| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svchost.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2012, 18:19
| #1 |
 |  svchost.exe Also, ich habe folgendes Problem: Seit kurzem blockt Bitdefender immer einen Prozess namens svchost.exe. Es ist aber NICHT die svchost.exe in system32, sondern die Datei liegt unter meinem Benutzerkonto in AppData\Roaming\Microsoft. Allerdings kann ich die Datei nicht mit dem Windows-Explorer finden und Bitdefender findet auch bei einem Systemscan nichts verdächtiges. Ich habe auch schon Programme wie Spybot S&D ausprobiert, aber die finden auch nichts. Was soll ich tun? Ich habe noch etwas vergessen, irgendein Programm deaktiviert ständig den Scan von Bitdefender. Und hier ist noch der Logfile: BitDefender Log File Product : Bitdefender Internet Security 2012 Scanning task : Vollständiger System-Scan Log date : Dienstag, 29. Mai 2012 09:29:45 Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1338275457_1_02.xml Scan Paths: Path : C:\ [-]Scan Results [-]Resolved issues:Object Path Threat Name Final Status Cookie: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Cookies\8QS8ZOE5.txt Cookie.DoubleClick Deleted [-]Objects that were not scanned:Object Path Reason Final Status File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page0.html Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2.html Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/title.png Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/options.js Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Babylon.dat Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/BExternal.dll Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/bab091.norecovericon.dat Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/globe.png Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\Users\Lukas\Downloads\AntiVirus2012Download.rar=>AntiVirus2012Download=>AntiVirus2012.rar=>AntiVirus2012.exe Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup-latest-30b.zpb Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/toolBar.jpg Password-protected Not scanned (file was password-protected) File: C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\SupportFiles.7z=>PowerDVD12.ico Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentadb.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup.exe Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/SetupStrings.dat Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3Lrg.css Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/bab033.tbinst.dat Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3.html Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup-tbmntr903.zpb Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/blueStar.png Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Chrome_tb.zpb Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/sqlite3.dll Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip=>Users/Lukas/AppData/Roaming/Babylon/log_file.txt Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/sign Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/setup.js Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2.css Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3.css Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentadb.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/progress.png Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/pBar.gif Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/eula.html Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2Lrg.css Password-protected Not scanned (file was password-protected) File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/IECookieLow.dll Password-protected Not scanned (file was password-protected) [-]Detailed Scan Summary [-]Basic Scanned items : 293799 Infected items : 1 Suspicious items : 0 (no suspected items have been detected) Resolved items : 1 Unresolved items : 0 (no issues remained unresolved) [-]Advanced Scan time : 0: 17: 40 Files per second : 277 Skipped items : 390853 Password-protected items : 56 Overcompressed items : 0 Scanned archives : 7 Input-output errors : 0 Scanned boot sectors : 4 Scanned processes : 4551 Infected processes : 0 Scanned registry keys : 2010 Infected registry keys : 0 Scanned cookies : 163 Infected cookies : 1 [-]Scan Options [-]Target Threat Types: Scan for viruses : Yes Scan for adware : Yes Scan for spyware : Yes Scan for applications : Yes Scan for dialers : Yes Scan for rootkits : Yes Scan for keyloggers : Yes [-]Target Selection Options: Scan registry keys : Yes Scan cookies : Yes Scan boot sectors : Yes Scan memory processes : Yes Scan archives : Yes Scan runtime packers : Yes Scan emails : Yes Scan all files : Yes Heuristic Scan : Yes Scanned extensions : none configured Excluded extensions : none configured [-]Target Processing: Default primary action for infected objects : Disinfect Default secondary action for infected objects : Move to Quarantine Default primary action for suspicious objects : Move to Quarantine Default secondary action for suspicious objects : None Default action for hidden objects : Disinfect Default action for password-protected objects : Log as not scanned [-]Scan engines summary Number of virus signatures : 7245322 |
|
30.05.2012, 14:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | svchost.exe Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
01.06.2012, 20:27
| #3 |
| | svchost.exe Also, das Problem hat sich erledigt als ich mit Malwarebytes gescannt habe.
__________________Der Virus wurde gefunden und gelöscht. Hier trotzdem noch der Logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lukas :: DESKTOP-PC [Administrator] Schutz: Aktiviert 01.06.2012 13:13:55 mbam-log-2012-06-01 (13-13-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355180 Laufzeit: 8 Stunde(n), 5 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Trojan.Agent) -> Daten: C:\Users\Lukas\AppData\Roaming\Microsoft\svchost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Lukas\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Windows\System32\cmdow.exe (PUP.Tool) -> Keine Aktion durchgeführt. C:\Users\Lukas\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lukas\AppData\Roaming\dclogs\2012-05-19-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
02.06.2012, 18:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Außerdem fehlt ESET noch!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.06.2012, 21:47
| #5 |
| | svchost.exe Ältere Scans von Malwarebytes habe ich nicht, aber hier ist das Ergebnis von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7a5294b26c87b84e823767628300806f
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-01 11:54:44
# local_time=2012-06-01 01:54:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 601682 90179643 0 0
# compatibility_mode=8192 67108863 100 0 362 362 0 0
# scanned=7528
# found=0
# cleaned=0
# scan_time=1891
|
|
03.06.2012, 13:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> svchost.exe |
|
03.06.2012, 15:58
| #7 |
| | svchost.exe Ja, Windows startet wieder ordnungsgemäß, wenn auch etwas langsamer. Das hat aber glaube ich eher etwas damit zu tun das Windows nicht aufgeräumt ist. Und nein, ich habe keine leeren Verzeichnisse gefunden und es ist auch noch alles da. |
|
03.06.2012, 17:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 12:34
| #9 |
| | svchost.exe Habe mit OTL gescannt und es hat auch ohne Probleme geklappt. Da das Log zu groß ist habe ich es als zip angehängt. |
|
06.06.2012, 14:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=HP_ss&mntrId=9ac4fba1000000000000001f1f607b79
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A BF 56 48 A2 2F CD 01 [binary data]
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=100512_1_&babsrc=SP_ss&mntrId=9ac4fba1000000000000001f1f607b79
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=KW_ss&mntrId=9ac4fba1000000000000001f1f607b79&q="
[2012.05.12 10:29:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.29 18:30:39 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.07.03 07:07:02 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:32 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 06:59:54 | 000,001,982 | R--- | M] () - D:\autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.06.20 07:01:00 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:30 | 000,087,060 | R--- | M] () - D:\autorun.obj -- [ CDFS ]
O33 - MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2003.06.25 12:17:32 | 001,101,824 | R--- | M] ()
:Files
C:\Users\Lukas\AppData\Roaming\Babylon
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 15:41
| #11 |
| | svchost.exe Hat alles super geklappt und hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "https://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=KW_ss&mntrId=9ac4fba1000000000000001f1f607b79&q=" removed from keyword.URL
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.csf scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.obj scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Lukas\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj\7.0.1428_0\icons folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj\7.0.1428_0 folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lukas
->Temp folder emptied: 404034864 bytes
->Temporary Internet Files folder emptied: 79206664 bytes
->FireFox cache emptied: 1119809179 bytes
->Flash cache emptied: 28889 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 326432 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46666183 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.608,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Lukas
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.46.1 log created on 06062012_163356
Files\Folders moved on Reboot...
