Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Trojaner 3.04 (https://www.trojaner-board.de/113151-bka-trojaner-3-04-a.html)

cosinus 06.04.2012 17:59
Hätte da mal ne Frage bevor es weiter geht:

Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?


Wenn alles vorhanden ist:

Mach einen OTL-Fix, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\Shell - "" = AutoRun
O33 - MountPoints2\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
[2012.04.05 16:57:10 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\dfboottime.exe
[2012.04.05 16:57:10 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\dfboottime.cfg
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

W.V 06.04.2012 22:17
Zuerst zur Frage:

Es sind alle Ordner da und keiner ist leer, soweit ich das beurteilen kann es ist ja nicht mein Notebook, auf jedenfall gibt es keinen leeren Ordner im Startmenü.

Ich habe den FIX nun ausgeführt es tut sich aber seit Minuten nichts mehr irgendwie schient das OTL abgestürzt zu sein. Ich habe mal in den Ordner _OTL gesehen aber ausser einer leeren Ordnerstruktur ist nichts abgelegt worden.

Was mich in dem Script irritiert ist der Laufwerksbuchstabe E:\ ich habe kein Laufwerk E:\ , allerdings muß ich sagen das ich des öfteren während der verschiedenen Viren Bereinigungsprozesse einen USB Stick eingesteckt habe der dann den Laufwerksbuchstaben E: zugewiesen bekommen hat. Dort befindet sich eine Kopie der OTL.EXE und die Setup EXE von Malwarebytes sowie verschiedene LOG Dateien. Der USB Stick ist aber im Moment nicht angeschlossen. Solche Dateien wie E:\LaunchU3.exe usw. sind waren zumindetens auf meinem Stick nicht oben. Möglich das früher mal ein USB-Stick mit diesen Inhalt eingesteckt wurde. Bei der Infizierung mit dem BKA 3.04 Trojaner war aber KEIN USB-Stick eingesteckt.

Soll ich noch ein wenig wegen OTL warten oder muß ich das ganze nochmal ausführen ???

cosinus 06.04.2012 22:22
Wenn sich nichts mehr tut: Wiederhol den Fix im abgesicherten Modus bitte

W.V 06.04.2012 22:25
Okay. Ich war aber im abgesicherten Modus habe diesen während der ganzen Prozedur noch nicht verlassen. Werde nochmal im abgesicherten Modus starten und es nochmal probieren. OTL.exe reagiert nicht mehr also schiesse ich den Prozess notgedrungen ab :kloppen:

Das gleiche Problem. Ab hier geht es nicht mehr weiter:

O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)

das ist CFG Datei vom Defraggler. Der Defraggler ist so eingestellt das beim Booten die Bootdateien optimiert werden. Kann man den Prozess aus dem Fix weglassen ?! Wie gesagt ab da reagiert die OTL.exe nicht mehr.

Oder soll ich das ganze nochmal im Normalmodus ausführen ?!

cosinus 06.04.2012 22:51
Ach das ist vom Defraggler? :eek: :stirn:

Ja da hätte ich mal besser recherchieren oder dich erstmal fragen sollen :headbang:

Nimm die Zeilne aus dem Fix raus wo ein dffboottime vorkommt also diese hier

Code:
[2012.04.05 16:57:10 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\dfboottime.exe
[2012.04.05 16:57:10 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\dfboottime.cfg

W.V 06.04.2012 22:57
Ich muß gestehen das ich zwischenzeitlich am 05.04.2012 um 16:57:10 h den neuesten Defraggler installiert habe und auch bei den Einstellungen dieses Boot-Time-Defrag eingestellt habe diese Dateien und Registry Einträge sind vom Defraggler ganz eindeutig:

Code:
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
[2012.04.05 16:57:10 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\dfboottime.exe
[2012.04.05 16:57:10 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\dfboottime.cfg
Im Normalmodus stürzt die OTL.exe ebenfalls ab.
Kann man denn den Teil mit dem Defraggler nicht weglassen ?!

Sorry habe gerade gesehen unsere Postings haben sich überschnitten...... ich lasse das nun mal weg:

Code:
[2012.04.05 16:57:10 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\dfboottime.exe
[2012.04.05 16:57:10 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\dfboottime.cfg
Musste auch noch das weglassen, jetzt hat es dann aber funktioniert:

Code:
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
Eigentlich logisch ab da stoppte der Prozess ja.
Lade die ZIP Datei gleich hoch.

cosinus 06.04.2012 23:15
Ja :)

Naja, diese neue Datum hat mich dazu veranlasst an etwas zu denken, dass das erst neulich von einem Schädling gesetzt wurde. Doof gelaufen
Deswegen ist es eigentlich immer ratsam, dass die Hilfesuchenden ohne Absprache nichts Wesentliches ändern sollten wenn man noch in der Analyse steckt :dummguck:

W.V 06.04.2012 23:24
Ja da verstehe ich Dich, war einfach nicht gut von mir diese Sachen auf eigene Faust zu tun, weil ich ja schon um Hilfe bat. Und ehrlich gesagt habe ich im ersten Moment auch nicht mehr daran gedacht das ich den CCleaner und den Defraggler gleich mit auf den neuesten Stand gebracht hatte. Nur wie ich mir vorhin die dfboottime.cfg mit dem Editor angesehen hatte war es mir klar, nochmals ENTSCHULDIGUNG :knuddel:

Habe die _OTL.zip wie beschrieben hochgeladen.

