GVU Trojaner

**Petra** · 21.09.2012, 18:52

Hallo atom13,

ein einfacher click auf die website genügt , und wie bei fast jeder antiviren software gibt es lizenzen für mehrere jahre manche sogar bis zu 5 jahre o.ä. ergo es handelt sich um original software !!!

war mir bisher nicht aufgefallen, aber dann ist ja gut

Da wieder der DaemonTools-Treiber vorhanden ist, müssen wir den nochmals löschen und danach dann bitte das aswMBR wiederholen, denn da der sptd.sys-Treiber (von Daemon-Tools) auch mit Rootkit-Technik arbeitet, verfälscht es das Ergebnis.

===== Punkt 1 =====

Dienst beenden/löschen:

Für Windows 2000 und XP => Start => ausführen => cmd (reinschreiben => OK.
Es öffnet sich ein DOS-Fenster.
Nach dem Prompt nacheinander die folgenden Befehle ausführen:
(je eine Zeile aus der Codebox eintippen und Enter drücken).

Vista- und Windows 7-User:
Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt nacheinander die folgenden Befehle ausführen:
(je eine Zeile aus der Codebox eintippen und Enter drücken).

Code:

sc config sptd start= disabled
sc stop sptd  
sc delete sptd
exit

Wenn nach dem sc stop-Befehl eine Fehlermeldung kommt, ignorieren und den sc delete-Befehl eingeben.
Rechner neu starten.

===== Punkt 2 =====

MBR mit aswMBR von Avast prüfen

Wichtig:
Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie das Ergebnis verfälschen können.

Lade (falls noch nicht vorhanden) aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Es werden die aktuellen Signaturen von Avast heruntergeladen.
Stelle unten links im Kästchen AV-Scan auf Quickscan ein.
Haken lassen bei Trace disk IO calls.

Alle anderen Programme schließen.
Während des Scans nichts mehr am Computer machen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswMBR.txt vom Desktop hier in den Thread.

Bitte zunächst keine Änderungen vornehmen, also weder Fix noch FixMBR drücken.

Falls es sich um einen Laptop oder einen Computer mit vorinstalliertem Windows handelt, schreibe mir bitte genau den Typ auf. Bei Laptops mit vorinstalliertem Windows sollte auf keinen Fall der MBR mit diesem Tool gefixt werden, da dadurch unter Umständen nicht mehr auf die Recovery-Partition zugegriffen werden kann.

Wichtiger Hinweis: Auf keinen Fall MBRFix durchführen, wenn Du:

1. einen Laptop mit einer Recovery-Partition hast (diese kann danach nicht mehr angewählt werden).
2. noch andere Betriebssysteme, wie z. B. Linux installiert hast (Linux kann dann nicht mehr gebootet werden).
3. mit einem Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte durchgeführt hast (Daten werden unlesbar).

Info: Was ist eigentlich ein MBR?

**atom13** · 22.09.2012, 14:25

so nachdem ich in der eingabeaufforderung die befhle eingegeben habe und neugestartet habe läuft dieser avast scanner nicht mehr, er scant bis c/windows/assembly/gac_msil/microsoft.visualstudio.tools.applications
dann kommt die meldung avast funktioniert nicht mehr ... diese meldung jetzt schon i m10 anlauf nach diversen neustarts etc.

**Petra** · 22.09.2012, 17:09

Lasse ihn noch eine Weile laufen, kann manchmal ein wenig dauern.

**atom13** · 23.09.2012, 18:37

naja also das problem ist das teil läuft ja nicht! windows beendet es ja , habe jetzt bestimmt 20 anläufe genommen ...

**Petra** · 23.09.2012, 21:58

Hallo atom13,

ok, dann mache bitte erstmal folgendes:

===== Punkt 1 =====

TDSSKiller von Kaspersky

Wichtig:

Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie bei der Rootkit-Suche das Ergebnis verfälschen können.
Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
Starte die TDSSKiller.exe durch Doppelklick.
Vista- und Windows7-User mit Rechtsklick und als Administrator starten.
Klicke auf Start Scan, um den Suchlauf zu starten.
In den Settings die Additional options nicht anhaken und mit Ok bestätigen.
Klicke erneut auf Start Scan, um den Suchlauf zu starten.
Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
In diesem Fall wähle cure, was soviel wie desinfizieren bedeutet.
Bei Funden nach Beendigung des Scans das System neu starten.
Beim Hochfahren des Systems werden die Funde dann bereinigt und/oder gelöscht.
Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

Hier findest Du eine ausführlichere Anleitung.

**atom13** · 24.09.2012, 12:45

hab ich gemacht, ergab keine funde. deswegen spar ich mir jetzt mal den report ?!

**Petra** · 24.09.2012, 13:53

Hallo atom13,

nein, bitte poste den Report trotzdem hier in den Thread.

**atom13** · 24.09.2012, 17:52

Code:

