|
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.08.2012, 20:37 | #16 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun?Zitat:
Nicht jeder kann alles, es lebe die Arbeitsteilung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - user.js - File not found O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1002..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [HKCU] C:\Windows\SysWOW64\oobe\info\HKCU.vbs () O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\Shell - "" = AutoRun O33 - MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\Shell\AutoRun\command - "" = I:\pushinst.exe :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.08.2012, 21:34 | #17 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? ... so, alles mit OTL gekillt ... was mach ich da eigentlich
__________________Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU deleted successfully. C:\Windows\SysWOW64\oobe\info\HKCU.vbs moved successfully. Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully. C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found. File I:\pushinst.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MaxMustermann ->Temp folder emptied: 1970324 bytes ->Temporary Internet Files folder emptied: 7205452 bytes ->FireFox cache emptied: 107673146 bytes ->Google Chrome cache emptied: 22067276 bytes ->Flash cache emptied: 60118 bytes User: MaxMustermann ->Temp folder emptied: 174924889 bytes ->Temporary Internet Files folder emptied: 853550 bytes ->Google Chrome cache emptied: 10264602 bytes ->Flash cache emptied: 56854 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 78108007 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 234091067 bytes Total Files Cleaned = 608,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: MaxMustermann ->Flash cache emptied: 0 bytes User: MaxMustermann ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.56.0 log created on 08102012_222503 |
11.08.2012, 16:46 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
11.08.2012, 20:35 | #19 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier die Logs Code:
ATTFilter 21:06:17.0286 4052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 21:06:17.0551 4052 ============================================================ 21:06:17.0551 4052 Current date / time: 2012/08/11 21:06:17.0551 21:06:17.0551 4052 SystemInfo: 21:06:17.0551 4052 21:06:17.0551 4052 OS Version: 6.1.7601 ServicePack: 1.0 21:06:17.0551 4052 Product type: Workstation 21:06:17.0551 4052 ComputerName: MaxMustermann-PC 21:06:17.0551 4052 UserName: MaxMustermann 21:06:17.0551 4052 Windows directory: C:\Windows 21:06:17.0551 4052 System windows directory: C:\Windows 21:06:17.0551 4052 Running under WOW64 21:06:17.0551 4052 Processor architecture: Intel x64 21:06:17.0551 4052 Number of processors: 4 21:06:17.0551 4052 Page size: 0x1000 21:06:17.0551 4052 Boot type: Normal boot 21:06:17.0551 4052 ============================================================ 21:06:17.0847 4052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:06:17.0863 4052 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:06:17.0910 4052 ============================================================ 21:06:17.0910 4052 \Device\Harddisk0\DR0: 21:06:17.0910 4052 MBR partitions: 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3000 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6E105800, BlocksNum 0x6400000 21:06:17.0910 4052 \Device\Harddisk4\DR4: 21:06:17.0910 4052 MBR partitions: 21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A80000 21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x87387000 21:06:17.0910 4052 ============================================================ 21:06:18.0003 4052 C: <-> \Device\Harddisk0\DR0\Partition1 21:06:18.0066 4052 D: <-> \Device\Harddisk0\DR0\Partition2 21:06:18.0112 4052 I: <-> \Device\Harddisk4\DR4\Partition1 21:06:18.0144 4052 J: <-> \Device\Harddisk4\DR4\Partition0 21:06:18.0144 4052 ============================================================ 21:06:18.0144 4052 Initialize success 21:06:18.0144 4052 ============================================================ 21:06:28.0830 2572 ============================================================ 21:06:28.0830 2572 Scan started 21:06:28.0830 2572 Mode: Manual; SigCheck; TDLFS; 21:06:28.0830 2572 ============================================================ 21:06:29.0126 2572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:06:29.0173 2572 1394ohci - ok 21:06:29.0204 2572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:06:29.0220 2572 ACPI - ok 21:06:29.0251 2572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:06:29.0251 2572 AcpiPmi - ok 21:06:29.0376 2572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:06:29.0391 2572 AdobeARMservice - ok 21:06:29.0422 2572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 21:06:29.0438 2572 adp94xx - ok 21:06:29.0485 2572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 21:06:29.0500 2572 adpahci - ok 21:06:29.0532 2572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 21:06:29.0547 2572 adpu320 - ok 21:06:29.0578 2572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:06:29.0610 2572 AeLookupSvc - ok 21:06:29.0672 2572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 21:06:29.0688 2572 AFD - ok 21:06:29.0734 2572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:06:29.0734 2572 agp440 - ok 21:06:29.0750 2572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:06:29.0766 2572 ALG - ok 21:06:29.0781 2572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:06:29.0797 2572 aliide - ok 21:06:29.0812 2572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:06:29.0828 2572 amdide - ok 21:06:29.0844 2572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 21:06:29.0859 2572 AmdK8 - ok 21:06:29.0875 2572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 21:06:29.0890 2572 AmdPPM - ok 21:06:29.0906 2572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:06:29.0922 2572 amdsata - ok 21:06:29.0953 2572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 21:06:29.0968 2572 amdsbs - ok 21:06:29.0968 2572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:06:29.0984 2572 amdxata - ok 21:06:30.0062 2572 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 21:06:30.0078 2572 AntiVirMailService - ok 21:06:30.0140 2572 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:06:30.0140 2572 AntiVirSchedulerService - ok 21:06:30.0156 2572 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:06:30.0171 2572 AntiVirService - ok 21:06:30.0187 2572 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 21:06:30.0202 2572 AntiVirWebService - ok 21:06:30.0234 2572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:06:30.0249 2572 AppID - ok 21:06:30.0265 2572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:06:30.0296 2572 AppIDSvc - ok 21:06:30.0296 2572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 21:06:30.0327 2572 Appinfo - ok 21:06:30.0358 2572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 21:06:30.0358 2572 arc - ok 21:06:30.0358 2572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 21:06:30.0374 2572 arcsas - ok 21:06:30.0405 2572 asmthub3 (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys 21:06:30.0421 2572 asmthub3 - ok 21:06:30.0452 2572 asmtxhci (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys 21:06:30.0468 2572 asmtxhci - ok 21:06:30.0483 2572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:06:30.0514 2572 AsyncMac - ok 21:06:30.0546 2572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:06:30.0561 2572 atapi - ok 21:06:30.0608 2572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:06:30.0639 2572 AudioEndpointBuilder - ok 21:06:30.0655 2572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:06:30.0670 2572 AudioSrv - ok 21:06:30.0717 2572 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 21:06:30.0717 2572 avgntflt - ok 21:06:30.0733 2572 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 21:06:30.0748 2572 avipbb - ok 21:06:30.0748 2572 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 21:06:30.0764 2572 avkmgr - ok 21:06:30.0826 2572 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 21:06:30.0842 2572 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 21:06:30.0842 2572 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 21:06:30.0858 2572 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 21:06:30.0858 2572 avmeject - ok 21:06:30.0904 2572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 21:06:30.0904 2572 AxInstSV - ok 21:06:30.0951 2572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 21:06:30.0967 2572 b06bdrv - ok 21:06:30.0998 2572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:06:31.0014 2572 b57nd60a - ok 21:06:31.0060 2572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:06:31.0076 2572 BDESVC - ok 21:06:31.0076 2572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:06:31.0123 2572 Beep - ok 21:06:31.0138 2572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 21:06:31.0170 2572 BFE - ok 21:06:31.0216 2572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 21:06:31.0248 2572 BITS - ok 21:06:31.0310 2572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 21:06:31.0326 2572 blbdrive - ok 21:06:31.0357 2572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:06:31.0372 2572 bowser - ok 21:06:31.0388 2572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 21:06:31.0404 2572 BrFiltLo - ok 21:06:31.0419 2572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 21:06:31.0435 2572 BrFiltUp - ok 21:06:31.0466 2572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 21:06:31.0513 2572 Browser - ok 21:06:31.0528 2572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:06:31.0544 2572 Brserid - ok 21:06:31.0560 2572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:06:31.0575 2572 BrSerWdm - ok 21:06:31.0591 2572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:06:31.0606 2572 BrUsbMdm - ok 21:06:31.0606 2572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:06:31.0622 2572 BrUsbSer - ok 21:06:31.0638 2572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 21:06:31.0638 2572 BTHMODEM - ok 21:06:31.0684 2572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:06:31.0700 2572 bthserv - ok 21:06:31.0731 2572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:06:31.0747 2572 cdfs - ok 21:06:31.0778 2572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 21:06:31.0794 2572 cdrom - ok 21:06:31.0809 2572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:06:31.0825 2572 CertPropSvc - ok 21:06:31.0840 2572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 21:06:31.0856 2572 circlass - ok 21:06:31.0887 2572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:06:31.0887 2572 CLFS - ok 21:06:31.0934 2572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:06:31.0950 2572 clr_optimization_v2.0.50727_32 - ok 21:06:31.0981 2572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:06:31.0981 2572 clr_optimization_v2.0.50727_64 - ok 21:06:32.0059 2572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:06:32.0074 2572 clr_optimization_v4.0.30319_32 - ok 21:06:32.0090 2572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:06:32.0106 2572 clr_optimization_v4.0.30319_64 - ok 21:06:32.0121 2572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 21:06:32.0121 2572 CmBatt - ok 21:06:32.0137 2572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:06:32.0152 2572 cmdide - ok 21:06:32.0199 2572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 21:06:32.0230 2572 CNG - ok 21:06:32.0262 2572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 21:06:32.0262 2572 Compbatt - ok 21:06:32.0308 2572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:06:32.0324 2572 CompositeBus - ok 21:06:32.0324 2572 COMSysApp - ok 21:06:32.0340 2572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 21:06:32.0355 2572 crcdisk - ok 21:06:32.0386 2572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 21:06:32.0402 2572 CryptSvc - ok 21:06:32.0449 2572 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys 21:06:32.0464 2572 dc3d - ok 21:06:32.0496 2572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:06:32.0527 2572 DcomLaunch - ok 21:06:32.0558 2572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:06:32.0589 2572 defragsvc - ok 21:06:32.0605 2572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:06:32.0636 2572 DfsC - ok 21:06:32.0652 2572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 21:06:32.0667 2572 Dhcp - ok 21:06:32.0698 2572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:06:32.0714 2572 discache - ok 21:06:32.0761 2572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 21:06:32.0776 2572 Disk - ok 21:06:32.0808 2572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 21:06:32.0823 2572 Dnscache - ok 21:06:32.0870 2572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 21:06:32.0901 2572 dot3svc - ok 21:06:32.0901 2572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 21:06:32.0917 2572 DPS - ok 21:06:32.0964 