cosinus 06.04.2012 23:26
Hast du auch das Fixlog? Bitte hier posten

W.V 06.04.2012 23:29
jup

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788aa147-0d85-11e1-91a5-001a6b79b0ca}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ea3cb60-889e-11e0-b375-001a6b79b0ca}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8667136 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04072012_000544

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 06.04.2012 23:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

W.V 06.04.2012 23:46
So hier nun das LOG einen Thread hat er gefunden - der heißt MDM ( UnsignedFile.Multi.Generic ) :wtf:

Code:
00:37:41.0483 1500        TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
00:37:41.0748 1500        ============================================================
00:37:41.0748 1500        Current date / time: 2012/04/07 00:37:41.0748
00:37:41.0748 1500        SystemInfo:
00:37:41.0748 1500       
00:37:41.0748 1500        OS Version: 6.1.7601 ServicePack: 1.0
00:37:41.0748 1500        Product type: Workstation
00:37:41.0748 1500        ComputerName: ***-NOTEBOOK
00:37:41.0748 1500        UserName: ***
00:37:41.0748 1500        Windows directory: C:\Windows
00:37:41.0748 1500        System windows directory: C:\Windows
00:37:41.0748 1500        Running under WOW64
00:37:41.0748 1500        Processor architecture: Intel x64
00:37:41.0748 1500        Number of processors: 2
00:37:41.0748 1500        Page size: 0x1000
00:37:41.0748 1500        Boot type: Normal boot
00:37:41.0748 1500        ============================================================
00:37:45.0414 1500        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:37:45.0477 1500        \Device\Harddisk0\DR0:
00:37:45.0477 1500        MBR used
00:37:45.0477 1500        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:37:45.0477 1500        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF62000
00:37:45.0508 1500        Initialize success
00:37:45.0508 1500        ============================================================
00:38:27.0004 2524        ============================================================
00:38:27.0004 2524        Scan started
00:38:27.0004 2524        Mode: Manual; SigCheck; TDLFS;
00:38:27.0004 2524        ============================================================
00:38:28.0236 2524        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:38:29.0063 2524        1394ohci - ok
00:38:29.0219 2524        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:38:29.0406 2524        ACPI - ok
00:38:29.0453 2524        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:38:29.0781 2524        AcpiPmi - ok
00:38:29.0999 2524        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:38:30.0233 2524        adp94xx - ok
00:38:30.0576 2524        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:38:30.0764 2524        adpahci - ok
00:38:30.0857 2524        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:38:31.0044 2524        adpu320 - ok
00:38:31.0232 2524        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:38:31.0965 2524        AeLookupSvc - ok
00:38:32.0261 2524        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:38:32.0526 2524        AFD - ok
00:38:32.0636 2524        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:38:32.0776 2524        agp440 - ok
00:38:32.0963 2524        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:38:33.0182 2524        ALG - ok
00:38:33.0291 2524        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:38:33.0416 2524        aliide - ok
00:38:33.0540 2524        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:38:33.0665 2524        amdide - ok
00:38:33.0821 2524        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:38:34.0008 2524        AmdK8 - ok
00:38:34.0102 2524        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:38:34.0289 2524        AmdPPM - ok
00:38:34.0414 2524        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:38:34.0570 2524        amdsata - ok
00:38:34.0757 2524        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:38:34.0944 2524        amdsbs - ok
00:38:35.0022 2524        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:38:35.0147 2524        amdxata - ok
00:38:35.0319 2524        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:38:35.0490 2524        AntiVirSchedulerService - ok
00:38:35.0568 2524        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:38:35.0693 2524        AntiVirService - ok
00:38:35.0865 2524        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:38:36.0520 2524        AppID - ok
00:38:36.0614 2524        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:38:37.0050 2524        AppIDSvc - ok
00:38:37.0269 2524        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:38:37.0706 2524        Appinfo - ok
00:38:37.0830 2524        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:38:37.0971 2524        arc - ok
00:38:38.0049 2524        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:38:38.0205 2524        arcsas - ok
00:38:38.0283 2524        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:38:38.0735 2524        AsyncMac - ok
00:38:38.0907 2524        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:38:39.0032 2524        atapi - ok
00:38:39.0219 2524        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:38:39.0734 2524        AudioEndpointBuilder - ok
00:38:39.0843 2524        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:38:40.0326 2524        AudioSrv - ok
00:38:40.0560 2524        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:38:40.0826 2524        avgntflt - ok
00:38:40.0966 2524        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
00:38:41.0122 2524        avipbb - ok
00:38:41.0184 2524        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:38:41.0294 2524        avkmgr - ok
00:38:41.0418 2524        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:38:41.0746 2524        AxInstSV - ok
00:38:41.0949 2524        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:38:42.0214 2524        b06bdrv - ok
00:38:42.0370 2524        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:38:42.0588 2524        b57nd60a - ok
00:38:43.0088 2524        BCM43XX        (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:38:43.0649 2524        BCM43XX - ok
00:38:43.0790 2524        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:38:44.0008 2524        BDESVC - ok
00:38:44.0164 2524        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:38:44.0585 2524        Beep - ok
00:38:44.0819 2524        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:38:45.0350 2524        BFE - ok
00:38:45.0537 2524        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:38:46.0114 2524        BITS - ok
00:38:46.0332 2524        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:38:46.0535 2524        blbdrive - ok
00:38:46.0644 2524        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:38:46.0847 2524        bowser - ok
00:38:46.0925 2524        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:38:47.0175 2524        BrFiltLo - ok
00:38:47.0378 2524        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:38:47.0565 2524        BrFiltUp - ok
00:38:47.0674 2524        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:38:48.0095 2524        Browser - ok
00:38:48.0236 2524        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:38:48.0470 2524        Brserid - ok
00:38:48.0548 2524        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:38:48.0766 2524        BrSerWdm - ok
00:38:48.0906 2524        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:38:49.0156 2524        BrUsbMdm - ok
00:38:49.0218 2524        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:38:49.0406 2524        BrUsbSer - ok
00:38:49.0546 2524        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:38:49.0764 2524        BthEnum - ok
00:38:49.0936 2524        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:38:50.0139 2524        BTHMODEM - ok
00:38:50.0232 2524        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:38:50.0435 2524        BthPan - ok
00:38:50.0638 2524        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:38:50.0888 2524        BTHPORT - ok
