| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2012, 20:37
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun?Zitat:
 Nicht jeder kann alles, es lebe die Arbeitsteilung  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1002..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [HKCU] C:\Windows\SysWOW64\oobe\info\HKCU.vbs ()
O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2617558925-3834871055-3452261518-1003..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\Shell\AutoRun\command - "" = I:\pushinst.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.08.2012, 21:34
| #17 |
 | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? ... so, alles mit OTL gekillt ... was mach ich da eigentlich
__________________ Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU deleted successfully.
C:\Windows\SysWOW64\oobe\info\HKCU.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617558925-3834871055-3452261518-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully.
C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cd506-da8f-11e1-a4be-8c89a5a47f08}\ not found.
File I:\pushinst.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: MaxMustermann
->Temp folder emptied: 1970324 bytes
->Temporary Internet Files folder emptied: 7205452 bytes
->FireFox cache emptied: 107673146 bytes
->Google Chrome cache emptied: 22067276 bytes
->Flash cache emptied: 60118 bytes
User: MaxMustermann
->Temp folder emptied: 174924889 bytes
->Temporary Internet Files folder emptied: 853550 bytes
->Google Chrome cache emptied: 10264602 bytes
->Flash cache emptied: 56854 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78108007 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 234091067 bytes
Total Files Cleaned = 608,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: MaxMustermann
->Flash cache emptied: 0 bytes
User: MaxMustermann
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.56.0 log created on 08102012_222503
|
|
11.08.2012, 16:46
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
11.08.2012, 20:35
| #19 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier die Logs Code:
ATTFilter 21:06:17.0286 4052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:06:17.0551 4052 ============================================================
21:06:17.0551 4052 Current date / time: 2012/08/11 21:06:17.0551
21:06:17.0551 4052 SystemInfo:
21:06:17.0551 4052
21:06:17.0551 4052 OS Version: 6.1.7601 ServicePack: 1.0
21:06:17.0551 4052 Product type: Workstation
21:06:17.0551 4052 ComputerName: MaxMustermann-PC
21:06:17.0551 4052 UserName: MaxMustermann
21:06:17.0551 4052 Windows directory: C:\Windows
21:06:17.0551 4052 System windows directory: C:\Windows
21:06:17.0551 4052 Running under WOW64
21:06:17.0551 4052 Processor architecture: Intel x64
21:06:17.0551 4052 Number of processors: 4
21:06:17.0551 4052 Page size: 0x1000
21:06:17.0551 4052 Boot type: Normal boot
21:06:17.0551 4052 ============================================================
21:06:17.0847 4052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:17.0863 4052 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:17.0910 4052 ============================================================
21:06:17.0910 4052 \Device\Harddisk0\DR0:
21:06:17.0910 4052 MBR partitions:
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3000
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6E105800, BlocksNum 0x6400000
21:06:17.0910 4052 \Device\Harddisk4\DR4:
21:06:17.0910 4052 MBR partitions:
21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A80000
21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x87387000
21:06:17.0910 4052 ============================================================
21:06:18.0003 4052 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:18.0066 4052 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:18.0112 4052 I: <-> \Device\Harddisk4\DR4\Partition1
21:06:18.0144 4052 J: <-> \Device\Harddisk4\DR4\Partition0
21:06:18.0144 4052 ============================================================
21:06:18.0144 4052 Initialize success
21:06:18.0144 4052 ============================================================
21:06:28.0830 2572 ============================================================
21:06:28.0830 2572 Scan started
21:06:28.0830 2572 Mode: Manual; SigCheck; TDLFS;
21:06:28.0830 2572 ============================================================
21:06:29.0126 2572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:06:29.0173 2572 1394ohci - ok
21:06:29.0204 2572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:06:29.0220 2572 ACPI - ok
21:06:29.0251 2572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:06:29.0251 2572 AcpiPmi - ok
21:06:29.0376 2572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:29.0391 2572 AdobeARMservice - ok
21:06:29.0422 2572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:06:29.0438 2572 adp94xx - ok
21:06:29.0485 2572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:06:29.0500 2572 adpahci - ok
21:06:29.0532 2572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:06:29.0547 2572 adpu320 - ok
21:06:29.0578 2572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:06:29.0610 2572 AeLookupSvc - ok
21:06:29.0672 2572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:06:29.0688 2572 AFD - ok
