Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.07.2013, 21:03   #1
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Icon17

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hallo liebes Trojaner Board,

ich habe mir einen wirklich sehr unangenehmen Virus eingegfangen. Nach dem Hochfahren kommt ein weißer Bildschirm mit dem BKA-Logo ich soll Geld zahlen....blabla >>das kennt ihr ja. Das Problem ist das der abgesicherte Modus auch nicht mehr funktioniert. Wenn ich den abgesicherten Modus starte fährt der PC nach dem er ganz kurz hochgefahren war wieder runter.
Die Rescue-CDs von Avira stand (Mai/2013) Kaspersky vom (30.06.2013) und AVG vom (?) hab ich scannen lassen, alle drei ohne Befund.
Was soll ich machen??
Ich hatte noch nie so ein Problem und gehöre nicht zu den unerfahrensten nutzern.

Gruß ALex

Alt 05.07.2013, 21:13   #2
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hi
wenn du ein erfahrener Nutzer bist, solltest du wissen, dass das Updaten der gesammten Software nötig ist, damit hättest du das Problem vermieden :-)
schaun wir mal
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 05.07.2013, 21:43   #3
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Komme morgen früh annen PC mit Brenner.

Danke schon mal.

Gruß
__________________

Alt 05.07.2013, 21:51   #4
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



bitte solche Zwischenposts weglassen, da neue an diesen angehangen werden, muss ich sonst hier reingucken, unnötiger Weise
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 08:40   #5
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hallo Markus,

Also wenn ich OTL starte will er von mir den Ordner wissen wo Windows installiert ist, ich nehme dann den C:\ Windows Ordner Richtig? Danach kommen die Fragen die Du oben angeführt hast.
Wenn ich dann diesen Code in die Textbox kopiere und dann RUN Scan drücke, fängt er an zu Scannen. Wenn dann unten im Textfeld " Manual File Scan- Getting folder structure" steht sehe ich im Task-Manager wie der PF Usage hochläuft und dann nach einigen Minuten bei ca 1,9GB kommt dann die Fehlermeldung "Out of Memory". Ich kann dann keine .txt auf C:\ finden.

Wende ich den Scanner an ohne im Feld Benutzerdefinierte Scans/Fixes Deinen Code reinkopiert zu haben also mit leerem Feld, bekomme ich diese C:\otl.txt
Code:
ATTFilter
OTL logfile created on: 7/6/2013 10:34:09 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 25.20 Gb Free Space | 25.20% Space Free | Partition Type: NTFS
Drive D: | 132.88 Gb Total Space | 119.13 Gb Free Space | 89.65% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.06 Gb Free Space | 94.79% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 06:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 06:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/25 19:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 03:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/30 14:34:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/22 15:55:26 | 000,189,248 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/11/22 15:55:16 | 000,075,136 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/22 13:10:38 | 000,054,272 | ---- | M] () [Auto] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/09/04 14:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 10:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/08 11:42:47 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/07/08 11:42:47 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/10/08 15:24:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/28 19:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/27 08:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/07/23 16:03:10 | 000,052,736 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009/05/13 08:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009/05/13 08:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2007/06/25 04:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV:64bit: - [2007/06/25 04:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007/06/25 04:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV:64bit: - [2007/06/25 04:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007/06/25 04:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/25 04:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007/06/25 04:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV:64bit: - [2007/01/15 11:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmiucr_x64.SYS -- (CMIUCR)
DRV - [2007/09/04 14:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=60de5fda0000000000000012bf516e59
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 CF 8E CA 63 F0 CB 01  [binary data]
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=60de5fda0000000000000012bf516e59&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_228.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 21:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/04/05 18:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2013/06/09 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h9pgz2s3.default\extensions
[2012/10/26 10:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 10:34:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/06/22 21:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/06/22 21:04:43 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- 
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H9PGZ2S3.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2011/06/16 00:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/11 12:21:06 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\Alex_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Alex_ON_C..\Run: [Facebook Update] C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Alex_ON_C..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Alex_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Alex_ON_C Winlogon: Shell - (C:\Users\Alex\AppData\Roaming\skype.dat) - C:\Users\Alex\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4b5c5e00-5ed8-11e0-beda-0013d3b0aff6}\Shell - "" = AutoRun
O33 - MountPoints2\{4b5c5e00-5ed8-11e0-beda-0013d3b0aff6}\Shell\AutoRun\command - "" = M:\Razor1911_Installer.exe
O33 - MountPoints2\{b4c76e5b-5c4b-11e0-a13b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4c76e5b-5c4b-11e0-a13b-806e6f6e6963}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/06 09:47:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/05 09:43:09 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/21 15:21:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/21 15:21:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/21 15:21:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/21 15:21:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/21 15:21:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/21 15:21:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/21 15:21:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/21 15:21:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/21 15:21:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/21 15:21:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/21 15:21:37 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/06/21 15:21:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/06/21 15:21:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/21 15:21:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/21 15:21:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/06/21 15:20:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/21 15:20:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 10:21:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2013/06/12 10:21:58 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 10:21:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/12 10:21:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 10:21:49 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2013/06/12 10:21:16 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 10:21:16 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 10:21:15 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2013/06/12 10:21:15 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
[2013/06/12 10:21:14 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 10:21:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 10:20:34 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/06/12 10:20:34 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/06 03:19:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 03:18:05 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/05 11:33:47 | 000,000,004 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\skype.ini
[2013/07/05 11:33:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/02 14:51:26 | 000,016,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 14:51:26 | 000,016,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 14:48:24 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/07/02 14:48:24 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/07/02 14:48:24 | 000,008,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/02 14:48:24 | 000,006,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/01 15:49:27 | 000,416,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/01 13:31:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000UA.job
[2013/06/30 12:26:42 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000UA.job
[2013/06/30 12:26:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 12:26:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/22 13:18:08 | 000,002,358 | ---- | M] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
[2013/06/20 13:35:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/06/19 16:31:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000Core.job
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013/06/30 12:41:06 | 000,000,004 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\skype.ini
[2012/03/11 12:21:02 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/01/11 13:19:03 | 000,070,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\skype.dat
[2011/11/05 13:53:03 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/11/05 13:53:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/10/27 10:54:30 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/27 10:54:28 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 18:03:00 | 000,007,597 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011/04/16 15:34:02 | 001,535,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/13 17:11:18 | 000,000,036 | ---- | C] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache
[2011/04/05 16:01:36 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/03/12 07:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2007/02/07 07:02:58 | 000,065,536 | ---- | C] () -- C:\Windows\cmiboot.exe
[2007/01/16 09:55:56 | 000,480,256 | ---- | C] () -- C:\Windows\CmUCREye_x64.exe
 
========== LOP Check ==========
 
[2012/08/06 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ashampoo
[2012/03/11 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Babylon
[2011/07/03 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canon
[2012/09/21 18:55:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2012/12/14 17:33:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2011/04/01 07:43:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/08/06 13:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2012/03/11 12:21:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/04/01 08:20:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/11/19 11:10:18 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/04/01 07:43:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/10/27 11:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/10/27 11:12:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/04/01 07:43:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/06/20 13:37:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/01 07:43:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/04/01 07:43:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/11/05 13:53:49 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2013/06/19 16:31:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000Core.job
[2013/07/01 13:31:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000UA.job
[2013/04/18 16:31:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Was nun?
Gruß Alex


Alt 06.07.2013, 12:35   #6
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hi, passt
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O20 - HKU\Alex_ON_C Winlogon: Shell - (C:\Users\Alex\AppData\Roaming\skype.dat) - C:\Users\Alex\AppData\Roaming\skype.dat ()
:Files
C:\Users\Alex\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden

Alt 06.07.2013, 17:59   #7
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hi,
also dieses reinladen der fix.txt funktioniert. Aber dann sind die Buttons des OTL-Programms quasi tot. man kann sie nicht mehr anklicken. Also habe ich aus der fix.txt einfach rauskopiert und im OTL eingefügt. Danach auf RUN FIX gedrückt. dann hat er was gemacht und Processing complete im Textfeld geschrieben. Gleichzeitig hat er diese txt (siehe 1) geöffnet, aber nicht automatisch neu gestartet. Ich habe dann versucht einen Neustart zu machen, dabei hat er sich aber aufgehängt, so dass ich ihn mit dem Power-Knopf abwürgen mußte. Hab ihn dann wieder Hochgefahren und siehe da alles wie immer, keine Anzeichen von dem Trojaner. :-) Juhuu

1
Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Alex_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Alex\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Alex\AppData\Roaming\skype.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Alex\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Alex
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Alex
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1452390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95190 bytes
 
Total Files Cleaned = 1.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07062013_202704
         
Hochladen hat problemlos geklappt!!!

Alt 06.07.2013, 18:39   #8
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



THX
normaler Modus sollte funktionieren, dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 19:39   #9
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hallo Markus,