00:38:51.0044 2524        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:38:51.0480 2524        bthserv - ok
00:38:51.0605 2524        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:38:51.0777 2524        BTHUSB - ok
00:38:51.0902 2524        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:38:52.0338 2524        cdfs - ok
00:38:52.0526 2524        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:38:52.0713 2524        cdrom - ok
00:38:52.0806 2524        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:38:53.0259 2524        CertPropSvc - ok
00:38:53.0430 2524        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:38:53.0633 2524        circlass - ok
00:38:53.0820 2524        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:38:54.0008 2524        CLFS - ok
00:38:54.0164 2524        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:38:54.0288 2524        clr_optimization_v2.0.50727_32 - ok
00:38:54.0413 2524        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:38:54.0522 2524        clr_optimization_v2.0.50727_64 - ok
00:38:54.0694 2524        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:38:54.0819 2524        clr_optimization_v4.0.30319_32 - ok
00:38:54.0881 2524        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:38:55.0053 2524        clr_optimization_v4.0.30319_64 - ok
00:38:55.0178 2524        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:38:55.0365 2524        CmBatt - ok
00:38:55.0474 2524        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:38:55.0599 2524        cmdide - ok
00:38:55.0786 2524        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:38:56.0082 2524        CNG - ok
00:38:56.0207 2524        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:38:56.0363 2524        Compbatt - ok
00:38:56.0457 2524        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:38:56.0675 2524        CompositeBus - ok
00:38:56.0784 2524        COMSysApp - ok
00:38:56.0862 2524        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:38:56.0987 2524        crcdisk - ok
00:38:57.0143 2524        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:38:57.0580 2524        CryptSvc - ok
00:38:57.0767 2524        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:38:58.0251 2524        DcomLaunch - ok
00:38:58.0469 2524        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:38:58.0953 2524        defragsvc - ok
00:38:59.0124 2524        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:38:59.0530 2524        DfsC - ok
00:38:59.0733 2524        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:39:00.0185 2524        Dhcp - ok
00:39:00.0404 2524        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:39:00.0856 2524        discache - ok
00:39:00.0965 2524        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:39:01.0121 2524        Disk - ok
00:39:01.0246 2524        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:39:01.0464 2524        Dnscache - ok
00:39:01.0636 2524        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:39:02.0073 2524        dot3svc - ok
00:39:02.0260 2524        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:39:02.0666 2524        DPS - ok
00:39:02.0837 2524        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:39:03.0056 2524        drmkaud - ok
00:39:03.0274 2524        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:39:03.0555 2524        DXGKrnl - ok
00:39:03.0680 2524        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:39:04.0101 2524        EapHost - ok
00:39:04.0584 2524        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:39:05.0427 2524        ebdrv - ok
00:39:05.0583 2524        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:39:05.0786 2524        EFS - ok
00:39:05.0973 2524        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:39:06.0269 2524        ehRecvr - ok
00:39:06.0394 2524        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:39:06.0581 2524        ehSched - ok
00:39:06.0768 2524        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:39:07.0002 2524        elxstor - ok
00:39:07.0252 2524        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:39:07.0502 2524        ErrDev - ok
00:39:07.0736 2524        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:39:08.0250 2524        EventSystem - ok
00:39:08.0406 2524        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:39:08.0874 2524        exfat - ok
00:39:09.0015 2524        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:39:09.0514 2524        fastfat - ok
00:39:09.0733 2524        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:39:10.0013 2524        Fax - ok
00:39:10.0325 2524        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:39:10.0637 2524        fdc - ok
00:39:10.0731 2524        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:39:11.0589 2524        fdPHost - ok
00:39:11.0714 2524        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:39:12.0369 2524        FDResPub - ok
00:39:12.0541 2524        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:39:12.0697 2524        FileInfo - ok
00:39:12.0853 2524        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:39:13.0274 2524        Filetrace - ok
00:39:13.0430 2524        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:39:13.0601 2524        flpydisk - ok
00:39:13.0757 2524        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:39:13.0945 2524        FltMgr - ok
00:39:14.0194 2524        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:39:14.0600 2524        FontCache - ok
00:39:14.0740 2524        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:39:14.0849 2524        FontCache3.0.0.0 - ok
00:39:15.0021 2524        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:39:15.0161 2524        FsDepends - ok
00:39:15.0333 2524        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:39:15.0473 2524        Fs_Rec - ok
00:39:15.0614 2524        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:39:15.0817 2524        fvevol - ok
00:39:15.0895 2524        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:39:16.0035 2524        gagp30kx - ok
00:39:16.0222 2524        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:39:16.0768 2524        gpsvc - ok
00:39:17.0002 2524        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:39:17.0111 2524        gupdate - ok
00:39:17.0189 2524        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:39:17.0330 2524        gupdatem - ok
00:39:17.0470 2524        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:39:17.0626 2524        gusvc - ok
00:39:17.0813 2524        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:39:18.0001 2524        hcw85cir - ok
00:39:18.0172 2524        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:39:18.0422 2524        HdAudAddService - ok
00:39:18.0515 2524        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:39:18.0734 2524        HDAudBus - ok
00:39:18.0890 2524        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:39:19.0139 2524        HidBatt - ok
00:39:19.0249 2524        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:39:19.0514 2524        HidBth - ok
00:39:19.0607 2524        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:39:19.0873 2524        HidIr - ok
00:39:19.0951 2524        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:39:20.0387 2524        hidserv - ok
00:39:20.0762 2524        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:39:20.0949 2524        HidUsb - ok
00:39:21.0058 2524        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:39:21.0511 2524        hkmsvc - ok
00:39:21.0651 2524        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:39:21.0838 2524        HomeGroupListener - ok
00:39:22.0010 2524        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:39:22.0213 2524        HomeGroupProvider - ok
00:39:22.0337 2524        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:39:22.0493 2524        HpSAMD - ok
00:39:22.0634 2524        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:39:23.0149 2524        HTTP - ok