2572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:06:32.0964 2572 drmkaud - ok 21:06:33.0010 2572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:06:33.0042 2572 DXGKrnl - ok 21:06:33.0057 2572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:06:33.0088 2572 EapHost - ok 21:06:33.0182 2572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 21:06:33.0213 2572 ebdrv - ok 21:06:33.0307 2572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 21:06:33.0322 2572 EFS - ok 21:06:33.0385 2572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 21:06:33.0400 2572 ehRecvr - ok 21:06:33.0416 2572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:06:33.0432 2572 ehSched - ok 21:06:33.0494 2572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 21:06:33.0525 2572 elxstor - ok 21:06:33.0525 2572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:06:33.0541 2572 ErrDev - ok 21:06:33.0588 2572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:06:33.0619 2572 EventSystem - ok 21:06:33.0650 2572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:06:33.0666 2572 exfat - ok 21:06:33.0681 2572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:06:33.0697 2572 fastfat - ok 21:06:33.0728 2572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 21:06:33.0744 2572 Fax - ok 21:06:33.0775 2572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 21:06:33.0775 2572 fdc - ok 21:06:33.0775 2572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:06:33.0806 2572 fdPHost - ok 21:06:33.0822 2572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:06:33.0837 2572 FDResPub - ok 21:06:33.0868 2572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:06:33.0868 2572 FileInfo - ok 21:06:33.0884 2572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:06:33.0915 2572 Filetrace - ok 21:06:33.0993 2572 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 21:06:34.0009 2572 FLEXnet Licensing Service - ok 21:06:34.0040 2572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 21:06:34.0056 2572 flpydisk - ok 21:06:34.0087 2572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:06:34.0102 2572 FltMgr - ok 21:06:34.0165 2572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 21:06:34.0196 2572 FontCache - ok 21:06:34.0258 2572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:06:34.0274 2572 FontCache3.0.0.0 - ok 21:06:34.0305 2572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:06:34.0321 2572 FsDepends - ok 21:06:34.0352 2572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 21:06:34.0352 2572 Fs_Rec - ok 21:06:34.0383 2572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:06:34.0399 2572 fvevol - ok 21:06:34.0446 2572 fwlanusbn (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys 21:06:34.0461 2572 fwlanusbn - ok 21:06:34.0492 2572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 21:06:34.0508 2572 gagp30kx - ok 21:06:34.0555 2572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 21:06:34.0586 2572 gpsvc - ok 21:06:34.0617 2572 gupdate - ok 21:06:34.0617 2572 gupdatem - ok 21:06:34.0648 2572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:06:34.0664 2572 hcw85cir - ok 21:06:34.0711 2572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:06:34.0726 2572 HdAudAddService - ok 21:06:34.0773 2572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:06:34.0789 2572 HDAudBus - ok 21:06:34.0804 2572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 21:06:34.0820 2572 HidBatt - ok 21:06:34.0836 2572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 21:06:34.0851 2572 HidBth - ok 21:06:34.0882 2572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 21:06:34.0898 2572 HidIr - ok 21:06:34.0914 2572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 21:06:34.0929 2572 hidserv - ok 21:06:34.0976 2572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:06:34.0976 2572 HidUsb - ok 21:06:34.0992 2572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 21:06:35.0023 2572 hkmsvc - ok 21:06:35.0023 2572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 21:06:35.0038 2572 HomeGroupListener - ok 21:06:35.0054 2572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 21:06:35.0070 2572 HomeGroupProvider - ok 21:06:35.0070 2572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:06:35.0085 2572 HpSAMD - ok 21:06:35.0132 2572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:06:35.0179 2572 HTTP - ok 21:06:35.0179 2572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:06:35.0194 2572 hwpolicy - ok 21:06:35.0226 2572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:06:35.0241 2572 i8042prt - ok 21:06:35.0272 2572 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys 21:06:35.0304 2572 iaStor - ok 21:06:35.0366 2572 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:06:35.0382 2572 IAStorDataMgrSvc - ok 21:06:35.0413 2572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:06:35.0444 2572 iaStorV - ok 21:06:35.0522 2572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:06:35.0538 2572 idsvc - ok 21:06:35.0725 2572 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:06:35.0787 2572 igfx - ok 21:06:35.0896 2572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 21:06:35.0896 2572 iirsp - ok 21:06:35.0959 2572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 21:06:35.0990 2572 IKEEXT - ok 21:06:36.0130 2572 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys 21:06:36.0162 2572 IntcAzAudAddService - ok 21:06:36.0255 2572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:06:36.0271 2572 intelide - ok 21:06:36.0286 2572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:06:36.0302 2572 intelppm - ok 21:06:36.0318 2572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:06:36.0349 2572 IPBusEnum - ok 21:06:36.0364 2572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:06:36.0396 2572 IpFilterDriver - ok 21:06:36.0411 2572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 21:06:36.0442 2572 iphlpsvc - ok 21:06:36.0474 2572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:06:36.0474 2572 IPMIDRV - ok 21:06:36.0474 2572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:06:36.0505 2572 IPNAT - ok 21:06:36.0505 2572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:06:36.0520 2572 IRENUM - ok 21:06:36.0536 2572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:06:36.0552 2572 isapnp - ok 21:06:36.0567 2572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:06:36.0598 2572 iScsiPrt - ok 21:06:36.0614 2572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:06:36.0630 2572 kbdclass - ok 21:06:36.0645 2572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 21:06:36.0645 2572 kbdhid - ok 21:06:36.0676 2572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:36.0692 2572 KeyIso - ok 21:06:36.0723 2572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 21:06:36.0739 2572 KSecDD - ok 21:06:36.0754 2572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 21:06:36.0770 2572 KSecPkg - ok 21:06:36.0786 2572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:06:36.0817 2572 ksthunk - ok 21:06:36.0848 2572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:06:36.0864 2572 KtmRm - ok 21:06:36.0895 2572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 21:06:36.0926 2572 LanmanServer - ok 21:06:36.0942 2572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 21:06:36.0973 2572 LanmanWorkstation - ok 21:06:37.0004 2572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:06:37.0020 2572 lltdio - ok 21:06:37.0051 2572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:06:37.0082 2572 lltdsvc - ok 21:06:37.0082 2572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:06:37.0113 2572 lmhosts - ok 21:06:37.0191 2572 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:06:37.0207 2572 LMS - ok 21:06:37.0238 2572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 21:06:37.0254 2572 LSI_FC - ok 21:06:37.0285 2572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 21:06:37.0300 2572 LSI_SAS - ok 21:06:37.0332 2572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 21:06:37.0332 2572 LSI_SAS2 - ok 21:06:37.0363 2572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 21:06:37.0378 2572 LSI_SCSI - ok 21:06:37.0410 2572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:06:37.0456 2572 luafv - ok 21:06:37.0488 2572 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 21:06:37.0503 2572 MBAMProtector - ok 21:06:37.0550 2572 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 21:06:37.0566 2572 MBAMService - ok 21:06:37.0597 2572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 21:06:37.0612 2572 Mcx2Svc - ok 21:06:37.0628 2572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 21:06:37.0644 2572 megasas - ok 21:06:37.0675 2572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 21:06:37.0706 2572 MegaSR - ok 21:06:37.0722 2572 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys 21:06:37.0737 2572 MEIx64 - ok 21:06:37.0784 2572 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe 21:06:37.0800 2572 MemeoBackgroundService - ok 21:06:37.0815 2572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:06:37.0846 2572 MMCSS - ok 21:06:37.0862 2572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:06:37.0893 2572 Modem - ok 21:06:37.0909 2572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:06:37.0909 2572 monitor - ok 21:06:37.0940 2572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:06:37.0956 2572 mouclass - ok 21:06:37.0971 2572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:06:37.0987 2572 mouhid - ok 21:06:38.0018 2572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:06:38.0034 2572 mountmgr - ok 21:06:38.0049 2572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:06:38.0065 2572 mpio - ok 21:06:38.0065 2572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:06:38.0096 2572 mpsdrv - ok 21:06:38.0127 2572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 21:06:38.0158 2572 MpsSvc - ok 21:06:38.0190 2572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:06:38.0190 2572 MRxDAV - ok 21:06:38.0221 2572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:06:38.0236 2572 mrxsmb - ok 21:06:38.0252 2572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:06:38.0268 2572 mrxsmb10 - ok 21:06:38.0283 2572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:06:38.0283 2572 mrxsmb20 - ok 21:06:38.0299 2572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:06:38.0314 2572 msahci - ok 21:06:38.0330 2572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:06:38.0346 2572 msdsm - ok 21:06:38.0361 2572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:06:38.0377 2572 MSDTC - ok 21:06:38.0392 2572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:06:38.0408 2572 Msfs - ok 21:06:38.0439 2572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:06:38.0455 2572 mshidkmdf - ok 21:06:38.0470 2572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:06:38.0470 2572 msisadrv - ok 21:06:38.0486 2572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:06:38.0517 2572 MSiSCSI - ok 21:06:38.0517 2572 msiserver - ok 21:06:38.0548 2572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:06:38.0564 2572 MSKSSRV - ok 21:06:38.0580 2572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:06:38.0611 2572 MSPCLOCK - ok 21:06:38.0611 2572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:06:38.0626 2572 MSPQM - ok 21:06:38.0642 2572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:06:38.0658 2572 MsRPC - ok 21:06:38.0673 2572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:06:38.0673 2572 mssmbios - ok 21:06:38.0673 2572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:06:38.0704 2572 MSTEE - ok 21:06:38.0720 2572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 21:06:38.0720 2572 MTConfig - ok 21:06:38.0736 2572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:06:38.0751 2572 Mup - ok 21:06:38.0782 2572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 21:06:38.0798 2572 napagent - ok 21:06:38.0829 2572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:06:38.0845 2572 NativeWifiP - ok 21:06:38.0892 2572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:06:38.0923 2572 NDIS - ok 21:06:38.0923 2572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:06:38.0954 2572 NdisCap - ok 21:06:38.0970 2572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:06:38.0985 2572 NdisTapi - ok 21:06:39.0016 2572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:06:39.0032 2572 Ndisuio - ok 21:06:39.0063 2572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:06:39.0079 2572 NdisWan - ok 21:06:39.0094 2572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:06:39.0126 2572 NDProxy - ok 21:06:39.0126 2572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:06:39.0141 2572 NetBIOS - ok 21:06:39.0157 2572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:06:39.0172 2572 NetBT - ok 21:06:39.0219 2572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:39.0235 2572 Netlogon - ok 21:06:39.0266 2572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:06:39.0313 