21:06:29.0734 2572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:06:29.0734 2572 agp440 - ok
21:06:29.0750 2572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:06:29.0766 2572 ALG - ok
21:06:29.0781 2572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:06:29.0797 2572 aliide - ok
21:06:29.0812 2572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:06:29.0828 2572 amdide - ok
21:06:29.0844 2572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:06:29.0859 2572 AmdK8 - ok
21:06:29.0875 2572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:06:29.0890 2572 AmdPPM - ok
21:06:29.0906 2572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:06:29.0922 2572 amdsata - ok
21:06:29.0953 2572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:06:29.0968 2572 amdsbs - ok
21:06:29.0968 2572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:06:29.0984 2572 amdxata - ok
21:06:30.0062 2572 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
21:06:30.0078 2572 AntiVirMailService - ok
21:06:30.0140 2572 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:06:30.0140 2572 AntiVirSchedulerService - ok
21:06:30.0156 2572 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:06:30.0171 2572 AntiVirService - ok
21:06:30.0187 2572 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:06:30.0202 2572 AntiVirWebService - ok
21:06:30.0234 2572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:06:30.0249 2572 AppID - ok
21:06:30.0265 2572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:06:30.0296 2572 AppIDSvc - ok
21:06:30.0296 2572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:06:30.0327 2572 Appinfo - ok
21:06:30.0358 2572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:06:30.0358 2572 arc - ok
21:06:30.0358 2572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:06:30.0374 2572 arcsas - ok
21:06:30.0405 2572 asmthub3 (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys
21:06:30.0421 2572 asmthub3 - ok
21:06:30.0452 2572 asmtxhci (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys
21:06:30.0468 2572 asmtxhci - ok
21:06:30.0483 2572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:30.0514 2572 AsyncMac - ok
21:06:30.0546 2572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:06:30.0561 2572 atapi - ok
21:06:30.0608 2572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:30.0639 2572 AudioEndpointBuilder - ok
21:06:30.0655 2572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:30.0670 2572 AudioSrv - ok
21:06:30.0717 2572 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:06:30.0717 2572 avgntflt - ok
21:06:30.0733 2572 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:06:30.0748 2572 avipbb - ok
21:06:30.0748 2572 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:06:30.0764 2572 avkmgr - ok
21:06:30.0826 2572 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
21:06:30.0842 2572 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:06:30.0842 2572 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
21:06:30.0858 2572 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
21:06:30.0858 2572 avmeject - ok
21:06:30.0904 2572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:06:30.0904 2572 AxInstSV - ok
21:06:30.0951 2572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:06:30.0967 2572 b06bdrv - ok
21:06:30.0998 2572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:31.0014 2572 b57nd60a - ok
21:06:31.0060 2572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:06:31.0076 2572 BDESVC - ok
21:06:31.0076 2572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:06:31.0123 2572 Beep - ok
21:06:31.0138 2572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:06:31.0170 2572 BFE - ok
21:06:31.0216 2572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:06:31.0248 2572 BITS - ok
21:06:31.0310 2572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:06:31.0326 2572 blbdrive - ok
21:06:31.0357 2572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:06:31.0372 2572 bowser - ok
21:06:31.0388 2572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:06:31.0404 2572 BrFiltLo - ok
21:06:31.0419 2572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:06:31.0435 2572 BrFiltUp - ok
21:06:31.0466 2572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:06:31.0513 2572 Browser - ok
21:06:31.0528 2572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:06:31.0544 2572 Brserid - ok
21:06:31.0560 2572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:31.0575 2572 BrSerWdm - ok
21:06:31.0591 2572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:31.0606 2572 BrUsbMdm - ok
21:06:31.0606 2572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:31.0622 2572 BrUsbSer - ok
21:06:31.0638 2572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:06:31.0638 2572 BTHMODEM - ok
21:06:31.0684 2572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:06:31.0700 2572 bthserv - ok
21:06:31.0731 2572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:31.0747 2572 cdfs - ok
21:06:31.0778 2572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:31.0794 2572 cdrom - ok
21:06:31.0809 2572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:31.0825 2572 CertPropSvc - ok
21:06:31.0840 2572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:06:31.0856 2572 circlass - ok
21:06:31.0887 2572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:06:31.0887 2572 CLFS - ok