00:39:23.0320 2524        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:39:23.0445 2524        hwpolicy - ok
00:39:23.0601 2524        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:39:23.0757 2524        i8042prt - ok
00:39:23.0991 2524        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:39:24.0194 2524        iaStorV - ok
00:39:24.0443 2524        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:39:24.0709 2524        idsvc - ok
00:39:25.0520 2524        igfx            (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:39:26.0783 2524        igfx - ok
00:39:27.0002 2524        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:39:27.0142 2524        iirsp - ok
00:39:27.0283 2524        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:39:27.0813 2524        IKEEXT - ok
00:39:27.0985 2524        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:39:28.0109 2524        intelide - ok
00:39:28.0265 2524        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:39:28.0421 2524        intelppm - ok
00:39:28.0562 2524        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:39:28.0999 2524        IPBusEnum - ok
00:39:29.0077 2524        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:39:29.0482 2524        IpFilterDriver - ok
00:39:29.0669 2524        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:39:30.0153 2524        iphlpsvc - ok
00:39:30.0387 2524        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:39:30.0559 2524        IPMIDRV - ok
00:39:30.0637 2524        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:39:31.0073 2524        IPNAT - ok
00:39:31.0292 2524        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:39:31.0526 2524        IRENUM - ok
00:39:31.0604 2524        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:39:31.0744 2524        isapnp - ok
00:39:31.0931 2524        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:39:32.0119 2524        iScsiPrt - ok
00:39:32.0197 2524        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:39:32.0337 2524        kbdclass - ok
00:39:32.0415 2524        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:39:32.0587 2524        kbdhid - ok
00:39:32.0680 2524        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:39:32.0836 2524        KeyIso - ok
00:39:32.0992 2524        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:39:33.0133 2524        KSecDD - ok
00:39:33.0257 2524        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:39:33.0398 2524        KSecPkg - ok
00:39:33.0523 2524        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:39:33.0959 2524        ksthunk - ok
00:39:34.0131 2524        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:39:34.0646 2524        KtmRm - ok
00:39:34.0880 2524        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:39:35.0348 2524        LanmanServer - ok
00:39:35.0566 2524        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:39:36.0019 2524        LanmanWorkstation - ok
00:39:36.0175 2524        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:39:36.0611 2524        lltdio - ok
00:39:36.0830 2524        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:39:37.0329 2524        lltdsvc - ok
00:39:37.0438 2524        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:39:37.0875 2524        lmhosts - ok
00:39:38.0000 2524        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:39:38.0171 2524        LSI_FC - ok
00:39:38.0234 2524        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:39:38.0405 2524        LSI_SAS - ok
00:39:38.0452 2524        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:39:38.0624 2524        LSI_SAS2 - ok
00:39:38.0686 2524        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:39:38.0842 2524        LSI_SCSI - ok
00:39:38.0967 2524        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:39:39.0419 2524        luafv - ok
00:39:39.0607 2524        LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:39:39.0731 2524        LVPr2M64 - ok
00:39:39.0794 2524        LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
00:39:39.0903 2524        LVPr2Mon - ok
00:39:40.0043 2524        LVPrcS64        (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
00:39:40.0168 2524        LVPrcS64 - ok
00:39:40.0293 2524        LVRS64          (224ab3850f573a419f921c41a15d7f5b) C:\Windows\system32\DRIVERS\lvrs64.sys
00:39:40.0433 2524        LVRS64 - ok
00:39:41.0198 2524        LVUVC64        (bfba84b8a9c233ae42b11cf7bdfc6c01) C:\Windows\system32\DRIVERS\lvuvc64.sys
00:39:42.0617 2524        LVUVC64 - ok
00:39:42.0758 2524        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:39:42.0867 2524        MBAMProtector - ok
00:39:43.0070 2524        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:39:43.0319 2524        MBAMService - ok
00:39:43.0460 2524        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:39:43.0678 2524        Mcx2Svc - ok
00:39:43.0850 2524        MDM            (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
00:39:43.0928 2524        MDM ( UnsignedFile.Multi.Generic ) - warning
00:39:43.0928 2524        MDM - detected UnsignedFile.Multi.Generic (1)
00:39:44.0084 2524        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:39:44.0240 2524        megasas - ok
00:39:44.0333 2524        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:39:44.0521 2524        MegaSR - ok
00:39:44.0708 2524        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:39:44.0817 2524        Microsoft Office Groove Audit Service - ok
00:39:44.0989 2524        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:39:45.0425 2524        MMCSS - ok
00:39:45.0597 2524        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:39:46.0034 2524        Modem - ok
00:39:46.0159 2524        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:39:46.0361 2524        monitor - ok
00:39:46.0517 2524        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:39:46.0658 2524        mouclass - ok
00:39:46.0783 2524        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:39:46.0954 2524        mouhid - ok
00:39:47.0032 2524        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:39:47.0157 2524        mountmgr - ok
00:39:47.0266 2524        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:39:47.0438 2524        mpio - ok
00:39:47.0594 2524        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:39:48.0015 2524        mpsdrv - ok
00:39:48.0202 2524        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:39:48.0748 2524        MpsSvc - ok
00:39:48.0951 2524        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:39:49.0201 2524        MRxDAV - ok
00:39:49.0357 2524        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:39:49.0559 2524        mrxsmb - ok
00:39:49.0700 2524        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:39:49.0918 2524        mrxsmb10 - ok
00:39:50.0043 2524        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:39:50.0199 2524        mrxsmb20 - ok
00:39:50.0339 2524        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:39:50.0480 2524        msahci - ok
00:39:50.0573 2524        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:39:50.0714 2524        msdsm - ok
00:39:50.0792 2524        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:39:50.0995 2524        MSDTC - ok
00:39:51.0166 2524        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:39:51.0572 2524        Msfs - ok
00:39:51.0743 2524        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:39:52.0149 2524        mshidkmdf - ok
00:39:52.0336 2524        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:39:52.0461 2524        msisadrv - ok
00:39:52.0586 2524        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:39:53.0038 2524        MSiSCSI - ok
00:39:53.0132 2524        msiserver - ok
00:39:53.0335 2524        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:39:53.0771 2524        MSKSSRV - ok
00:39:53.0959 2524        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:39:54.0395 2524        MSPCLOCK - ok
00:39:54.0583 2524        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:39:55.0066 2524        MSPQM - ok
00:39:55.0253 2524        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:39:55.0503 2524        MsRPC - ok