wie gewünscht die Log von TDSSKiller.exe

Code:
ATTFilter
22:36:40.0009 0640  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:36:40.0228 0640  ============================================================
22:36:40.0228 0640  Current date / time: 2013/07/06 22:36:40.0228
22:36:40.0228 0640  SystemInfo:
22:36:40.0228 0640  
22:36:40.0228 0640  OS Version: 6.1.7601 ServicePack: 1.0
22:36:40.0228 0640  Product type: Workstation
22:36:40.0228 0640  ComputerName: ALEX-PC
22:36:40.0228 0640  UserName: Alex
22:36:40.0228 0640  Windows directory: C:\Windows
22:36:40.0228 0640  System windows directory: C:\Windows
22:36:40.0228 0640  Running under WOW64
22:36:40.0228 0640  Processor architecture: Intel x64
22:36:40.0228 0640  Number of processors: 2
22:36:40.0228 0640  Page size: 0x1000
22:36:40.0228 0640  Boot type: Normal boot
22:36:40.0228 0640  ============================================================
22:36:43.0009 0640  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:43.0275 0640  Drive \Device\Harddisk6\DR7 - Size: 0x1DE200000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:36:43.0275 0640  ============================================================
22:36:43.0275 0640  \Device\Harddisk0\DR0:
22:36:43.0275 0640  MBR partitions:
22:36:43.0275 0640  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
22:36:43.0275 0640  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC7FF57E, BlocksNum 0x109C5003
22:36:43.0275 0640  \Device\Harddisk6\DR7:
22:36:43.0275 0640  MBR partitions:
22:36:43.0275 0640  \Device\Harddisk6\DR7\Partition1: MBR, Type 0xC, StartLBA 0x2898, BlocksNum 0xEEE768
22:36:43.0275 0640  ============================================================
22:36:43.0291 0640  C: <-> \Device\Harddisk0\DR0\Partition1
22:36:43.0337 0640  D: <-> \Device\Harddisk0\DR0\Partition2
22:36:43.0337 0640  ============================================================
22:36:43.0337 0640  Initialize success
22:36:43.0337 0640  ============================================================
22:37:52.0612 1168  ============================================================
22:37:52.0612 1168  Scan started
22:37:52.0612 1168  Mode: Manual; SigCheck; TDLFS; 
22:37:52.0612 1168  ============================================================
22:37:53.0018 1168  ================ Scan system memory ========================
22:37:53.0018 1168  System memory - ok
22:37:53.0034 1168  ================ Scan services =============================
22:37:53.0190 1168  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:37:53.0284 1168  1394ohci - ok
22:37:53.0362 1168  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:37:53.0393 1168  ACPI - ok
22:37:53.0424 1168  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:37:53.0456 1168  AcpiPmi - ok
22:37:53.0581 1168  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:37:53.0596 1168  AdobeARMservice - ok
22:37:53.0737 1168  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:37:53.0752 1168  AdobeFlashPlayerUpdateSvc - ok
22:37:53.0815 1168  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:37:53.0846 1168  adp94xx - ok
22:37:53.0877 1168  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:37:53.0909 1168  adpahci - ok
22:37:53.0924 1168  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:37:53.0956 1168  adpu320 - ok
22:37:53.0971 1168  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:37:54.0034 1168  AeLookupSvc - ok
22:37:54.0096 1168  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:37:54.0174 1168  AFD - ok
22:37:54.0237 1168  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
22:37:54.0331 1168  AgereSoftModem - ok
22:37:54.0409 1168  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:37:54.0440 1168  agp440 - ok
22:37:54.0502 1168  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:37:54.0549 1168  ALG - ok
22:37:54.0565 1168  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:37:54.0596 1168  aliide - ok
22:37:54.0596 1168  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:37:54.0627 1168  amdide - ok
22:37:54.0659 1168  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:37:54.0721 1168  AmdK8 - ok
22:37:54.0737 1168  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:37:54.0768 1168  AmdPPM - ok
22:37:54.0799 1168  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:37:54.0831 1168  amdsata - ok
22:37:54.0846 1168  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:37:54.0862 1168  amdsbs - ok
22:37:54.0877 1168  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:37:54.0893 1168  amdxata - ok
22:37:54.0971 1168  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:37:55.0049 1168  AppID - ok
22:37:55.0065 1168  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:37:55.0112 1168  AppIDSvc - ok
22:37:55.0143 1168  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:37:55.0190 1168  Appinfo - ok
22:37:55.0221 1168  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:37:55.0252 1168  AppMgmt - ok
22:37:55.0299 1168  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:37:55.0315 1168  arc - ok
22:37:55.0331 1168  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:37:55.0362 1168  arcsas - ok
22:37:55.0377 1168  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:37:55.0440 1168  AsyncMac - ok
22:37:55.0487 1168  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:37:55.0502 1168  atapi - ok
22:37:55.0565 1168  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:37:55.0627 1168  AudioEndpointBuilder - ok
22:37:55.0659 1168  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:37:55.0706 1168  AudioSrv - ok
22:37:55.0752 1168  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:37:55.0799 1168  AxInstSV - ok
22:37:55.0831 1168  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:37:55.0877 1168  b06bdrv - ok
22:37:55.0909 1168  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:37:55.0956 1168  b57nd60a - ok
22:37:55.0987 1168  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:37:56.0018 1168  BDESVC - ok
22:37:56.0034 1168  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:37:56.0081 1168  Beep - ok
22:37:56.0159 1168  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:37:56.0221 1168  BFE - ok
22:37:56.0284 1168  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:37:56.0377 1168  BITS - ok
22:37:56.0409 1168  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:37:56.0424 1168  blbdrive - ok
22:37:56.0456 1168  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:37:56.0487 1168  bowser - ok
22:37:56.0518 1168  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:37:56.0549 1168  BrFiltLo - ok
22:37:56.0581 1168  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:37:56.0596 1168  BrFiltUp - ok
22:37:56.0643 1168  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:37:56.0674 1168  Browser - ok
22:37:56.0706 1168  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:37:56.0752 1168  Brserid - ok
22:37:56.0768 1168  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:37:56.0799 1168  BrSerWdm - ok
22:37:56.0815 1168  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:37:56.0862 1168  BrUsbMdm - ok
22:37:56.0877 1168  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:37:56.0909 1168  BrUsbSer - ok
22:37:56.0924 1168  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:37:56.0956 1168  BTHMODEM - ok
22:37:56.0987 1168  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:37:57.0065 1168  bthserv - ok
22:37:57.0081 1168  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:37:57.0127 1168  cdfs - ok
22:37:57.0190 1168  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:37:57.0237 1168  cdrom - ok
22:37:57.0284 1168  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:37:57.0331 1168  CertPropSvc - ok
22:37:57.0377 1168  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:37:57.0409 1168  circlass - ok
22:37:57.0440 1168  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:37:57.0456 1168  CLFS - ok
22:37:57.0518 1168  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:37:57.0534 1168  clr_optimization_v2.0.50727_32 - ok
22:37:57.0612 1168  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:37:57.0627 1168  clr_optimization_v2.0.50727_64 - ok
22:37:57.0690 1168  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:37:57.0721 1168  clr_optimization_v4.0.30319_32 - ok
22:37:57.0737 1168  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:37:57.0752 1168  clr_optimization_v4.0.30319_64 - ok
22:37:57.0799 1168  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:37:57.0831 1168  CmBatt - ok
22:37:57.0846 1168  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:37:57.0862 1168  cmdide - ok
22:37:57.0893 1168  [ 2C32E2AA8DEE735B5AF2967C31BF5785 ] CMIUCR          C:\Windows\system32\DRIVERS\cmiucr_x64.SYS
22:37:57.0924 1168  CMIUCR - ok
22:37:57.0971 1168  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:37:58.0018 1168  CNG - ok
22:37:58.0049 1168  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:37:58.0065 1168  Compbatt - ok
22:37:58.0112 1168  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:37:58.0159 1168  CompositeBus - ok
22:37:58.0174 1168  COMSysApp - ok
22:37:58.0190 1168  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:37:58.0206 1168  crcdisk - ok
22:37:58.0237 1168  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:37:58.0284 1168  CryptSvc - ok
22:37:58.0331 1168  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
22:37:58.0393 1168  CSC - ok
22:37:58.0456 1168  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
22:37:58.0502 1168  CscService - ok
22:37:58.0581 1168  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:37:58.0643 1168  DcomLaunch - ok
22:37:58.0706 1168  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:37:58.0768 1168  defragsvc - ok
22:37:58.0831 1168  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:37:58.0877 1168  DfsC - ok
22:37:58.0940 1168  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:37:58.0987 1168  Dhcp - ok
22:37:59.0002 1168  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:37:59.0049 1168  discache - ok
22:37:59.0096 1168  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:37:59.0112 1168  Disk - ok
22:37:59.0143 1168  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:37:59.0190 1168  Dnscache - ok
22:37:59.0237 1168  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:37:59.0299 1168  dot3svc - ok
22:37:59.0346 1168  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:37:59.0409 1168  DPS - ok
22:37:59.0440 1168  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:37:59.0487 1168  drmkaud - ok
22:37:59.0518 1168  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:37:59.0549 1168  dtsoftbus01 - ok
22:37:59.0612 1168  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:37:59.0659 1168  DXGKrnl - ok
22:37:59.0690 1168  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:37:59.0737 1168  EapHost - ok
22:37:59.0846 1168  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:37:59.0971 1168  ebdrv - ok
22:38:00.0002 1168  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:38:00.0049 1168  EFS - ok
22:38:00.0112 1168  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:38:00.0159 1168  ehRecvr - ok
22:38:00.0190 1168  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:38:00.0206 1168  ehSched - ok
22:38:00.0268 1168  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:38:00.0299 1168  elxstor - ok
22:38:00.0331 1168  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:38:00.0362 1168  ErrDev - ok
22:38:00.0409 1168  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:38:00.0471 1168  EventSystem - ok
22:38:00.0502 1168  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:38:00.0565 1168  exfat - ok
22:38:00.0581 1168  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:38:00.0643 1168  fastfat - ok
22:38:00.0706 1168  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:38:00.0752 1168  Fax - ok
22:38:00.0784 1168  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:38:00.0815 1168  fdc - ok
22:38:00.0846 1168  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:38:00.0893 1168  fdPHost - ok
22:38:00.0909 1168  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:38:00.0971 1168  FDResPub - ok
22:38:00.0987 1168  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:38:01.0002 1168  FileInfo - ok
22:38:01.0034 1168  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:38:01.0081 1168  Filetrace - ok
22:38:01.0096 1168  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:38:01.0127 1168  flpydisk - ok
22:38:01.0190 1168  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:38:01.0221 1168  FltMgr - ok
22:38:01.0284 1168  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:38:01.0362 1168  FontCache - ok
22:38:01.0424 1168  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:38:01.0440 1168  FontCache3.0.0.0 - ok
22:38:01.0487 1168  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:38:01.0502 1168  FsDepends - ok
22:38:01.0565 1168  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:38:01.0581 1168  Fs_Rec - ok
22:38:01.0659 1168  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:38:01.0690 1168  fvevol - ok
22:38:01.0737 1168  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:38:01.0768 1168  gagp30kx - ok
22:38:01.0815 1168  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
22:38:01.0831 1168  ggflt - ok
22:38:01.0877 1168  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
22:38:01.0877 1168  ggsemc - ok
22:38:01.0956 1168  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:38:02.0049 1168  gpsvc - ok
22:38:02.0174 1168  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:38:02.0190 1168  gupdate - ok
22:38:02.0206 1168  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:38:02.0221 1168  gupdatem - ok
22:38:02.0268 1168  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:38:02.0299 1168  hcw85cir - ok
22:38:02.0346 1168  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:38:02.0377 1168  HdAudAddService - ok
22:38:02.0409 1168  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:38:02.0456 1168  HDAudBus - ok
22:38:02.0471 1168  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:38:02.0502 1168  HidBatt - ok
22:38:02.0518 1168  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:38:02.0549 1168  HidBth - ok
22:38:02.0565 1168  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:38:02.0596 1168  HidIr - ok
22:38:02.0627 1168  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:38:02.0690 1168  hidserv - ok
22:38:02.0737 1168  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:38:02.0752 1168  HidUsb - ok
22:38:02.0799 1168  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:38:02.0862 1168  hkmsvc - ok
22:38:02.0909 1168  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:38:02.0956 1168  HomeGroupListener - ok
22:38:02.0987 1168  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:38:03.0034 1168  HomeGroupProvider - ok
22:38:03.0081 1168  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:38:03.0096 1168  HpSAMD - ok
22:38:03.0159 1168  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:38:03.0237 1168  HTTP - ok
22:38:03.0284 1168  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:38:03.0299 1168  hwpolicy - ok
22:38:03.0331 1168  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:38:03.0346 1168  i8042prt - ok
22:38:03.0393 1168  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:38:03.0424 1168  iaStorV - ok
22:38:03.0518 1168  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:38:03.0565 1168  idsvc - ok
22:38:03.0581 1168  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:38:03.0612 1168  iirsp - ok
22:38:03.0674 1168  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:38:03.0784 1168  IKEEXT - ok
22:38:03.0877 1168  [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:38:03.0987 1168  IntcAzAudAddService - ok
22:38:04.0034 1168  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:38:04.0049 1168  intelide - ok
22:38:04.0081 1168  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:38:04.0127 1168  intelppm - ok
22:38:04.0159 1168  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:38:04.0206 1168  IPBusEnum - ok