2572 Netman - ok 21:06:39.0328 2572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:06:39.0360 2572 netprofm - ok 21:06:39.0422 2572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:06:39.0438 2572 NetTcpPortSharing - ok 21:06:39.0453 2572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 21:06:39.0469 2572 nfrd960 - ok 21:06:39.0500 2572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 21:06:39.0531 2572 NlaSvc - ok 21:06:39.0547 2572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:06:39.0562 2572 Npfs - ok 21:06:39.0578 2572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:06:39.0594 2572 nsi - ok 21:06:39.0609 2572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:06:39.0625 2572 nsiproxy - ok 21:06:39.0703 2572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:06:39.0734 2572 Ntfs - ok 21:06:39.0828 2572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:06:39.0859 2572 Null - ok 21:06:39.0906 2572 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 21:06:39.0921 2572 NVENETFD - ok 21:06:39.0968 2572 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys 21:06:39.0984 2572 NVHDA - ok 21:06:40.0374 2572 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:06:40.0530 2572 nvlddmkm - ok 21:06:40.0623 2572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:06:40.0639 2572 nvraid - ok 21:06:40.0654 2572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:06:40.0670 2572 nvstor - ok 21:06:40.0717 2572 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe 21:06:40.0748 2572 nvsvc - ok 21:06:40.0842 2572 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 21:06:40.0873 2572 nvUpdatusService - ok 21:06:40.0966 2572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:06:40.0982 2572 nv_agp - ok 21:06:41.0076 2572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:06:41.0091 2572 odserv - ok 21:06:41.0122 2572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:06:41.0138 2572 ohci1394 - ok 21:06:41.0154 2572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:06:41.0169 2572 ose - ok 21:06:41.0200 2572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:06:41.0216 2572 p2pimsvc - ok 21:06:41.0232 2572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:06:41.0247 2572 p2psvc - ok 21:06:41.0278 2572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 21:06:41.0278 2572 Parport - ok 21:06:41.0310 2572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 21:06:41.0310 2572 partmgr - ok 21:06:41.0325 2572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:06:41.0341 2572 PcaSvc - ok 21:06:41.0356 2572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:06:41.0356 2572 pci - ok 21:06:41.0372 2572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:06:41.0388 2572 pciide - ok 21:06:41.0419 2572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 21:06:41.0419 2572 pcmcia - ok 21:06:41.0434 2572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:06:41.0450 2572 pcw - ok 21:06:41.0481 2572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:06:41.0512 2572 PEAUTH - ok 21:06:41.0575 2572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:06:41.0590 2572 PerfHost - ok 21:06:41.0637 2572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 21:06:41.0684 2572 pla - ok 21:06:41.0731 2572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 21:06:41.0746 2572 PlugPlay - ok 21:06:41.0778 2572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:06:41.0793 2572 PNRPAutoReg - ok 21:06:41.0809 2572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:06:41.0824 2572 PNRPsvc - ok 21:06:41.0871 2572 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys 21:06:41.0887 2572 Point64 - ok 21:06:41.0918 2572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 21:06:41.0965 2572 PolicyAgent - ok 21:06:41.0996 2572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:06:42.0012 2572 Power - ok 21:06:42.0043 2572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:06:42.0074 2572 PptpMiniport - ok 21:06:42.0090 2572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 21:06:42.0105 2572 Processor - ok 21:06:42.0136 2572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 21:06:42.0152 2572 ProfSvc - ok 21:06:42.0168 2572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:42.0183 2572 ProtectedStorage - ok 21:06:42.0214 2572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:06:42.0230 2572 Psched - ok 21:06:42.0292 2572 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 21:06:42.0308 2572 PSI_SVC_2 - ok 21:06:42.0386 2572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 21:06:42.0417 2572 ql2300 - ok 21:06:42.0480 2572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 21:06:42.0495 2572 ql40xx - ok 21:06:42.0511 2572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:06:42.0542 2572 QWAVE - ok 21:06:42.0558 2572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:06:42.0573 2572 QWAVEdrv - ok 21:06:42.0573 2572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:06:42.0604 2572 RasAcd - ok 21:06:42.0620 2572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:06:42.0636 2572 RasAgileVpn - ok 21:06:42.0651 2572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:06:42.0682 2572 RasAuto - ok 21:06:42.0682 2572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:06:42.0714 2572 Rasl2tp - ok 21:06:42.0729 2572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 21:06:42.0760 2572 RasMan - ok 21:06:42.0760 2572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:06:42.0776 2572 RasPppoe - ok 21:06:42.0792 2572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:06:42.0823 2572 RasSstp - ok 21:06:42.0838 2572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:06:42.0854 2572 rdbss - ok 21:06:42.0885 2572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 21:06:42.0885 2572 rdpbus - ok 21:06:42.0901 2572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:06:42.0916 2572 RDPCDD - ok 21:06:42.0932 2572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:06:42.0948 2572 RDPENCDD - ok 21:06:42.0963 2572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:06:42.0994 2572 RDPREFMP - ok 21:06:43.0026 2572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 21:06:43.0041 2572 RDPWD - ok 21:06:43.0088 2572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:06:43.0104 2572 rdyboost - ok 21:06:43.0119 2572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:06:43.0150 2572 RemoteAccess - ok 21:06:43.0166 2572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:06:43.0197 2572 RemoteRegistry - ok 21:06:43.0197 2572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:06:43.0213 2572 RpcEptMapper - ok 21:06:43.0228 2572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:06:43.0228 2572 RpcLocator - ok 21:06:43.0244 2572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:06:43.0275 2572 RpcSs - ok 21:06:43.0291 2572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:06:43.0306 2572 rspndr - ok 21:06:43.0369 2572 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:06:43.0384 2572 RTL8167 - ok 21:06:43.0447 2572 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys 21:06:43.0478 2572 RTL8192su - ok 21:06:43.0478 2572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:43.0494 2572 SamSs - ok 21:06:43.0509 2572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:06:43.0525 2572 sbp2port - ok 21:06:43.0540 2572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:06:43.0556 2572 SCardSvr - ok 21:06:43.0587 2572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:06:43.0603 2572 scfilter - ok 21:06:43.0634 2572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 21:06:43.0665 2572 Schedule - ok 21:06:43.0681 2572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:06:43.0712 2572 SCPolicySvc - ok 21:06:43.0728 2572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 21:06:43.0728 2572 SDRSVC - ok 21:06:43.0774 2572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:06:43.0790 2572 secdrv - ok 21:06:43.0821 2572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 21:06:43.0837 2572 seclogon - ok 21:06:43.0852 2572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 21:06:43.0868 2572 SENS - ok 21:06:43.0884 2572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:06:43.0899 2572 SensrSvc - ok 21:06:43.0915 2572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 21:06:43.0930 2572 Serenum - ok 21:06:43.0946 2572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 21:06:43.0946 2572 Serial - ok 21:06:43.0962 2572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 21:06:43.0962 2572 sermouse - ok 21:06:43.0993 2572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 21:06:44.0008 2572 SessionEnv - ok 21:06:44.0024 2572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:06:44.0040 2572 sffdisk - ok 21:06:44.0055 2572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:06:44.0055 2572 sffp_mmc - ok 21:06:44.0071 2572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:06:44.0071 2572 sffp_sd - ok 21:06:44.0118 2572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 21:06:44.0118 2572 sfloppy - ok 21:06:44.0149 2572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:06:44.0180 2572 SharedAccess - ok 21:06:44.0211 2572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 21:06:44.0258 2572 ShellHWDetection - ok 21:06:44.0274 2572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 21:06:44.0289 2572 SiSRaid2 - ok 21:06:44.0289 2572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 21:06:44.0305 2572 SiSRaid4 - ok 21:06:44.0336 2572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:06:44.0383 2572 Smb - ok 21:06:44.0414 2572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:06:44.0414 2572 SNMPTRAP - ok 21:06:44.0430 2572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:06:44.0430 2572 spldr - ok 21:06:44.0461 2572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 21:06:44.0492 2572 Spooler - ok 21:06:44.0601 2572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 21:06:44.0648 2572 sppsvc - ok 21:06:44.0710 2572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:06:44.0742 2572 sppuinotify - ok 21:06:44.0804 2572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:06:44.0835 2572 srv - ok 21:06:44.0851 2572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:06:44.0851 2572 srv2 - ok 21:06:44.0882 2572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:06:44.0882 2572 srvnet - ok 21:06:44.0929 2572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:06:44.0960 2572 SSDPSRV - ok 21:06:44.0960 2572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:06:44.0991 2572 SstpSvc - ok 21:06:45.0069 2572 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 21:06:45.0085 2572 Stereo Service - ok 21:06:45.0116 2572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 21:06:45.0116 2572 stexstor - ok 21:06:45.0163 2572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 21:06:45.0194 2572 stisvc - ok 21:06:45.0210 2572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:06:45.0210 2572 swenum - ok 21:06:45.0256 2572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:06:45.0303 2572 swprv - ok 21:06:45.0366 2572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 21:06:45.0397 2572 SysMain - ok 21:06:45.0459 2572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 21:06:45.0490 2572 TabletInputService - ok 21:06:45.0490 2572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 21:06:45.0522 2572 TapiSrv - ok 21:06:45.0522 2572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:06:45.0553 2572 TBS - ok 21:06:45.0662 2572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 21:06:45.0693 2572 Tcpip - ok 21:06:45.0771 2572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 21:06:45.0802 2572 TCPIP6 - ok 21:06:45.0834 2572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:06:45.0849 2572 tcpipreg - ok 21:06:45.0865 2572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:06:45.0880 2572 TDPIPE - ok 21:06:45.0896 2572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 21:06:45.0896 2572 TDTCP - ok 21:06:45.0927 2572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:06:45.0943 2572 tdx - ok 21:06:45.0974 2572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:06:45.0974 2572 TermDD - ok 21:06:46.0005 2572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 21:06:46.0036 2572 TermService - ok 21:06:46.0036 2572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:06:46.0052 2572 Themes - ok 21:06:46.0068 2572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:06:46.0083 2572 THREADORDER - ok 21:06:46.0099 2572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:06:46.0114 2572 TrkWks - ok 21:06:46.0161 2572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 21:06:46.0208 2572 TrustedInstaller - ok 21:06:46.0224 2572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:06:46.0270 2572 tssecsrv - ok 21:06:46.0286 2572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:06:46.0286 2572 TsUsbFlt - ok 21:06:46.0317 2572 