00:39:55.0784 2524        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:39:55.0940 2524        mssmbios - ok
00:39:56.0096 2524        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:39:56.0626 2524        MSTEE - ok
00:39:56.0735 2524        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:39:56.0907 2524        MTConfig - ok
00:39:57.0032 2524        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:39:57.0172 2524        Mup - ok
00:39:57.0328 2524        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:39:57.0890 2524        napagent - ok
00:39:58.0171 2524        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:39:58.0483 2524        NativeWifiP - ok
00:39:58.0670 2524        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:39:58.0966 2524        NDIS - ok
00:39:59.0185 2524        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:39:59.0637 2524        NdisCap - ok
00:39:59.0746 2524        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:40:00.0199 2524        NdisTapi - ok
00:40:00.0355 2524        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:40:00.0776 2524        Ndisuio - ok
00:40:01.0025 2524        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:40:01.0447 2524        NdisWan - ok
00:40:01.0556 2524        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:40:01.0961 2524        NDProxy - ok
00:40:02.0117 2524        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:40:02.0539 2524        NetBIOS - ok
00:40:02.0773 2524        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:40:03.0209 2524        NetBT - ok
00:40:03.0334 2524        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:03.0490 2524        Netlogon - ok
00:40:03.0709 2524        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:40:04.0208 2524        Netman - ok
00:40:04.0411 2524        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:40:04.0941 2524        netprofm - ok
00:40:05.0128 2524        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:40:05.0237 2524        NetTcpPortSharing - ok
00:40:05.0456 2524        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:40:05.0596 2524        nfrd960 - ok
00:40:05.0768 2524        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:40:06.0236 2524        NlaSvc - ok
00:40:06.0345 2524        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:40:06.0797 2524        Npfs - ok
00:40:06.0907 2524        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:40:07.0359 2524        nsi - ok
00:40:07.0515 2524        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:40:07.0952 2524        nsiproxy - ok
00:40:08.0342 2524        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:40:08.0810 2524        Ntfs - ok
00:40:08.0903 2524        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:40:09.0325 2524        Null - ok
00:40:09.0543 2524        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:40:09.0683 2524        nvraid - ok
00:40:09.0839 2524        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:40:09.0980 2524        nvstor - ok
00:40:10.0089 2524        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:40:10.0245 2524        nv_agp - ok
00:40:10.0479 2524        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:40:10.0666 2524        odserv - ok
00:40:10.0853 2524        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:40:11.0056 2524        ohci1394 - ok
00:40:11.0228 2524        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:40:11.0353 2524        ose - ok
00:40:11.0524 2524        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:40:11.0743 2524        p2pimsvc - ok
00:40:11.0899 2524        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:40:12.0117 2524        p2psvc - ok
00:40:12.0211 2524        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:40:12.0413 2524        Parport - ok
00:40:12.0507 2524        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:40:12.0663 2524        partmgr - ok
00:40:12.0741 2524        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:40:13.0006 2524        PcaSvc - ok
00:40:13.0178 2524        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:40:13.0334 2524        pci - ok
00:40:13.0412 2524        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:40:13.0537 2524        pciide - ok
00:40:13.0661 2524        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:40:13.0833 2524        pcmcia - ok
00:40:13.0895 2524        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:40:14.0036 2524        pcw - ok
00:40:14.0161 2524        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:40:14.0707 2524        PEAUTH - ok
00:40:14.0956 2524        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:40:15.0159 2524        PerfHost - ok
00:40:15.0611 2524        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:40:16.0251 2524        pla - ok
00:40:16.0454 2524        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:40:16.0688 2524        PlugPlay - ok
00:40:16.0797 2524        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:40:16.0984 2524        PNRPAutoReg - ok
00:40:17.0109 2524        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:40:17.0312 2524        PNRPsvc - ok
00:40:17.0499 2524        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:40:17.0998 2524        PolicyAgent - ok
00:40:18.0185 2524        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:40:18.0669 2524        Power - ok
00:40:18.0872 2524        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:40:19.0293 2524        PptpMiniport - ok
00:40:19.0402 2524        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:40:19.0605 2524        Processor - ok
00:40:19.0761 2524        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:40:20.0229 2524        ProfSvc - ok
00:40:20.0416 2524        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:20.0603 2524        ProtectedStorage - ok
00:40:20.0728 2524        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:40:21.0149 2524        Psched - ok
00:40:21.0415 2524        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:40:21.0851 2524        ql2300 - ok
00:40:21.0976 2524        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:40:22.0117 2524        ql40xx - ok
00:40:22.0241 2524        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:40:22.0507 2524        QWAVE - ok
00:40:22.0647 2524        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:40:22.0897 2524        QWAVEdrv - ok
00:40:22.0959 2524        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:40:23.0396 2524        RasAcd - ok
00:40:23.0536 2524        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:40:23.0973 2524        RasAgileVpn - ok
00:40:24.0176 2524        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:40:24.0628 2524        RasAuto - ok
00:40:24.0753 2524        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:40:25.0190 2524        Rasl2tp - ok
00:40:25.0330 2524        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:40:25.0829 2524        RasMan - ok
00:40:26.0110 2524        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:40:26.0547 2524        RasPppoe - ok
00:40:26.0765 2524        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:40:27.0233 2524        RasSstp - ok
00:40:27.0374 2524        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:40:27.0826 2524        rdbss - ok
00:40:27.0951 2524        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:40:28.0138 2524        rdpbus - ok
00:40:28.0279 2524        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:40:28.0715 2524        RDPCDD - ok
00:40:28.0856 2524        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:40:29.0293 2524        RDPENCDD - ok
00:40:29.0433 2524        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:40:29.0839 2524        RDPREFMP - ok
00:40:29.0995 2524        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:40:30.0197 2524        RDPWD - ok
00:40:30.0385 2524        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:40:30.0556 2524        rdyboost - ok
00:40:30.0650 2524        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:40:31.0102 2524        RemoteAccess - ok