22:38:04.0237 1168  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:38:04.0315 1168  IpFilterDriver - ok
22:38:04.0362 1168  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:38:04.0393 1168  iphlpsvc - ok
22:38:04.0440 1168  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:38:04.0471 1168  IPMIDRV - ok
22:38:04.0487 1168  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:38:04.0549 1168  IPNAT - ok
22:38:04.0581 1168  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:38:04.0612 1168  IRENUM - ok
22:38:04.0674 1168  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:38:04.0690 1168  isapnp - ok
22:38:04.0737 1168  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:38:04.0768 1168  iScsiPrt - ok
22:38:04.0799 1168  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
22:38:04.0815 1168  ivusb - ok
22:38:04.0846 1168  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:38:04.0862 1168  kbdclass - ok
22:38:04.0909 1168  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:38:04.0940 1168  kbdhid - ok
22:38:04.0971 1168  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:38:04.0987 1168  KeyIso - ok
22:38:05.0018 1168  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:38:05.0049 1168  KSecDD - ok
22:38:05.0081 1168  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:38:05.0112 1168  KSecPkg - ok
22:38:05.0127 1168  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:38:05.0174 1168  ksthunk - ok
22:38:05.0206 1168  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:38:05.0268 1168  KtmRm - ok
22:38:05.0331 1168  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:38:05.0393 1168  LanmanServer - ok
22:38:05.0440 1168  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:38:05.0502 1168  LanmanWorkstation - ok
22:38:05.0643 1168  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:38:05.0815 1168  lltdio - ok
22:38:05.0862 1168  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:38:05.0924 1168  lltdsvc - ok
22:38:05.0956 1168  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:38:06.0002 1168  lmhosts - ok
22:38:06.0049 1168  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:38:06.0065 1168  LSI_FC - ok
22:38:06.0112 1168  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:38:06.0127 1168  LSI_SAS - ok
22:38:06.0143 1168  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:38:06.0159 1168  LSI_SAS2 - ok
22:38:06.0190 1168  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:38:06.0206 1168  LSI_SCSI - ok
22:38:06.0221 1168  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:38:06.0284 1168  luafv - ok
22:38:06.0315 1168  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:38:06.0362 1168  Mcx2Svc - ok
22:38:06.0362 1168  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:38:06.0377 1168  megasas - ok
22:38:06.0409 1168  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:38:06.0424 1168  MegaSR - ok
22:38:06.0502 1168  Microsoft SharePoint Workspace Audit Service - ok
22:38:06.0534 1168  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:38:06.0596 1168  MMCSS - ok
22:38:06.0627 1168  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:38:06.0674 1168  Modem - ok
22:38:06.0706 1168  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:38:06.0737 1168  monitor - ok
22:38:06.0752 1168  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:38:06.0784 1168  mouclass - ok
22:38:06.0815 1168  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:38:06.0846 1168  mouhid - ok
22:38:06.0893 1168  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:38:06.0909 1168  mountmgr - ok
22:38:06.0971 1168  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:38:07.0002 1168  MpFilter - ok
22:38:07.0034 1168  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:38:07.0049 1168  mpio - ok
22:38:07.0065 1168  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:38:07.0127 1168  mpsdrv - ok
22:38:07.0174 1168  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:38:07.0252 1168  MpsSvc - ok
22:38:07.0299 1168  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:38:07.0331 1168  MRxDAV - ok
22:38:07.0362 1168  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:38:07.0393 1168  mrxsmb - ok
22:38:07.0440 1168  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:38:07.0471 1168  mrxsmb10 - ok
22:38:07.0502 1168  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:38:07.0518 1168  mrxsmb20 - ok
22:38:07.0534 1168  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:38:07.0565 1168  msahci - ok
22:38:07.0612 1168  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:38:07.0627 1168  msdsm - ok
22:38:07.0659 1168  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:38:07.0706 1168  MSDTC - ok
22:38:07.0737 1168  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:38:07.0784 1168  Msfs - ok
22:38:07.0799 1168  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:38:07.0846 1168  mshidkmdf - ok
22:38:07.0893 1168  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:38:07.0909 1168  msisadrv - ok
22:38:07.0940 1168  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:38:08.0002 1168  MSiSCSI - ok
22:38:08.0018 1168  msiserver - ok
22:38:08.0049 1168  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:38:08.0112 1168  MSKSSRV - ok
22:38:08.0221 1168  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:38:08.0237 1168  MsMpSvc - ok
22:38:08.0268 1168  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:38:08.0346 1168  MSPCLOCK - ok
22:38:08.0362 1168  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:38:08.0409 1168  MSPQM - ok
22:38:08.0456 1168  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:38:08.0487 1168  MsRPC - ok
22:38:08.0534 1168  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:38:08.0549 1168  mssmbios - ok
22:38:08.0581 1168  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:38:08.0659 1168  MSTEE - ok
22:38:08.0674 1168  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:38:08.0690 1168  MTConfig - ok
22:38:08.0737 1168  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:38:08.0752 1168  Mup - ok
22:38:08.0799 1168  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:38:08.0862 1168  napagent - ok
22:38:08.0909 1168  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:38:08.0956 1168  NativeWifiP - ok
22:38:09.0018 1168  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:38:09.0081 1168  NDIS - ok
22:38:09.0112 1168  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:38:09.0159 1168  NdisCap - ok
22:38:09.0174 1168  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:38:09.0237 1168  NdisTapi - ok
22:38:09.0268 1168  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:38:09.0331 1168  Ndisuio - ok
22:38:09.0362 1168  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:38:09.0424 1168  NdisWan - ok
22:38:09.0456 1168  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:38:09.0518 1168  NDProxy - ok
22:38:09.0549 1168  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:38:09.0596 1168  NetBIOS - ok
22:38:09.0643 1168  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:38:09.0690 1168  NetBT - ok
22:38:09.0706 1168  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:38:09.0721 1168  Netlogon - ok
22:38:09.0768 1168  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:38:09.0831 1168  Netman - ok
22:38:09.0846 1168  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:38:09.0924 1168  netprofm - ok
22:38:09.0956 1168  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:38:09.0971 1168  NetTcpPortSharing - ok
22:38:10.0002 1168  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:38:10.0018 1168  nfrd960 - ok
22:38:10.0096 1168  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:38:10.0127 1168  NisDrv - ok
22:38:10.0190 1168  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:38:10.0221 1168  NisSrv - ok
22:38:10.0284 1168  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:38:10.0331 1168  NlaSvc - ok
22:38:10.0346 1168  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:38:10.0393 1168  Npfs - ok
22:38:10.0424 1168  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:38:10.0471 1168  nsi - ok
22:38:10.0502 1168  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:38:10.0565 1168  nsiproxy - ok
22:38:10.0643 1168  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:38:10.0721 1168  Ntfs - ok
22:38:10.0831 1168  nTuneService - ok
22:38:10.0893 1168  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:38:10.0956 1168  Null - ok
22:38:11.0252 1168  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:38:11.0643 1168  nvlddmkm - ok
22:38:11.0690 1168  [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev         C:\Windows\nvoclk64.sys
22:38:11.0706 1168  NVR0Dev - ok
22:38:11.0752 1168  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:38:11.0768 1168  nvraid - ok
22:38:11.0799 1168  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:38:11.0815 1168  nvstor - ok
22:38:11.0862 1168  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc           C:\Windows\system32\nvvsvc.exe
22:38:11.0909 1168  NVSvc - ok
22:38:11.0971 1168  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:38:12.0034 1168  nvUpdatusService - ok
22:38:12.0065 1168  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:38:12.0081 1168  nv_agp - ok
22:38:12.0127 1168  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:38:12.0174 1168  ohci1394 - ok
22:38:12.0237 1168  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:38:12.0268 1168  ose - ok
22:38:12.0440 1168  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:38:12.0627 1168  osppsvc - ok
22:38:12.0659 1168  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:38:12.0706 1168  p2pimsvc - ok
22:38:12.0721 1168  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:38:12.0768 1168  p2psvc - ok
22:38:12.0799 1168  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:38:12.0831 1168  Parport - ok
22:38:12.0862 1168  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:38:12.0877 1168  partmgr - ok
22:38:12.0909 1168  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:38:12.0940 1168  PcaSvc - ok
22:38:12.0987 1168  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:38:13.0002 1168  pci - ok
22:38:13.0018 1168  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:38:13.0034 1168  pciide - ok
22:38:13.0081 1168  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:38:13.0096 1168  pcmcia - ok
22:38:13.0112 1168  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:38:13.0143 1168  pcw - ok
22:38:13.0174 1168  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:38:13.0237 1168  PEAUTH - ok
22:38:13.0299 1168  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:38:13.0377 1168  PeerDistSvc - ok
22:38:13.0440 1168  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:38:13.0456 1168  PerfHost - ok
22:38:13.0565 1168  [ 1E81496AFF9D7FA2B4C4032B746DE5B9 ] Ph3xIB64        C:\Windows\system32\DRIVERS\Ph3xIB64.sys
22:38:13.0659 1168  Ph3xIB64 - ok
22:38:13.0737 1168  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:38:13.0846 1168  pla - ok
22:38:13.0893 1168  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:38:13.0940 1168  PlugPlay - ok
22:38:13.0971 1168  PnkBstrA - ok
22:38:13.0971 1168  PnkBstrB - ok
22:38:14.0002 1168  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:38:14.0018 1168  PNRPAutoReg - ok
22:38:14.0065 1168  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:38:14.0096 1168  PNRPsvc - ok
22:38:14.0143 1168  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:38:14.0206 1168  PolicyAgent - ok
22:38:14.0237 1168  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:38:14.0299 1168  Power - ok
22:38:14.0362 1168  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:38:14.0409 1168  PptpMiniport - ok
22:38:14.0424 1168  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:38:14.0456 1168  Processor - ok
22:38:14.0518 1168  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:38:14.0549 1168  ProfSvc - ok
22:38:14.0565 1168  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:38:14.0581 1168  ProtectedStorage - ok
22:38:14.0627 1168  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:38:14.0706 1168  Psched - ok
22:38:14.0831 1168  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:38:14.0940 1168  ql2300 - ok
22:38:14.0987 1168  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:38:15.0049 1168  ql40xx - ok
22:38:15.0112 1168  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:38:15.0159 1168  QWAVE - ok
22:38:15.0190 1168  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:38:15.0221 1168  QWAVEdrv - ok
22:38:15.0284 1168  [ 889B6FF1707D14CEBCBEF62376436BD3 ] RalinkRegistryWriter C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
22:38:15.0362 1168  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning
22:38:15.0362 1168  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)
22:38:15.0393 1168  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:38:15.0456 1168  RasAcd - ok
22:38:15.0502 1168  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:38:15.0534 1168  RasAgileVpn - ok
22:38:15.0581 1168  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:38:15.0627 1168  RasAuto - ok
22:38:15.0706 1168  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:38:15.0752 1168  Rasl2tp - ok
22:38:15.0799 1168  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:38:15.0862 1168  RasMan - ok
22:38:15.0893 1168  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:38:15.0956 1168  RasPppoe - ok
22:38:16.0002 1168  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:38:16.0049 1168  RasSstp - ok
22:38:16.0096 1168  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:38:16.0159 1168  rdbss - ok
22:38:16.0174 1168  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:38:16.0221 1168  rdpbus - ok
22:38:16.0237 1168  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:38:16.0284 1168  RDPCDD - ok
22:38:16.0331 1168  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:38:16.0362 1168  RDPDR - ok
22:38:16.0393 1168  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:38:16.0440 1168  RDPENCDD - ok
22:38:16.0456 1168  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:38:16.0502 1168  RDPREFMP - ok
22:38:16.0534 1168  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:38:16.0581 1168  RDPWD - ok
22:38:16.0627 1168  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:38:16.0674 1168  rdyboost - ok
22:38:16.0706 1168  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:38:16.0752 1168  RemoteAccess - ok
22:38:16.0784 1168  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:38:16.0846 1168  RemoteRegistry - ok
22:38:16.0877 1168  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:38:16.0940 1168  RpcEptMapper - ok
22:38:16.0956 1168  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:38:17.0002 1168  RpcLocator - ok
22:38:17.0049 1168  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:38:17.0096 1168  RpcSs - ok
22:38:17.0127 1168  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:38:17.0190 1168  rspndr - ok
22:38:17.0237 1168  [ 3641E624C8C5D5EA089AE9B5340B5B79 ] rt70x64         C:\Windows\system32\DRIVERS\netr7064.sys
22:38:17.0268 1168  rt70x64 - ok
22:38:17.0299 1168  [ 04C2D5BD8D0776320230978A0AEC3BD0 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
22:38:17.0315 1168  RTL8023x64 - ok
22:38:17.0377 1168  [ 6C90231046FB9FC4123C42179832817F ] s117bus         C:\Windows\system32\DRIVERS\s117bus.sys
22:38:17.0393 1168  s117bus - ok
22:38:17.0440 1168  [ 3279341C90EF8F226AF77623039F4495 ] s117mdfl        C:\Windows\system32\DRIVERS\s117mdfl.sys
22:38:17.0456 1168  s117mdfl - ok
22:38:17.0487 1168  [ 73E331F555279E753B312675DDAF4516 ] s117mdm         C:\Windows\system32\DRIVERS\s117mdm.sys
22:38:17.0502 1168  s117mdm - ok
22:38:17.0518 1168  [ D420731FD2880F0F40F20771EFAAD671 ] s117mgmt        C:\Windows\system32\DRIVERS\s117mgmt.sys
22:38:17.0534 1168  s117mgmt - ok
22:38:17.0549 1168  [ 98236CA5A9A77D0983AC3F6D6527C796 ] s117nd5         C:\Windows\system32\DRIVERS\s117nd5.sys
22:38:17.0565 1168  s117nd5 - ok
22:38:17.0596 1168  [ 1DD613909477AE298C98E86617EC356B ] s117obex        C:\Windows\system32\DRIVERS\s117obex.sys
22:38:17.0612 1168  s117obex - ok