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 21:06:46.0317 2572 TsUsbGD - ok 21:06:46.0333 2572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:06:46.0364 2572 tunnel - ok 21:06:46.0380 2572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 21:06:46.0395 2572 uagp35 - ok 21:06:46.0411 2572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:06:46.0426 2572 udfs - ok 21:06:46.0442 2572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:06:46.0458 2572 UI0Detect - ok 21:06:46.0489 2572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:06:46.0504 2572 uliagpkx - ok 21:06:46.0520 2572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 21:06:46.0536 2572 umbus - ok 21:06:46.0551 2572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 21:06:46.0551 2572 UmPass - ok 21:06:46.0692 2572 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:06:46.0723 2572 UNS - ok 21:06:46.0816 2572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:06:46.0848 2572 upnphost - ok 21:06:46.0879 2572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:06:46.0894 2572 usbccgp - ok 21:06:46.0926 2572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:06:46.0941 2572 usbcir - ok 21:06:46.0941 2572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 21:06:46.0957 2572 usbehci - ok 21:06:46.0972 2572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:06:46.0988 2572 usbhub - ok 21:06:47.0004 2572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:06:47.0019 2572 usbohci - ok 21:06:47.0035 2572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:06:47.0050 2572 usbprint - ok 21:06:47.0082 2572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 21:06:47.0082 2572 usbscan - ok 21:06:47.0113 2572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:06:47.0113 2572 USBSTOR - ok 21:06:47.0144 2572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:06:47.0144 2572 usbuhci - ok 21:06:47.0175 2572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:06:47.0191 2572 UxSms - ok 21:06:47.0238 2572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:47.0238 2572 VaultSvc - ok 21:06:47.0269 2572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:06:47.0269 2572 vdrvroot - ok 21:06:47.0300 2572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 21:06:47.0331 2572 vds - ok 21:06:47.0362 2572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:06:47.0378 2572 vga - ok 21:06:47.0394 2572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:06:47.0425 2572 VgaSave - ok 21:06:47.0456 2572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:06:47.0456 2572 vhdmp - ok 21:06:47.0487 2572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:06:47.0503 2572 viaide - ok 21:06:47.0518 2572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:06:47.0518 2572 volmgr - ok 21:06:47.0550 2572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:06:47.0565 2572 volmgrx - ok 21:06:47.0596 2572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:06:47.0612 2572 volsnap - ok 21:06:47.0628 2572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 21:06:47.0643 2572 vsmraid - ok 21:06:47.0706 2572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 21:06:47.0752 2572 VSS - ok 21:06:47.0846 2572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:06:47.0862 2572 vwifibus - ok 21:06:47.0877 2572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:06:47.0893 2572 vwififlt - ok 21:06:47.0924 2572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:06:47.0955 2572 W32Time - ok 21:06:47.0971 2572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 21:06:47.0986 2572 WacomPen - ok 21:06:48.0018 2572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:06:48.0049 2572 WANARP - ok 21:06:48.0049 2572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:06:48.0080 2572 Wanarpv6 - ok 21:06:48.0158 2572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:06:48.0189 2572 WatAdminSvc - ok 21:06:48.0252 2572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 21:06:48.0267 2572 wbengine - ok 21:06:48.0345 2572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:06:48.0361 2572 WbioSrvc - ok 21:06:48.0376 2572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 21:06:48.0392 2572 wcncsvc - ok 21:06:48.0408 2572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:06:48.0408 2572 WcsPlugInService - ok 21:06:48.0454 2572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 21:06:48.0470 2572 Wd - ok 21:06:48.0517 2572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:06:48.0532 2572 Wdf01000 - ok 21:06:48.0548 2572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:06:48.0548 2572 WdiServiceHost - ok 21:06:48.0548 2572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:06:48.0564 2572 WdiSystemHost - ok 21:06:48.0595 2572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 21:06:48.0610 2572 WebClient - ok 21:06:48.0610 2572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:06:48.0642 2572 Wecsvc - ok 21:06:48.0642 2572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:06:48.0657 2572 wercplsupport - ok 21:06:48.0673 2572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:06:48.0704 2572 WerSvc - ok 21:06:48.0735 2572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:06:48.0782 2572 WfpLwf - ok 21:06:48.0782 2572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:06:48.0798 2572 WIMMount - ok 21:06:48.0829 2572 WinDefend - ok 21:06:48.0829 2572 WinHttpAutoProxySvc - ok 21:06:48.0876 2572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:06:48.0907 2572 Winmgmt - ok 21:06:48.0985 2572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 21:06:49.0016 2572 WinRM - ok 21:06:49.0125 2572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:06:49.0156 2572 Wlansvc - ok 21:06:49.0281 2572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:06:49.0312 2572 wlidsvc - ok 21:06:49.0422 2572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:06:49.0437 2572 WmiAcpi - ok 21:06:49.0484 2572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:06:49.0500 2572 wmiApSrv - ok 21:06:49.0515 2572 WMPNetworkSvc - ok 21:06:49.0546 2572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:06:49.0562 2572 WPCSvc - ok 21:06:49.0578 2572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 21:06:49.0593 2572 WPDBusEnum - ok 21:06:49.0609 2572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:06:49.0640 2572 ws2ifsl - ok 21:06:49.0656 2572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 21:06:49.0671 2572 wscsvc - ok 21:06:49.0671 2572 WSearch - ok 21:06:49.0687 2572 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys 21:06:49.0702 2572 wsvd - ok 21:06:49.0796 2572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 21:06:49.0827 2572 wuauserv - ok 21:06:49.0921 2572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:06:49.0968 2572 WudfPf - ok 21:06:49.0983 2572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:06:49.0999 2572 WUDFRd - ok 21:06:50.0014 2572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 21:06:50.0046 2572 wudfsvc - ok 21:06:50.0046 2572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:06:50.0061 2572 WwanSvc - ok 21:06:50.0077 2572 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0 21:06:51.0886 2572 \Device\Harddisk0\DR0 - ok 21:06:51.0886 2572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4 21:06:51.0949 2572 \Device\Harddisk4\DR4 - ok 21:06:51.0980 2572 Boot (0x1200) (0fde04d6cc1f6e4f54c2f20a73cf1e33) \Device\Harddisk0\DR0\Partition0 21:06:51.0980 2572 \Device\Harddisk0\DR0\Partition0 - ok 21:06:51.0996 2572 Boot (0x1200) (5bbaa6b6ff12245822fc9b92c2195a83) \Device\Harddisk0\DR0\Partition1 21:06:51.0996 2572 \Device\Harddisk0\DR0\Partition1 - ok 21:06:52.0027 2572 Boot (0x1200) (05b3e66d96f35d87bf620ed76b6d70d4) \Device\Harddisk0\DR0\Partition2 21:06:52.0027 2572 \Device\Harddisk0\DR0\Partition2 - ok 21:06:52.0027 2572 Boot (0x1200) (7df5c5e9f9bfd98ef4245e6cf5d598ca) \Device\Harddisk4\DR4\Partition0 21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition0 - ok 21:06:52.0042 2572 Boot (0x1200) (3984f4922ac71dfe2a1ff7bf23177306) \Device\Harddisk4\DR4\Partition1 21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition1 - ok 21:06:52.0042 2572 ============================================================ 21:06:52.0042 2572 Scan finished 21:06:52.0042 2572 ============================================================ 21:06:52.0058 3736 Detected object count: 1 21:06:52.0058 3736 Actual detected object count: 1 |
11.08.2012, 21:48 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Log ist leider unvollständig, die untere Zusammenfassung fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
11.08.2012, 22:37 | #21 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? entschuldige... jetzt komplett: Code:
ATTFilter 21:06:17.0286 4052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 21:06:17.0551 4052 ============================================================ 21:06:17.0551 4052 Current date / time: 2012/08/11 21:06:17.0551 21:06:17.0551 4052 SystemInfo: 21:06:17.0551 4052 21:06:17.0551 4052 OS Version: 6.1.7601 ServicePack: 1.0 21:06:17.0551 4052 Product type: Workstation 21:06:17.0551 4052 ComputerName: GW-PC 21:06:17.0551 4052 UserName: GW 21:06:17.0551 4052 Windows directory: C:\Windows 21:06:17.0551 4052 System windows directory: C:\Windows 21:06:17.0551 4052 Running under WOW64 21:06:17.0551 4052 Processor architecture: Intel x64 21:06:17.0551 4052 Number of processors: 4 21:06:17.0551 4052 Page size: 0x1000 21:06:17.0551 4052 Boot type: Normal boot 21:06:17.0551 4052 ============================================================ 21:06:17.0847 4052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:06:17.0863 4052 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:06:17.0910 4052 ============================================================ 21:06:17.0910 4052 \Device\Harddisk0\DR0: 21:06:17.0910 4052 MBR partitions: 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3000 21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6E105800, BlocksNum 0x6400000 21:06:17.0910 4052 \Device\Harddisk4\DR4: 21:06:17.0910 4052 MBR partitions: 21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A80000 21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x87387000 21:06:17.0910 4052 ============================================================ 21:06:18.0003 4052 C: <-> \Device\Harddisk0\DR0\Partition1 21:06:18.0066 4052 D: <-> \Device\Harddisk0\DR0\Partition2 21:06:18.0112 4052 I: <-> \Device\Harddisk4\DR4\Partition1 21:06:18.0144 4052 J: <-> \Device\Harddisk4\DR4\Partition0 21:06:18.0144 4052 ============================================================ 21:06:18.0144 4052 Initialize success 21:06:18.0144 4052 ============================================================ 21:06:28.0830 2572 ============================================================ 21:06:28.0830 2572 Scan started 21:06:28.0830 2572 Mode: Manual; SigCheck; TDLFS; 21:06:28.0830 2572 ============================================================ 21:06:29.0126 2572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:06:29.0173 2572 1394ohci - ok 21:06:29.0204 2572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:06:29.0220 2572 ACPI - ok 21:06:29.0251 2572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:06:29.0251 2572 AcpiPmi - ok 21:06:29.0376 2572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:06:29.0391 2572 AdobeARMservice - ok 21:06:29.0422 2572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 21:06:29.0438 2572 adp94xx - ok 21:06:29.0485 2572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 21:06:29.0500 2572 adpahci - ok 21:06:29.0532 2572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 21:06:29.0547 2572 adpu320 - ok 21:06:29.0578 2572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:06:29.0610 2572 AeLookupSvc - ok 21:06:29.0672 2572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 21:06:29.0688 2572 AFD - ok 21:06:29.0734 2572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:06:29.0734 2572 agp440 - ok 21:06:29.0750 2572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:06:29.0766 2572 ALG - ok 21:06:29.0781 2572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:06:29.0797 2572 aliide - ok 21:06:29.0812 2572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:06:29.0828 2572 amdide - ok 21:06:29.0844 2572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 21:06:29.0859 2572 AmdK8 - ok 21:06:29.0875 2572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 21:06:29.0890 2572 AmdPPM - ok 21:06:29.0906 2572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:06:29.0922 2572 amdsata - ok 21:06:29.0953 2572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 21:06:29.0968 2572 amdsbs - ok 21:06:29.0968 2572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:06:29.0984 2572 amdxata - ok 21:06:30.0062 2572 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 21:06:30.0078 2572 AntiVirMailService - ok 21:06:30.0140 2572 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:06:30.0140 2572 AntiVirSchedulerService - ok 21:06:30.0156 2572 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:06:30.0171 2572 AntiVirService - ok 21:06:30.0187 2572 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 21:06:30.0202 2572 AntiVirWebService - ok 21:06:30.0234 2572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:06:30.0249 2572 AppID - ok 21:06:30.0265 2572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:06:30.0296 2572 AppIDSvc - ok 21:06:30.0296 2572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 21:06:30.0327 2572 Appinfo - ok 21:06:30.0358 2572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 21:06:30.0358 2572 arc - ok 21:06:30.0358 2572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 21:06:30.0374 2572 arcsas - ok 21:06:30.0405 2572 asmthub3 (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys 21:06:30.0421 2572 asmthub3 - ok 21:06:30.0452 2572 asmtxhci (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys 21:06:30.0468 2572 asmtxhci - ok 21:06:30.0483 2572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:06:30.0514 2572 AsyncMac - ok 21:06:30.0546 2572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:06:30.0561 2572 atapi - ok 21:06:30.0608 2572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:06:30.0639 2572 AudioEndpointBuilder - ok 21:06:30.0655 2572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:06:30.0670 2572 AudioSrv - ok 21:06:30.0717 2572 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 21:06:30.0717 2572 avgntflt - ok 21:06:30.0733 2572 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 21:06:30.0748 2572 avipbb - ok 21:06:30.0748 2572 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 21:06:30.0764 2572 avkmgr - ok 21:06:30.0826 2572 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 21:06:30.0842 2572 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 21:06:30.0842 2572 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 21:06:30.0858 2572 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 21:06:30.0858 2572 avmeject - ok 21:06:30.0904 2572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 21:06:30.0904 2572 AxInstSV - ok 21:06:30.0951 2572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 21:06:30.0967 2572 b06bdrv - ok 21:06:30.0998 2572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:06:31.0014 2572 b57nd60a - ok 21:06:31.0060 2572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:06:31.0076 2572 BDESVC - ok 21:06:31.0076 2572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:06:31.0123 2572 Beep - ok 21:06:31.0138 2572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 21:06:31.0170 2572 BFE - ok 21:06:31.0216 2572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 21:06:31.0248 2572 BITS - ok 21:06:31.0310 2572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 21:06:31.0326 2572 blbdrive - ok 21:06:31.0357 2572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:06:31.0372 2572 bowser - ok 21:06:31.0388 2572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 21:06:31.0404 2572 BrFiltLo - ok 21:06:31.0419 2572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 21:06:31.0435 2572 BrFiltUp - ok 21:06:31.0466 2572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 21:06:31.0513 2572 Browser - ok 21:06:31.0528 2572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:06:31.0544 2572 Brserid - ok 21:06:31.0560 2572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:06:31.0575 2572 BrSerWdm - ok 21:06:31.0591 2572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:06:31.0606 2572 BrUsbMdm - ok 21:06:31.0606 2572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:06:31.0622 2572 BrUsbSer - ok 21:06:31.0638 2572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 21:06:31.0638 2572 BTHMODEM - ok 21:06:31.0684 2572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:06:31.0700 2572 bthserv - ok 21:06:31.0731 2572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:06:31.0747 2572 cdfs - ok 21:06:31.0778 2572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 21:06:31.0794 2572 cdrom - ok 21:06:31.0809 2572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:06:31.0825 2572 CertPropSvc - ok 21:06:31.0840 2572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 21:06:31.0856 2572 circlass - ok 21:06:31.0887 2572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:06:31.0887 2572 CLFS - ok 21:06:31.0934 2572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:06:31.0950 2572 clr_optimization_v2.0.50727_32 - ok 21:06:31.0981 2572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:06:31.0981 2572 clr_optimization_v2.0.50727_64 - ok 21:06:32.0059 2572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:06:32.0074 2572 clr_optimization_v4.0.30319_32 - ok 21:06:32.0090 2572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:06:32.0106 2572 clr_optimization_v4.0.30319_64 - ok 21:06:32.0121 2572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 21:06:32.0121 2572 CmBatt - ok 21:06:32.0137 2572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:06:32.0152 2572 cmdide - ok 21:06:32.0199 2572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 21:06:32.0230 2572 CNG - ok 21:06:32.0262 2572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 21:06:32.0262 2572 Compbatt - ok 21:06:32.0308 2572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:06:32.0324 2572 CompositeBus - ok 21:06:32.0324 2572 COMSysApp - ok 21:06:32.0340 2572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 21:06:32.0355 2572 crcdisk - ok 21:06:32.0386 2572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 21:06:32.0402 2572 CryptSvc - ok 21:06:32.0449 2572 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys 21:06:32.0464 2572 dc3d - ok 21:06:32.0496 2572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:06:32.0527 2572 DcomLaunch - ok 21:06:32.0558 2572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:06:32.0589 2572 defragsvc - ok 21:06:32.0605 2572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:06:32.0636 2572 DfsC - ok 21:06:32.0652 2572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 21:06:32.0667 2572 Dhcp - ok 21:06:32.0698 2572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:06:32.0714 2572 discache - ok 21:06:32.0761 2572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 21:06:32.0776 2572 Disk - ok 21:06:32.0808 2572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 21:06:32.0823 2572 Dnscache - ok 21:06:32.0870 2572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 21:06:32.0901 2572 dot3svc - ok 21:06:32.0901 2572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 21:06:32.0917 2572 DPS - ok 21:06:32.0964 2572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:06:32.0964 2572 drmkaud - ok 21:06:33.0010 2572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:06:33.0042 2572 DXGKrnl - ok 21:06:33.0057 2572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:06:33.0088 2572 EapHost - ok 21:06:33.0182 2572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 21:06:33.0213 2572 ebdrv - ok 21:06:33.0307 2572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 21:06:33.0322 2572 EFS - ok 21:06:33.0385 2572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 21:06:33.0400 2572 ehRecvr - ok 21:06:33.0416 2572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:06:33.0432 2572 ehSched - ok 21:06:33.0494 2572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 21:06:33.0525 2572 elxstor - ok 21:06:33.0525 2572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:06:33.0541 2572 ErrDev - ok 21:06:33.0588 2572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:06:33.0619 2572 EventSystem - ok 21:06:33.0650 2572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:06:33.0666 2572 exfat - ok 21:06:33.0681 2572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:06:33.0697 2572 fastfat - ok 21:06:33.0728 2572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 21:06:33.0744 2572 Fax - ok 21:06:33.0775 2572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 21:06:33.0775 2572 fdc - ok 21:06:33.0775 2572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:06:33.0806 2572 fdPHost - ok 21:06:33.0822 2572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:06:33.0837 2572 FDResPub - ok 21:06:33.0868 2572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:06:33.0868 2572 FileInfo - ok 21:06:33.0884 2572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:06:33.0915 2572 Filetrace - ok 21:06:33.0993 2572 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 21:06:34.0009 2572 FLEXnet Licensing Service - ok 21:06:34.0040 2572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 21:06:34.0056 2572 flpydisk - ok 21:06:34.0087 2572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:06:34.0102 2572 FltMgr - ok 21:06:34.0165 2572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 21:06:34.0196 2572 FontCache - ok 21:06:34.0258 2572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:06:34.0274 2572 FontCache3.0.0.0 - ok 21:06:34.0305 2572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:06:34.0321 2572 FsDepends - ok 21:06:34.0352 2572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 21:06:34.0352 2572 Fs_Rec - ok 21:06:34.0383 2572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:06:34.0399 2572 fvevol - ok 21:06:34.0446 2572 fwlanusbn (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys 21:06:34.0461 2572 fwlanusbn - ok 21:06:34.0492 2572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 21:06:34.0508 2572 gagp30kx - ok 21:06:34.0555 2572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 21:06:34.0586 2572 gpsvc - ok 21:06:34.0617 2572 gupdate - ok 21:06:34.0617 2572 gupdatem - ok 21:06:34.0648 2572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:06:34.0664 2572 hcw85cir - ok 21:06:34.0711 2572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:06:34.0726 2572 HdAudAddService - ok 21:06:34.0773 2572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:06:34.0789 2572 HDAudBus - ok 21:06:34.0804 2572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 21:06:34.0820 2572 HidBatt - ok 21:06:34.0836 2572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 21:06:34.0851 2572 HidBth - ok 21:06:34.0882 2572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 21:06:34.0898 2572 HidIr - ok 21:06:34.0914 2572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 21:06:34.0929 2572 hidserv - ok 21:06:34.0976 2572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:06:34.0976 2572 HidUsb - ok 21:06:34.0992 2572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 21:06:35.0023 2572 hkmsvc - ok 21:06:35.0023 2572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 21:06:35.0038 2572 HomeGroupListener - ok 21:06:35.0054 2572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 21:06:35.0070 2572 HomeGroupProvider - ok 21:06:35.0070 2572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:06:35.0085 2572 HpSAMD - ok 21:06:35.0132 2572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:06:35.0179 2572 HTTP - ok 21:06:35.0179 2572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:06:35.0194 2572 hwpolicy - ok 21:06:35.0226 2572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:06:35.0241 2572 i8042prt - ok 21:06:35.0272 2572 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys 21:06:35.0304 2572 iaStor - ok 21:06:35.0366 2572 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:06:35.0382 2572 IAStorDataMgrSvc - ok 21:06:35.0413 2572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:06:35.0444 2572 iaStorV - ok 21:06:35.0522 2572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:06:35.0538 2572 idsvc - ok 21:06:35.0725 2572 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:06:35.0787 2572 igfx - ok 21:06:35.0896 2572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 21:06:35.0896 2572 iirsp - ok 21:06:35.0959 2572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 21:06:35.0990 2572 IKEEXT - ok 21:06:36.0130 2572 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys 21:06:36.0162 2572 IntcAzAudAddService - ok 21:06:36.0255 2572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:06:36.0271 2572 intelide - ok 21:06:36.0286 2572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:06:36.0302 2572 intelppm - ok 21:06:36.0318 2572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:06:36.0349 2572 IPBusEnum - ok 21:06:36.0364 2572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:06:36.0396 2572 IpFilterDriver - ok 21:06:36.0411 2572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 21:06:36.0442 2572 iphlpsvc - ok 21:06:36.0474 2572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:06:36.0474 2572 IPMIDRV - ok 21:06:36.0474 2572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:06:36.0505 2572 IPNAT - ok 21:06:36.0505 2572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:06:36.0520 2572 IRENUM - ok 21:06:36.0536 2572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:06:36.0552 2572 isapnp - ok 21:06:36.0567 2572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:06:36.0598 