21:06:31.0934 2572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:31.0950 2572 clr_optimization_v2.0.50727_32 - ok
21:06:31.0981 2572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:31.0981 2572 clr_optimization_v2.0.50727_64 - ok
21:06:32.0059 2572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:32.0074 2572 clr_optimization_v4.0.30319_32 - ok
21:06:32.0090 2572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:32.0106 2572 clr_optimization_v4.0.30319_64 - ok
21:06:32.0121 2572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:06:32.0121 2572 CmBatt - ok
21:06:32.0137 2572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:06:32.0152 2572 cmdide - ok
21:06:32.0199 2572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:06:32.0230 2572 CNG - ok
21:06:32.0262 2572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:06:32.0262 2572 Compbatt - ok
21:06:32.0308 2572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:06:32.0324 2572 CompositeBus - ok
21:06:32.0324 2572 COMSysApp - ok
21:06:32.0340 2572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:06:32.0355 2572 crcdisk - ok
21:06:32.0386 2572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:06:32.0402 2572 CryptSvc - ok
21:06:32.0449 2572 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys
21:06:32.0464 2572 dc3d - ok
21:06:32.0496 2572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:32.0527 2572 DcomLaunch - ok
21:06:32.0558 2572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:06:32.0589 2572 defragsvc - ok
21:06:32.0605 2572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:06:32.0636 2572 DfsC - ok
21:06:32.0652 2572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:06:32.0667 2572 Dhcp - ok
21:06:32.0698 2572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:06:32.0714 2572 discache - ok
21:06:32.0761 2572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:06:32.0776 2572 Disk - ok
21:06:32.0808 2572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:06:32.0823 2572 Dnscache - ok
21:06:32.0870 2572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:06:32.0901 2572 dot3svc - ok
21:06:32.0901 2572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:06:32.0917 2572 DPS - ok
21:06:32.0964 2572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:06:32.0964 2572 drmkaud - ok
21:06:33.0010 2572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:33.0042 2572 DXGKrnl - ok
21:06:33.0057 2572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:06:33.0088 2572 EapHost - ok
21:06:33.0182 2572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:06:33.0213 2572 ebdrv - ok
21:06:33.0307 2572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:06:33.0322 2572 EFS - ok
21:06:33.0385 2572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:06:33.0400 2572 ehRecvr - ok
21:06:33.0416 2572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:06:33.0432 2572 ehSched - ok
21:06:33.0494 2572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:06:33.0525 2572 elxstor - ok
21:06:33.0525 2572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:06:33.0541 2572 ErrDev - ok
21:06:33.0588 2572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:06:33.0619 2572 EventSystem - ok
21:06:33.0650 2572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:06:33.0666 2572 exfat - ok
21:06:33.0681 2572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:06:33.0697 2572 fastfat - ok
21:06:33.0728 2572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:06:33.0744 2572 Fax - ok
21:06:33.0775 2572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:06:33.0775 2572 fdc - ok
21:06:33.0775 2572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:06:33.0806 2572 fdPHost - ok
21:06:33.0822 2572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:06:33.0837 2572 FDResPub - ok
21:06:33.0868 2572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:06:33.0868 2572 FileInfo - ok
21:06:33.0884 2572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:06:33.0915 2572 Filetrace - ok
21:06:33.0993 2572 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:06:34.0009 2572 FLEXnet Licensing Service - ok
21:06:34.0040 2572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:06:34.0056 2572 flpydisk - ok
21:06:34.0087 2572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:06:34.0102 2572 FltMgr - ok
21:06:34.0165 2572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:06:34.0196 2572 FontCache - ok
21:06:34.0258 2572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:34.0274 2572 FontCache3.0.0.0 - ok
21:06:34.0305 2572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:06:34.0321 2572 FsDepends - ok
21:06:34.0352 2572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:34.0352 2572 Fs_Rec - ok
21:06:34.0383 2572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:06:34.0399 2572 fvevol - ok
21:06:34.0446 2572 fwlanusbn (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys
21:06:34.0461 2572 fwlanusbn - ok
21:06:34.0492 2572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:06:34.0508 2572 gagp30kx - ok
21:06:34.0555 2572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:06:34.0586 2572 gpsvc - ok
21:06:34.0617 2572 gupdate - ok
21:06:34.0617 2572 gupdatem - ok
21:06:34.0648 2572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:06:34.0664 2572 hcw85cir - ok