22:38:17.0627 1168  [ 9A22DF5FE9B6BE279D820776A6ADB56F ] s117unic        C:\Windows\system32\DRIVERS\s117unic.sys
22:38:17.0643 1168  s117unic - ok
22:38:17.0690 1168  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:38:17.0721 1168  s3cap - ok
22:38:17.0737 1168  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:38:17.0768 1168  SamSs - ok
22:38:17.0815 1168  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:38:17.0831 1168  sbp2port - ok
22:38:17.0862 1168  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:38:17.0924 1168  SCardSvr - ok
22:38:17.0956 1168  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:38:18.0002 1168  scfilter - ok
22:38:18.0065 1168  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:38:18.0159 1168  Schedule - ok
22:38:18.0190 1168  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:38:18.0237 1168  SCPolicySvc - ok
22:38:18.0284 1168  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:38:18.0315 1168  SDRSVC - ok
22:38:18.0362 1168  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:38:18.0409 1168  secdrv - ok
22:38:18.0440 1168  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:38:18.0487 1168  seclogon - ok
22:38:18.0518 1168  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:38:18.0581 1168  SENS - ok
22:38:18.0596 1168  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:38:18.0627 1168  SensrSvc - ok
22:38:18.0659 1168  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:38:18.0674 1168  Serenum - ok
22:38:18.0690 1168  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:38:18.0737 1168  Serial - ok
22:38:18.0768 1168  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:38:18.0799 1168  sermouse - ok
22:38:18.0862 1168  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:38:18.0940 1168  SessionEnv - ok
22:38:18.0987 1168  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:38:19.0018 1168  sffdisk - ok
22:38:19.0065 1168  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:38:19.0096 1168  sffp_mmc - ok
22:38:19.0112 1168  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:38:19.0143 1168  sffp_sd - ok
22:38:19.0174 1168  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:38:19.0206 1168  sfloppy - ok
22:38:19.0237 1168  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:38:19.0299 1168  SharedAccess - ok
22:38:19.0362 1168  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:38:19.0424 1168  ShellHWDetection - ok
22:38:19.0456 1168  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:38:19.0471 1168  SiSRaid2 - ok
22:38:19.0487 1168  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:38:19.0518 1168  SiSRaid4 - ok
22:38:19.0549 1168  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:38:19.0596 1168  Smb - ok
22:38:19.0643 1168  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:38:19.0674 1168  SNMPTRAP - ok
22:38:19.0752 1168  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
22:38:19.0784 1168  speedfan - ok
22:38:19.0815 1168  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:38:19.0831 1168  spldr - ok
22:38:19.0893 1168  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:38:19.0924 1168  Spooler - ok
22:38:20.0049 1168  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:38:20.0143 1168  sppsvc - ok
22:38:20.0174 1168  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:38:20.0237 1168  sppuinotify - ok
22:38:20.0268 1168  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:38:20.0315 1168  srv - ok
22:38:20.0346 1168  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:38:20.0393 1168  srv2 - ok
22:38:20.0424 1168  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:38:20.0440 1168  srvnet - ok
22:38:20.0471 1168  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:38:20.0534 1168  SSDPSRV - ok
22:38:20.0549 1168  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:38:20.0596 1168  SstpSvc - ok
22:38:20.0721 1168  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:38:20.0737 1168  Stereo Service - ok
22:38:20.0768 1168  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:38:20.0784 1168  stexstor - ok
22:38:20.0846 1168  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:38:20.0909 1168  stisvc - ok
22:38:20.0940 1168  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:38:20.0956 1168  storflt - ok
22:38:20.0971 1168  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:38:21.0018 1168  StorSvc - ok
22:38:21.0049 1168  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:38:21.0065 1168  storvsc - ok
22:38:21.0096 1168  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:38:21.0112 1168  swenum - ok
22:38:21.0143 1168  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:38:21.0237 1168  swprv - ok
22:38:21.0315 1168  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:38:21.0409 1168  SysMain - ok
22:38:21.0456 1168  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:38:21.0502 1168  TabletInputService - ok
22:38:21.0549 1168  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:38:21.0612 1168  TapiSrv - ok
22:38:21.0643 1168  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:38:21.0706 1168  TBS - ok
22:38:21.0784 1168  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:38:21.0877 1168  Tcpip - ok
22:38:21.0940 1168  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:38:21.0987 1168  TCPIP6 - ok
22:38:22.0018 1168  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:38:22.0065 1168  tcpipreg - ok
22:38:22.0096 1168  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:38:22.0127 1168  TDPIPE - ok
22:38:22.0174 1168  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:38:22.0206 1168  TDTCP - ok
22:38:22.0252 1168  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:38:22.0299 1168  tdx - ok
22:38:22.0346 1168  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:38:22.0362 1168  TermDD - ok
22:38:22.0409 1168  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:38:22.0502 1168  TermService - ok
22:38:22.0518 1168  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:38:22.0565 1168  Themes - ok
22:38:22.0581 1168  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:38:22.0627 1168  THREADORDER - ok
22:38:22.0659 1168  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:38:22.0706 1168  TrkWks - ok
22:38:22.0768 1168  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:38:22.0831 1168  TrustedInstaller - ok
22:38:22.0877 1168  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:38:22.0924 1168  tssecsrv - ok
22:38:22.0971 1168  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:38:23.0002 1168  TsUsbFlt - ok
22:38:23.0065 1168  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:38:23.0143 1168  tunnel - ok
22:38:23.0174 1168  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:38:23.0190 1168  uagp35 - ok
22:38:23.0237 1168  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:38:23.0299 1168  udfs - ok
22:38:23.0331 1168  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:38:23.0362 1168  UI0Detect - ok
22:38:23.0393 1168  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:38:23.0409 1168  uliagpkx - ok
22:38:23.0456 1168  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:38:23.0487 1168  umbus - ok
22:38:23.0518 1168  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:38:23.0534 1168  UmPass - ok
22:38:23.0581 1168  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:38:23.0627 1168  UmRdpService - ok
22:38:23.0659 1168  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:38:23.0706 1168  upnphost - ok
22:38:23.0737 1168  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:38:23.0768 1168  usbccgp - ok
22:38:23.0815 1168  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:38:23.0846 1168  usbcir - ok
22:38:23.0862 1168  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:38:23.0909 1168  usbehci - ok
22:38:23.0956 1168  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:38:23.0987 1168  usbhub - ok
22:38:24.0018 1168  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:38:24.0065 1168  usbohci - ok
22:38:24.0096 1168  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:38:24.0143 1168  usbprint - ok
22:38:24.0159 1168  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:38:24.0190 1168  usbscan - ok
22:38:24.0221 1168  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:38:24.0252 1168  USBSTOR - ok
22:38:24.0299 1168  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:38:24.0331 1168  usbuhci - ok
22:38:24.0377 1168  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:38:24.0424 1168  UxSms - ok
22:38:24.0456 1168  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:38:24.0471 1168  VaultSvc - ok
22:38:24.0502 1168  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:38:24.0518 1168  vdrvroot - ok
22:38:24.0565 1168  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:38:24.0643 1168  vds - ok
22:38:24.0659 1168  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:38:24.0690 1168  vga - ok
22:38:24.0721 1168  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:38:24.0768 1168  VgaSave - ok
22:38:24.0815 1168  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:38:24.0846 1168  vhdmp - ok
22:38:24.0893 1168  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:38:24.0909 1168  viaide - ok
22:38:24.0956 1168  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:38:24.0971 1168  vmbus - ok
22:38:24.0987 1168  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:38:25.0018 1168  VMBusHID - ok
22:38:25.0049 1168  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:38:25.0065 1168  volmgr - ok
22:38:25.0112 1168  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:38:25.0143 1168  volmgrx - ok
22:38:25.0159 1168  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:38:25.0190 1168  volsnap - ok
22:38:25.0221 1168  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:38:25.0252 1168  vsmraid - ok
22:38:25.0315 1168  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:38:25.0424 1168  VSS - ok
22:38:25.0456 1168  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:38:25.0502 1168  vwifibus - ok
22:38:25.0534 1168  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:38:25.0596 1168  W32Time - ok
22:38:25.0627 1168  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:38:25.0659 1168  WacomPen - ok
22:38:25.0706 1168  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:38:25.0768 1168  WANARP - ok
22:38:25.0784 1168  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:38:25.0815 1168  Wanarpv6 - ok
22:38:25.0893 1168  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:38:25.0956 1168  wbengine - ok
22:38:26.0002 1168  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:38:26.0034 1168  WbioSrvc - ok
22:38:26.0081 1168  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:38:26.0127 1168  wcncsvc - ok
22:38:26.0143 1168  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:38:26.0159 1168  WcsPlugInService - ok
22:38:26.0190 1168  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:38:26.0206 1168  Wd - ok
22:38:26.0284 1168  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:38:26.0315 1168  Wdf01000 - ok
22:38:26.0346 1168  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:38:26.0377 1168  WdiServiceHost - ok
22:38:26.0393 1168  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:38:26.0409 1168  WdiSystemHost - ok
22:38:26.0456 1168  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:38:26.0502 1168  WebClient - ok
22:38:26.0534 1168  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:38:26.0596 1168  Wecsvc - ok
22:38:26.0612 1168  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:38:26.0674 1168  wercplsupport - ok
22:38:26.0706 1168  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:38:26.0768 1168  WerSvc - ok
22:38:26.0799 1168  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:38:26.0846 1168  WfpLwf - ok
22:38:26.0862 1168  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:38:26.0893 1168  WIMMount - ok
22:38:26.0909 1168  WinDefend - ok
22:38:26.0924 1168  WinHttpAutoProxySvc - ok
22:38:26.0971 1168  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:38:27.0018 1168  Winmgmt - ok
22:38:27.0112 1168  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:38:27.0221 1168  WinRM - ok
22:38:27.0299 1168  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:38:27.0331 1168  WinUsb - ok
22:38:27.0377 1168  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:38:27.0440 1168  Wlansvc - ok
22:38:27.0487 1168  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:38:27.0502 1168  WmiAcpi - ok
22:38:27.0549 1168  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:38:27.0581 1168  wmiApSrv - ok
22:38:27.0612 1168  WMPNetworkSvc - ok
22:38:27.0627 1168  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:38:27.0659 1168  WPCSvc - ok
22:38:27.0706 1168  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:38:27.0737 1168  WPDBusEnum - ok
22:38:27.0784 1168  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:38:27.0862 1168  ws2ifsl - ok
22:38:27.0893 1168  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:38:27.0940 1168  wscsvc - ok
22:38:27.0940 1168  WSearch - ok
22:38:28.0065 1168  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:38:28.0159 1168  wuauserv - ok
22:38:28.0206 1168  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:38:28.0237 1168  WudfPf - ok
22:38:28.0268 1168  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:38:28.0284 1168  WUDFRd - ok
22:38:28.0331 1168  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:38:28.0362 1168  wudfsvc - ok
22:38:28.0409 1168  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:38:28.0456 1168  WwanSvc - ok
22:38:28.0502 1168  [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
22:38:28.0518 1168  X10Hid - ok
22:38:28.0627 1168  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
22:38:28.0659 1168  x10nets ( UnsignedFile.Multi.Generic ) - warning
22:38:28.0659 1168  x10nets - detected UnsignedFile.Multi.Generic (1)
22:38:28.0706 1168  [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
22:38:28.0737 1168  XUIF - ok
22:38:28.0768 1168  ================ Scan global ===============================
22:38:28.0784 1168  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:38:28.0831 1168  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:38:28.0846 1168  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:38:28.0862 1168  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:38:28.0893 1168  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:38:28.0909 1168  [Global] - ok
22:38:28.0909 1168  ================ Scan MBR ==================================
22:38:28.0924 1168  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:38:29.0159 1168  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:38:29.0159 1168  \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:38:29.0174 1168  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk6\DR7
22:38:29.0315 1168  \Device\Harddisk6\DR7 - ok
22:38:29.0315 1168  ================ Scan VBR ==================================
22:38:29.0331 1168  [ FFD7AA6B0655412E9CF067AD1BF89101 ] \Device\Harddisk0\DR0\Partition1
22:38:29.0346 1168  \Device\Harddisk0\DR0\Partition1 - ok
22:38:29.0377 1168  [ 064DF2D7E9F2D82203698A4B0C272F33 ] \Device\Harddisk0\DR0\Partition2
22:38:29.0377 1168  \Device\Harddisk0\DR0\Partition2 - ok
22:38:29.0377 1168  [ 458BDA2CB7D7EC579988C9660941B615 ] \Device\Harddisk6\DR7\Partition1
22:38:29.0377 1168  \Device\Harddisk6\DR7\Partition1 - ok
22:38:29.0377 1168  ============================================================
22:38:29.0377 1168  Scan finished
22:38:29.0377 1168  ============================================================
22:38:29.0409 2056  Detected object count: 3
22:38:29.0409 2056  Actual detected object count: 3
22:39:06.0262 2056  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:06.0262 2056  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:39:06.0262 2056  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:06.0262 2056  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:39:06.0262 2056  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:39:06.0262 2056  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
22:39:19.0684 2156  Deinitialize success
         
