmea - ok
22:36:07.0772 2508 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:36:07.0798 2508 ZTEusbser6k - ok
22:36:07.0853 2508 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
22:36:07.0902 2508 ZTEusbvoice - ok
22:36:07.0935 2508 ================ Scan global ===============================
22:36:07.0952 2508 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:36:07.0986 2508 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:36:07.0999 2508 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:36:08.0038 2508 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:36:08.0076 2508 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:36:08.0080 2508 [Global] - ok
22:36:08.0081 2508 ================ Scan MBR ==================================
22:36:08.0089 2508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:36:09.0192 2508 \Device\Harddisk0\DR0 - ok
22:36:09.0193 2508 ================ Scan VBR ==================================
22:36:09.0225 2508 [ D6410509EF7C1A067A1A1B3C062F37E5 ] \Device\Harddisk0\DR0\Partition1
22:36:09.0227 2508 \Device\Harddisk0\DR0\Partition1 - ok
22:36:09.0256 2508 [ 3CDEEDD5B7B02F322431328A4B17C065 ] \Device\Harddisk0\DR0\Partition2
22:36:09.0259 2508 \Device\Harddisk0\DR0\Partition2 - ok
22:36:09.0260 2508 ============================================================
22:36:09.0260 2508 Scan finished
22:36:09.0260 2508 ============================================================
22:36:09.0275 4272 Detected object count: 1
22:36:09.0275 4272 Actual detected object count: 1
22:36:32.0528 4272 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
22:36:32.0528 4272 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:51.0517 5736 Deinitialize success
|
|
16.05.2013, 23:34
| #10 |
| /// Malware-holic | LPD BM.I Trojaner passt Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 12:26
| #11 |
| | LPD BM.I Trojaner So, Combofix abgeschlossen; kein Gejammer, kein Gemecker... ..und hier das logfile: Code:
ATTFilter ComboFix 13-05-16.02 - Besitzer 17.05.2013 14:56:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3955.1894 [GMT 2:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Besitzer\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Besitzer\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Besitzer\AppData\Roaming\skype.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-17 bis 2013-05-17 ))))))))))))))))))))))))))))))
.
.
2013-05-17 13:02 . 2013-05-17 13:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-17 13:02 . 2013-05-17 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 17:00 . 2013-05-14 17:00 -------- d-----w- c:\windows\system32\SPReview
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-02 09:10 . 2013-05-02 09:10 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-24 15:19 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 01:00 . 2011-07-12 19:38 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-16 11:33 . 2012-07-24 09:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 11:33 . 2011-08-16 09:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 12:50 . 2012-05-25 16:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 12:59 . 2013-03-28 12:59 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 12:59 . 2013-03-28 12:59 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 12:59 . 2013-03-28 12:59 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-01-19 2499584]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-2-24 2721120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-08-18 11776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-17 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-12-28 135168]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 119680]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-05-02 371768]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-05-02 562744]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-01-19 9216]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 54684802
*Deregistered* - 54684802
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-24 15:11 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 11:33]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 07:30]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 07:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-17 15:05:14
ComboFix-quarantined-files.txt 2013-05-17 13:05
ComboFix2.txt 2012-05-23 07:24
.
Vor Suchlauf: 13 Verzeichnis(se), 267.005.669.376 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 266.941.943.808 Bytes frei
.
- - End Of File - - 7C1A346C82BD3275E9F797EB8D7D1EDE
|
|
17.05.2013, 12:36
| #12 |
| /// Malware-holic | LPD BM.I Trojaner Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 14:11
| #13 |
| | LPD BM.I Trojaner Malewarebytes ist durch ..log ist da: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.17.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Besitzer :: BESITZER-TOSH [Administrator] 17.05.2013 15:42:25 mbam-log-2013-05-17 (15-42-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 430111 Laufzeit: 1 Stunde(n), 18 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles.zip (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05162013_215659\C_ProgramData\rbjml.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) gehts jetzt schon in den Endspurt? |
|
17.05.2013, 14:16
| #14 |
| /// Malware-holic | LPD BM.I Trojaner noch nich ganz Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn du meinst, fertig zu sein, bitte gehe auf computer, mit Rechtsklick, eigenschaften, prüfe, ob das servicepack 1 (sp1) instaliert ist, melden bitte, wenn fertig oder bei Problemen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.05.2013, 15:53
| #15 |
| | LPD BM.I Trojaner Bisher hatte alles so gut geklappt aber das SP lässt sich nun nicht installieren. Er sagt zwar, dass es beim Herunterfahren konfiguriert wird macht es dann aber wieder rückgängig und das update erscheint nach dem Neustart wieder in der Menüleiste. |
|
| Themen zu LPD BM.I Trojaner |
| aktiviert, alten, führt, kamera, liebe, lieben, lustige, netzwerk, schonmal, troja, trojane, trojaner |
WARNUNG an die MITLESER: 