21:06:34.0711 2572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:06:34.0726 2572 HdAudAddService - ok
21:06:34.0773 2572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:06:34.0789 2572 HDAudBus - ok
21:06:34.0804 2572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:06:34.0820 2572 HidBatt - ok
21:06:34.0836 2572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:06:34.0851 2572 HidBth - ok
21:06:34.0882 2572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:06:34.0898 2572 HidIr - ok
21:06:34.0914 2572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:06:34.0929 2572 hidserv - ok
21:06:34.0976 2572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:34.0976 2572 HidUsb - ok
21:06:34.0992 2572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:06:35.0023 2572 hkmsvc - ok
21:06:35.0023 2572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:06:35.0038 2572 HomeGroupListener - ok
21:06:35.0054 2572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:06:35.0070 2572 HomeGroupProvider - ok
21:06:35.0070 2572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:06:35.0085 2572 HpSAMD - ok
21:06:35.0132 2572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:06:35.0179 2572 HTTP - ok
21:06:35.0179 2572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:06:35.0194 2572 hwpolicy - ok
21:06:35.0226 2572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:06:35.0241 2572 i8042prt - ok
21:06:35.0272 2572 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
21:06:35.0304 2572 iaStor - ok
21:06:35.0366 2572 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:06:35.0382 2572 IAStorDataMgrSvc - ok
21:06:35.0413 2572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:06:35.0444 2572 iaStorV - ok
21:06:35.0522 2572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:35.0538 2572 idsvc - ok
21:06:35.0725 2572 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:35.0787 2572 igfx - ok
21:06:35.0896 2572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:06:35.0896 2572 iirsp - ok
21:06:35.0959 2572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:06:35.0990 2572 IKEEXT - ok
21:06:36.0130 2572 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
21:06:36.0162 2572 IntcAzAudAddService - ok
21:06:36.0255 2572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:06:36.0271 2572 intelide - ok
21:06:36.0286 2572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:36.0302 2572 intelppm - ok
21:06:36.0318 2572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:06:36.0349 2572 IPBusEnum - ok
21:06:36.0364 2572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:36.0396 2572 IpFilterDriver - ok
21:06:36.0411 2572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:06:36.0442 2572 iphlpsvc - ok
21:06:36.0474 2572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:06:36.0474 2572 IPMIDRV - ok
21:06:36.0474 2572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:06:36.0505 2572 IPNAT - ok
21:06:36.0505 2572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:06:36.0520 2572 IRENUM - ok
21:06:36.0536 2572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:06:36.0552 2572 isapnp - ok
21:06:36.0567 2572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:06:36.0598 2572 iScsiPrt - ok
21:06:36.0614 2572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:36.0630 2572 kbdclass - ok
21:06:36.0645 2572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:06:36.0645 2572 kbdhid - ok
21:06:36.0676 2572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:36.0692 2572 KeyIso - ok
21:06:36.0723 2572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:06:36.0739 2572 KSecDD - ok
21:06:36.0754 2572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:06:36.0770 2572 KSecPkg - ok
21:06:36.0786 2572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:06:36.0817 2572 ksthunk - ok
21:06:36.0848 2572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:06:36.0864 2572 KtmRm - ok
21:06:36.0895 2572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:06:36.0926 2572 LanmanServer - ok
21:06:36.0942 2572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:06:36.0973 2572 LanmanWorkstation - ok
21:06:37.0004 2572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:37.0020 2572 lltdio - ok
21:06:37.0051 2572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:06:37.0082 2572 lltdsvc - ok
21:06:37.0082 2572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:06:37.0113 2572 lmhosts - ok
21:06:37.0191 2572 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:06:37.0207 2572 LMS - ok
21:06:37.0238 2572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:06:37.0254 2572 LSI_FC - ok
21:06:37.0285 2572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:06:37.0300 2572 LSI_SAS - ok
21:06:37.0332 2572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:06:37.0332 2572 LSI_SAS2 - ok
21:06:37.0363 2572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:06:37.0378 2572 LSI_SCSI - ok
21:06:37.0410 2572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:06:37.0456 2572 luafv - ok
21:06:37.0488 2572 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:06:37.0503 2572 MBAMProtector - ok
21:06:37.0550 2572 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:06:37.0566 2572 MBAMService - ok
21:06:37.0597 2572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:06:37.0612 2572 Mcx2Svc - ok