Gruß und Danke schon mal
ALex

Alt 06.07.2013, 20:10   #10
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hi
starte den TDSS-Killer, konfiguriere ihn wie in der Anleitung angegeben
wähle:
TDSS
falFile System
ls möglich, wähle cure.
ansonsten delete.
Starte dann neu, starte den TDSS Killer wie angegeben und poste ein neues Log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.07.2013, 11:56   #11
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hallo Markus,

bei mir findet er gar keine Maleware. Da kommt ein Bildschirm mit Copy al to quarantine, und Restore default actions, bei TDSS fail system unter Copy al to quarantine hab ich delete gedrückt. Beim Neustart erkannte er mein Laufwerk G in dem der USB Stick gesteckt hat nicht mehr. Die Meldung "Sie müssen den Datenträger formatieren" kam, das wollte ich machen aber das funktionierte dann nicht. Hab den USB dann abgezogen und wieder eingesteckt, damit hat er ihn dann wieder ganz normal erkannt aber jetzt unter Laufwerk L.

Hier die Log nach dem Delete von TDSS file system und einem Neustart

Code:
ATTFilter
12:49:24.0936 2844  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:25.0249 2844  ============================================================
12:49:25.0249 2844  Current date / time: 2013/07/07 12:49:25.0249
12:49:25.0249 2844  SystemInfo:
12:49:25.0249 2844  
12:49:25.0249 2844  OS Version: 6.1.7601 ServicePack: 1.0
12:49:25.0249 2844  Product type: Workstation
12:49:25.0249 2844  ComputerName: ALEX-PC
12:49:25.0264 2844  UserName: Alex
12:49:25.0264 2844  Windows directory: C:\Windows
12:49:25.0264 2844  System windows directory: C:\Windows
12:49:25.0264 2844  Running under WOW64
12:49:25.0264 2844  Processor architecture: Intel x64
12:49:25.0264 2844  Number of processors: 2
12:49:25.0264 2844  Page size: 0x1000
12:49:25.0264 2844  Boot type: Normal boot
12:49:25.0264 2844  ============================================================
12:49:27.0249 2844  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:27.0280 2844  Drive \Device\Harddisk5\DR9 - Size: 0x1DE200000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:49:27.0295 2844  ============================================================
12:49:27.0295 2844  \Device\Harddisk0\DR0:
12:49:27.0295 2844  MBR partitions:
12:49:27.0295 2844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
12:49:27.0295 2844  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC7FF57E, BlocksNum 0x109C5003
12:49:27.0295 2844  \Device\Harddisk5\DR9:
12:49:27.0295 2844  MBR partitions:
12:49:27.0295 2844  \Device\Harddisk5\DR9\Partition1: MBR, Type 0xC, StartLBA 0x2898, BlocksNum 0xEEE768
12:49:27.0295 2844  ============================================================
12:49:27.0311 2844  C: <-> \Device\Harddisk0\DR0\Partition1
12:49:27.0342 2844  D: <-> \Device\Harddisk0\DR0\Partition2
12:49:27.0342 2844  ============================================================
12:49:27.0342 2844  Initialize success
12:49:27.0342 2844  ============================================================
12:49:33.0374 2460  ============================================================
12:49:33.0374 2460  Scan started
12:49:33.0374 2460  Mode: Manual; SigCheck; TDLFS; 
12:49:33.0374 2460  ============================================================
12:49:34.0420 2460  ================ Scan system memory ========================
12:49:34.0420 2460  System memory - ok
12:49:34.0420 2460  ================ Scan services =============================
12:49:34.0577 2460  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:49:34.0686 2460  1394ohci - ok
12:49:34.0733 2460  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:49:34.0764 2460  ACPI - ok
12:49:34.0795 2460  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:49:34.0858 2460  AcpiPmi - ok
12:49:34.0999 2460  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:49:35.0014 2460  AdobeARMservice - ok
12:49:35.0155 2460  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:49:35.0170 2460  AdobeFlashPlayerUpdateSvc - ok
12:49:35.0249 2460  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:49:35.0280 2460  adp94xx - ok
12:49:35.0327 2460  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:49:35.0358 2460  adpahci - ok
12:49:35.0374 2460  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:49:35.0405 2460  adpu320 - ok
12:49:35.0436 2460  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:49:35.0577 2460  AeLookupSvc - ok
12:49:35.0686 2460  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:49:35.0733 2460  AFD - ok
12:49:35.0795 2460  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
12:49:35.0889 2460  AgereSoftModem - ok
12:49:35.0967 2460  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:49:35.0983 2460  agp440 - ok
12:49:36.0014 2460  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:49:36.0061 2460  ALG - ok
12:49:36.0108 2460  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:49:36.0124 2460  aliide - ok
12:49:36.0155 2460  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:49:36.0202 2460  amdide - ok
12:49:36.0233 2460  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:49:36.0264 2460  AmdK8 - ok
12:49:36.0311 2460  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:49:36.0342 2460  AmdPPM - ok
12:49:36.0374 2460  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:49:36.0389 2460  amdsata - ok
12:49:36.0420 2460  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:49:36.0452 2460  amdsbs - ok
12:49:36.0483 2460  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:49:36.0499 2460  amdxata - ok
12:49:36.0577 2460  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:49:36.0749 2460  AppID - ok
12:49:36.0795 2460  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:49:36.0874 2460  AppIDSvc - ok
12:49:36.0936 2460  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:49:36.0983 2460  Appinfo - ok
12:49:36.0999 2460  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:49:37.0061 2460  AppMgmt - ok
12:49:37.0108 2460  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:49:37.0124 2460  arc - ok
12:49:37.0155 2460  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:49:37.0186 2460  arcsas - ok
12:49:37.0233 2460  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:49:37.0280 2460  AsyncMac - ok
12:49:37.0327 2460  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:49:37.0342 2460  atapi - ok
12:49:37.0405 2460  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:49:37.0467 2460  AudioEndpointBuilder - ok
12:49:37.0483 2460  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:49:37.0545 2460  AudioSrv - ok
12:49:37.0608 2460  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:49:37.0686 2460  AxInstSV - ok
12:49:37.0733 2460  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:49:37.0780 2460  b06bdrv - ok
12:49:37.0811 2460  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:49:37.0858 2460  b57nd60a - ok
12:49:37.0905 2460  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:49:37.0952 2460  BDESVC - ok
12:49:37.0967 2460  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:49:38.0014 2460  Beep - ok
12:49:38.0092 2460  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:49:38.0155 2460  BFE - ok
12:49:38.0217 2460  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:49:38.0295 2460  BITS - ok
12:49:38.0327 2460  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:49:38.0358 2460  blbdrive - ok
12:49:38.0389 2460  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:49:38.0436 2460  bowser - ok
12:49:38.0467 2460  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:49:38.0514 2460  BrFiltLo - ok
12:49:38.0530 2460  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:49:38.0561 2460  BrFiltUp - ok
12:49:38.0592 2460  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:49:38.0639 2460  Browser - ok
12:49:38.0670 2460  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:49:38.0702 2460  Brserid - ok
12:49:38.0717 2460  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:49:38.0749 2460  BrSerWdm - ok
12:49:38.0780 2460  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:49:38.0827 2460  BrUsbMdm - ok
12:49:38.0842 2460  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:49:38.0889 2460  BrUsbSer - ok
12:49:38.0905 2460  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:49:38.0952 2460  BTHMODEM - ok
12:49:38.0983 2460  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:49:39.0045 2460  bthserv - ok
12:49:39.0061 2460  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:49:39.0124 2460  cdfs - ok
12:49:39.0186 2460  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:49:39.0217 2460  cdrom - ok
12:49:39.0280 2460  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:49:39.0327 2460  CertPropSvc - ok
12:49:39.0358 2460  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:49:39.0389 2460  circlass - ok
12:49:39.0420 2460  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:49:39.0452 2460  CLFS - ok
12:49:39.0499 2460  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:49:39.0514 2460  clr_optimization_v2.0.50727_32 - ok
12:49:39.0577 2460  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:49:39.0624 2460  clr_optimization_v2.0.50727_64 - ok
12:49:39.0686 2460  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:49:39.0749 2460  clr_optimization_v4.0.30319_32 - ok
12:49:39.0780 2460  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:49:39.0795 2460  clr_optimization_v4.0.30319_64 - ok
12:49:39.0842 2460  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:49:39.0874 2460  CmBatt - ok
12:49:39.0889 2460  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:49:39.0920 2460  cmdide - ok
12:49:39.0967 2460  [ 2C32E2AA8DEE735B5AF2967C31BF5785 ] CMIUCR          C:\Windows\system32\DRIVERS\cmiucr_x64.SYS
12:49:39.0999 2460  CMIUCR - ok
12:49:40.0045 2460  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:49:40.0092 2460  CNG - ok
12:49:40.0139 2460  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:49:40.0170 2460  Compbatt - ok
12:49:40.0217 2460  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:49:40.0249 2460  CompositeBus - ok
12:49:40.0280 2460  COMSysApp - ok
12:49:40.0295 2460  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:49:40.0327 2460  crcdisk - ok
12:49:40.0358 2460  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:49:40.0420 2460  CryptSvc - ok
12:49:40.0467 2460  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:49:40.0530 2460  CSC - ok
12:49:40.0561 2460  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:49:40.0592 2460  CscService - ok
12:49:40.0670 2460  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:49:40.0733 2460  DcomLaunch - ok
12:49:40.0764 2460  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:49:40.0827 2460  defragsvc - ok
12:49:40.0874 2460  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:49:40.0920 2460  DfsC - ok
12:49:40.0967 2460  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:49:41.0030 2460  Dhcp - ok
12:49:41.0045 2460  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:49:41.0092 2460  discache - ok
12:49:41.0139 2460  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:49:41.0170 2460  Disk - ok
12:49:41.0186 2460  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:49:41.0249 2460  Dnscache - ok
12:49:41.0311 2460  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:49:41.0374 2460  dot3svc - ok
12:49:41.0420 2460  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:49:41.0483 2460  DPS - ok
12:49:41.0530 2460  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:49:41.0561 2460  drmkaud - ok
12:49:41.0608 2460  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:49:41.0639 2460  dtsoftbus01 - ok
12:49:41.0702 2460  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:49:41.0733 2460  DXGKrnl - ok
12:49:41.0749 2460  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:49:41.0811 2460  EapHost - ok
12:49:41.0905 2460  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:49:42.0030 2460  ebdrv - ok
12:49:42.0045 2460  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:49:42.0108 2460  EFS - ok
12:49:42.0170 2460  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:49:42.0233 2460  ehRecvr - ok
12:49:42.0249 2460  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:49:42.0295 2460  ehSched - ok
12:49:42.0358 2460  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:49:42.0405 2460  elxstor - ok
12:49:42.0452 2460  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:49:42.0483 2460  ErrDev - ok
12:49:42.0514 2460  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:49:42.0577 2460  EventSystem - ok
12:49:42.0592 2460  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:49:42.0655 2460  exfat - ok
12:49:42.0670 2460  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:49:42.0733 2460  fastfat - ok
12:49:42.0811 2460  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:49:42.0920 2460  Fax - ok
12:49:42.0936 2460  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:49:42.0967 2460  fdc - ok
12:49:42.0983 2460  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:49:43.0030 2460  fdPHost - ok
12:49:43.0045 2460  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:49:43.0108 2460  FDResPub - ok
12:49:43.0124 2460  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:49:43.0139 2460  FileInfo - ok
12:49:43.0155 2460  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:49:43.0202 2460  Filetrace - ok
12:49:43.0233 2460  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:43.0264 2460  flpydisk - ok
12:49:43.0374 2460  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:49:43.0405 2460  FltMgr - ok
12:49:43.0483 2460  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:49:43.0545 2460  FontCache - ok
12:49:43.0608 2460  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:49:43.0624 2460  FontCache3.0.0.0 - ok
12:49:43.0655 2460  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:49:43.0670 2460  FsDepends - ok
12:49:43.0717 2460  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:49:43.0733 2460  Fs_Rec - ok
12:49:43.0795 2460  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:49:43.0811 2460  fvevol - ok
12:49:43.0842 2460  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:49:43.0858 2460  gagp30kx - ok
12:49:43.0920 2460  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
12:49:43.0936 2460  ggflt - ok
12:49:43.0983 2460  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
12:49:44.0014 2460  ggsemc - ok
12:49:44.0061 2460  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:49:44.0124 2460  gpsvc - ok
12:49:44.0264 2460  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:49:44.0280 2460  gupdate - ok
12:49:44.0295 2460  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:49:44.0311 2460  gupdatem - ok
12:49:44.0342 2460  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:49:44.0374 2460  hcw85cir - ok
12:49:44.0436 2460  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:44.0467 2460  HdAudAddService - ok
12:49:44.0499 2460  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:49:44.0545 2460  HDAudBus - ok
12:49:44.0561 2460  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:49:44.0592 2460  HidBatt - ok
12:49:44.0608 2460  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:49:44.0639 2460  HidBth - ok
12:49:44.0655 2460  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:49:44.0686 2460  HidIr - ok
12:49:44.0717 2460  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:49:44.0780 2460  hidserv - ok
12:49:44.0842 2460  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:49:44.0858 2460  HidUsb - ok
12:49:44.0905 2460  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:49:44.0967 2460  hkmsvc - ok
12:49:45.0014 2460  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:49:45.0061 2460  HomeGroupListener - ok
12:49:45.0108 2460  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:49:45.0139 2460  HomeGroupProvider - ok
12:49:45.0202 2460  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:49:45.0217 2460  HpSAMD - ok
12:49:45.0280 2460  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:49:45.0342 2460  HTTP - ok
12:49:45.0389 2460  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:49:45.0405 2460  hwpolicy - ok
12:49:45.0452 2460  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:49:45.0467 2460  i8042prt - ok
12:49:45.0514 2460  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:49:45.0545 2460  iaStorV - ok
12:49:45.0608 2460  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:49:45.0655 2460  idsvc - ok