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.csf scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.obj scheduled to be moved on reboot.
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\~bdC452.tmp not found!
Registry entries deleted on Reboot...
|
|
06.06.2012, 15:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 16:03
| #13 |
| | svchost.exe Er hat irgend etwas im Alcohol 52% Verzeichniss gefunden.:-( Ich hab die Datei in Quarantäne verschoben. Hier das Log: Code:
ATTFilter 16:54:31.0729 3312 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:54:33.0499 3312 ============================================================
16:54:33.0499 3312 Current date / time: 2012/06/06 16:54:33.0499
16:54:33.0499 3312 SystemInfo:
16:54:33.0499 3312
16:54:33.0499 3312 OS Version: 6.1.7601 ServicePack: 1.0
16:54:33.0499 3312 Product type: Workstation
16:54:33.0499 3312 ComputerName: DESKTOP-PC
16:54:33.0500 3312 UserName: Lukas
16:54:33.0500 3312 Windows directory: C:\Windows
16:54:33.0500 3312 System windows directory: C:\Windows
16:54:33.0500 3312 Running under WOW64
16:54:33.0500 3312 Processor architecture: Intel x64
16:54:33.0500 3312 Number of processors: 6
16:54:33.0500 3312 Page size: 0x1000
16:54:33.0500 3312 Boot type: Normal boot
16:54:33.0500 3312 ============================================================
16:54:35.0046 3312 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:54:35.0058 3312 ============================================================
16:54:35.0058 3312 \Device\Harddisk0\DR0:
16:54:35.0058 3312 MBR partitions:
16:54:35.0058 3312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:54:35.0058 3312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:54:35.0058 3312 ============================================================
16:54:35.0079 3312 C: <-> \Device\Harddisk0\DR0\Partition1
16:54:35.0079 3312 ============================================================
16:54:35.0079 3312 Initialize success
16:54:35.0079 3312 ============================================================
16:55:04.0990 3468 ============================================================
16:55:04.0990 3468 Scan started
16:55:04.0990 3468 Mode: Manual; SigCheck; TDLFS;
16:55:04.0990 3468 ============================================================
16:55:05.0473 3468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:55:05.0536 3468 1394ohci - ok
16:55:05.0583 3468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:55:05.0598 3468 ACPI - ok
16:55:05.0598 3468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:55:05.0629 3468 AcpiPmi - ok
16:55:05.0676 3468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:05.0707 3468 adp94xx - ok
16:55:05.0707 3468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:55:05.0723 3468 adpahci - ok
16:55:05.0739 3468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:55:05.0754 3468 adpu320 - ok
16:55:05.0785 3468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:55:05.0832 3468 AeLookupSvc - ok
16:55:05.0863 3468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:55:05.0879 3468 AFD - ok
16:55:05.0910 3468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:55:05.0941 3468 agp440 - ok
16:55:05.0957 3468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:55:05.0988 3468 ALG - ok
16:55:06.0004 3468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:55:06.0019 3468 aliide - ok
16:55:06.0066 3468 ALSysIO - ok
16:55:06.0129 3468 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:55:06.0191 3468 AMD External Events Utility - ok
16:55:06.0253 3468 AMD FUEL Service - ok
16:55:06.0300 3468 AMDFusionSVC (b2b7d8f695b5d97a63eda789e9d237e1) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
16:55:06.0347 3468 AMDFusionSVC - ok
16:55:06.0363 3468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:55:06.0363 3468 amdide - ok
16:55:06.0394 3468 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:55:06.0394 3468 amdiox64 - ok
16:55:06.0409 3468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:55:06.0441 3468 AmdK8 - ok
16:55:06.0815 3468 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:55:07.0143 3468 amdkmdag - ok
16:55:07.0221 3468 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:55:07.0252 3468 amdkmdap - ok
16:55:07.0267 3468 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
16:55:07.0283 3468 AmdLLD64 - ok
16:55:07.0299 3468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:55:07.0330 3468 AmdPPM - ok
16:55:07.0361 3468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:55:07.0377 3468 amdsata - ok
16:55:07.0377 3468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:07.0392 3468 amdsbs - ok
16:55:07.0408 3468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:55:07.0408 3468 amdxata - ok
16:55:07.0423 3468 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:55:07.0439 3468 AODDriver4.1 - ok
16:55:07.0486 3468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:55:07.0564 3468 AppID - ok
16:55:07.0595 3468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:55:07.0657 3468 AppIDSvc - ok
16:55:07.0704 3468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:55:07.0751 3468 Appinfo - ok
16:55:07.0767 3468 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:55:07.0782 3468 AppMgmt - ok
16:55:07.0798 3468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:55:07.0813 3468 arc - ok
16:55:07.0813 3468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:55:07.0829 3468 arcsas - ok
16:55:07.0860 3468 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
16:55:07.0876 3468 asmthub3 - ok
16:55:07.0907 3468 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
16:55:07.0938 3468 asmtxhci - ok
16:55:08.0063 3468 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:55:08.0079 3468 aspnet_state - ok
16:55:08.0110 3468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:08.0157 3468 AsyncMac - ok
16:55:08.0188 3468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:55:08.0219 3468 atapi - ok
16:55:08.0266 3468 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
16:55:08.0297 3468 AtiHDAudioService - ok
16:55:08.0344 3468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:55:08.0406 3468 AudioEndpointBuilder - ok
16:55:08.0406 3468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:55:08.0453 3468 AudioSrv - ok
16:55:08.0515 3468 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
16:55:08.0547 3468 avc3 - ok
16:55:08.0578 3468 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
16:55:08.0593 3468 avchv - ok
16:55:08.0609 3468 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
16:55:08.0625 3468 avckf - ok
16:55:08.0749 3468 AxAutoMntSrv (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
16:55:08.0765 3468 AxAutoMntSrv - ok
16:55:08.0812 3468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:55:08.0874 3468 AxInstSV - ok