18:46:28.0393 8160  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:46:28.0596 8160  ============================================================
18:46:28.0596 8160  Current date / time: 2012/09/24 18:46:28.0596
18:46:28.0596 8160  SystemInfo:
18:46:28.0596 8160  
18:46:28.0596 8160  OS Version: 6.1.7601 ServicePack: 1.0
18:46:28.0596 8160  Product type: Workstation
18:46:28.0596 8160  ComputerName: ATOM-PC
18:46:28.0596 8160  UserName: ATom
18:46:28.0596 8160  Windows directory: C:\Windows
18:46:28.0596 8160  System windows directory: C:\Windows
18:46:28.0596 8160  Running under WOW64
18:46:28.0596 8160  Processor architecture: Intel x64
18:46:28.0596 8160  Number of processors: 3
18:46:28.0596 8160  Page size: 0x1000
18:46:28.0596 8160  Boot type: Normal boot
18:46:28.0596 8160  ============================================================
18:46:30.0393 8160  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:30.0411 8160  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:30.0426 8160  ============================================================
18:46:30.0426 8160  \Device\Harddisk0\DR0:
18:46:30.0426 8160  MBR partitions:
18:46:30.0426 8160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:30.0426 8160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
18:46:30.0426 8160  \Device\Harddisk1\DR1:
18:46:30.0426 8160  MBR partitions:
18:46:30.0426 8160  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
18:46:30.0426 8160  ============================================================
18:46:30.0428 8160  C: <-> \Device\Harddisk0\DR0\Partition2
18:46:30.0446 8160  D: <-> \Device\Harddisk1\DR1\Partition1
18:46:30.0446 8160  ============================================================
18:46:30.0446 8160  Initialize success
18:46:30.0446 8160  ============================================================
18:46:43.0535 7568  ============================================================
18:46:43.0535 7568  Scan started
18:46:43.0535 7568  Mode: Manual; 
18:46:43.0535 7568  ============================================================
18:46:44.0269 7568  ================ Scan system memory ========================
18:46:44.0269 7568  System memory - ok
18:46:44.0269 7568  ================ Scan services =============================
18:46:44.0390 7568  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:46:44.0390 7568  1394ohci - ok
18:46:44.0493 7568  [ E656FE10D6D27794AFA08136685A69E8 ] 94687156        C:\Windows\system32\DRIVERS\94687156.sys
18:46:44.0493 7568  94687156 - ok
18:46:44.0525 7568  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:46:44.0525 7568  ACPI - ok
18:46:44.0556 7568  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:46:44.0556 7568  AcpiPmi - ok
18:46:44.0603 7568  AdobeARMservice - ok
18:46:44.0712 7568  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:44.0727 7568  AdobeFlashPlayerUpdateSvc - ok
18:46:44.0759 7568  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:44.0774 7568  adp94xx - ok
18:46:44.0821 7568  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:46:44.0821 7568  adpahci - ok
18:46:44.0837 7568  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:46:44.0837 7568  adpu320 - ok
18:46:44.0852 7568  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:46:44.0852 7568  AeLookupSvc - ok
18:46:44.0883 7568  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:46:44.0883 7568  AFD - ok
18:46:44.0915 7568  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:46:44.0915 7568  agp440 - ok
18:46:44.0930 7568  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:46:44.0930 7568  ALG - ok
18:46:44.0946 7568  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:46:44.0946 7568  aliide - ok
18:46:44.0993 7568  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:46:44.0993 7568  AMD External Events Utility - ok
18:46:45.0039 7568  AMD FUEL Service - ok
18:46:45.0055 7568  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:46:45.0055 7568  amdide - ok
18:46:45.0086 7568  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:46:45.0086 7568  amdiox64 - ok
18:46:45.0149 7568  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:46:45.0149 7568  AmdK8 - ok
18:46:45.0336 7568  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:46:45.0461 7568  amdkmdag - ok
18:46:45.0492 7568  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:46:45.0492 7568  amdkmdap - ok
18:46:45.0507 7568  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:46:45.0507 7568  AmdPPM - ok
18:46:45.0539 7568  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:46:45.0539 7568  amdsata - ok
18:46:45.0585 7568  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:45.0585 7568  amdsbs - ok
18:46:45.0601 7568  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:46:45.0601 7568  amdxata - ok
18:46:45.0679 7568  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
18:46:45.0695 7568  AntiVirFirewallService - ok
18:46:45.0726 7568  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
18:46:45.0726 7568  AntiVirMailService - ok
18:46:45.0741 7568  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:46:45.0741 7568  AntiVirSchedulerService - ok
18:46:45.0757 7568  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:46:45.0757 7568  AntiVirService - ok
18:46:45.0788 7568  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:46:45.0804 7568  AntiVirWebService - ok
18:46:45.0866 7568  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:46:45.0866 7568  AODDriver4.1 - ok
18:46:45.0929 7568  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:46:45.0929 7568  AppID - ok
18:46:45.0960 7568  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:46:45.0960 7568  AppIDSvc - ok
18:46:46.0007 7568  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:46:46.0007 7568  Appinfo - ok
18:46:46.0085 7568  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:46:46.0085 7568  AppMgmt - ok
18:46:46.0100 7568  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:46:46.0100 7568  arc - ok
18:46:46.0116 7568  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:46:46.0116 7568  arcsas - ok
18:46:46.0209 7568  [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
18:46:46.0225 7568  AsIO - ok
18:46:46.0241 7568  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:46.0241 7568  AsyncMac - ok
18:46:46.0303 7568  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:46:46.0303 7568  atapi - ok
18:46:46.0334 7568  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:46:46.0334 7568  AtiHDAudioService - ok
18:46:46.0412 7568  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:46:46.0412 7568  AudioEndpointBuilder - ok
18:46:46.0443 7568  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:46:46.0443 7568  AudioSrv - ok
18:46:46.0475 7568  [ F3A3859D006783A0E0D40E227E52C35C ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
18:46:46.0475 7568  avfwim - ok
18:46:46.0506 7568  [ BC06315A7BDBCAD0C7719D1C1306A4DB ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
18:46:46.0506 7568  avfwot - ok
18:46:46.0521 7568  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:46:46.0521 7568  avgntflt - ok
18:46:46.0724 7568  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:46:46.0740 7568  avipbb - ok
18:46:46.0787 7568  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:46:46.0787 7568  avkmgr - ok
18:46:46.0958 7568  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:46:46.0958 7568  AxInstSV - ok
18:46:47.0021 7568  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:46:47.0036 7568  b06bdrv - ok
18:46:47.0067 7568  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:46:47.0083 7568  b57nd60a - ok
18:46:47.0099 7568  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:46:47.0114 7568  BDESVC - ok
18:46:47.0114 7568  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:46:47.0114 7568  Beep - ok