12:49:45.0686 2460  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:49:45.0702 2460  iirsp - ok
12:49:45.0764 2460  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:49:45.0842 2460  IKEEXT - ok
12:49:45.0936 2460  [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:49:45.0999 2460  IntcAzAudAddService - ok
12:49:46.0045 2460  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:49:46.0061 2460  intelide - ok
12:49:46.0092 2460  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:49:46.0124 2460  intelppm - ok
12:49:46.0155 2460  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:49:46.0217 2460  IPBusEnum - ok
12:49:46.0249 2460  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:46.0311 2460  IpFilterDriver - ok
12:49:46.0358 2460  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:49:46.0405 2460  iphlpsvc - ok
12:49:46.0452 2460  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:49:46.0467 2460  IPMIDRV - ok
12:49:46.0499 2460  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:49:46.0561 2460  IPNAT - ok
12:49:46.0592 2460  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:49:46.0655 2460  IRENUM - ok
12:49:46.0686 2460  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:49:46.0717 2460  isapnp - ok
12:49:46.0733 2460  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:49:46.0749 2460  iScsiPrt - ok
12:49:46.0795 2460  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
12:49:46.0811 2460  ivusb - ok
12:49:46.0827 2460  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:46.0858 2460  kbdclass - ok
12:49:46.0889 2460  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:46.0920 2460  kbdhid - ok
12:49:46.0936 2460  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:49:46.0967 2460  KeyIso - ok
12:49:47.0014 2460  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:49:47.0045 2460  KSecDD - ok
12:49:47.0092 2460  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:49:47.0139 2460  KSecPkg - ok
12:49:47.0186 2460  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:49:47.0249 2460  ksthunk - ok
12:49:47.0295 2460  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:49:47.0358 2460  KtmRm - ok
12:49:47.0420 2460  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:49:47.0467 2460  LanmanServer - ok
12:49:47.0499 2460  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:47.0561 2460  LanmanWorkstation - ok
12:49:47.0608 2460  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:49:47.0655 2460  lltdio - ok
12:49:47.0702 2460  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:49:47.0764 2460  lltdsvc - ok
12:49:47.0780 2460  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:49:47.0827 2460  lmhosts - ok
12:49:47.0858 2460  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:49:47.0874 2460  LSI_FC - ok
12:49:47.0920 2460  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:49:47.0936 2460  LSI_SAS - ok
12:49:47.0952 2460  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:49:47.0967 2460  LSI_SAS2 - ok
12:49:47.0983 2460  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:49:48.0014 2460  LSI_SCSI - ok
12:49:48.0030 2460  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:49:48.0092 2460  luafv - ok
12:49:48.0124 2460  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:49:48.0170 2460  Mcx2Svc - ok
12:49:48.0170 2460  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:49:48.0186 2460  megasas - ok
12:49:48.0217 2460  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:49:48.0233 2460  MegaSR - ok
12:49:48.0311 2460  Microsoft SharePoint Workspace Audit Service - ok
12:49:48.0358 2460  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:49:48.0420 2460  MMCSS - ok
12:49:48.0452 2460  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:49:48.0499 2460  Modem - ok
12:49:48.0530 2460  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:49:48.0561 2460  monitor - ok
12:49:48.0577 2460  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:49:48.0608 2460  mouclass - ok
12:49:48.0639 2460  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:49:48.0670 2460  mouhid - ok
12:49:48.0717 2460  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:49:48.0733 2460  mountmgr - ok
12:49:48.0811 2460  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:49:48.0842 2460  MpFilter - ok
12:49:48.0874 2460  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:49:48.0889 2460  mpio - ok
12:49:48.0920 2460  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:49:48.0967 2460  mpsdrv - ok
12:49:49.0030 2460  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:49:49.0108 2460  MpsSvc - ok
12:49:49.0155 2460  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:49:49.0186 2460  MRxDAV - ok
12:49:49.0217 2460  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:49.0264 2460  mrxsmb - ok
12:49:49.0311 2460  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:49.0358 2460  mrxsmb10 - ok
12:49:49.0374 2460  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:49.0389 2460  mrxsmb20 - ok
12:49:49.0420 2460  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:49:49.0436 2460  msahci - ok
12:49:49.0483 2460  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:49:49.0499 2460  msdsm - ok
12:49:49.0530 2460  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:49:49.0561 2460  MSDTC - ok
12:49:49.0608 2460  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:49:49.0639 2460  Msfs - ok
12:49:49.0670 2460  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:49:49.0733 2460  mshidkmdf - ok
12:49:49.0764 2460  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:49:49.0780 2460  msisadrv - ok
12:49:49.0811 2460  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:49:49.0874 2460  MSiSCSI - ok
12:49:49.0889 2460  msiserver - ok
12:49:49.0936 2460  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:49:49.0999 2460  MSKSSRV - ok
12:49:50.0124 2460  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:49:50.0139 2460  MsMpSvc - ok
12:49:50.0155 2460  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:50.0233 2460  MSPCLOCK - ok
12:49:50.0264 2460  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:49:50.0311 2460  MSPQM - ok
12:49:50.0374 2460  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:49:50.0405 2460  MsRPC - ok
12:49:50.0452 2460  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:49:50.0467 2460  mssmbios - ok
12:49:50.0499 2460  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:49:50.0545 2460  MSTEE - ok
12:49:50.0561 2460  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:49:50.0592 2460  MTConfig - ok
12:49:50.0608 2460  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:49:50.0624 2460  Mup - ok
12:49:50.0686 2460  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:49:50.0749 2460  napagent - ok
12:49:50.0795 2460  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:49:50.0842 2460  NativeWifiP - ok
12:49:50.0905 2460  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:49:50.0967 2460  NDIS - ok
12:49:50.0983 2460  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:49:51.0030 2460  NdisCap - ok
12:49:51.0061 2460  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:51.0108 2460  NdisTapi - ok
12:49:51.0139 2460  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:51.0202 2460  Ndisuio - ok
12:49:51.0233 2460  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:51.0311 2460  NdisWan - ok
12:49:51.0342 2460  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:49:51.0405 2460  NDProxy - ok
12:49:51.0436 2460  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:49:51.0483 2460  NetBIOS - ok
12:49:51.0530 2460  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:49:51.0577 2460  NetBT - ok
12:49:51.0592 2460  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:49:51.0608 2460  Netlogon - ok
12:49:51.0639 2460  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:49:51.0702 2460  Netman - ok
12:49:51.0717 2460  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:49:51.0780 2460  netprofm - ok
12:49:51.0811 2460  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:51.0827 2460  NetTcpPortSharing - ok
12:49:51.0858 2460  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:49:51.0874 2460  nfrd960 - ok
12:49:51.0936 2460  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:49:51.0967 2460  NisDrv - ok
12:49:52.0045 2460  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
12:49:52.0061 2460  NisSrv - ok
12:49:52.0124 2460  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:49:52.0186 2460  NlaSvc - ok
12:49:52.0202 2460  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:49:52.0249 2460  Npfs - ok
12:49:52.0280 2460  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:49:52.0342 2460  nsi - ok
12:49:52.0358 2460  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:49:52.0420 2460  nsiproxy - ok
12:49:52.0499 2460  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:49:52.0577 2460  Ntfs - ok
12:49:52.0686 2460  nTuneService - ok
12:49:52.0686 2460  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:49:52.0749 2460  Null - ok
12:49:53.0061 2460  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:49:53.0249 2460  nvlddmkm - ok
12:49:53.0295 2460  [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev         C:\Windows\nvoclk64.sys
12:49:53.0311 2460  NVR0Dev - ok
12:49:53.0342 2460  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:49:53.0358 2460  nvraid - ok
12:49:53.0389 2460  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:49:53.0420 2460  nvstor - ok
12:49:53.0467 2460  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc           C:\Windows\system32\nvvsvc.exe
12:49:53.0514 2460  NVSvc - ok
12:49:53.0592 2460  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:49:53.0670 2460  nvUpdatusService - ok
12:49:53.0686 2460  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:49:53.0717 2460  nv_agp - ok
12:49:53.0749 2460  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:49:53.0764 2460  ohci1394 - ok
12:49:53.0842 2460  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:53.0858 2460  ose - ok
12:49:54.0030 2460  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:49:54.0233 2460  osppsvc - ok
12:49:54.0264 2460  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:49:54.0311 2460  p2pimsvc - ok
12:49:54.0374 2460  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:49:54.0420 2460  p2psvc - ok
12:49:54.0467 2460  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:49:54.0499 2460  Parport - ok
12:49:54.0545 2460  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:49:54.0561 2460  partmgr - ok
12:49:54.0608 2460  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:49:54.0639 2460  PcaSvc - ok
12:49:54.0686 2460  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:49:54.0717 2460  pci - ok
12:49:54.0749 2460  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:49:54.0764 2460  pciide - ok
12:49:54.0795 2460  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:49:54.0827 2460  pcmcia - ok
12:49:54.0842 2460  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:49:54.0858 2460  pcw - ok
12:49:54.0889 2460  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:49:54.0952 2460  PEAUTH - ok
12:49:55.0014 2460  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:49:55.0092 2460  PeerDistSvc - ok
12:49:55.0170 2460  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:49:55.0280 2460  PerfHost - ok
12:49:55.0358 2460  [ 1E81496AFF9D7FA2B4C4032B746DE5B9 ] Ph3xIB64        C:\Windows\system32\DRIVERS\Ph3xIB64.sys
12:49:55.0436 2460  Ph3xIB64 - ok
12:49:55.0499 2460  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:49:55.0592 2460  pla - ok
12:49:55.0655 2460  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:49:55.0702 2460  PlugPlay - ok
12:49:55.0717 2460  PnkBstrA - ok
12:49:55.0733 2460  PnkBstrB - ok
12:49:55.0749 2460  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:49:55.0764 2460  PNRPAutoReg - ok
12:49:55.0795 2460  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:49:55.0811 2460  PNRPsvc - ok
12:49:55.0858 2460  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:49:55.0920 2460  PolicyAgent - ok
12:49:55.0952 2460  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:49:56.0030 2460  Power - ok
12:49:56.0077 2460  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:49:56.0155 2460  PptpMiniport - ok
12:49:56.0170 2460  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:49:56.0202 2460  Processor - ok
12:49:56.0249 2460  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:49:56.0295 2460  ProfSvc - ok
12:49:56.0311 2460  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:56.0327 2460  ProtectedStorage - ok
12:49:56.0389 2460  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:49:56.0436 2460  Psched - ok
12:49:56.0483 2460  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:49:56.0545 2460  ql2300 - ok
12:49:56.0577 2460  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:49:56.0608 2460  ql40xx - ok
12:49:56.0639 2460  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:49:56.0686 2460  QWAVE - ok
12:49:56.0702 2460  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:49:56.0733 2460  QWAVEdrv - ok
12:49:56.0780 2460  [ 889B6FF1707D14CEBCBEF62376436BD3 ] RalinkRegistryWriter C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
12:49:56.0858 2460  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning
12:49:56.0858 2460  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)
12:49:56.0874 2460  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:49:56.0952 2460  RasAcd - ok
12:49:56.0983 2460  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:49:57.0030 2460  RasAgileVpn - ok
12:49:57.0045 2460  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:49:57.0092 2460  RasAuto - ok
12:49:57.0139 2460  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:57.0202 2460  Rasl2tp - ok
12:49:57.0233 2460  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:49:57.0295 2460  RasMan - ok
12:49:57.0327 2460  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:57.0374 2460  RasPppoe - ok
12:49:57.0405 2460  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:49:57.0452 2460  RasSstp - ok
12:49:57.0499 2460  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:49:57.0561 2460  rdbss - ok
12:49:57.0577 2460  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:49:57.0608 2460  rdpbus - ok
12:49:57.0639 2460  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:57.0670 2460  RDPCDD - ok
12:49:57.0733 2460  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:49:57.0780 2460  RDPDR - ok
12:49:57.0827 2460  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:49:57.0874 2460  RDPENCDD - ok
12:49:57.0889 2460  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:49:57.0936 2460  RDPREFMP - ok
12:49:57.0983 2460  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:49:58.0014 2460  RDPWD - ok
12:49:58.0077 2460  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:49:58.0092 2460  rdyboost - ok
12:49:58.0139 2460  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:49:58.0186 2460  RemoteAccess - ok
12:49:58.0217 2460  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:49:58.0280 2460  RemoteRegistry - ok
12:49:58.0295 2460  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:49:58.0358 2460  RpcEptMapper - ok
12:49:58.0389 2460  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:49:58.0436 2460  RpcLocator - ok
12:49:58.0483 2460  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:49:58.0545 2460  RpcSs - ok
12:49:58.0577 2460  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:49:58.0655 2460  rspndr - ok
12:49:58.0702 2460  [ 3641E624C8C5D5EA089AE9B5340B5B79 ] rt70x64         C:\Windows\system32\DRIVERS\netr7064.sys
12:49:58.0733 2460  rt70x64 - ok
12:49:58.0749 2460  [ 04C2D5BD8D0776320230978A0AEC3BD0 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
12:49:58.0780 2460  RTL8023x64 - ok
12:49:58.0827 2460  [ 6C90231046FB9FC4123C42179832817F ] s117bus         C:\Windows\system32\DRIVERS\s117bus.sys
12:49:58.0858 2460  s117bus - ok
12:49:58.0905 2460  [ 3279341C90EF8F226AF77623039F4495 ] s117mdfl        C:\Windows\system32\DRIVERS\s117mdfl.sys
12:49:58.0920 2460  s117mdfl - ok
12:49:58.0936 2460  [ 73E331F555279E753B312675DDAF4516 ] s117mdm         C:\Windows\system32\DRIVERS\s117mdm.sys
12:49:58.0952 2460  s117mdm - ok
12:49:58.0983 2460  [ D420731FD2880F0F40F20771EFAAD671 ] s117mgmt        C:\Windows\system32\DRIVERS\s117mgmt.sys
12:49:58.0999 2460  s117mgmt - ok
12:49:59.0030 2460  [ 98236CA5A9A77D0983AC3F6D6527C796 ] s117nd5         C:\Windows\system32\DRIVERS\s117nd5.sys