16:55:08.0905 3468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:55:08.0937 3468 b06bdrv - ok
16:55:08.0968 3468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:55:08.0999 3468 b57nd60a - ok
16:55:09.0030 3468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:55:09.0061 3468 BDESVC - ok
16:55:09.0186 3468 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
16:55:09.0202 3468 BdfNdisf - ok
16:55:09.0233 3468 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
16:55:09.0249 3468 bdfsfltr - ok
16:55:09.0295 3468 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
16:55:09.0327 3468 bdfwfpf - ok
16:55:09.0358 3468 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
16:55:09.0358 3468 bdsandbox - ok
16:55:09.0373 3468 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
16:55:09.0389 3468 BDVEDISK - ok
16:55:09.0389 3468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:55:09.0483 3468 Beep - ok
16:55:09.0576 3468 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:55:09.0639 3468 BFE - ok
16:55:09.0685 3468 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:55:09.0732 3468 BITS - ok
16:55:09.0763 3468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:09.0779 3468 blbdrive - ok
16:55:09.0795 3468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:55:09.0826 3468 bowser - ok
16:55:09.0857 3468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:09.0904 3468 BrFiltLo - ok
16:55:09.0904 3468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:09.0919 3468 BrFiltUp - ok
16:55:09.0966 3468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:55:09.0997 3468 Browser - ok
16:55:10.0013 3468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:55:10.0060 3468 Brserid - ok
16:55:10.0075 3468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:10.0091 3468 BrSerWdm - ok
16:55:10.0091 3468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:10.0107 3468 BrUsbMdm - ok
16:55:10.0122 3468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:10.0138 3468 BrUsbSer - ok
16:55:10.0138 3468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:10.0169 3468 BTHMODEM - ok
16:55:10.0216 3468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:55:10.0263 3468 bthserv - ok
16:55:10.0263 3468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:10.0309 3468 cdfs - ok
16:55:10.0341 3468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:10.0372 3468 cdrom - ok
16:55:10.0387 3468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:55:10.0434 3468 CertPropSvc - ok
16:55:10.0465 3468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:55:10.0481 3468 circlass - ok
16:55:10.0497 3468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:55:10.0512 3468 CLFS - ok
16:55:10.0653 3468 CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
16:55:10.0684 3468 CLHNServiceForPowerDVD12 - ok
16:55:10.0746 3468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:55:10.0762 3468 clr_optimization_v2.0.50727_32 - ok
16:55:10.0793 3468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:55:10.0809 3468 clr_optimization_v2.0.50727_64 - ok
16:55:10.0855 3468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:55:10.0871 3468 clr_optimization_v4.0.30319_32 - ok
16:55:10.0902 3468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:55:10.0918 3468 clr_optimization_v4.0.30319_64 - ok
16:55:10.0949 3468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:10.0980 3468 CmBatt - ok
16:55:11.0011 3468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:55:11.0027 3468 cmdide - ok
16:55:11.0074 3468 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:55:11.0089 3468 CNG - ok
16:55:11.0121 3468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:11.0136 3468 Compbatt - ok
16:55:11.0292 3468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:55:11.0339 3468 CompositeBus - ok
16:55:11.0355 3468 COMSysApp - ok
16:55:11.0370 3468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:11.0386 3468 crcdisk - ok
16:55:11.0433 3468 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:55:11.0479 3468 CryptSvc - ok
16:55:11.0542 3468 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:55:11.0589 3468 CSC - ok
16:55:11.0620 3468 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:55:11.0667 3468 CscService - ok
16:55:11.0760 3468 CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
16:55:11.0776 3468 CyberLink PowerDVD 12 Media Server Monitor Service - ok
16:55:11.0807 3468 CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
16:55:11.0823 3468 CyberLink PowerDVD 12 Media Server Service - ok
16:55:11.0854 3468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:55:11.0916 3468 DcomLaunch - ok
16:55:11.0932 3468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:55:11.0994 3468 defragsvc - ok
16:55:12.0025 3468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:55:12.0088 3468 DfsC - ok
16:55:12.0103 3468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:55:12.0181 3468 Dhcp - ok
16:55:12.0181 3468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:55:12.0213 3468 discache - ok
16:55:12.0228 3468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:55:12.0244 3468 Disk - ok
16:55:12.0259 3468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:55:12.0291 3468 Dnscache - ok
16:55:12.0322 3468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:55:12.0369 3468 dot3svc - ok
16:55:12.0400 3468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:55:12.0431 3468 DPS - ok
16:55:12.0462 3468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:55:12.0478 3468 drmkaud - ok
16:55:12.0525 3468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:12.0540 3468 DXGKrnl - ok
16:55:12.0571 3468 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:55:12.0587 3468 E1G60 - ok
16:55:12.0587 3468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:55:12.0634 3468 EapHost - ok
16:55:12.0759 3468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:55:12.0868 3468 ebdrv - ok
16:55:12.0946 3468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:55:12.0977 3468 EFS - ok
16:55:13.0024 3468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:55:13.0071 3468 ehRecvr - ok
16:55:13.0086 3468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:55:13.0102 3468 ehSched - ok
16:55:13.0149 3468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:55:13.0164 3468 elxstor - ok
16:55:13.0195 3468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:55:13.0227 3468 ErrDev - ok
16:55:13.0273 3468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:55:13.0305 3468 EventSystem - ok
16:55:13.0320 3468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:55:13.0367 3468 exfat - ok
16:55:13.0383 3468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:55:13.0414 3468 fastfat - ok
16:55:13.0476 3468 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:55:13.0507 3468 Fax - ok