2572 iScsiPrt - ok 21:06:36.0614 2572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:06:36.0630 2572 kbdclass - ok 21:06:36.0645 2572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 21:06:36.0645 2572 kbdhid - ok 21:06:36.0676 2572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:36.0692 2572 KeyIso - ok 21:06:36.0723 2572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 21:06:36.0739 2572 KSecDD - ok 21:06:36.0754 2572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 21:06:36.0770 2572 KSecPkg - ok 21:06:36.0786 2572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:06:36.0817 2572 ksthunk - ok 21:06:36.0848 2572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:06:36.0864 2572 KtmRm - ok 21:06:36.0895 2572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 21:06:36.0926 2572 LanmanServer - ok 21:06:36.0942 2572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 21:06:36.0973 2572 LanmanWorkstation - ok 21:06:37.0004 2572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:06:37.0020 2572 lltdio - ok 21:06:37.0051 2572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:06:37.0082 2572 lltdsvc - ok 21:06:37.0082 2572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:06:37.0113 2572 lmhosts - ok 21:06:37.0191 2572 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:06:37.0207 2572 LMS - ok 21:06:37.0238 2572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 21:06:37.0254 2572 LSI_FC - ok 21:06:37.0285 2572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 21:06:37.0300 2572 LSI_SAS - ok 21:06:37.0332 2572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 21:06:37.0332 2572 LSI_SAS2 - ok 21:06:37.0363 2572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 21:06:37.0378 2572 LSI_SCSI - ok 21:06:37.0410 2572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:06:37.0456 2572 luafv - ok 21:06:37.0488 2572 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 21:06:37.0503 2572 MBAMProtector - ok 21:06:37.0550 2572 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 21:06:37.0566 2572 MBAMService - ok 21:06:37.0597 2572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 21:06:37.0612 2572 Mcx2Svc - ok 21:06:37.0628 2572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 21:06:37.0644 2572 megasas - ok 21:06:37.0675 2572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 21:06:37.0706 2572 MegaSR - ok 21:06:37.0722 2572 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys 21:06:37.0737 2572 MEIx64 - ok 21:06:37.0784 2572 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe 21:06:37.0800 2572 MemeoBackgroundService - ok 21:06:37.0815 2572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:06:37.0846 2572 MMCSS - ok 21:06:37.0862 2572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:06:37.0893 2572 Modem - ok 21:06:37.0909 2572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:06:37.0909 2572 monitor - ok 21:06:37.0940 2572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:06:37.0956 2572 mouclass - ok 21:06:37.0971 2572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:06:37.0987 2572 mouhid - ok 21:06:38.0018 2572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:06:38.0034 2572 mountmgr - ok 21:06:38.0049 2572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:06:38.0065 2572 mpio - ok 21:06:38.0065 2572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:06:38.0096 2572 mpsdrv - ok 21:06:38.0127 2572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 21:06:38.0158 2572 MpsSvc - ok 21:06:38.0190 2572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:06:38.0190 2572 MRxDAV - ok 21:06:38.0221 2572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:06:38.0236 2572 mrxsmb - ok 21:06:38.0252 2572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:06:38.0268 2572 mrxsmb10 - ok 21:06:38.0283 2572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:06:38.0283 2572 mrxsmb20 - ok 21:06:38.0299 2572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:06:38.0314 2572 msahci - ok 21:06:38.0330 2572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:06:38.0346 2572 msdsm - ok 21:06:38.0361 2572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:06:38.0377 2572 MSDTC - ok 21:06:38.0392 2572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:06:38.0408 2572 Msfs - ok 21:06:38.0439 2572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:06:38.0455 2572 mshidkmdf - ok 21:06:38.0470 2572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:06:38.0470 2572 msisadrv - ok 21:06:38.0486 2572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:06:38.0517 2572 MSiSCSI - ok 21:06:38.0517 2572 msiserver - ok 21:06:38.0548 2572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:06:38.0564 2572 MSKSSRV - ok 21:06:38.0580 2572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:06:38.0611 2572 MSPCLOCK - ok 21:06:38.0611 2572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:06:38.0626 2572 MSPQM - ok 21:06:38.0642 2572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:06:38.0658 2572 MsRPC - ok 21:06:38.0673 2572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:06:38.0673 2572 mssmbios - ok 21:06:38.0673 2572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:06:38.0704 2572 MSTEE - ok 21:06:38.0720 2572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 21:06:38.0720 2572 MTConfig - ok 21:06:38.0736 2572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:06:38.0751 2572 Mup - ok 21:06:38.0782 2572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 21:06:38.0798 2572 napagent - ok 21:06:38.0829 2572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:06:38.0845 2572 NativeWifiP - ok 21:06:38.0892 2572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:06:38.0923 2572 NDIS - ok 21:06:38.0923 2572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:06:38.0954 2572 NdisCap - ok 21:06:38.0970 2572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:06:38.0985 2572 NdisTapi - ok 21:06:39.0016 2572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:06:39.0032 2572 Ndisuio - ok 21:06:39.0063 2572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:06:39.0079 2572 NdisWan - ok 21:06:39.0094 2572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:06:39.0126 2572 NDProxy - ok 21:06:39.0126 2572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:06:39.0141 2572 NetBIOS - ok 21:06:39.0157 2572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:06:39.0172 2572 NetBT - ok 21:06:39.0219 2572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:39.0235 2572 Netlogon - ok 21:06:39.0266 2572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:06:39.0313 2572 Netman - ok 21:06:39.0328 2572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:06:39.0360 2572 netprofm - ok 21:06:39.0422 2572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:06:39.0438 2572 NetTcpPortSharing - ok 21:06:39.0453 2572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 21:06:39.0469 2572 nfrd960 - ok 21:06:39.0500 2572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 21:06:39.0531 2572 NlaSvc - ok 21:06:39.0547 2572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:06:39.0562 2572 Npfs - ok 21:06:39.0578 2572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:06:39.0594 2572 nsi - ok 21:06:39.0609 2572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:06:39.0625 2572 nsiproxy - ok 21:06:39.0703 2572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:06:39.0734 2572 Ntfs - ok 21:06:39.0828 2572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:06:39.0859 2572 Null - ok 21:06:39.0906 2572 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 21:06:39.0921 2572 NVENETFD - ok 21:06:39.0968 2572 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys 21:06:39.0984 2572 NVHDA - ok 21:06:40.0374 2572 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:06:40.0530 2572 nvlddmkm - ok 21:06:40.0623 2572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:06:40.0639 2572 nvraid - ok 21:06:40.0654 2572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:06:40.0670 2572 nvstor - ok 21:06:40.0717 2572 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe 21:06:40.0748 2572 nvsvc - ok 21:06:40.0842 2572 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 21:06:40.0873 2572 nvUpdatusService - ok 21:06:40.0966 2572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:06:40.0982 2572 nv_agp - ok 21:06:41.0076 2572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:06:41.0091 2572 odserv - ok 21:06:41.0122 2572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:06:41.0138 2572 ohci1394 - ok 21:06:41.0154 2572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:06:41.0169 2572 ose - ok 21:06:41.0200 2572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:06:41.0216 2572 p2pimsvc - ok 21:06:41.0232 2572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:06:41.0247 2572 p2psvc - ok 21:06:41.0278 2572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 21:06:41.0278 2572 Parport - ok 21:06:41.0310 2572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 21:06:41.0310 2572 partmgr - ok 21:06:41.0325 2572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:06:41.0341 2572 PcaSvc - ok 21:06:41.0356 2572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:06:41.0356 2572 pci - ok 21:06:41.0372 2572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:06:41.0388 2572 pciide - ok 21:06:41.0419 2572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 21:06:41.0419 2572 pcmcia - ok 21:06:41.0434 2572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:06:41.0450 2572 pcw - ok 21:06:41.0481 2572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:06:41.0512 2572 PEAUTH - ok 21:06:41.0575 2572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:06:41.0590 2572 PerfHost - ok 21:06:41.0637 2572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 21:06:41.0684 2572 pla - ok 21:06:41.0731 2572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 21:06:41.0746 2572 PlugPlay - ok 21:06:41.0778 2572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:06:41.0793 2572 PNRPAutoReg - ok 21:06:41.0809 2572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:06:41.0824 2572 PNRPsvc - ok 21:06:41.0871 2572 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys 21:06:41.0887 2572 Point64 - ok 21:06:41.0918 2572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 21:06:41.0965 2572 PolicyAgent - ok 21:06:41.0996 2572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:06:42.0012 2572 Power - ok 21:06:42.0043 2572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:06:42.0074 2572 PptpMiniport - ok 21:06:42.0090 2572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 21:06:42.0105 2572 Processor - ok 21:06:42.0136 2572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 21:06:42.0152 2572 ProfSvc - ok 21:06:42.0168 2572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:42.0183 2572 ProtectedStorage - ok 21:06:42.0214 2572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:06:42.0230 2572 Psched - ok 21:06:42.0292 2572 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 21:06:42.0308 2572 PSI_SVC_2 - ok 21:06:42.0386 2572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 21:06:42.0417 2572 ql2300 - ok 21:06:42.0480 2572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 21:06:42.0495 2572 ql40xx - ok 21:06:42.0511 2572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:06:42.0542 2572 QWAVE - ok 21:06:42.0558 2572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:06:42.0573 2572 QWAVEdrv - ok 21:06:42.0573 2572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:06:42.0604 2572 RasAcd - ok 21:06:42.0620 2572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:06:42.0636 2572 RasAgileVpn - ok 21:06:42.0651 2572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:06:42.0682 2572 RasAuto - ok 21:06:42.0682 2572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:06:42.0714 2572 Rasl2tp - ok 21:06:42.0729 2572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 21:06:42.0760 2572 RasMan - ok 21:06:42.0760 2572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:06:42.0776 2572 RasPppoe - ok 21:06:42.0792 2572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:06:42.0823 2572 RasSstp - ok 21:06:42.0838 2572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:06:42.0854 2572 rdbss - ok 21:06:42.0885 2572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 21:06:42.0885 2572 rdpbus - ok 21:06:42.0901 2572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:06:42.0916 2572 RDPCDD - ok 21:06:42.0932 2572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:06:42.0948 2572 RDPENCDD - ok 21:06:42.0963 2572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:06:42.0994 2572 RDPREFMP - ok 21:06:43.0026 2572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 21:06:43.0041 2572 RDPWD - ok 21:06:43.0088 2572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:06:43.0104 2572 rdyboost - ok 21:06:43.0119 2572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:06:43.0150 