18:46:47.0145 7568  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:46:47.0192 7568  BITS - ok
18:46:47.0223 7568  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:47.0223 7568  blbdrive - ok
18:46:47.0255 7568  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:46:47.0255 7568  bowser - ok
18:46:47.0286 7568  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:47.0286 7568  BrFiltLo - ok
18:46:47.0301 7568  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:47.0301 7568  BrFiltUp - ok
18:46:47.0348 7568  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:46:47.0348 7568  Browser - ok
18:46:47.0379 7568  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:46:47.0379 7568  Brserid - ok
18:46:47.0395 7568  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:47.0411 7568  BrSerWdm - ok
18:46:47.0411 7568  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:47.0426 7568  BrUsbMdm - ok
18:46:47.0426 7568  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:47.0426 7568  BrUsbSer - ok
18:46:47.0442 7568  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:47.0442 7568  BTHMODEM - ok
18:46:47.0473 7568  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:46:47.0473 7568  bthserv - ok
18:46:47.0535 7568  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:46:47.0535 7568  cdfs - ok
18:46:47.0582 7568  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:46:47.0582 7568  cdrom - ok
18:46:47.0660 7568  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:46:47.0660 7568  CertPropSvc - ok
18:46:47.0691 7568  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:46:47.0691 7568  circlass - ok
18:46:47.0738 7568  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:46:47.0738 7568  CLFS - ok
18:46:47.0816 7568  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:47.0816 7568  clr_optimization_v2.0.50727_32 - ok
18:46:47.0925 7568  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:46:47.0925 7568  clr_optimization_v2.0.50727_64 - ok
18:46:47.0988 7568  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:47.0988 7568  clr_optimization_v4.0.30319_32 - ok
18:46:48.0050 7568  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:46:48.0050 7568  clr_optimization_v4.0.30319_64 - ok
18:46:48.0066 7568  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:48.0066 7568  CmBatt - ok
18:46:48.0113 7568  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:46:48.0113 7568  cmdide - ok
18:46:48.0159 7568  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:46:48.0175 7568  CNG - ok
18:46:48.0191 7568  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:46:48.0191 7568  Compbatt - ok
18:46:48.0206 7568  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:46:48.0206 7568  CompositeBus - ok
18:46:48.0222 7568  COMSysApp - ok
18:46:48.0237 7568  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:48.0237 7568  crcdisk - ok
18:46:48.0269 7568  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:46:48.0269 7568  CryptSvc - ok
18:46:48.0315 7568  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:46:48.0331 7568  CSC - ok
18:46:48.0362 7568  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:46:48.0378 7568  CscService - ok
18:46:48.0425 7568  [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
18:46:48.0425 7568  dc3d - ok
18:46:48.0503 7568  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:46:48.0503 7568  DcomLaunch - ok
18:46:48.0549 7568  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:46:48.0549 7568  defragsvc - ok
18:46:48.0596 7568  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:46:48.0596 7568  DfsC - ok
18:46:48.0627 7568  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:46:48.0627 7568  Dhcp - ok
18:46:48.0627 7568  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:46:48.0627 7568  discache - ok
18:46:48.0674 7568  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:46:48.0674 7568  Disk - ok
18:46:48.0737 7568  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:46:48.0752 7568  Dnscache - ok
18:46:48.0815 7568  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:46:48.0830 7568  dot3svc - ok
18:46:48.0877 7568  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:46:48.0877 7568  DPS - ok
18:46:48.0893 7568  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:46:48.0893 7568  drmkaud - ok
18:46:48.0955 7568  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:46:48.0971 7568  dtsoftbus01 - ok
18:46:49.0017 7568  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:46:49.0033 7568  DXGKrnl - ok
18:46:49.0064 7568  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:46:49.0064 7568  EapHost - ok
18:46:49.0189 7568  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:46:49.0236 7568  ebdrv - ok
18:46:49.0251 7568  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:46:49.0251 7568  EFS - ok
18:46:49.0298 7568  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:46:49.0314 7568  ehRecvr - ok
18:46:49.0329 7568  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:46:49.0345 7568  ehSched - ok
18:46:49.0392 7568  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:46:49.0407 7568  elxstor - ok
18:46:49.0439 7568  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:46:49.0439 7568  ErrDev - ok
18:46:49.0485 7568  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:46:49.0485 7568  EventSystem - ok
18:46:49.0517 7568  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:46:49.0517 7568  exfat - ok
18:46:49.0532 7568  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:46:49.0548 7568  fastfat - ok
18:46:49.0626 7568  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:46:49.0641 7568  Fax - ok
18:46:49.0673 7568  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:46:49.0673 7568  fdc - ok
18:46:49.0673 7568  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:46:49.0673 7568  fdPHost - ok
18:46:49.0688 7568  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:46:49.0688 7568  FDResPub - ok
18:46:49.0704 7568  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:46:49.0704 7568  FileInfo - ok
18:46:49.0751 7568  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:46:49.0751 7568  Filetrace - ok
18:46:49.0766 7568  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:49.0766 7568  flpydisk - ok
18:46:49.0797 7568  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:46:49.0797 7568  FltMgr - ok
18:46:49.0829 7568  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:46:49.0844 7568  FontCache - ok
18:46:49.0891 7568  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:49.0891 7568  FontCache3.0.0.0 - ok
18:46:49.0907 7568  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:46:49.0907 7568  FsDepends - ok
18:46:49.0938 7568  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:46:49.0938 7568  Fs_Rec - ok
18:46:50.0000 7568  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:46:50.0000 7568  fvevol - ok
18:46:50.0031 7568  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:50.0031 7568  gagp30kx - ok
18:46:50.0078 7568  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:46:50.0094 7568  gpsvc - ok
18:46:50.0125 7568  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:46:50.0125 7568  hcw85cir - ok
18:46:50.0203 7568  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:46:50.0203 7568  HdAudAddService - ok
18:46:50.0265 7568  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:46:50.0265 7568  HDAudBus - ok
18:46:50.0281 7568  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:50.0281 7568  HidBatt - ok
18:46:50.0297 7568  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:46:50.0297 7568  HidBth - ok
18:46:50.0312 7568  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:46:50.0312 7568  HidIr - ok