12:49:59.0045 2460  s117nd5 - ok
12:49:59.0077 2460  [ 1DD613909477AE298C98E86617EC356B ] s117obex        C:\Windows\system32\DRIVERS\s117obex.sys
12:49:59.0092 2460  s117obex - ok
12:49:59.0124 2460  [ 9A22DF5FE9B6BE279D820776A6ADB56F ] s117unic        C:\Windows\system32\DRIVERS\s117unic.sys
12:49:59.0155 2460  s117unic - ok
12:49:59.0186 2460  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:49:59.0249 2460  s3cap - ok
12:49:59.0264 2460  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:49:59.0280 2460  SamSs - ok
12:49:59.0327 2460  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:49:59.0342 2460  sbp2port - ok
12:49:59.0374 2460  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:49:59.0436 2460  SCardSvr - ok
12:49:59.0467 2460  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:49:59.0514 2460  scfilter - ok
12:49:59.0577 2460  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:49:59.0670 2460  Schedule - ok
12:49:59.0702 2460  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:49:59.0764 2460  SCPolicySvc - ok
12:49:59.0811 2460  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:49:59.0858 2460  SDRSVC - ok
12:49:59.0889 2460  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:49:59.0936 2460  secdrv - ok
12:49:59.0967 2460  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:50:00.0014 2460  seclogon - ok
12:50:00.0045 2460  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:50:00.0108 2460  SENS - ok
12:50:00.0124 2460  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:50:00.0155 2460  SensrSvc - ok
12:50:00.0186 2460  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:50:00.0202 2460  Serenum - ok
12:50:00.0233 2460  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:50:00.0264 2460  Serial - ok
12:50:00.0327 2460  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:50:00.0358 2460  sermouse - ok
12:50:00.0420 2460  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:50:00.0467 2460  SessionEnv - ok
12:50:00.0483 2460  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:50:00.0514 2460  sffdisk - ok
12:50:00.0530 2460  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:50:00.0561 2460  sffp_mmc - ok
12:50:00.0577 2460  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:50:00.0624 2460  sffp_sd - ok
12:50:00.0639 2460  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:50:00.0670 2460  sfloppy - ok
12:50:00.0702 2460  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:50:00.0780 2460  SharedAccess - ok
12:50:00.0827 2460  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:50:00.0889 2460  ShellHWDetection - ok
12:50:00.0936 2460  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:50:00.0952 2460  SiSRaid2 - ok
12:50:00.0967 2460  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:50:00.0983 2460  SiSRaid4 - ok
12:50:01.0014 2460  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:50:01.0077 2460  Smb - ok
12:50:01.0124 2460  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:50:01.0155 2460  SNMPTRAP - ok
12:50:01.0217 2460  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
12:50:01.0233 2460  speedfan - ok
12:50:01.0280 2460  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:50:01.0295 2460  spldr - ok
12:50:01.0342 2460  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:50:01.0374 2460  Spooler - ok
12:50:01.0499 2460  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:50:01.0655 2460  sppsvc - ok
12:50:01.0686 2460  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:50:01.0749 2460  sppuinotify - ok
12:50:01.0780 2460  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:50:01.0827 2460  srv - ok
12:50:01.0858 2460  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:50:01.0905 2460  srv2 - ok
12:50:01.0920 2460  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:50:01.0952 2460  srvnet - ok
12:50:01.0983 2460  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:50:02.0030 2460  SSDPSRV - ok
12:50:02.0045 2460  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:50:02.0092 2460  SstpSvc - ok
12:50:02.0202 2460  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:50:02.0233 2460  Stereo Service - ok
12:50:02.0264 2460  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:50:02.0280 2460  stexstor - ok
12:50:02.0342 2460  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:50:02.0389 2460  stisvc - ok
12:50:02.0436 2460  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:50:02.0452 2460  storflt - ok
12:50:02.0483 2460  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
12:50:02.0530 2460  StorSvc - ok
12:50:02.0545 2460  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:50:02.0561 2460  storvsc - ok
12:50:02.0592 2460  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:50:02.0608 2460  swenum - ok
12:50:02.0655 2460  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:50:02.0717 2460  swprv - ok
12:50:02.0795 2460  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:50:02.0889 2460  SysMain - ok
12:50:02.0936 2460  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:50:02.0967 2460  TabletInputService - ok
12:50:03.0014 2460  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:50:03.0092 2460  TapiSrv - ok
12:50:03.0108 2460  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:50:03.0170 2460  TBS - ok
12:50:03.0264 2460  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:50:03.0358 2460  Tcpip - ok
12:50:03.0420 2460  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:50:03.0467 2460  TCPIP6 - ok
12:50:03.0514 2460  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:50:03.0545 2460  tcpipreg - ok
12:50:03.0577 2460  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:50:03.0624 2460  TDPIPE - ok
12:50:03.0670 2460  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:50:03.0686 2460  TDTCP - ok
12:50:03.0749 2460  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:50:03.0795 2460  tdx - ok
12:50:03.0827 2460  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:50:03.0858 2460  TermDD - ok
12:50:03.0905 2460  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:50:03.0967 2460  TermService - ok
12:50:03.0999 2460  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:50:04.0030 2460  Themes - ok
12:50:04.0061 2460  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:50:04.0108 2460  THREADORDER - ok
12:50:04.0139 2460  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:50:04.0186 2460  TrkWks - ok
12:50:04.0249 2460  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:50:04.0327 2460  TrustedInstaller - ok
12:50:04.0358 2460  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:50:04.0405 2460  tssecsrv - ok
12:50:04.0452 2460  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:50:04.0514 2460  TsUsbFlt - ok
12:50:04.0577 2460  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:50:04.0639 2460  tunnel - ok
12:50:04.0670 2460  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:50:04.0686 2460  uagp35 - ok
12:50:04.0733 2460  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:50:04.0795 2460  udfs - ok
12:50:04.0842 2460  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:50:04.0858 2460  UI0Detect - ok
12:50:04.0889 2460  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:50:04.0905 2460  uliagpkx - ok
12:50:04.0952 2460  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:50:04.0999 2460  umbus - ok
12:50:05.0014 2460  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:50:05.0045 2460  UmPass - ok
12:50:05.0077 2460  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:50:05.0108 2460  UmRdpService - ok
12:50:05.0170 2460  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:50:05.0249 2460  upnphost - ok
12:50:05.0280 2460  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:50:05.0342 2460  usbccgp - ok
12:50:05.0420 2460  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:50:05.0452 2460  usbcir - ok
12:50:05.0483 2460  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:50:05.0530 2460  usbehci - ok
12:50:05.0561 2460  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:50:05.0592 2460  usbhub - ok
12:50:05.0624 2460  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:50:05.0670 2460  usbohci - ok
12:50:05.0702 2460  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:50:05.0749 2460  usbprint - ok
12:50:05.0764 2460  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:50:05.0780 2460  usbscan - ok
12:50:05.0811 2460  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:50:05.0827 2460  USBSTOR - ok
12:50:05.0858 2460  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:50:05.0889 2460  usbuhci - ok
12:50:05.0905 2460  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:50:05.0967 2460  UxSms - ok
12:50:05.0983 2460  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:50:05.0999 2460  VaultSvc - ok
12:50:06.0030 2460  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:50:06.0045 2460  vdrvroot - ok
12:50:06.0108 2460  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:50:06.0170 2460  vds - ok
12:50:06.0217 2460  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:06.0249 2460  vga - ok
12:50:06.0264 2460  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:50:06.0311 2460  VgaSave - ok
12:50:06.0374 2460  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:50:06.0405 2460  vhdmp - ok
12:50:06.0436 2460  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:50:06.0467 2460  viaide - ok
12:50:06.0499 2460  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:50:06.0530 2460  vmbus - ok
12:50:06.0561 2460  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:50:06.0592 2460  VMBusHID - ok
12:50:06.0608 2460  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:50:06.0624 2460  volmgr - ok
12:50:06.0670 2460  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:50:06.0717 2460  volmgrx - ok
12:50:06.0733 2460  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:50:06.0749 2460  volsnap - ok
12:50:06.0780 2460  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:50:06.0811 2460  vsmraid - ok
12:50:06.0889 2460  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:50:06.0983 2460  VSS - ok
12:50:07.0014 2460  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:50:07.0061 2460  vwifibus - ok
12:50:07.0092 2460  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:50:07.0155 2460  W32Time - ok
12:50:07.0186 2460  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:50:07.0217 2460  WacomPen - ok
12:50:07.0264 2460  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:50:07.0342 2460  WANARP - ok
12:50:07.0342 2460  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:50:07.0389 2460  Wanarpv6 - ok
12:50:07.0452 2460  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:50:07.0530 2460  wbengine - ok
12:50:07.0561 2460  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:50:07.0592 2460  WbioSrvc - ok
12:50:07.0639 2460  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:50:07.0670 2460  wcncsvc - ok
12:50:07.0686 2460  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:50:07.0717 2460  WcsPlugInService - ok
12:50:07.0749 2460  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:50:07.0764 2460  Wd - ok
12:50:07.0827 2460  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:50:07.0889 2460  Wdf01000 - ok
12:50:07.0905 2460  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:50:08.0014 2460  WdiServiceHost - ok
12:50:08.0014 2460  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:50:08.0061 2460  WdiSystemHost - ok
12:50:08.0092 2460  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:50:08.0139 2460  WebClient - ok
12:50:08.0170 2460  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:50:08.0233 2460  Wecsvc - ok
12:50:08.0249 2460  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:50:08.0295 2460  wercplsupport - ok
12:50:08.0327 2460  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:50:08.0405 2460  WerSvc - ok
12:50:08.0436 2460  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:50:08.0483 2460  WfpLwf - ok
12:50:08.0499 2460  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:50:08.0514 2460  WIMMount - ok
12:50:08.0545 2460  WinDefend - ok
12:50:08.0561 2460  WinHttpAutoProxySvc - ok
12:50:08.0608 2460  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:50:08.0655 2460  Winmgmt - ok
12:50:08.0749 2460  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:50:08.0874 2460  WinRM - ok
12:50:08.0936 2460  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:50:08.0967 2460  WinUsb - ok
12:50:09.0014 2460  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:50:09.0077 2460  Wlansvc - ok
12:50:09.0108 2460  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:50:09.0139 2460  WmiAcpi - ok
12:50:09.0170 2460  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:50:09.0217 2460  wmiApSrv - ok
12:50:09.0233 2460  WMPNetworkSvc - ok
12:50:09.0264 2460  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:50:09.0295 2460  WPCSvc - ok
12:50:09.0327 2460  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:50:09.0358 2460  WPDBusEnum - ok
12:50:09.0374 2460  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:50:09.0436 2460  ws2ifsl - ok
12:50:09.0452 2460  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:50:09.0483 2460  wscsvc - ok
12:50:09.0483 2460  WSearch - ok
12:50:09.0592 2460  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:50:09.0686 2460  wuauserv - ok
12:50:09.0733 2460  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:50:09.0780 2460  WudfPf - ok
12:50:09.0811 2460  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:09.0827 2460  WUDFRd - ok
12:50:09.0874 2460  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:50:09.0905 2460  wudfsvc - ok
12:50:09.0952 2460  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:50:09.0999 2460  WwanSvc - ok
12:50:10.0045 2460  [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
12:50:10.0061 2460  X10Hid - ok
12:50:10.0155 2460  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
12:50:10.0170 2460  x10nets ( UnsignedFile.Multi.Generic ) - warning
12:50:10.0170 2460  x10nets - detected UnsignedFile.Multi.Generic (1)
12:50:10.0233 2460  [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
12:50:10.0249 2460  XUIF - ok
12:50:10.0280 2460  ================ Scan global ===============================
12:50:10.0295 2460  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:50:10.0358 2460  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:50:10.0374 2460  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:50:10.0405 2460  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:50:10.0436 2460  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:50:10.0436 2460  [Global] - ok
12:50:10.0452 2460  ================ Scan MBR ==================================
12:50:10.0467 2460  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:50:10.0686 2460  \Device\Harddisk0\DR0 - ok
12:50:10.0686 2460  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk5\DR9
12:50:10.0827 2460  \Device\Harddisk5\DR9 - ok
12:50:10.0827 2460  ================ Scan VBR ==================================
12:50:10.0827 2460  [ FFD7AA6B0655412E9CF067AD1BF89101 ] \Device\Harddisk0\DR0\Partition1
12:50:10.0827 2460  \Device\Harddisk0\DR0\Partition1 - ok
12:50:10.0858 2460  [ 064DF2D7E9F2D82203698A4B0C272F33 ] \Device\Harddisk0\DR0\Partition2
12:50:10.0858 2460  \Device\Harddisk0\DR0\Partition2 - ok
12:50:10.0858 2460  [ 458BDA2CB7D7EC579988C9660941B615 ] \Device\Harddisk5\DR9\Partition1
12:50:10.0874 2460  \Device\Harddisk5\DR9\Partition1 - ok
12:50:10.0874 2460  ============================================================
12:50:10.0874 2460  Scan finished
12:50:10.0874 2460  ============================================================
12:50:10.0889 3536  Detected object count: 2
12:50:10.0889 3536  Actual detected object count: 2
12:50:24.0999 3536  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:24.0999 3536  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:50:24.0999 3536  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:24.0999 3536  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 08.07.2013, 12:06   #12
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Aber auf das Laufwerk kannst du zugreifen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 17:03   #13
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Ja funktioniert tadellos. Den Stick erkennt er jetzt eben unter Laufwerk L. Nehm ich einen anderen wird der wieder unter G erkannt.
Muß ich ansonsten noch was machen/beachten? Sind wir durch ?
Vielmals Danke bis hierher mal.