00:40:31.0211 2524        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:40:31.0679 2524        RemoteRegistry - ok
00:40:31.0913 2524        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:40:32.0147 2524        RFCOMM - ok
00:40:32.0257 2524        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:40:32.0693 2524        RpcEptMapper - ok
00:40:32.0818 2524        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:40:33.0005 2524        RpcLocator - ok
00:40:33.0193 2524        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:40:33.0661 2524        RpcSs - ok
00:40:33.0785 2524        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:40:34.0191 2524        rspndr - ok
00:40:34.0331 2524        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:34.0487 2524        SamSs - ok
00:40:34.0581 2524        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:40:34.0753 2524        sbp2port - ok
00:40:34.0877 2524        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:40:35.0330 2524        SCardSvr - ok
00:40:35.0501 2524        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:40:35.0907 2524        scfilter - ok
00:40:36.0157 2524        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:40:36.0749 2524        Schedule - ok
00:40:36.0921 2524        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:40:37.0327 2524        SCPolicySvc - ok
00:40:37.0451 2524        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:40:37.0670 2524        SDRSVC - ok
00:40:37.0873 2524        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:40:38.0341 2524        secdrv - ok
00:40:38.0465 2524        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:40:38.0902 2524        seclogon - ok
00:40:39.0027 2524        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:40:39.0495 2524        SENS - ok
00:40:39.0589 2524        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:40:39.0807 2524        SensrSvc - ok
00:40:39.0963 2524        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:40:40.0119 2524        Serenum - ok
00:40:40.0259 2524        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:40:40.0447 2524        Serial - ok
00:40:40.0540 2524        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:40:40.0696 2524        sermouse - ok
00:40:40.0993 2524        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:40:41.0539 2524        SessionEnv - ok
00:40:41.0726 2524        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:40:42.0022 2524        sffdisk - ok
00:40:42.0225 2524        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:40:42.0428 2524        sffp_mmc - ok
00:40:42.0584 2524        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:40:42.0787 2524        sffp_sd - ok
00:40:42.0943 2524        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:40:43.0130 2524        sfloppy - ok
00:40:43.0317 2524        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:40:43.0847 2524        SharedAccess - ok
00:40:44.0019 2524        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:40:44.0503 2524        ShellHWDetection - ok
00:40:44.0627 2524        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:40:44.0783 2524        SiSRaid2 - ok
00:40:44.0986 2524        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:40:45.0127 2524        SiSRaid4 - ok
00:40:45.0314 2524        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:40:45.0766 2524        Smb - ok
00:40:46.0000 2524        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:40:46.0172 2524        SNMPTRAP - ok
00:40:46.0328 2524        Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
00:40:46.0437 2524        Sony Ericsson PCCompanion - ok
00:40:46.0593 2524        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:40:46.0718 2524        spldr - ok
00:40:46.0874 2524        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:40:47.0357 2524        Spooler - ok
00:40:47.0825 2524        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:40:48.0980 2524        sppsvc - ok
00:40:49.0229 2524        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:40:49.0744 2524        sppuinotify - ok
00:40:49.0916 2524        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:40:50.0165 2524        srv - ok
00:40:50.0306 2524        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:40:50.0509 2524        srv2 - ok
00:40:50.0727 2524        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:40:50.0930 2524        SrvHsfHDA - ok
00:40:51.0148 2524        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:40:51.0554 2524        SrvHsfV92 - ok
00:40:51.0710 2524        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:40:51.0991 2524        SrvHsfWinac - ok
00:40:52.0193 2524        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:40:52.0381 2524        srvnet - ok
00:40:52.0490 2524        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:40:52.0973 2524        SSDPSRV - ok
00:40:53.0098 2524        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:40:53.0535 2524        SstpSvc - ok
00:40:53.0644 2524        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:40:53.0785 2524        stexstor - ok
00:40:53.0987 2524        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:40:54.0299 2524        stisvc - ok
00:40:54.0440 2524        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:40:54.0565 2524        swenum - ok
00:40:54.0736 2524        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:40:55.0267 2524        swprv - ok
00:40:55.0579 2524        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:40:56.0062 2524        SysMain - ok
00:40:56.0218 2524        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:40:56.0468 2524        TabletInputService - ok
00:40:56.0608 2524        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:40:57.0061 2524        TapiSrv - ok
00:40:57.0201 2524        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:40:57.0638 2524        TBS - ok
00:40:58.0012 2524        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:40:58.0527 2524        Tcpip - ok
00:40:58.0839 2524        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:40:59.0291 2524        TCPIP6 - ok
00:40:59.0494 2524        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:40:59.0884 2524        tcpipreg - ok
00:41:00.0071 2524        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:41:00.0274 2524        TDPIPE - ok
00:41:00.0446 2524        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:41:00.0649 2524        TDTCP - ok
00:41:00.0773 2524        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:41:01.0210 2524        tdx - ok
00:41:01.0366 2524        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:41:01.0507 2524        TermDD - ok
00:41:01.0725 2524        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:41:02.0255 2524        TermService - ok
00:41:02.0427 2524        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:41:02.0677 2524        Themes - ok
00:41:02.0833 2524        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:41:03.0254 2524        THREADORDER - ok
00:41:03.0394 2524        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:41:03.0831 2524        TrkWks - ok
00:41:04.0003 2524        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:41:04.0408 2524        TrustedInstaller - ok
00:41:04.0674 2524        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:41:05.0079 2524        tssecsrv - ok
00:41:05.0282 2524        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:41:05.0469 2524        TsUsbFlt - ok
00:41:05.0563 2524        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:41:06.0000 2524        tunnel - ok
00:41:06.0234 2524        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:41:06.0374 2524        uagp35 - ok
00:41:06.0577 2524        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:41:07.0060 2524        udfs - ok
00:41:07.0248 2524        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:41:07.0435 2524        UI0Detect - ok
00:41:07.0513 2524        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:41:07.0669 2524        uliagpkx - ok