18:46:50.0328 7568  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:46:50.0328 7568  hidserv - ok
18:46:50.0390 7568  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:46:50.0390 7568  HidUsb - ok
18:46:50.0437 7568  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:46:50.0437 7568  hkmsvc - ok
18:46:50.0499 7568  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:46:50.0515 7568  HomeGroupListener - ok
18:46:50.0515 7568  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:46:50.0515 7568  HomeGroupProvider - ok
18:46:50.0531 7568  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:46:50.0546 7568  HpSAMD - ok
18:46:50.0577 7568  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:46:50.0593 7568  HTTP - ok
18:46:50.0624 7568  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:46:50.0624 7568  hwpolicy - ok
18:46:50.0671 7568  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:46:50.0671 7568  i8042prt - ok
18:46:50.0722 7568  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:46:50.0722 7568  iaStorV - ok
18:46:50.0827 7568  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:50.0845 7568  idsvc - ok
18:46:50.0863 7568  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:46:50.0863 7568  iirsp - ok
18:46:50.0967 7568  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:46:50.0985 7568  IKEEXT - ok
18:46:51.0039 7568  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:46:51.0054 7568  intelide - ok
18:46:51.0072 7568  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:46:51.0072 7568  intelppm - ok
18:46:51.0105 7568  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:46:51.0105 7568  IPBusEnum - ok
18:46:51.0141 7568  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:51.0141 7568  IpFilterDriver - ok
18:46:51.0176 7568  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:46:51.0193 7568  IPMIDRV - ok
18:46:51.0212 7568  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:46:51.0212 7568  IPNAT - ok
18:46:51.0229 7568  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:46:51.0229 7568  IRENUM - ok
18:46:51.0282 7568  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:46:51.0282 7568  isapnp - ok
18:46:51.0317 7568  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:46:51.0317 7568  iScsiPrt - ok
18:46:51.0352 7568  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:46:51.0352 7568  kbdclass - ok
18:46:51.0370 7568  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:46:51.0370 7568  kbdhid - ok
18:46:51.0370 7568  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:46:51.0386 7568  KeyIso - ok
18:46:51.0454 7568  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:46:51.0454 7568  KSecDD - ok
18:46:51.0505 7568  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:46:51.0505 7568  KSecPkg - ok
18:46:51.0520 7568  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:46:51.0520 7568  ksthunk - ok
18:46:51.0598 7568  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:46:51.0598 7568  KtmRm - ok
18:46:51.0645 7568  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:46:51.0661 7568  LanmanServer - ok
18:46:51.0676 7568  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:46:51.0692 7568  LanmanWorkstation - ok
18:46:51.0723 7568  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:46:51.0723 7568  lltdio - ok
18:46:51.0754 7568  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:46:51.0770 7568  lltdsvc - ok
18:46:51.0786 7568  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:46:51.0801 7568  lmhosts - ok
18:46:51.0817 7568  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:51.0817 7568  LSI_FC - ok
18:46:51.0832 7568  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:51.0832 7568  LSI_SAS - ok
18:46:51.0848 7568  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:51.0848 7568  LSI_SAS2 - ok
18:46:51.0848 7568  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:51.0848 7568  LSI_SCSI - ok
18:46:51.0879 7568  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:46:51.0879 7568  luafv - ok
18:46:51.0926 7568  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:46:51.0926 7568  Mcx2Svc - ok
18:46:51.0942 7568  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:46:51.0973 7568  megasas - ok
18:46:52.0004 7568  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:52.0004 7568  MegaSR - ok
18:46:52.0098 7568  Microsoft SharePoint Workspace Audit Service - ok
18:46:52.0113 7568  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:46:52.0113 7568  MMCSS - ok
18:46:52.0129 7568  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:46:52.0129 7568  Modem - ok
18:46:52.0144 7568  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:46:52.0144 7568  monitor - ok
18:46:52.0160 7568  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:46:52.0160 7568  mouclass - ok
18:46:52.0191 7568  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:46:52.0191 7568  mouhid - ok
18:46:52.0254 7568  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:46:52.0269 7568  mountmgr - ok
18:46:52.0394 7568  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:46:52.0394 7568  MozillaMaintenance - ok
18:46:52.0456 7568  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:46:52.0456 7568  mpio - ok
18:46:52.0472 7568  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:46:52.0488 7568  mpsdrv - ok
18:46:52.0534 7568  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:46:52.0534 7568  MRxDAV - ok
18:46:52.0566 7568  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:52.0566 7568  mrxsmb - ok
18:46:52.0628 7568  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:52.0644 7568  mrxsmb10 - ok
18:46:52.0753 7568  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:52.0753 7568  mrxsmb20 - ok
18:46:52.0815 7568  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:46:52.0815 7568  msahci - ok
18:46:52.0831 7568  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:46:52.0831 7568  msdsm - ok
18:46:52.0846 7568  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:46:52.0862 7568  MSDTC - ok
18:46:52.0893 7568  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:46:52.0893 7568  Msfs - ok
18:46:52.0909 7568  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:46:52.0909 7568  mshidkmdf - ok
18:46:52.0940 7568  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:46:52.0940 7568  msisadrv - ok
18:46:52.0971 7568  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:46:52.0971 7568  MSiSCSI - ok
18:46:52.0971 7568  msiserver - ok
18:46:53.0034 7568  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:46:53.0034 7568  MSKSSRV - ok
18:46:53.0049 7568  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:53.0049 7568  MSPCLOCK - ok
18:46:53.0080 7568  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:46:53.0080 7568  MSPQM - ok
18:46:53.0112 7568  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:46:53.0112 7568  MsRPC - ok
18:46:53.0158 7568  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:46:53.0158 7568  mssmbios - ok
18:46:53.0174 7568  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:46:53.0174 7568  MSTEE - ok
18:46:53.0190 7568  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:53.0190 7568  MTConfig - ok
18:46:53.0205 7568  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:46:53.0205 7568  MTsensor - ok
18:46:53.0221 7568  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:46:53.0236 7568  Mup - ok
18:46:53.0283 7568  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:46:53.0299 7568  napagent - ok
18:46:53.0346 7568  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:46:53.0346 7568  NativeWifiP - ok
18:46:53.0424 7568  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:46:53.0439 7568  NDIS - ok
18:46:53.0470 7568  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:46:53.0470 7568  NdisCap - ok