16:55:13.0523 3468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:55:13.0554 3468 fdc - ok
16:55:13.0585 3468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:55:13.0617 3468 fdPHost - ok
16:55:13.0617 3468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:55:13.0663 3468 FDResPub - ok
16:55:13.0663 3468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:55:13.0679 3468 FileInfo - ok
16:55:13.0679 3468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:55:13.0726 3468 Filetrace - ok
16:55:13.0741 3468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:13.0757 3468 flpydisk - ok
16:55:13.0788 3468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:55:13.0819 3468 FltMgr - ok
16:55:13.0882 3468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:55:13.0913 3468 FontCache - ok
16:55:13.0975 3468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:55:13.0991 3468 FontCache3.0.0.0 - ok
16:55:14.0007 3468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:55:14.0038 3468 FsDepends - ok
16:55:14.0053 3468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:14.0053 3468 Fs_Rec - ok
16:55:14.0178 3468 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
16:55:14.0225 3468 Futuremark SystemInfo Service - ok
16:55:14.0287 3468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:55:14.0303 3468 fvevol - ok
16:55:14.0319 3468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:14.0334 3468 gagp30kx - ok
16:55:14.0397 3468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:55:14.0443 3468 gpsvc - ok
16:55:14.0521 3468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:55:14.0553 3468 gupdate - ok
16:55:14.0553 3468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:55:14.0568 3468 gupdatem - ok
16:55:14.0584 3468 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:55:14.0677 3468 gusvc - ok
16:55:14.0693 3468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:55:14.0709 3468 hcw85cir - ok
16:55:14.0771 3468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:55:14.0818 3468 HdAudAddService - ok
16:55:14.0849 3468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:55:14.0865 3468 HDAudBus - ok
16:55:14.0896 3468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:14.0911 3468 HidBatt - ok
16:55:14.0927 3468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:55:14.0958 3468 HidBth - ok
16:55:14.0974 3468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:55:14.0989 3468 HidIr - ok
16:55:15.0021 3468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:55:15.0052 3468 hidserv - ok
16:55:15.0067 3468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:55:15.0083 3468 HidUsb - ok
16:55:15.0130 3468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:55:15.0177 3468 hkmsvc - ok
16:55:15.0208 3468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:55:15.0255 3468 HomeGroupListener - ok
16:55:15.0301 3468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:55:15.0348 3468 HomeGroupProvider - ok
16:55:15.0364 3468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:55:15.0395 3468 HpSAMD - ok
16:55:15.0473 3468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:55:15.0535 3468 HTTP - ok
16:55:15.0567 3468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:55:15.0567 3468 hwpolicy - ok
16:55:15.0598 3468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:55:15.0629 3468 i8042prt - ok
16:55:15.0691 3468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:55:15.0723 3468 iaStorV - ok
16:55:15.0832 3468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:55:15.0879 3468 idsvc - ok
16:55:15.0879 3468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:55:15.0894 3468 iirsp - ok
16:55:15.0941 3468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:55:15.0988 3468 IKEEXT - ok
16:55:16.0159 3468 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys
16:55:16.0206 3468 IntcAzAudAddService - ok
16:55:16.0269 3468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:55:16.0284 3468 intelide - ok
16:55:16.0347 3468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:16.0378 3468 intelppm - ok
16:55:16.0409 3468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:55:16.0440 3468 IPBusEnum - ok
16:55:16.0471 3468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:16.0518 3468 IpFilterDriver - ok
16:55:16.0581 3468 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:55:16.0612 3468 iphlpsvc - ok
16:55:16.0627 3468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:55:16.0659 3468 IPMIDRV - ok
16:55:16.0674 3468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:55:16.0705 3468 IPNAT - ok
16:55:16.0721 3468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:55:16.0752 3468 IRENUM - ok
16:55:16.0768 3468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:55:16.0768 3468 isapnp - ok
16:55:16.0799 3468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:55:16.0815 3468 iScsiPrt - ok
16:55:16.0830 3468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:55:16.0846 3468 kbdclass - ok
16:55:16.0861 3468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:55:16.0861 3468 kbdhid - ok
16:55:16.0893 3468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:16.0908 3468 KeyIso - ok
16:55:16.0924 3468 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:55:16.0939 3468 KSecDD - ok
16:55:16.0955 3468 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:55:16.0971 3468 KSecPkg - ok
16:55:16.0986 3468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:55:17.0033 3468 ksthunk - ok
16:55:17.0049 3468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:55:17.0111 3468 KtmRm - ok
16:55:17.0127 3468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:55:17.0158 3468 LanmanServer - ok
16:55:17.0189 3468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:55:17.0267 3468 LanmanWorkstation - ok
16:55:17.0283 3468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:17.0329 3468 lltdio - ok
16:55:17.0345 3468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:55:17.0392 3468 lltdsvc - ok
16:55:17.0407 3468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:55:17.0439 3468 lmhosts - ok
16:55:17.0454 3468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:17.0470 3468 LSI_FC - ok
16:55:17.0470 3468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:17.0485 3468 LSI_SAS - ok
16:55:17.0485 3468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:17.0501 3468 LSI_SAS2 - ok
16:55:17.0501 3468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:17.0517 3468 LSI_SCSI - ok
16:55:17.0532 3468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:55:17.0579 3468 luafv - ok
16:55:17.0595 3468 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
16:55:17.0610 3468 MBfilt - ok
16:55:17.0641 3468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:55:17.0657 3468 Mcx2Svc - ok