21:06:37.0628 2572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:06:37.0644 2572 megasas - ok
21:06:37.0675 2572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:06:37.0706 2572 MegaSR - ok
21:06:37.0722 2572 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
21:06:37.0737 2572 MEIx64 - ok
21:06:37.0784 2572 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
21:06:37.0800 2572 MemeoBackgroundService - ok
21:06:37.0815 2572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:37.0846 2572 MMCSS - ok
21:06:37.0862 2572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:06:37.0893 2572 Modem - ok
21:06:37.0909 2572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:06:37.0909 2572 monitor - ok
21:06:37.0940 2572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:37.0956 2572 mouclass - ok
21:06:37.0971 2572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:37.0987 2572 mouhid - ok
21:06:38.0018 2572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:06:38.0034 2572 mountmgr - ok
21:06:38.0049 2572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:06:38.0065 2572 mpio - ok
21:06:38.0065 2572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:06:38.0096 2572 mpsdrv - ok
21:06:38.0127 2572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:06:38.0158 2572 MpsSvc - ok
21:06:38.0190 2572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:06:38.0190 2572 MRxDAV - ok
21:06:38.0221 2572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:38.0236 2572 mrxsmb - ok
21:06:38.0252 2572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:38.0268 2572 mrxsmb10 - ok
21:06:38.0283 2572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:38.0283 2572 mrxsmb20 - ok
21:06:38.0299 2572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:06:38.0314 2572 msahci - ok
21:06:38.0330 2572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:06:38.0346 2572 msdsm - ok
21:06:38.0361 2572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:06:38.0377 2572 MSDTC - ok
21:06:38.0392 2572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:06:38.0408 2572 Msfs - ok
21:06:38.0439 2572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:06:38.0455 2572 mshidkmdf - ok
21:06:38.0470 2572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:06:38.0470 2572 msisadrv - ok
21:06:38.0486 2572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:06:38.0517 2572 MSiSCSI - ok
21:06:38.0517 2572 msiserver - ok
21:06:38.0548 2572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:38.0564 2572 MSKSSRV - ok
21:06:38.0580 2572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:38.0611 2572 MSPCLOCK - ok
21:06:38.0611 2572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:06:38.0626 2572 MSPQM - ok
21:06:38.0642 2572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:06:38.0658 2572 MsRPC - ok
21:06:38.0673 2572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:06:38.0673 2572 mssmbios - ok
21:06:38.0673 2572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:06:38.0704 2572 MSTEE - ok
21:06:38.0720 2572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:06:38.0720 2572 MTConfig - ok
21:06:38.0736 2572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:06:38.0751 2572 Mup - ok
21:06:38.0782 2572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:06:38.0798 2572 napagent - ok
21:06:38.0829 2572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:38.0845 2572 NativeWifiP - ok
21:06:38.0892 2572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:06:38.0923 2572 NDIS - ok
21:06:38.0923 2572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:38.0954 2572 NdisCap - ok
21:06:38.0970 2572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:38.0985 2572 NdisTapi - ok
21:06:39.0016 2572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:39.0032 2572 Ndisuio - ok
21:06:39.0063 2572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:39.0079 2572 NdisWan - ok
21:06:39.0094 2572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:06:39.0126 2572 NDProxy - ok
21:06:39.0126 2572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:06:39.0141 2572 NetBIOS - ok
21:06:39.0157 2572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:06:39.0172 2572 NetBT - ok
21:06:39.0219 2572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:39.0235 2572 Netlogon - ok
21:06:39.0266 2572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:06:39.0313 2572 Netman - ok
21:06:39.0328 2572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:06:39.0360 2572 netprofm - ok
21:06:39.0422 2572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:06:39.0438 2572 NetTcpPortSharing - ok
21:06:39.0453 2572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:06:39.0469 2572 nfrd960 - ok
21:06:39.0500 2572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:06:39.0531 2572 NlaSvc - ok
21:06:39.0547 2572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:06:39.0562 2572 Npfs - ok
21:06:39.0578 2572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:06:39.0594 2572 nsi - ok
21:06:39.0609 2572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:06:39.0625 2572 nsiproxy - ok
21:06:39.0703 2572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:06:39.0734 2572 Ntfs - ok
21:06:39.0828 2572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:06:39.0859 2572 Null - ok