18:46:53.0517 7568  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:46:53.0517 7568  NdisTapi - ok
18:46:53.0564 7568  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:46:53.0564 7568  Ndisuio - ok
18:46:53.0642 7568  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:46:53.0658 7568  NdisWan - ok
18:46:53.0689 7568  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:46:53.0689 7568  NDProxy - ok
18:46:53.0704 7568  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:46:53.0704 7568  NetBIOS - ok
18:46:53.0736 7568  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:46:53.0736 7568  NetBT - ok
18:46:53.0751 7568  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:46:53.0751 7568  Netlogon - ok
18:46:53.0782 7568  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:46:53.0798 7568  Netman - ok
18:46:53.0829 7568  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:46:53.0829 7568  netprofm - ok
18:46:53.0876 7568  [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
18:46:53.0892 7568  netr7364 - ok
18:46:53.0954 7568  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:46:53.0954 7568  NetTcpPortSharing - ok
18:46:53.0985 7568  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:46:53.0985 7568  nfrd960 - ok
18:46:54.0001 7568  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:46:54.0016 7568  NlaSvc - ok
18:46:54.0032 7568  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:46:54.0032 7568  Npfs - ok
18:46:54.0048 7568  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:46:54.0048 7568  nsi - ok
18:46:54.0063 7568  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:46:54.0063 7568  nsiproxy - ok
18:46:54.0126 7568  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:46:54.0157 7568  Ntfs - ok
18:46:54.0172 7568  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:46:54.0172 7568  Null - ok
18:46:54.0219 7568  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:46:54.0219 7568  nusb3hub - ok
18:46:54.0235 7568  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:46:54.0250 7568  nusb3xhc - ok
18:46:54.0266 7568  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:46:54.0266 7568  nvraid - ok
18:46:54.0313 7568  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:46:54.0313 7568  nvstor - ok
18:46:54.0328 7568  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:46:54.0328 7568  nv_agp - ok
18:46:54.0344 7568  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:46:54.0344 7568  ohci1394 - ok
18:46:54.0438 7568  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:54.0438 7568  ose - ok
18:46:54.0609 7568  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:46:54.0656 7568  osppsvc - ok
18:46:54.0718 7568  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:46:54.0734 7568  p2pimsvc - ok
18:46:54.0750 7568  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:46:54.0750 7568  p2psvc - ok
18:46:54.0750 7568  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:46:54.0750 7568  Parport - ok
18:46:54.0781 7568  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:46:54.0781 7568  partmgr - ok
18:46:54.0796 7568  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:46:54.0796 7568  PcaSvc - ok
18:46:54.0812 7568  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:46:54.0812 7568  pci - ok
18:46:54.0828 7568  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:46:54.0828 7568  pciide - ok
18:46:54.0859 7568  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:46:54.0859 7568  pcmcia - ok
18:46:54.0874 7568  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:46:54.0874 7568  pcw - ok
18:46:54.0906 7568  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:46:54.0921 7568  PEAUTH - ok
18:46:54.0968 7568  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:46:54.0999 7568  PeerDistSvc - ok
18:46:55.0046 7568  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:46:55.0046 7568  PerfHost - ok
18:46:55.0124 7568  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:46:55.0140 7568  pla - ok
18:46:55.0171 7568  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:46:55.0171 7568  PlugPlay - ok
18:46:55.0186 7568  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:46:55.0186 7568  PNRPAutoReg - ok
18:46:55.0186 7568  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:46:55.0186 7568  PNRPsvc - ok
18:46:55.0233 7568  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
18:46:55.0233 7568  Point64 - ok
18:46:55.0264 7568  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:46:55.0264 7568  PolicyAgent - ok
18:46:55.0280 7568  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:46:55.0280 7568  Power - ok
18:46:55.0327 7568  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:46:55.0327 7568  PptpMiniport - ok
18:46:55.0342 7568  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:46:55.0342 7568  Processor - ok
18:46:55.0374 7568  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:46:55.0389 7568  ProfSvc - ok
18:46:55.0405 7568  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:46:55.0405 7568  ProtectedStorage - ok
18:46:55.0467 7568  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:46:55.0467 7568  Psched - ok
18:46:55.0514 7568  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:46:55.0530 7568  ql2300 - ok
18:46:55.0545 7568  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:46:55.0545 7568  ql40xx - ok
18:46:55.0576 7568  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:46:55.0576 7568  QWAVE - ok
18:46:55.0592 7568  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:46:55.0592 7568  QWAVEdrv - ok
18:46:55.0592 7568  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:46:55.0592 7568  RasAcd - ok
18:46:55.0608 7568  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:46:55.0623 7568  RasAgileVpn - ok
18:46:55.0623 7568  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:46:55.0623 7568  RasAuto - ok
18:46:55.0639 7568  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:46:55.0639 7568  Rasl2tp - ok
18:46:55.0686 7568  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:46:55.0701 7568  RasMan - ok
18:46:55.0717 7568  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:46:55.0717 7568  RasPppoe - ok
18:46:55.0732 7568  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:46:55.0732 7568  RasSstp - ok
18:46:55.0748 7568  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:46:55.0764 7568  rdbss - ok
18:46:55.0764 7568  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:46:55.0764 7568  rdpbus - ok
18:46:55.0779 7568  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:46:55.0779 7568  RDPCDD - ok
18:46:55.0810 7568  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:46:55.0810 7568  RDPDR - ok
18:46:55.0810 7568  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:46:55.0810 7568  RDPENCDD - ok
18:46:55.0826 7568  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:46:55.0826 7568  RDPREFMP - ok
18:46:55.0873 7568  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:46:55.0873 7568  RDPWD - ok
18:46:55.0920 7568  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:46:55.0935 7568  rdyboost - ok
18:46:55.0966 7568  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:46:55.0982 7568  RemoteAccess - ok
18:46:55.0998 7568  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:46:55.0998 7568  RemoteRegistry - ok
18:46:56.0029 7568  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:46:56.0029 7568  RpcEptMapper - ok
18:46:56.0044 7568  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:46:56.0044 7568  RpcLocator - ok
18:46:56.0107 7568  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:46:56.0107 7568  RpcSs - ok
18:46:56.0138 7568  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:46:56.0138 7568  rspndr - ok