16:55:17.0657 3468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:55:17.0673 3468 megasas - ok
16:55:17.0688 3468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:17.0704 3468 MegaSR - ok
16:55:17.0735 3468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:55:17.0766 3468 MMCSS - ok
16:55:17.0782 3468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:55:17.0813 3468 Modem - ok
16:55:17.0829 3468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:55:17.0860 3468 monitor - ok
16:55:17.0860 3468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:55:17.0875 3468 mouclass - ok
16:55:17.0875 3468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:17.0891 3468 mouhid - ok
16:55:17.0922 3468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:55:17.0938 3468 mountmgr - ok
16:55:18.0016 3468 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:55:18.0047 3468 MozillaMaintenance - ok
16:55:18.0078 3468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:55:18.0094 3468 mpio - ok
16:55:18.0094 3468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:55:18.0125 3468 mpsdrv - ok
16:55:18.0203 3468 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:55:18.0281 3468 MpsSvc - ok
16:55:18.0312 3468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:55:18.0343 3468 MRxDAV - ok
16:55:18.0375 3468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:18.0390 3468 mrxsmb - ok
16:55:18.0406 3468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:18.0421 3468 mrxsmb10 - ok
16:55:18.0437 3468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:18.0468 3468 mrxsmb20 - ok
16:55:18.0484 3468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:55:18.0484 3468 msahci - ok
16:55:18.0499 3468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:55:18.0515 3468 msdsm - ok
16:55:18.0531 3468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:55:18.0546 3468 MSDTC - ok
16:55:18.0562 3468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:55:18.0593 3468 Msfs - ok
16:55:18.0624 3468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:55:18.0671 3468 mshidkmdf - ok
16:55:18.0702 3468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:55:18.0718 3468 msisadrv - ok
16:55:18.0749 3468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:55:18.0796 3468 MSiSCSI - ok
16:55:18.0796 3468 msiserver - ok
16:55:18.0811 3468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:18.0843 3468 MSKSSRV - ok
16:55:18.0874 3468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:18.0905 3468 MSPCLOCK - ok
16:55:18.0905 3468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:55:18.0936 3468 MSPQM - ok
16:55:18.0983 3468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:55:19.0014 3468 MsRPC - ok
16:55:19.0030 3468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:55:19.0045 3468 mssmbios - ok
16:55:19.0045 3468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:55:19.0092 3468 MSTEE - ok
16:55:19.0108 3468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:19.0108 3468 MTConfig - ok
16:55:19.0139 3468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:55:19.0139 3468 Mup - ok
16:55:19.0201 3468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:55:19.0264 3468 napagent - ok
16:55:19.0311 3468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:19.0342 3468 NativeWifiP - ok
16:55:19.0482 3468 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
16:55:19.0513 3468 NAUpdate - ok
16:55:19.0529 3468 NBVol (daca803a8d732fe5eeaa024ec342f81d) C:\Windows\system32\DRIVERS\NBVol.sys
16:55:19.0545 3468 NBVol - ok
16:55:19.0560 3468 NBVolUp (6208f622e9e35860dfb0753dff56f0c0) C:\Windows\system32\DRIVERS\NBVolUp.sys
16:55:19.0576 3468 NBVolUp - ok
16:55:19.0623 3468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:55:19.0654 3468 NDIS - ok
16:55:19.0669 3468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:19.0716 3468 NdisCap - ok
16:55:19.0732 3468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:19.0763 3468 NdisTapi - ok
16:55:19.0810 3468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:19.0857 3468 Ndisuio - ok
16:55:19.0903 3468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:19.0966 3468 NdisWan - ok
16:55:20.0013 3468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:55:20.0075 3468 NDProxy - ok
16:55:20.0075 3468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:55:20.0122 3468 NetBIOS - ok
16:55:20.0153 3468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:55:20.0215 3468 NetBT - ok
16:55:20.0231 3468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:20.0247 3468 Netlogon - ok
16:55:20.0309 3468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:55:20.0387 3468 Netman - ok
16:55:20.0465 3468 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0496 3468 NetMsmqActivator - ok
16:55:20.0512 3468 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0512 3468 NetPipeActivator - ok
16:55:20.0527 3468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:55:20.0574 3468 netprofm - ok
16:55:20.0637 3468 netr28ux (c9e9017ac2291e96ed3376b72bc7cf8d) C:\Windows\system32\DRIVERS\netr28ux.sys
16:55:20.0668 3468 netr28ux - ok
16:55:20.0683 3468 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0699 3468 NetTcpActivator - ok
16:55:20.0699 3468 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0715 3468 NetTcpPortSharing - ok
16:55:20.0746 3468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:20.0746 3468 nfrd960 - ok
16:55:20.0793 3468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:55:20.0855 3468 NlaSvc - ok
16:55:20.0855 3468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:55:20.0886 3468 Npfs - ok
16:55:20.0902 3468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:55:20.0933 3468 nsi - ok
16:55:20.0949 3468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:55:20.0980 3468 nsiproxy - ok
16:55:21.0042 3468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:55:21.0089 3468 Ntfs - ok
16:55:21.0214 3468 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
16:55:21.0229 3468 ntk_PowerDVD12 - ok
16:55:21.0276 3468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:55:21.0323 3468 Null - ok
16:55:21.0354 3468 nvlddmkm - ok
16:55:21.0401 3468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:55:21.0432 3468 nvraid - ok
16:55:21.0463 3468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:55:21.0495 3468 nvstor - ok
16:55:21.0526 3468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:55:21.0541 3468 nv_agp - ok
16:55:21.0557 3468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:55:21.0588 3468 ohci1394 - ok
16:55:21.0635 3468 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:21.0713 3468 ose - ok
16:55:21.0760 3468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:55:21.0791 3468 p2pimsvc - ok
16:55:21.0822 3468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:55:21.0853 3468 p2psvc - ok