21:06:39.0906 2572 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:06:39.0921 2572 NVENETFD - ok
21:06:39.0968 2572 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
21:06:39.0984 2572 NVHDA - ok
21:06:40.0374 2572 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:40.0530 2572 nvlddmkm - ok
21:06:40.0623 2572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:06:40.0639 2572 nvraid - ok
21:06:40.0654 2572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:06:40.0670 2572 nvstor - ok
21:06:40.0717 2572 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
21:06:40.0748 2572 nvsvc - ok
21:06:40.0842 2572 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:06:40.0873 2572 nvUpdatusService - ok
21:06:40.0966 2572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:06:40.0982 2572 nv_agp - ok
21:06:41.0076 2572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:06:41.0091 2572 odserv - ok
21:06:41.0122 2572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:06:41.0138 2572 ohci1394 - ok
21:06:41.0154 2572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:06:41.0169 2572 ose - ok
21:06:41.0200 2572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:06:41.0216 2572 p2pimsvc - ok
21:06:41.0232 2572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:06:41.0247 2572 p2psvc - ok
21:06:41.0278 2572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:06:41.0278 2572 Parport - ok
21:06:41.0310 2572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:06:41.0310 2572 partmgr - ok
21:06:41.0325 2572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:06:41.0341 2572 PcaSvc - ok
21:06:41.0356 2572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:06:41.0356 2572 pci - ok
21:06:41.0372 2572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:06:41.0388 2572 pciide - ok
21:06:41.0419 2572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:06:41.0419 2572 pcmcia - ok
21:06:41.0434 2572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:06:41.0450 2572 pcw - ok
21:06:41.0481 2572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:06:41.0512 2572 PEAUTH - ok
21:06:41.0575 2572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:06:41.0590 2572 PerfHost - ok
21:06:41.0637 2572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:06:41.0684 2572 pla - ok
21:06:41.0731 2572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:06:41.0746 2572 PlugPlay - ok
21:06:41.0778 2572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:06:41.0793 2572 PNRPAutoReg - ok
21:06:41.0809 2572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:06:41.0824 2572 PNRPsvc - ok
21:06:41.0871 2572 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys
21:06:41.0887 2572 Point64 - ok
21:06:41.0918 2572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:06:41.0965 2572 PolicyAgent - ok
21:06:41.0996 2572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:06:42.0012 2572 Power - ok
21:06:42.0043 2572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:06:42.0074 2572 PptpMiniport - ok
21:06:42.0090 2572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:06:42.0105 2572 Processor - ok
21:06:42.0136 2572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:06:42.0152 2572 ProfSvc - ok
21:06:42.0168 2572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:42.0183 2572 ProtectedStorage - ok
21:06:42.0214 2572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:06:42.0230 2572 Psched - ok
21:06:42.0292 2572 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:06:42.0308 2572 PSI_SVC_2 - ok
21:06:42.0386 2572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:06:42.0417 2572 ql2300 - ok
21:06:42.0480 2572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:06:42.0495 2572 ql40xx - ok
21:06:42.0511 2572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:06:42.0542 2572 QWAVE - ok
21:06:42.0558 2572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:06:42.0573 2572 QWAVEdrv - ok
21:06:42.0573 2572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:06:42.0604 2572 RasAcd - ok
21:06:42.0620 2572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:06:42.0636 2572 RasAgileVpn - ok
21:06:42.0651 2572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:06:42.0682 2572 RasAuto - ok
21:06:42.0682 2572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:42.0714 2572 Rasl2tp - ok
21:06:42.0729 2572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:06:42.0760 2572 RasMan - ok
21:06:42.0760 2572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:42.0776 2572 RasPppoe - ok
21:06:42.0792 2572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:06:42.0823 2572 RasSstp - ok
21:06:42.0838 2572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:06:42.0854 2572 rdbss - ok
21:06:42.0885 2572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:06:42.0885 2572 rdpbus - ok
21:06:42.0901 2572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:42.0916 2572 RDPCDD - ok
21:06:42.0932 2572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:06:42.0948 2572 RDPENCDD - ok
21:06:42.0963 2572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:06:42.0994 2572 RDPREFMP - ok
21:06:43.0026 2572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:06:43.0041 2572 RDPWD - ok
21:06:43.0088 2572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:06:43.0104 2572 rdyboost - ok