18:46:56.0169 7568  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:46:56.0185 7568  RTL8167 - ok
18:46:56.0232 7568  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:46:56.0232 7568  s3cap - ok
18:46:56.0247 7568  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:46:56.0247 7568  SamSs - ok
18:46:56.0263 7568  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:46:56.0263 7568  sbp2port - ok
18:46:56.0325 7568  SBRE - ok
18:46:56.0341 7568  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:46:56.0356 7568  SCardSvr - ok
18:46:56.0403 7568  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:46:56.0403 7568  scfilter - ok
18:46:56.0466 7568  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:46:56.0497 7568  Schedule - ok
18:46:56.0528 7568  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:46:56.0528 7568  SCPolicySvc - ok
18:46:56.0575 7568  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:46:56.0575 7568  SDRSVC - ok
18:46:56.0606 7568  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:46:56.0606 7568  secdrv - ok
18:46:56.0637 7568  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:46:56.0637 7568  seclogon - ok
18:46:56.0668 7568  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:46:56.0684 7568  SENS - ok
18:46:56.0700 7568  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:46:56.0715 7568  SensrSvc - ok
18:46:56.0731 7568  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:46:56.0731 7568  Serenum - ok
18:46:56.0746 7568  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:46:56.0746 7568  Serial - ok
18:46:56.0793 7568  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:46:56.0809 7568  sermouse - ok
18:46:56.0856 7568  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:46:56.0856 7568  SessionEnv - ok
18:46:56.0871 7568  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:46:56.0887 7568  sffdisk - ok
18:46:56.0902 7568  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:46:56.0902 7568  sffp_mmc - ok
18:46:56.0918 7568  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:46:56.0918 7568  sffp_sd - ok
18:46:56.0949 7568  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:46:56.0980 7568  sfloppy - ok
18:46:57.0183 7568  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:46:57.0230 7568  ShellHWDetection - ok
18:46:57.0277 7568  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:46:57.0324 7568  SiSRaid2 - ok
18:46:57.0386 7568  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:46:57.0417 7568  SiSRaid4 - ok
18:46:57.0526 7568  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:46:57.0558 7568  Smb - ok
18:46:57.0589 7568  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:46:57.0589 7568  SNMPTRAP - ok
18:46:57.0604 7568  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:46:57.0604 7568  spldr - ok
18:46:57.0651 7568  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:46:57.0651 7568  Spooler - ok
18:46:57.0733 7568  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:46:57.0768 7568  sppsvc - ok
18:46:57.0768 7568  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:46:57.0768 7568  sppuinotify - ok
18:46:57.0804 7568  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:46:57.0804 7568  srv - ok
18:46:57.0821 7568  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:46:57.0821 7568  srv2 - ok
18:46:57.0839 7568  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:46:57.0839 7568  srvnet - ok
18:46:57.0856 7568  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:46:57.0873 7568  SSDPSRV - ok
18:46:57.0874 7568  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:46:57.0874 7568  SstpSvc - ok
18:46:57.0892 7568  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:46:57.0892 7568  stexstor - ok
18:46:57.0995 7568  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:46:57.0995 7568  stisvc - ok
18:46:58.0047 7568  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:46:58.0048 7568  storflt - ok
18:46:58.0066 7568  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:46:58.0066 7568  StorSvc - ok
18:46:58.0081 7568  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:46:58.0081 7568  storvsc - ok
18:46:58.0102 7568  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:46:58.0102 7568  swenum - ok
18:46:58.0172 7568  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:46:58.0172 7568  SwitchBoard - ok
18:46:58.0190 7568  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:46:58.0190 7568  swprv - ok
18:46:58.0243 7568  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:46:58.0260 7568  SysMain - ok
18:46:58.0312 7568  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:46:58.0314 7568  TabletInputService - ok
18:46:58.0332 7568  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:46:58.0332 7568  TapiSrv - ok
18:46:58.0365 7568  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:46:58.0365 7568  TBS - ok
18:46:58.0453 7568  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:46:58.0470 7568  Tcpip - ok
18:46:58.0504 7568  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:46:58.0504 7568  TCPIP6 - ok
18:46:58.0566 7568  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:46:58.0566 7568  tcpipreg - ok
18:46:58.0597 7568  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:46:58.0597 7568  TDPIPE - ok
18:46:58.0613 7568  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:46:58.0613 7568  TDTCP - ok
18:46:58.0660 7568  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:46:58.0660 7568  tdx - ok
18:46:58.0691 7568  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:46:58.0691 7568  TermDD - ok
18:46:58.0722 7568  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:46:58.0738 7568  TermService - ok
18:46:58.0753 7568  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:46:58.0753 7568  Themes - ok
18:46:58.0769 7568  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:46:58.0784 7568  THREADORDER - ok
18:46:58.0784 7568  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:46:58.0784 7568  TrkWks - ok
18:46:58.0816 7568  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:46:58.0816 7568  TrustedInstaller - ok
18:46:58.0862 7568  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:46:58.0862 7568  tssecsrv - ok
18:46:58.0894 7568  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:46:58.0894 7568  TsUsbFlt - ok
18:46:58.0956 7568  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:46:58.0956 7568  tunnel - ok
18:46:58.0987 7568  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:46:58.0987 7568  uagp35 - ok
18:46:59.0034 7568  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:46:59.0034 7568  udfs - ok
18:46:59.0065 7568  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:46:59.0065 7568  UI0Detect - ok
18:46:59.0112 7568  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:46:59.0112 7568  uliagpkx - ok
18:46:59.0174 7568  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:46:59.0174 7568  umbus - ok
18:46:59.0190 7568  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:46:59.0190 7568  UmPass - ok
18:46:59.0252 7568  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:46:59.0268 7568  UmRdpService - ok
18:46:59.0299 7568  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:46:59.0315 7568  upnphost - ok
18:46:59.0330 7568  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:46:59.0330 7568  usbccgp - ok
18:46:59.0362 7568  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:46:59.0362 7568  usbcir - ok
18:46:59.0393 7568  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:46:59.0408 7568  usbehci - ok
18:46:59.0471 7568  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:46:59.0471 7568  usbhub - ok
18:46:59.0486 7568  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:46:59.0486 7568  usbohci - ok