16:55:21.0869 3468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:55:21.0900 3468 Parport - ok
16:55:21.0931 3468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:55:21.0947 3468 partmgr - ok
16:55:21.0963 3468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:55:21.0994 3468 PcaSvc - ok
16:55:22.0009 3468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:55:22.0025 3468 pci - ok
16:55:22.0041 3468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:55:22.0056 3468 pciide - ok
16:55:22.0056 3468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:55:22.0072 3468 pcmcia - ok
16:55:22.0087 3468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:55:22.0103 3468 pcw - ok
16:55:22.0119 3468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:55:22.0165 3468 PEAUTH - ok
16:55:22.0212 3468 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:55:22.0243 3468 PeerDistSvc - ok
16:55:22.0290 3468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:55:22.0321 3468 PerfHost - ok
16:55:22.0446 3468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:55:22.0509 3468 pla - ok
16:55:22.0540 3468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:55:22.0571 3468 PlugPlay - ok
16:55:22.0587 3468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:55:22.0587 3468 PNRPAutoReg - ok
16:55:22.0602 3468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:55:22.0618 3468 PNRPsvc - ok
16:55:22.0649 3468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:55:22.0696 3468 PolicyAgent - ok
16:55:22.0727 3468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:55:22.0805 3468 Power - ok
16:55:22.0852 3468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:22.0914 3468 PptpMiniport - ok
16:55:22.0930 3468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:55:22.0945 3468 Processor - ok
16:55:22.0992 3468 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:55:23.0039 3468 ProfSvc - ok
16:55:23.0070 3468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:23.0086 3468 ProtectedStorage - ok
16:55:23.0117 3468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:55:23.0164 3468 Psched - ok
16:55:23.0226 3468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:55:23.0273 3468 ql2300 - ok
16:55:23.0335 3468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:55:23.0351 3468 ql40xx - ok
16:55:23.0382 3468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:55:23.0398 3468 QWAVE - ok
16:55:23.0413 3468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:55:23.0445 3468 QWAVEdrv - ok
16:55:23.0460 3468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:23.0491 3468 RasAcd - ok
16:55:23.0507 3468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:55:23.0538 3468 RasAgileVpn - ok
16:55:23.0554 3468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:55:23.0601 3468 RasAuto - ok
16:55:23.0632 3468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:23.0679 3468 Rasl2tp - ok
16:55:23.0710 3468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:55:23.0772 3468 RasMan - ok
16:55:23.0772 3468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:23.0819 3468 RasPppoe - ok
16:55:23.0835 3468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:23.0881 3468 RasSstp - ok
16:55:23.0913 3468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:23.0959 3468 rdbss - ok
16:55:23.0959 3468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:23.0975 3468 rdpbus - ok
16:55:23.0991 3468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:24.0022 3468 RDPCDD - ok
16:55:24.0069 3468 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:55:24.0084 3468 RDPDR - ok
16:55:24.0100 3468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:55:24.0131 3468 RDPENCDD - ok
16:55:24.0147 3468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:55:24.0193 3468 RDPREFMP - ok
16:55:24.0240 3468 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:55:24.0271 3468 RdpVideoMiniport - ok
16:55:24.0303 3468 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:55:24.0349 3468 RDPWD - ok
16:55:24.0412 3468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:55:24.0443 3468 rdyboost - ok
16:55:24.0474 3468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:55:24.0505 3468 RemoteAccess - ok
16:55:24.0521 3468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:55:24.0568 3468 RemoteRegistry - ok
16:55:24.0615 3468 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
16:55:24.0646 3468 RMCAST - ok
16:55:24.0677 3468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:55:24.0708 3468 RpcEptMapper - ok
16:55:24.0724 3468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:55:24.0755 3468 RpcLocator - ok
16:55:24.0802 3468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:55:24.0849 3468 RpcSs - ok
16:55:24.0989 3468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:25.0051 3468 rspndr - ok
16:55:25.0114 3468 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\netr6164.sys
16:55:25.0145 3468 rt61x64 - ok
16:55:25.0192 3468 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:55:25.0207 3468 RTL8167 - ok
16:55:25.0223 3468 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:55:25.0254 3468 s3cap - ok
16:55:25.0270 3468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:25.0285 3468 SamSs - ok
16:55:25.0301 3468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:55:25.0301 3468 sbp2port - ok
16:55:25.0317 3468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:55:25.0363 3468 SCardSvr - ok
16:55:25.0395 3468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:55:25.0473 3468 scfilter - ok
16:55:25.0551 3468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:55:25.0613 3468 Schedule - ok
16:55:25.0644 3468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:55:25.0675 3468 SCPolicySvc - ok
16:55:25.0707 3468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:55:25.0738 3468 SDRSVC - ok
16:55:25.0769 3468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:55:25.0816 3468 secdrv - ok
16:55:25.0847 3468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:55:25.0894 3468 seclogon - ok
16:55:25.0894 3468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:55:25.0941 3468 SENS - ok
16:55:25.0956 3468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:55:25.0972 3468 SensrSvc - ok
16:55:25.0987 3468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:55:26.0019 3468 Serenum - ok
16:55:26.0019 3468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:55:26.0050 3468 Serial - ok
16:55:26.0081 3468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:55:26.0112 3468 sermouse - ok
16:55:26.0143 3468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:55:26.0190 3468 SessionEnv - ok
16:55:26.0206 3468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:55:26.0221 3468 sffdisk - ok
16:55:26.0237 3468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:55:26.0253 3468 sffp_mmc - ok