21:06:43.0119 2572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:06:43.0150 2572 RemoteAccess - ok
21:06:43.0166 2572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:06:43.0197 2572 RemoteRegistry - ok
21:06:43.0197 2572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:06:43.0213 2572 RpcEptMapper - ok
21:06:43.0228 2572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:06:43.0228 2572 RpcLocator - ok
21:06:43.0244 2572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:43.0275 2572 RpcSs - ok
21:06:43.0291 2572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:06:43.0306 2572 rspndr - ok
21:06:43.0369 2572 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:06:43.0384 2572 RTL8167 - ok
21:06:43.0447 2572 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
21:06:43.0478 2572 RTL8192su - ok
21:06:43.0478 2572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:43.0494 2572 SamSs - ok
21:06:43.0509 2572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:06:43.0525 2572 sbp2port - ok
21:06:43.0540 2572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:06:43.0556 2572 SCardSvr - ok
21:06:43.0587 2572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:06:43.0603 2572 scfilter - ok
21:06:43.0634 2572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:06:43.0665 2572 Schedule - ok
21:06:43.0681 2572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:43.0712 2572 SCPolicySvc - ok
21:06:43.0728 2572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:06:43.0728 2572 SDRSVC - ok
21:06:43.0774 2572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:06:43.0790 2572 secdrv - ok
21:06:43.0821 2572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:06:43.0837 2572 seclogon - ok
21:06:43.0852 2572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:06:43.0868 2572 SENS - ok
21:06:43.0884 2572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:06:43.0899 2572 SensrSvc - ok
21:06:43.0915 2572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:06:43.0930 2572 Serenum - ok
21:06:43.0946 2572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:06:43.0946 2572 Serial - ok
21:06:43.0962 2572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:06:43.0962 2572 sermouse - ok
21:06:43.0993 2572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:06:44.0008 2572 SessionEnv - ok
21:06:44.0024 2572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:06:44.0040 2572 sffdisk - ok
21:06:44.0055 2572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:06:44.0055 2572 sffp_mmc - ok
21:06:44.0071 2572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:06:44.0071 2572 sffp_sd - ok
21:06:44.0118 2572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:06:44.0118 2572 sfloppy - ok
21:06:44.0149 2572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:06:44.0180 2572 SharedAccess - ok
21:06:44.0211 2572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:06:44.0258 2572 ShellHWDetection - ok
21:06:44.0274 2572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:06:44.0289 2572 SiSRaid2 - ok
21:06:44.0289 2572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:06:44.0305 2572 SiSRaid4 - ok
21:06:44.0336 2572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:06:44.0383 2572 Smb - ok
21:06:44.0414 2572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:06:44.0414 2572 SNMPTRAP - ok
21:06:44.0430 2572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:06:44.0430 2572 spldr - ok
21:06:44.0461 2572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:06:44.0492 2572 Spooler - ok
21:06:44.0601 2572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:06:44.0648 2572 sppsvc - ok
21:06:44.0710 2572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:06:44.0742 2572 sppuinotify - ok
21:06:44.0804 2572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:06:44.0835 2572 srv - ok
21:06:44.0851 2572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:06:44.0851 2572 srv2 - ok
21:06:44.0882 2572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:06:44.0882 2572 srvnet - ok
21:06:44.0929 2572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:06:44.0960 2572 SSDPSRV - ok
21:06:44.0960 2572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:06:44.0991 2572 SstpSvc - ok
21:06:45.0069 2572 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:06:45.0085 2572 Stereo Service - ok
21:06:45.0116 2572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:06:45.0116 2572 stexstor - ok
21:06:45.0163 2572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:06:45.0194 2572 stisvc - ok
21:06:45.0210 2572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:06:45.0210 2572 swenum - ok
21:06:45.0256 2572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:06:45.0303 2572 swprv - ok
21:06:45.0366 2572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:06:45.0397 2572 SysMain - ok
21:06:45.0459 2572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:06:45.0490 2572 TabletInputService - ok
21:06:45.0490 2572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:06:45.0522 2572 TapiSrv - ok
21:06:45.0522 2572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:06:45.0553 2572 TBS - ok
21:06:45.0662 2572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:06:45.0693 2572 Tcpip - ok
21:06:45.0771 2572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:06:45.0802 2572 TCPIP6 - ok