00:41:07.0809 2524        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:41:07.0981 2524        umbus - ok
00:41:08.0074 2524        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:41:08.0230 2524        UmPass - ok
00:41:08.0340 2524        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:41:08.0823 2524        upnphost - ok
00:41:08.0979 2524        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:41:09.0198 2524        usbaudio - ok
00:41:09.0354 2524        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:41:09.0556 2524        usbccgp - ok
00:41:09.0650 2524        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:41:09.0853 2524        usbcir - ok
00:41:09.0962 2524        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:41:10.0134 2524        usbehci - ok
00:41:10.0274 2524        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:41:10.0477 2524        usbhub - ok
00:41:10.0633 2524        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:41:10.0836 2524        usbohci - ok
00:41:10.0945 2524        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:41:11.0148 2524        usbprint - ok
00:41:11.0226 2524        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:41:11.0460 2524        usbscan - ok
00:41:11.0631 2524        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:41:11.0818 2524        USBSTOR - ok
00:41:12.0006 2524        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:41:12.0177 2524        usbuhci - ok
00:41:12.0271 2524        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:41:12.0723 2524        UxSms - ok
00:41:12.0832 2524        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:41:12.0988 2524        VaultSvc - ok
00:41:13.0082 2524        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:41:13.0207 2524        vdrvroot - ok
00:41:13.0410 2524        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:41:13.0909 2524        vds - ok
00:41:14.0065 2524        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:41:14.0283 2524        vga - ok
00:41:14.0361 2524        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:41:14.0798 2524        VgaSave - ok
00:41:14.0938 2524        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:41:15.0110 2524        vhdmp - ok
00:41:15.0266 2524        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:41:15.0406 2524        viaide - ok
00:41:15.0484 2524        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:41:15.0640 2524        volmgr - ok
00:41:15.0765 2524        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:41:15.0968 2524        volmgrx - ok
00:41:16.0077 2524        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:41:16.0280 2524        volsnap - ok
00:41:16.0389 2524        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:41:16.0545 2524        vsmraid - ok
00:41:16.0842 2524        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:41:17.0575 2524        VSS - ok
00:41:17.0731 2524        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:41:17.0949 2524        vwifibus - ok
00:41:18.0027 2524        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:41:18.0277 2524        vwififlt - ok
00:41:18.0511 2524        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:41:18.0729 2524        vwifimp - ok
00:41:18.0979 2524        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:41:19.0462 2524        W32Time - ok
00:41:19.0665 2524        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:41:19.0837 2524        WacomPen - ok
00:41:19.0930 2524        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:20.0352 2524        WANARP - ok
00:41:20.0383 2524        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:20.0913 2524        Wanarpv6 - ok
00:41:21.0241 2524        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:41:21.0662 2524        wbengine - ok
00:41:21.0802 2524        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:41:22.0052 2524        WbioSrvc - ok
00:41:22.0270 2524        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:41:22.0582 2524        wcncsvc - ok
00:41:22.0723 2524        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:41:22.0894 2524        WcsPlugInService - ok
00:41:23.0004 2524        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:41:23.0128 2524        Wd - ok
00:41:23.0284 2524        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:41:23.0534 2524        Wdf01000 - ok
00:41:23.0721 2524        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:41:24.0018 2524        WdiServiceHost - ok
00:41:24.0064 2524        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:41:24.0314 2524        WdiSystemHost - ok
00:41:24.0486 2524        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:41:24.0766 2524        WebClient - ok
00:41:24.0876 2524        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:41:25.0375 2524        Wecsvc - ok
00:41:25.0515 2524        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:41:25.0952 2524        wercplsupport - ok
00:41:26.0139 2524        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:41:26.0623 2524        WerSvc - ok
00:41:26.0748 2524        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:41:27.0184 2524        WfpLwf - ok
00:41:27.0309 2524        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:41:27.0450 2524        WIMMount - ok
00:41:27.0512 2524        WinDefend - ok
00:41:27.0606 2524        WinHttpAutoProxySvc - ok
00:41:27.0762 2524        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:41:28.0245 2524        Winmgmt - ok
00:41:28.0620 2524        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:41:29.0337 2524        WinRM - ok
00:41:29.0587 2524        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:41:29.0774 2524        WinUsb - ok
00:41:30.0039 2524        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:41:30.0414 2524        Wlansvc - ok
00:41:30.0554 2524        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:41:30.0710 2524        WmiAcpi - ok
00:41:30.0882 2524        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:41:31.0084 2524        wmiApSrv - ok
00:41:31.0162 2524        WMPNetworkSvc - ok
00:41:31.0318 2524        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:41:31.0506 2524        WPCSvc - ok
00:41:31.0662 2524        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:41:31.0849 2524        WPDBusEnum - ok
00:41:31.0942 2524        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:41:32.0364 2524        ws2ifsl - ok
00:41:32.0473 2524        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:41:32.0722 2524        wscsvc - ok
00:41:32.0785 2524        WSearch - ok
00:41:33.0128 2524        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:41:34.0048 2524        wuauserv - ok
00:41:34.0204 2524        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:41:34.0610 2524        WudfPf - ok
00:41:34.0860 2524        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:41:35.0296 2524        WUDFRd - ok
00:41:35.0437 2524        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:41:35.0874 2524        wudfsvc - ok
00:41:36.0030 2524        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:41:36.0310 2524        WwanSvc - ok
00:41:36.0607 2524        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:41:36.0841 2524        \Device\Harddisk0\DR0 - ok
00:41:36.0872 2524        Boot (0x1200)  (e5c8f2104bf3ee8eb61fc03eb1f0194f) \Device\Harddisk0\DR0\Partition0
00:41:36.0888 2524        \Device\Harddisk0\DR0\Partition0 - ok
00:41:36.0966 2524        Boot (0x1200)  (7a626abf318d5a6ddabbeba4fe57d703) \Device\Harddisk0\DR0\Partition1
00:41:36.0981 2524        \Device\Harddisk0\DR0\Partition1 - ok
00:41:36.0981 2524        ============================================================
00:41:36.0981 2524        Scan finished
00:41:36.0981 2524        ============================================================
00:41:37.0153 3692        Detected object count: 1
00:41:37.0153 3692        Actual detected object count: 1
00:41:54.0484 3692        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:41:54.0484 3692        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 07.04.2012 17:34
MDM => mdm.exe ist von Microsoft, ist ok