16:55:26.0253 3468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:55:26.0284 3468 sffp_sd - ok
16:55:26.0284 3468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:26.0299 3468 sfloppy - ok
16:55:26.0346 3468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:55:26.0393 3468 SharedAccess - ok
16:55:26.0440 3468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:55:26.0502 3468 ShellHWDetection - ok
16:55:26.0502 3468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:26.0518 3468 SiSRaid2 - ok
16:55:26.0518 3468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:26.0533 3468 SiSRaid4 - ok
16:55:26.0596 3468 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:55:26.0611 3468 SkypeUpdate - ok
16:55:26.0627 3468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:55:26.0658 3468 Smb - ok
16:55:26.0674 3468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:55:26.0705 3468 SNMPTRAP - ok
16:55:26.0721 3468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:55:26.0721 3468 spldr - ok
16:55:26.0767 3468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:55:26.0799 3468 Spooler - ok
16:55:26.0986 3468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:55:27.0079 3468 sppsvc - ok
16:55:27.0157 3468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:55:27.0235 3468 sppuinotify - ok
16:55:27.0313 3468 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
16:55:27.0345 3468 sptd - ok
16:55:27.0376 3468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:55:27.0407 3468 srv - ok
16:55:27.0438 3468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:55:27.0454 3468 srv2 - ok
16:55:27.0469 3468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:27.0501 3468 srvnet - ok
16:55:27.0532 3468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:55:27.0594 3468 SSDPSRV - ok
16:55:27.0610 3468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:55:27.0657 3468 SstpSvc - ok
16:55:27.0750 3468 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
16:55:27.0750 3468 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
16:55:27.0750 3468 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
16:55:27.0797 3468 Steam Client Service - ok
16:55:27.0828 3468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:27.0844 3468 stexstor - ok
16:55:27.0906 3468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:55:27.0953 3468 stisvc - ok
16:55:27.0969 3468 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:55:27.0984 3468 storflt - ok
16:55:28.0015 3468 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:55:28.0047 3468 storvsc - ok
16:55:28.0047 3468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:55:28.0062 3468 swenum - ok
16:55:28.0093 3468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:55:28.0156 3468 swprv - ok
16:55:28.0156 3468 Synth3dVsc - ok
16:55:28.0281 3468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:55:28.0312 3468 SysMain - ok
16:55:28.0390 3468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:55:28.0421 3468 TabletInputService - ok
16:55:28.0468 3468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:55:28.0530 3468 TapiSrv - ok
16:55:28.0546 3468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:55:28.0593 3468 TBS - ok
16:55:28.0702 3468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:55:28.0733 3468 Tcpip - ok
16:55:28.0873 3468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:28.0936 3468 TCPIP6 - ok
16:55:28.0983 3468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:55:29.0061 3468 tcpipreg - ok
16:55:29.0076 3468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:55:29.0092 3468 TDPIPE - ok
16:55:29.0107 3468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:55:29.0123 3468 TDTCP - ok
16:55:29.0170 3468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:55:29.0232 3468 tdx - ok
16:55:29.0248 3468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:55:29.0248 3468 TermDD - ok
16:55:29.0279 3468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:55:29.0341 3468 TermService - ok
16:55:29.0357 3468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:55:29.0373 3468 Themes - ok
16:55:29.0404 3468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:55:29.0435 3468 THREADORDER - ok
16:55:29.0451 3468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:55:29.0482 3468 TrkWks - ok
16:55:29.0529 3468 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
16:55:29.0544 3468 trufos - ok
16:55:29.0622 3468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:55:29.0669 3468 TrustedInstaller - ok
16:55:29.0700 3468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:29.0731 3468 tssecsrv - ok
16:55:29.0763 3468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:55:29.0794 3468 TsUsbFlt - ok
16:55:29.0825 3468 tsusbhub - ok
16:55:29.0872 3468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:29.0950 3468 tunnel - ok
16:55:29.0965 3468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:29.0965 3468 uagp35 - ok
16:55:30.0043 3468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:55:30.0090 3468 udfs - ok
16:55:30.0121 3468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:55:30.0153 3468 UI0Detect - ok
16:55:30.0168 3468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:55:30.0184 3468 uliagpkx - ok
16:55:30.0215 3468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:55:30.0246 3468 umbus - ok
16:55:30.0262 3468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:55:30.0277 3468 UmPass - ok
16:55:30.0293 3468 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:55:30.0324 3468 UmRdpService - ok
16:55:30.0418 3468 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
16:55:30.0465 3468 Update Server - ok
16:55:30.0480 3468 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
16:55:30.0511 3468 UPDATESRV - ok
16:55:30.0543 3468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:55:30.0574 3468 upnphost - ok
16:55:30.0589 3468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
16:55:30.0605 3468 usbccgp - ok
16:55:30.0621 3468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:55:30.0636 3468 usbcir - ok
16:55:30.0652 3468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:30.0683 3468 usbehci - ok
16:55:30.0714 3468 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
16:55:30.0714 3468 usbfilter - ok
16:55:30.0745 3468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:30.0761 3468 usbhub - ok
16:55:30.0761 3468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:55:30.0777 3468 usbohci - ok
16:55:30.0792 3468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:30.0808 3468 usbprint - ok
16:55:30.0823 3468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:30.0855 3468 USBSTOR - ok
16:55:30.0855 3468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:55:30.0886 3468 usbuhci - ok