2572 RemoteAccess - ok 21:06:43.0166 2572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:06:43.0197 2572 RemoteRegistry - ok 21:06:43.0197 2572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:06:43.0213 2572 RpcEptMapper - ok 21:06:43.0228 2572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:06:43.0228 2572 RpcLocator - ok 21:06:43.0244 2572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:06:43.0275 2572 RpcSs - ok 21:06:43.0291 2572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:06:43.0306 2572 rspndr - ok 21:06:43.0369 2572 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:06:43.0384 2572 RTL8167 - ok 21:06:43.0447 2572 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys 21:06:43.0478 2572 RTL8192su - ok 21:06:43.0478 2572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:43.0494 2572 SamSs - ok 21:06:43.0509 2572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:06:43.0525 2572 sbp2port - ok 21:06:43.0540 2572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:06:43.0556 2572 SCardSvr - ok 21:06:43.0587 2572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:06:43.0603 2572 scfilter - ok 21:06:43.0634 2572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 21:06:43.0665 2572 Schedule - ok 21:06:43.0681 2572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:06:43.0712 2572 SCPolicySvc - ok 21:06:43.0728 2572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 21:06:43.0728 2572 SDRSVC - ok 21:06:43.0774 2572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:06:43.0790 2572 secdrv - ok 21:06:43.0821 2572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 21:06:43.0837 2572 seclogon - ok 21:06:43.0852 2572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 21:06:43.0868 2572 SENS - ok 21:06:43.0884 2572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:06:43.0899 2572 SensrSvc - ok 21:06:43.0915 2572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 21:06:43.0930 2572 Serenum - ok 21:06:43.0946 2572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 21:06:43.0946 2572 Serial - ok 21:06:43.0962 2572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 21:06:43.0962 2572 sermouse - ok 21:06:43.0993 2572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 21:06:44.0008 2572 SessionEnv - ok 21:06:44.0024 2572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:06:44.0040 2572 sffdisk - ok 21:06:44.0055 2572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:06:44.0055 2572 sffp_mmc - ok 21:06:44.0071 2572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:06:44.0071 2572 sffp_sd - ok 21:06:44.0118 2572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 21:06:44.0118 2572 sfloppy - ok 21:06:44.0149 2572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:06:44.0180 2572 SharedAccess - ok 21:06:44.0211 2572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 21:06:44.0258 2572 ShellHWDetection - ok 21:06:44.0274 2572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 21:06:44.0289 2572 SiSRaid2 - ok 21:06:44.0289 2572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 21:06:44.0305 2572 SiSRaid4 - ok 21:06:44.0336 2572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:06:44.0383 2572 Smb - ok 21:06:44.0414 2572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:06:44.0414 2572 SNMPTRAP - ok 21:06:44.0430 2572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:06:44.0430 2572 spldr - ok 21:06:44.0461 2572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 21:06:44.0492 2572 Spooler - ok 21:06:44.0601 2572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 21:06:44.0648 2572 sppsvc - ok 21:06:44.0710 2572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:06:44.0742 2572 sppuinotify - ok 21:06:44.0804 2572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:06:44.0835 2572 srv - ok 21:06:44.0851 2572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:06:44.0851 2572 srv2 - ok 21:06:44.0882 2572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:06:44.0882 2572 srvnet - ok 21:06:44.0929 2572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:06:44.0960 2572 SSDPSRV - ok 21:06:44.0960 2572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:06:44.0991 2572 SstpSvc - ok 21:06:45.0069 2572 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 21:06:45.0085 2572 Stereo Service - ok 21:06:45.0116 2572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 21:06:45.0116 2572 stexstor - ok 21:06:45.0163 2572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 21:06:45.0194 2572 stisvc - ok 21:06:45.0210 2572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:06:45.0210 2572 swenum - ok 21:06:45.0256 2572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:06:45.0303 2572 swprv - ok 21:06:45.0366 2572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 21:06:45.0397 2572 SysMain - ok 21:06:45.0459 2572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 21:06:45.0490 2572 TabletInputService - ok 21:06:45.0490 2572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 21:06:45.0522 2572 TapiSrv - ok 21:06:45.0522 2572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:06:45.0553 2572 TBS - ok 21:06:45.0662 2572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 21:06:45.0693 2572 Tcpip - ok 21:06:45.0771 2572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 21:06:45.0802 2572 TCPIP6 - ok 21:06:45.0834 2572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:06:45.0849 2572 tcpipreg - ok 21:06:45.0865 2572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:06:45.0880 2572 TDPIPE - ok 21:06:45.0896 2572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 21:06:45.0896 2572 TDTCP - ok 21:06:45.0927 2572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:06:45.0943 2572 tdx - ok 21:06:45.0974 2572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:06:45.0974 2572 TermDD - ok 21:06:46.0005 2572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 21:06:46.0036 2572 TermService - ok 21:06:46.0036 2572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:06:46.0052 2572 Themes - ok 21:06:46.0068 2572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:06:46.0083 2572 THREADORDER - ok 21:06:46.0099 2572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:06:46.0114 2572 TrkWks - ok 21:06:46.0161 2572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 21:06:46.0208 2572 TrustedInstaller - ok 21:06:46.0224 2572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:06:46.0270 2572 tssecsrv - ok 21:06:46.0286 2572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:06:46.0286 2572 TsUsbFlt - ok 21:06:46.0317 2572 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 21:06:46.0317 2572 TsUsbGD - ok 21:06:46.0333 2572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:06:46.0364 2572 tunnel - ok 21:06:46.0380 2572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 21:06:46.0395 2572 uagp35 - ok 21:06:46.0411 2572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:06:46.0426 2572 udfs - ok 21:06:46.0442 2572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:06:46.0458 2572 UI0Detect - ok 21:06:46.0489 2572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:06:46.0504 2572 uliagpkx - ok 21:06:46.0520 2572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 21:06:46.0536 2572 umbus - ok 21:06:46.0551 2572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 21:06:46.0551 2572 UmPass - ok 21:06:46.0692 2572 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:06:46.0723 2572 UNS - ok 21:06:46.0816 2572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:06:46.0848 2572 upnphost - ok 21:06:46.0879 2572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:06:46.0894 2572 usbccgp - ok 21:06:46.0926 2572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:06:46.0941 2572 usbcir - ok 21:06:46.0941 2572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 21:06:46.0957 2572 usbehci - ok 21:06:46.0972 2572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:06:46.0988 2572 usbhub - ok 21:06:47.0004 2572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:06:47.0019 2572 usbohci - ok 21:06:47.0035 2572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:06:47.0050 2572 usbprint - ok 21:06:47.0082 2572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 21:06:47.0082 2572 usbscan - ok 21:06:47.0113 2572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:06:47.0113 2572 USBSTOR - ok 21:06:47.0144 2572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:06:47.0144 2572 usbuhci - ok 21:06:47.0175 2572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:06:47.0191 2572 UxSms - ok 21:06:47.0238 2572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:06:47.0238 2572 VaultSvc - ok 21:06:47.0269 2572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:06:47.0269 2572 vdrvroot - ok 21:06:47.0300 2572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 21:06:47.0331 2572 vds - ok 21:06:47.0362 2572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:06:47.0378 2572 vga - ok 21:06:47.0394 2572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:06:47.0425 2572 VgaSave - ok 21:06:47.0456 2572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:06:47.0456 2572 vhdmp - ok 21:06:47.0487 2572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:06:47.0503 2572 viaide - ok 21:06:47.0518 2572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:06:47.0518 2572 volmgr - ok 21:06:47.0550 2572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:06:47.0565 2572 volmgrx - ok 21:06:47.0596 2572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:06:47.0612 2572 volsnap - ok 21:06:47.0628 2572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 21:06:47.0643 2572 vsmraid - ok 21:06:47.0706 2572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 21:06:47.0752 2572 VSS - ok 21:06:47.0846 2572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:06:47.0862 2572 vwifibus - ok 21:06:47.0877 2572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:06:47.0893 2572 vwififlt - ok 21:06:47.0924 2572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:06:47.0955 2572 W32Time - ok 21:06:47.0971 2572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 21:06:47.0986 2572 WacomPen - ok 21:06:48.0018 2572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:06:48.0049 2572 WANARP - ok 21:06:48.0049 2572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:06:48.0080 2572 Wanarpv6 - ok 21:06:48.0158 2572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:06:48.0189 2572 WatAdminSvc - ok 21:06:48.0252 2572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 21:06:48.0267 2572 wbengine - ok 21:06:48.0345 2572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:06:48.0361 2572 WbioSrvc - ok 21:06:48.0376 2572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 21:06:48.0392 2572 wcncsvc - ok 21:06:48.0408 2572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:06:48.0408 2572 WcsPlugInService - ok 21:06:48.0454 2572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 21:06:48.0470 2572 Wd - ok 21:06:48.0517 2572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:06:48.0532 2572 Wdf01000 - ok 21:06:48.0548 2572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:06:48.0548 2572 WdiServiceHost - ok 21:06:48.0548 2572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:06:48.0564 2572 WdiSystemHost - ok 21:06:48.0595 2572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 21:06:48.0610 2572 WebClient - ok 21:06:48.0610 2572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:06:48.0642 2572 Wecsvc - ok 21:06:48.0642 2572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:06:48.0657 2572 wercplsupport - ok 21:06:48.0673 2572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:06:48.0704 2572 WerSvc - ok 21:06:48.0735 2572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:06:48.0782 2572 WfpLwf - ok 21:06:48.0782 2572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:06:48.0798 2572 WIMMount - ok 21:06:48.0829 2572 WinDefend - ok 21:06:48.0829 2572 WinHttpAutoProxySvc - ok 21:06:48.0876 2572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:06:48.0907 2572 Winmgmt - ok 21:06:48.0985 2572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 21:06:49.0016 2572 WinRM - ok 21:06:49.0125 2572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:06:49.0156 2572 Wlansvc - ok 21:06:49.0281 2572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:06:49.0312 2572 wlidsvc - ok 21:06:49.0422 2572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:06:49.0437 2572 WmiAcpi - ok 21:06:49.0484 2572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:06:49.0500 2572 wmiApSrv - ok 21:06:49.0515 2572 WMPNetworkSvc - ok 21:06:49.0546 2572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:06:49.0562 2572 WPCSvc - ok 21:06:49.0578 2572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 21:06:49.0593 2572 WPDBusEnum - ok 21:06:49.0609 2572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:06:49.0640 2572 ws2ifsl - ok 21:06:49.0656 