18:46:59.0518 7568  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:46:59.0518 7568  usbprint - ok
18:46:59.0549 7568  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:46:59.0549 7568  USBSTOR - ok
18:46:59.0564 7568  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:46:59.0564 7568  usbuhci - ok
18:46:59.0580 7568  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:46:59.0580 7568  UxSms - ok
18:46:59.0596 7568  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:46:59.0596 7568  VaultSvc - ok
18:46:59.0642 7568  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
18:46:59.0642 7568  VClone - ok
18:46:59.0642 7568  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:46:59.0658 7568  vdrvroot - ok
18:46:59.0674 7568  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:46:59.0689 7568  vds - ok
18:46:59.0689 7568  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:46:59.0689 7568  vga - ok
18:46:59.0689 7568  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:46:59.0705 7568  VgaSave - ok
18:46:59.0705 7568  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:46:59.0720 7568  vhdmp - ok
18:46:59.0736 7568  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:46:59.0736 7568  viaide - ok
18:46:59.0736 7568  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:46:59.0752 7568  vmbus - ok
18:46:59.0767 7568  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:46:59.0767 7568  VMBusHID - ok
18:46:59.0783 7568  [ 07D7AF037BBA0E85A6D1138CE5D584A6 ] vNICdrv         C:\Windows\system32\DRIVERS\vNICdrv.sys
18:46:59.0783 7568  vNICdrv - ok
18:46:59.0798 7568  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:46:59.0798 7568  volmgr - ok
18:46:59.0845 7568  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:46:59.0861 7568  volmgrx - ok
18:46:59.0876 7568  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:46:59.0876 7568  volsnap - ok
18:46:59.0892 7568  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:46:59.0892 7568  vsmraid - ok
18:46:59.0970 7568  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:46:59.0970 7568  VSS - ok
18:46:59.0986 7568  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:46:59.0986 7568  vwifibus - ok
18:47:00.0001 7568  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:47:00.0001 7568  vwififlt - ok
18:47:00.0032 7568  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:47:00.0032 7568  vwifimp - ok
18:47:00.0064 7568  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:47:00.0064 7568  W32Time - ok
18:47:00.0079 7568  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:47:00.0079 7568  WacomPen - ok
18:47:00.0095 7568  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:47:00.0110 7568  WANARP - ok
18:47:00.0110 7568  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:47:00.0110 7568  Wanarpv6 - ok
18:47:00.0188 7568  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:47:00.0220 7568  wbengine - ok
18:47:00.0235 7568  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:47:00.0235 7568  WbioSrvc - ok
18:47:00.0282 7568  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:47:00.0282 7568  wcncsvc - ok
18:47:00.0298 7568  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:47:00.0298 7568  WcsPlugInService - ok
18:47:00.0298 7568  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:47:00.0298 7568  Wd - ok
18:47:00.0329 7568  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:47:00.0329 7568  WDC_SAM - ok
18:47:00.0360 7568  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:47:00.0360 7568  Wdf01000 - ok
18:47:00.0376 7568  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:47:00.0376 7568  WdiServiceHost - ok
18:47:00.0376 7568  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:47:00.0376 7568  WdiSystemHost - ok
18:47:00.0422 7568  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:47:00.0422 7568  WebClient - ok
18:47:00.0438 7568  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:47:00.0438 7568  Wecsvc - ok
18:47:00.0469 7568  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:47:00.0469 7568  wercplsupport - ok
18:47:00.0485 7568  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:47:00.0485 7568  WerSvc - ok
18:47:00.0485 7568  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:47:00.0485 7568  WfpLwf - ok
18:47:00.0500 7568  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:47:00.0516 7568  WIMMount - ok
18:47:00.0516 7568  WinHttpAutoProxySvc - ok
18:47:00.0563 7568  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:47:00.0563 7568  Winmgmt - ok
18:47:00.0610 7568  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:47:00.0625 7568  WinRM - ok
18:47:00.0719 7568  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:47:00.0734 7568  Wlansvc - ok
18:47:00.0875 7568  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:47:00.0890 7568  wlidsvc - ok
18:47:00.0937 7568  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:47:00.0937 7568  WmiAcpi - ok
18:47:00.0968 7568  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:47:00.0968 7568  wmiApSrv - ok
18:47:01.0015 7568  WMPNetworkSvc - ok
18:47:01.0046 7568  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:47:01.0046 7568  WPCSvc - ok
18:47:01.0093 7568  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:47:01.0109 7568  WPDBusEnum - ok
18:47:01.0109 7568  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:47:01.0109 7568  ws2ifsl - ok
18:47:01.0124 7568  WSearch - ok
18:47:01.0218 7568  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:47:01.0249 7568  wuauserv - ok
18:47:01.0265 7568  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:47:01.0265 7568  WudfPf - ok
18:47:01.0327 7568  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:47:01.0327 7568  WUDFRd - ok
18:47:01.0374 7568  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:47:01.0390 7568  wudfsvc - ok
18:47:01.0405 7568  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:47:01.0405 7568  WwanSvc - ok
18:47:01.0452 7568  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
18:47:01.0452 7568  xnacc - ok
18:47:01.0483 7568  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:47:01.0483 7568  xusb21 - ok
18:47:01.0624 7568  ================ Scan global ===============================
18:47:01.0639 7568  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:47:01.0748 7568  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:47:01.0764 7568  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:47:01.0811 7568  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:47:01.0842 7568  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:47:01.0842 7568  [Global] - ok
18:47:01.0842 7568  ================ Scan MBR ==================================
18:47:01.0858 7568  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:47:02.0014 7568  \Device\Harddisk0\DR0 - ok
18:47:02.0014 7568  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
18:47:02.0045 7568  \Device\Harddisk1\DR1 - ok
18:47:02.0045 7568  ================ Scan VBR ==================================
18:47:02.0045 7568  [ 4208190223B623F64AC65F09EAB4DBE0 ] \Device\Harddisk0\DR0\Partition1
18:47:02.0045 7568  \Device\Harddisk0\DR0\Partition1 - ok
18:47:02.0060 7568  [ 3C71FB2EA157AF66C2B6010ACC0BA604 ] \Device\Harddisk0\DR0\Partition2
18:47:02.0060 7568  \Device\Harddisk0\DR0\Partition2 - ok
18:47:02.0060 7568  [ E32BCB91D3710ABB37AA0E899C3EDBC0 ] \Device\Harddisk1\DR1\Partition1
18:47:02.0060 7568  \Device\Harddisk1\DR1\Partition1 - ok
18:47:02.0060 7568  ============================================================
18:47:02.0060 7568  Scan finished
18:47:02.0060 7568  ============================================================
18:47:02.0076 7996  Detected object count: 0
18:47:02.0076 7996  Actual detected object count: 0