16:55:30.0901 3468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:55:30.0948 3468 UxSms - ok
16:55:30.0964 3468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:30.0979 3468 VaultSvc - ok
16:55:31.0011 3468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:55:31.0011 3468 vdrvroot - ok
16:55:31.0057 3468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:55:31.0104 3468 vds - ok
16:55:31.0120 3468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:31.0135 3468 vga - ok
16:55:31.0151 3468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:55:31.0198 3468 VgaSave - ok
16:55:31.0198 3468 VGPU - ok
16:55:31.0229 3468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
16:55:31.0245 3468 vhdmp - ok
16:55:31.0260 3468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:55:31.0260 3468 viaide - ok
16:55:31.0291 3468 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:55:31.0307 3468 vmbus - ok
16:55:31.0323 3468 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:55:31.0354 3468 VMBusHID - ok
16:55:31.0369 3468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:55:31.0369 3468 volmgr - ok
16:55:31.0432 3468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:55:31.0463 3468 volmgrx - ok
16:55:31.0494 3468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:55:31.0510 3468 volsnap - ok
16:55:31.0510 3468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:31.0525 3468 vsmraid - ok
16:55:31.0635 3468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:55:31.0728 3468 VSS - ok
16:55:31.0791 3468 vsserv - ok
16:55:31.0869 3468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:55:31.0900 3468 vwifibus - ok
16:55:31.0915 3468 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:55:31.0947 3468 vwififlt - ok
16:55:31.0978 3468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:55:32.0040 3468 W32Time - ok
16:55:32.0056 3468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:32.0071 3468 WacomPen - ok
16:55:32.0103 3468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:32.0134 3468 WANARP - ok
16:55:32.0149 3468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:32.0181 3468 Wanarpv6 - ok
16:55:32.0259 3468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:55:32.0290 3468 wbengine - ok
16:55:32.0337 3468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:55:32.0368 3468 WbioSrvc - ok
16:55:32.0399 3468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:55:32.0446 3468 wcncsvc - ok
16:55:32.0461 3468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:55:32.0493 3468 WcsPlugInService - ok
16:55:32.0493 3468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:55:32.0508 3468 Wd - ok
16:55:32.0539 3468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:55:32.0555 3468 Wdf01000 - ok
16:55:32.0555 3468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:32.0586 3468 WdiServiceHost - ok
16:55:32.0586 3468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:32.0602 3468 WdiSystemHost - ok
16:55:32.0649 3468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:55:32.0680 3468 WebClient - ok
16:55:32.0695 3468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:55:32.0742 3468 Wecsvc - ok
16:55:32.0742 3468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:55:32.0789 3468 wercplsupport - ok
16:55:32.0805 3468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:55:32.0883 3468 WerSvc - ok
16:55:32.0883 3468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:32.0914 3468 WfpLwf - ok
16:55:32.0945 3468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:55:32.0945 3468 WIMMount - ok
16:55:32.0961 3468 WinDefend - ok
16:55:32.0976 3468 WinHttpAutoProxySvc - ok
16:55:33.0039 3468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:55:33.0085 3468 Winmgmt - ok
16:55:33.0163 3468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:55:33.0241 3468 WinRM - ok
16:55:33.0304 3468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:55:33.0351 3468 Wlansvc - ok
16:55:33.0522 3468 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:55:33.0569 3468 wlidsvc - ok
16:55:33.0631 3468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:55:33.0647 3468 WmiAcpi - ok
16:55:33.0678 3468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:55:33.0694 3468 wmiApSrv - ok
16:55:33.0709 3468 WMPNetworkSvc - ok
16:55:33.0725 3468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:55:33.0741 3468 WPCSvc - ok
16:55:33.0772 3468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:55:33.0787 3468 WPDBusEnum - ok
16:55:33.0803 3468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:33.0850 3468 ws2ifsl - ok
16:55:33.0865 3468 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:55:33.0881 3468 wscsvc - ok
16:55:33.0881 3468 WSearch - ok
16:55:33.0990 3468 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:55:34.0053 3468 wuauserv - ok
16:55:34.0115 3468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:55:34.0146 3468 WudfPf - ok
16:55:34.0162 3468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:34.0209 3468 WUDFRd - ok
16:55:34.0240 3468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:55:34.0287 3468 wudfsvc - ok
16:55:34.0302 3468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:55:34.0333 3468 WwanSvc - ok
16:55:34.0443 3468 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
16:55:34.0474 3468 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:55:34.0489 3468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:55:34.0926 3468 \Device\Harddisk0\DR0 - ok
16:55:34.0942 3468 Boot (0x1200) (ebb00998683ced5cd70ccc17db0318ef) \Device\Harddisk0\DR0\Partition0
16:55:34.0942 3468 \Device\Harddisk0\DR0\Partition0 - ok
16:55:34.0973 3468 Boot (0x1200) (e8a9755a912a76970f21c8208fe9f7bc) \Device\Harddisk0\DR0\Partition1
16:55:34.0973 3468 \Device\Harddisk0\DR0\Partition1 - ok
16:55:34.0973 3468 ============================================================
16:55:34.0973 3468 Scan finished
16:55:34.0973 3468 ============================================================
16:55:34.0989 3464 Detected object count: 1
16:55:34.0989 3464 Actual detected object count: 1
16:56:33.0613 3464 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe - copied to quarantine
16:56:33.0613 3464 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
|
|
06.06.2012, 16:17
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exeZitat:
 Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2012, 16:23
| #15 |
| | svchost.exe Asche über mein Haupt, da war ich wohl etwas voreilig. Was soll ich jetzt tun? |
|
| Themen zu svchost.exe |
| .exe, appdata, ausprobiert, babylontoolbar, benutzerkonto, bitdefender, block, blockt, datei, defender, folge, folgendes, kurzem, namens, nichts, problem, programme, prozess, roaming, spybot, svchost.exe, system, system32, systemscan, windows-explorer |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