Alt 08.07.2013, 17:23   #14
markusg
/// Malware-holic
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Hi,
wenn wir durch sind, alle PW's ändern
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 18:57   #15
Alex6
 
BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Standard

BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden



Wie gewünscht:

Code:
ATTFilter
ComboFix 13-07-08.03 - Alex 08.07.2013  19:44:26.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3326.2010 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\4.0
c:\users\Alex\AppData\Local\Temp\sfamcc00001.dll
c:\users\Alex\AppData\Local\Temp\sfareca00001.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-08 bis 2013-07-08  ))))))))))))))))))))))))))))))
.
.
2013-07-08 17:13 . 2013-06-11 19:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7ABE2F3E-7634-495A-B936-8CBB4CF3D2C2}\mpengine.dll
2013-07-07 11:43 . 2013-07-07 11:43	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-07-07 00:27 . 2013-07-06 20:00	--------	d-----w-	C:\_OTL
2013-07-06 19:55 . 2013-06-11 19:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-05 13:43 . 2013-07-05 16:14	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-06-21 19:20 . 2013-06-08 14:08	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-21 19:08 . 2013-06-21 19:08	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3A4C6B1-40F8-4CE6-80A1-7DBE84105149}\gapaengine.dll
2013-06-12 14:22 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 14:20 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 14:20 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-06 19:48 . 2013-07-06 19:48	55283	----a-w-	C:\_OTL.zip
2013-06-12 15:04 . 2011-04-01 12:18	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-21 20:53 . 2011-05-20 15:52	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2011-04-01 12:09	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 17:25	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:25	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:25	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:25	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:25	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:25	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:02	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 17:25	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 17:25	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 17:18	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\RALINK\Common\RaUI.exe -s [2011-4-1 1560576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr_x64.SYS;c:\windows\SYSNATIVE\DRIVERS\cmiucr_x64.SYS [x]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys;c:\windows\SYSNATIVE\DRIVERS\netr7064.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:34]
.
2013-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 20:26]
.
2013-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 20:26]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 16:42]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 16:42]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 11:58]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751051111-346031974-767255092-1000UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 11:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmiboot"="c:\windows\cmiboot.exe" [2007-02-07 65536]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=60de5fda0000000000000012bf516e59
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h9pgz2s3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=60de5fda0000000000000012bf516e59&q=
FF - ExtSQL: 2013-05-18 22:25; youtubeunblocker@unblocker.yt; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h9pgz2s3.default\extensions\youtubeunblocker@unblocker.yt.xpi
FF - user.js: extensions.BabylonToolbar_i.id - 60de5fda0000000000000012bf516e59
FF - user.js: extensions.BabylonToolbar_i.hardId - 60de5fda0000000000000012bf516e59
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110004
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\spiele\Battlefield 3\Battlefield 3\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\RALINK\Common\RalinkRegistryWriter.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\SpeedFan\speedfan.exe
c:\program files (x86)\RALINK\Common\RaUI.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-08  19:58:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-08 18:58
.
Vor Suchlauf: 13 Verzeichnis(se), 26.370.510.848 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 25.971.994.624 Bytes frei
.
- - End Of File - - A7EAF3979687F67E313461A954D4FC13
A36C5E4F47E84449FF07ED3517B43A31
         

Antwort

Themen zu BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden
abgesicherte, abgesicherten, abgesicherter, abgesicherter modus funktioniert nicht, avg, avira, bildschirm, bka-trojaner, board, funktioniert, hochfahren, kaspersky, malware.packer.r1gen, modus, nicht mehr, nichts, problem, scannen, starte, trojan.agent.ck, trojaner, trojaner board, virus, weißer bildschirm, wirklich



Ähnliche Themen: BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden


  1. GVU Trojaner auf dem Laptop entfernen, abgesicherter Modus funktioniert nicht mehr
    Log-Analyse und Auswertung - 30.04.2014 (15)
  2. WinXP - Weißer Bildschirm nach Anmeldung bei einem User - Abgesicherter Modus funktioniert - FRST32 bricht ab
    Log-Analyse und Auswertung - 22.01.2014 (9)
  3. GVU Trojaner Abgesicherter Modus funktioniert nicht mehr! Windows XP
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (8)
  4. Win XP: Bundestrojaner - weißer Bildschirm - abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 15.08.2013 (17)
  5. Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (7)
  6. Windows 7 Weißer Bildschirm... Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (9)
  7. GVU-Trojaner, auch abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (16)
  8. weißer Bildschirm bei Windowsstart; abgesicherter Modus mit Eingabefunktion funktioniert nur noch
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (21)
  9. weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung
    Log-Analyse und Auswertung - 07.05.2013 (17)
  10. GVU Trojaner - Auch abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (25)
  11. Virus Weißer Bildschirm, Abgesicherter modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (13)
  12. GVU Trojaner eingefangen, WinXP, abgesicherter Modus geht nicht, Kaspersky Rescue auch nicht
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (28)
  13. weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (33)
  14. Polizei Trojaner? Abgesicherter Modus funktioniert auch nicht mehr.
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (5)
  15. Trojaner, weißer Bildschirm, auch abgesicherter Modus (OTL Logfile bereits vorhanden)
    Log-Analyse und Auswertung - 18.08.2012 (9)
  16. Weißer Bildschirm, auch abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (31)
  17. (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehr
    Mülltonne - 16.03.2012 (1)

Zum Thema BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden - Hallo liebes Trojaner Board, ich habe mir einen wirklich sehr unangenehmen Virus eingegfangen. Nach dem Hochfahren kommt ein weißer Bildschirm mit dem BKA-Logo ich soll Geld zahlen....blabla >>das kennt ihr - BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden...
Archiv
Du betrachtest: BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.