2572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 21:06:49.0671 2572 wscsvc - ok 21:06:49.0671 2572 WSearch - ok 21:06:49.0687 2572 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys 21:06:49.0702 2572 wsvd - ok 21:06:49.0796 2572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 21:06:49.0827 2572 wuauserv - ok 21:06:49.0921 2572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:06:49.0968 2572 WudfPf - ok 21:06:49.0983 2572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:06:49.0999 2572 WUDFRd - ok 21:06:50.0014 2572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 21:06:50.0046 2572 wudfsvc - ok 21:06:50.0046 2572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:06:50.0061 2572 WwanSvc - ok 21:06:50.0077 2572 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0 21:06:51.0886 2572 \Device\Harddisk0\DR0 - ok 21:06:51.0886 2572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4 21:06:51.0949 2572 \Device\Harddisk4\DR4 - ok 21:06:51.0980 2572 Boot (0x1200) (0fde04d6cc1f6e4f54c2f20a73cf1e33) \Device\Harddisk0\DR0\Partition0 21:06:51.0980 2572 \Device\Harddisk0\DR0\Partition0 - ok 21:06:51.0996 2572 Boot (0x1200) (5bbaa6b6ff12245822fc9b92c2195a83) \Device\Harddisk0\DR0\Partition1 21:06:51.0996 2572 \Device\Harddisk0\DR0\Partition1 - ok 21:06:52.0027 2572 Boot (0x1200) (05b3e66d96f35d87bf620ed76b6d70d4) \Device\Harddisk0\DR0\Partition2 21:06:52.0027 2572 \Device\Harddisk0\DR0\Partition2 - ok 21:06:52.0027 2572 Boot (0x1200) (7df5c5e9f9bfd98ef4245e6cf5d598ca) \Device\Harddisk4\DR4\Partition0 21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition0 - ok 21:06:52.0042 2572 Boot (0x1200) (3984f4922ac71dfe2a1ff7bf23177306) \Device\Harddisk4\DR4\Partition1 21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition1 - ok 21:06:52.0042 2572 ============================================================ 21:06:52.0042 2572 Scan finished 21:06:52.0042 2572 ============================================================ 21:06:52.0058 3736 Detected object count: 1 21:06:52.0058 3736 Actual detected object count: 1 21:36:51.0907 3736 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:36:51.0907 3736 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:37:17.0912 4060 Deinitialize success |
12.08.2012, 13:12 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
12.08.2012, 13:44 | #23 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier der nächste Riesencode. Der IE geht jetzt nicht mehr, vermiss ihn aber nicht; werde mal versuchen "von Hand ?!" zu starten Code:
ATTFilter Combofix Logfile: |
13.08.2012, 12:44 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.08.2012, 21:17 | #25 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hallo, GMER meldete "didn´t found any modification". Logs konnte ich nicht abrufen, auch wenn man auf copy klickt und die Zwischenablage ansieht. Hier OSAM, danach mach ich mich an aswMBR Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:11:08 on 13.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "wsvd" (wsvd) - "CyberLink" - C:\Windows\System32\DRIVERS\wsvd.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {9DED7A30-D572-4D21-8D82-6945EA697400} "FlashPaperContextHandler Class" - ? - C:\Program Files (x86)\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.2.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\GW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\wlangui.exe "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "OTL" - "OldTimer Tools" - "C:\Users\GaWi\Downloads\OTL.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "MemeoBackgroundService" (MemeoBackgroundService) - "Memeo" - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-13 22:20:14 ----------------------------- 22:20:14.784 OS Version: Windows x64 6.1.7601 Service Pack 1 22:20:14.784 Number of processors: 4 586 0x2A07 22:20:14.784 ComputerName: MaxMustermann-PC UserName: MaxMustermann 22:20:15.767 Initialize success 22:23:48.183 AVAST engine defs: 12081301 22:42:33.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:42:33.834 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3 22:42:33.834 Disk 0 MBR read successfully 22:42:33.850 Disk 0 MBR scan 22:42:33.850 Disk 0 unknown MBR code 22:42:33.850 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:42:33.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848 22:42:33.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864 22:42:33.912 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464 22:42:33.959 Disk 0 scanning C:\Windows\system32\drivers 22:42:40.370 Service scanning 22:42:58.014 Modules scanning 22:42:58.014 Disk 0 trace - called modules: 22:42:58.544 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:42:58.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060] 22:42:58.560 3 CLASSPNP.SYS[fffff88001d5243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470a050] 22:42:59.449 AVAST engine scan C:\Windows 22:43:01.976 AVAST engine scan C:\Windows\system32 22:44:32.347 AVAST engine scan C:\Windows\system32\drivers 22:44:42.378 AVAST engine scan C:\Users\MaxMustermann 22:45:02.112 AVAST engine scan C:\ProgramData 22:45:45.933 Scan finished successfully 22:52:39.084 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat" 22:52:39.084 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt" |
14.08.2012, 14:49 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.08.2012, 18:44 | #27 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Logs nach dem MBR-Fix ... ich fahre am Freitag für 2-3 Wochen Richtung Süden, arbeite nur mehr morgen :-) Kann ich danach den thread einfach wieder hochschieben zum weitermachen, oder wie soll ich das machen? Wie viele Schritte müssen wir noch machen, bis der Rechner unverdächtig ist? War da viele verdächtiges Zeug drauf, ich erkenn ja immer nur chinesische Zeichen... Auf jeden Fall möchte ich mir bei Dir bedanken. Das ist toll, das Du (Ihr) so etwas macht; es kostet ja auch viel Zeit und es ist absolut nicht selbstverständlich, über einen so langen Zeitraum so geduldig zu antworten... Ihr solltet auch so eine Ehrenamts-Medaille wie im analogen Leben bekommen, als PC und Nerven-Retter. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-13 22:20:14 ----------------------------- 22:20:14.784 OS Version: Windows x64 6.1.7601 Service Pack 1 22:20:14.784 Number of processors: 4 586 0x2A07 22:20:14.784 ComputerName: MaxMustermann-PC UserName: MaxMustermann 22:20:15.767 Initialize success 22:23:48.183 AVAST engine defs: 12081301 22:42:33.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:42:33.834 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3 22:42:33.834 Disk 0 MBR read successfully 22:42:33.850 Disk 0 MBR scan 22:42:33.850 Disk 0 unknown MBR code 22:42:33.850 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:42:33.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848 22:42:33.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864 22:42:33.912 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464 22:42:33.959 Disk 0 scanning C:\Windows\system32\drivers 22:42:40.370 Service scanning 22:42:58.014 Modules scanning 22:42:58.014 Disk 0 trace - called modules: 22:42:58.544 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:42:58.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060] 22:42:58.560 3 CLASSPNP.SYS[fffff88001d5243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470a050] 22:42:59.449 AVAST engine scan C:\Windows 22:43:01.976 AVAST engine scan C:\Windows\system32 22:44:32.347 AVAST engine scan C:\Windows\system32\drivers 22:44:42.378 AVAST engine scan C:\Users\MaxMustermann 22:45:02.112 AVAST engine scan C:\ProgramData 22:45:45.933 Scan finished successfully 22:52:39.084 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat" 22:52:39.084 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-15 19:08:59 ----------------------------- 19:08:59.322 OS Version: Windows x64 6.1.7601 Service Pack 1 19:08:59.322 Number of processors: 4 586 0x2A07 19:08:59.322 ComputerName: MaxMustermann-PC UserName: MaxMustermann 19:09:01.491 Initialize success 19:09:54.470 AVAST engine defs: 12081503 19:10:15.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:10:15.109 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3 19:10:15.109 Disk 0 MBR read successfully 19:10:15.109 Disk 0 MBR scan 19:10:15.124 Disk 0 Windows 7 default MBR code 19:10:15.124 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:10:15.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848 19:10:15.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864 19:10:15.187 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464 19:10:15.234 Disk 0 scanning C:\Windows\system32\drivers 19:10:22.612 Service scanning 19:10:42.487 Modules scanning 19:10:42.487 Disk 0 trace - called modules: 19:10:42.518 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 19:10:42.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060] 19:10:42.534 3 CLASSPNP.SYS[fffff88001d8643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004747050] 19:10:43.735 AVAST engine scan C:\Windows 19:10:45.997 AVAST engine scan C:\Windows\system32 19:12:17.366 AVAST engine scan C:\Windows\system32\drivers 19:12:25.432 AVAST engine scan C:\Users\MaxMustermann 19:12:45.587 AVAST engine scan C:\ProgramData 19:13:35.351 Scan finished successfully 19:26:21.671 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat" 19:26:21.702 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt" |
16.08.2012, 08:35 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
16.08.2012, 11:12 | #29 |
| TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MaxMustermann :: MaxMustermann-PC [limited] 16.08.2012 11:20:17 mbam-log-2012-08-16 (11-20-17).txt Scan type: Full scan (C:\|D:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 374474 Time elapsed: 33 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 08/16/2012 at 12:55 PM Application Version : 5.5.1012 Core Rules Database Version : 9067 Trace Rules Database Version: 6879 Scan type : Complete Scan Total Scan Time : 00:35:34 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Administrator Memory items scanned : 612 Memory threats detected : 0 Registry items scanned : 73834 Registry threats detected : 0 File items scanned : 80216 File threats detected : 143 Adware.Tracking Cookie C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\VG0W6DGX.txt [ Cookie:MaxMustermann@microsoftsto.112.2o7.net/ ] C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\AUH7RCUQ.txt [ Cookie:MaxMustermann@atdmt.com/ ] C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\8MZDUM6S.txt [ Cookie:MaxMustermann@fl01.ct2.comclick.com/ ] C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\B2LWBE40.txt [ Cookie:MaxMustermann@ad.yieldmanager.com/ ] C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ5N6LW1.txt [ Cookie:MaxMustermann@apmebf.com/ ] C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2MAG69S.txt [ Cookie:MaxMustermann@adfarm1.adition.com/ ] C:\USERS\MaxMustermann\Cookies\VG0W6DGX.txt [ Cookie:MaxMustermann@microsoftsto.112.2o7.net/ ] .statcounter.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .specificclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox-affiliate.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad3.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c1.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.googleadservices.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] server.adformdsp.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adformdsp.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .olympiaverlag.122.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adserv.cinecitta.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adviva.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxpose.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracker.vinsight.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tribalfusion.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad4.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .traffictrack.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad2.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .quartermedia.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .quartermedia.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .microsoftsto.112.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pumaonlinestorede.112.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww251.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .tracker.vinsight.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .zanox-affiliate.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .a.revenuemax.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] |
16.08.2012, 12:35 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? |
access, anleitung, appdata, atraps, atraps.gen, daten, eingefangen, erkennen, externe festplatte, festplatte, flash player, forum, frage, fund, gmer, installiert, laufwerke, meldung, nichts, platte, player, rechner, rootkit, rootkit.0access, sicherheit, software, suche, tr/atraps.gen, tr/atraps.gen2, update |