**Petra** · 24.09.2012, 18:43

prima danke

===== Punkt 1 =====

Malware mit Combofix beseitigen

Lade Combofix von BleepingComputer.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
{b]Mache nichts anderes[/b], wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

**atom13** · 24.09.2012, 20:30

Code:

ComboFix 12-09-24.02 - ATom 24.09.2012  21:09:37.1.3 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2055 [GMT 2:00]
ausgeführt von:: c:\users\ATom\Desktop\ComboFix.exe
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))
.
.
2012-09-24 19:14 . 2012-09-24 19:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-24 15:59 . 2012-09-24 15:59	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-20 14:26 . 2012-09-20 14:26	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-20 14:26 . 2012-09-20 14:26	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 14:26 . 2012-09-20 14:26	--------	d-----w-	c:\program files (x86)\Java
2012-09-20 14:09 . 2012-09-20 14:09	--------	d-----w-	c:\windows\system32\appmgmt
2012-09-19 09:34 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A584D83-D710-4326-8E32-17F01D383377}\mpengine.dll
2012-09-19 09:29 . 2012-09-19 09:29	--------	d-----w-	C:\TEMP
2012-09-17 15:35 . 2012-09-17 15:35	--------	d-----w-	c:\program files (x86)\2K Games
2012-09-17 15:34 . 2012-09-17 15:34	--------	d-----w-	c:\program files (x86)\Sophos
2012-09-16 19:38 . 2012-09-16 19:38	--------	d-----w-	c:\users\ATom\AppData\Roaming\Malwarebytes
2012-09-16 19:38 . 2012-09-16 19:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-16 19:38 . 2012-09-19 10:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-16 19:38 . 2012-09-16 19:38	--------	d-----w-	c:\programdata\GFI Software
2012-09-16 13:46 . 2012-09-16 13:46	--------	d-----w-	C:\_OTL
2012-09-15 16:06 . 2012-09-15 16:06	--------	d-----w-	c:\program files (x86)\Rebellion
2012-09-13 19:01 . 2012-09-13 19:01	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-09-13 16:48 . 2012-09-13 16:48	--------	d-sh--w-	c:\programdata\DSS
2012-09-13 11:19 . 2012-09-13 11:19	--------	d-----w-	c:\users\ATom\AppData\Local\Downloaded Installations
2012-09-13 11:02 . 2012-09-13 11:02	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-13 07:45 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-13 07:45 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 07:44 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-13 07:44 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-13 07:44 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-13 07:44 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 07:44 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-10 10:15 . 2012-09-13 08:28	--------	d-----w-	C:\c3801001f2a8464eee881212
2012-09-07 15:10 . 2012-09-10 09:25	--------	d-----w-	c:\program files (x86)\Iomega Storage Manager
2012-09-07 14:12 . 2012-09-07 14:12	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-09-07 14:06 . 2012-09-07 14:06	--------	d-----w-	c:\program files\Iomega
2012-09-07 14:06 . 2012-09-10 09:12	--------	d-----w-	c:\programdata\twonkyserver
2012-09-04 14:31 . 2012-09-13 18:58	--------	d-----w-	c:\program files\Microsoft Device Center
2012-09-04 14:28 . 2012-09-10 09:25	--------	d-----w-	C:\17902b1e3c2f1e1613e80a629737d480
2012-09-04 11:48 . 2012-09-04 11:48	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-09-04 11:47 . 2012-09-04 11:48	--------	d-----w-	c:\program files\Adobe
2012-09-04 11:42 . 2012-09-04 11:48	--------	d-----w-	c:\program files\Common Files\Adobe
2012-09-03 17:32 . 2012-09-03 17:32	--------	d-----w-	c:\programdata\ATI
2012-09-03 17:32 . 2012-09-03 17:32	--------	d-----w-	c:\program files (x86)\AMD APP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 14:26 . 2012-04-09 16:01	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-13 07:38 . 2012-04-02 15:07	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-01 06:40 . 2012-04-02 14:39	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 06:40 . 2012-04-02 14:39	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-03-09 05:14	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-06-11 17:20	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-03-09 04:45	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-06-11 16:51	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-06-11 16:36	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-06-11 16:27	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2012-03-09 03:57	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-06-11 16:25	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 06:54	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-09 11:54 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-09 11:54 . 2009-08-18 09:24	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-09 11:45 . 2012-07-09 11:45	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2012-07-09 11:45 . 2012-07-09 11:45	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-07-09 11:45 . 2012-07-09 11:45	122968	----a-w-	c:\windows\system32\OpenAL32.dll
2012-07-09 11:45 . 2012-07-09 11:45	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-07-04 22:16 . 2012-08-15 06:54	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 06:54	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 06:54	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 06:54	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-06-26 19:38 . 2012-06-26 19:38	46176	----a-w-	c:\windows\system32\drivers\point64.sys
2012-06-26 19:38 . 2012-06-26 19:38	1721576	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GMX_GMX MultiMessenger"="c:\program files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE" [2009-10-16 5031336]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\ATom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [2012-05-11 20048]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 250568]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S0 94687156;94687156;c:\windows\system32\DRIVERS\94687156.sys [2012-04-03 460888]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-14 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-24 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 avfwim;AvFw Packet Filter Service;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-14 114128]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\ATom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ATom\AppData\Roaming\Mozilla\Firefox\Profiles\zh3djz6j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bpb.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\03\12\0c\14\05?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-24  21:20:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-24 19:20
.
Vor Suchlauf: 11 Verzeichnis(se), 833.414.754.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 833.406.971.904 Bytes frei
.
- - End Of File - - 65E0343BB3CD9B72452C1E7919D10EE3

Code:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader X (10.1.4) - Deutsch
AMD VISION Engine Control Center
Avira Internet Security 2012
Batman Arkham City Game Of The Year Edition
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG6100 series Benutzerregistrierung
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD-LabelPrint
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup
ElsterFormular
F1 2011
FIFA 12
Fifa 12 (c) Electronic Arts version 1
FIFA 13 Demo
FileZilla Client 3.5.3
Free YouTube to MP3 Converter version 3.11.22.508
GMX MultiMessenger
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Max Payne 3
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 15.0.1 (x86 de)
Mozilla Maintenance Service
NBA 2K12
OpenAL
Origin
PDF Settings CS6
Phase 5 HTML-Editor
Rapture3D 2.4.9 Game
Renesas Electronics USB 3.0 Host Controller Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Spec Ops The Line
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1

Thema: GVU Trojaner

Themen-Optionen

Thema durchsuchen

Anzeige

Lesezeichen

Lesezeichen

Berechtigungen