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

W.V 08.04.2012 14:40
So nun habe ich Combofix ausgeführt und hier ist die LOG Datei dazu:

Code:
ComboFix 12-04-07.03 - *** 08.04.2012  14:07:32.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3062.1980 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-08 bis 2012-04-08  ))))))))))))))))))))))))))))))
.
.
2012-04-08 13:10 . 2012-04-08 13:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-08 13:10 . 2012-04-08 13:10        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2012-04-05 19:40 . 2012-04-05 19:40        --------        d-----w-        c:\program files (x86)\ESET
2012-04-05 14:57 . 2012-04-05 14:57        119808        ----a-w-        c:\windows\system32\dfboottime.exe
2012-04-05 11:06 . 2012-04-05 11:06        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-04-05 11:06 . 2012-04-05 11:06        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-05 11:06 . 2012-04-05 11:06        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-05 11:06 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-28 18:34 . 2012-03-28 18:34        --------        d-----w-        c:\windows\Sun
2012-03-14 18:55 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 18:55 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:55 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:02 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 17:02 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 17:02 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-13 19:24 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 19:24 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:24 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:24 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-13 19:24 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:24 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:24 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 16:44 . 2011-06-28 20:45        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 12:03 . 2011-10-16 19:18        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ccleaner"="c:\program files (x86)\CCleaner\ccleaner.exe" [2012-03-27 2773824]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          \0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 18:08]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 18:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-08  15:30:30
ComboFix-quarantined-files.txt  2012-04-08 13:30
ComboFix2.txt  2012-04-08 08:44
.
Vor Suchlauf: 7 Verzeichnis(se), 75.250.774.016 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 74.990.272.512 Bytes frei
.
- - End Of File - - 8D4FCD07DC7328A7406C96B8EC2B92A5

cosinus 08.04.2012 17:07
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:36 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131