21:06:45.0834 2572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:06:45.0849 2572 tcpipreg - ok
21:06:45.0865 2572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:06:45.0880 2572 TDPIPE - ok
21:06:45.0896 2572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:06:45.0896 2572 TDTCP - ok
21:06:45.0927 2572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:06:45.0943 2572 tdx - ok
21:06:45.0974 2572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:06:45.0974 2572 TermDD - ok
21:06:46.0005 2572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:06:46.0036 2572 TermService - ok
21:06:46.0036 2572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:06:46.0052 2572 Themes - ok
21:06:46.0068 2572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:46.0083 2572 THREADORDER - ok
21:06:46.0099 2572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:06:46.0114 2572 TrkWks - ok
21:06:46.0161 2572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:06:46.0208 2572 TrustedInstaller - ok
21:06:46.0224 2572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:46.0270 2572 tssecsrv - ok
21:06:46.0286 2572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:06:46.0286 2572 TsUsbFlt - ok
21:06:46.0317 2572 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:06:46.0317 2572 TsUsbGD - ok
21:06:46.0333 2572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:06:46.0364 2572 tunnel - ok
21:06:46.0380 2572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:06:46.0395 2572 uagp35 - ok
21:06:46.0411 2572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:06:46.0426 2572 udfs - ok
21:06:46.0442 2572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:06:46.0458 2572 UI0Detect - ok
21:06:46.0489 2572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:06:46.0504 2572 uliagpkx - ok
21:06:46.0520 2572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:06:46.0536 2572 umbus - ok
21:06:46.0551 2572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:06:46.0551 2572 UmPass - ok
21:06:46.0692 2572 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:06:46.0723 2572 UNS - ok
21:06:46.0816 2572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:06:46.0848 2572 upnphost - ok
21:06:46.0879 2572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:46.0894 2572 usbccgp - ok
21:06:46.0926 2572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:06:46.0941 2572 usbcir - ok
21:06:46.0941 2572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:06:46.0957 2572 usbehci - ok
21:06:46.0972 2572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:06:46.0988 2572 usbhub - ok
21:06:47.0004 2572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:06:47.0019 2572 usbohci - ok
21:06:47.0035 2572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:06:47.0050 2572 usbprint - ok
21:06:47.0082 2572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:06:47.0082 2572 usbscan - ok
21:06:47.0113 2572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:47.0113 2572 USBSTOR - ok
21:06:47.0144 2572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:06:47.0144 2572 usbuhci - ok
21:06:47.0175 2572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:06:47.0191 2572 UxSms - ok
21:06:47.0238 2572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:47.0238 2572 VaultSvc - ok
21:06:47.0269 2572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:06:47.0269 2572 vdrvroot - ok
21:06:47.0300 2572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:06:47.0331 2572 vds - ok
21:06:47.0362 2572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:47.0378 2572 vga - ok
21:06:47.0394 2572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:06:47.0425 2572 VgaSave - ok
21:06:47.0456 2572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:06:47.0456 2572 vhdmp - ok
21:06:47.0487 2572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:06:47.0503 2572 viaide - ok
21:06:47.0518 2572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:06:47.0518 2572 volmgr - ok
21:06:47.0550 2572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:06:47.0565 2572 volmgrx - ok
21:06:47.0596 2572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:06:47.0612 2572 volsnap - ok
21:06:47.0628 2572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:06:47.0643 2572 vsmraid - ok
21:06:47.0706 2572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:06:47.0752 2572 VSS - ok
21:06:47.0846 2572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:06:47.0862 2572 vwifibus - ok
21:06:47.0877 2572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:06:47.0893 2572 vwififlt - ok
21:06:47.0924 2572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:06:47.0955 2572 W32Time - ok
21:06:47.0971 2572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:06:47.0986 2572 WacomPen - ok
21:06:48.0018 2572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:48.0049 2572 WANARP - ok
21:06:48.0049 2572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:48.0080 2572 Wanarpv6 - ok
21:06:48.0158 2572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:06:48.0189 2572 WatAdminSvc - ok
21:06:48.0252 2572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:06:48.0267 2572 wbengine - ok
21:06:48.0345 2572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:06:48.0361 2572 WbioSrvc - ok
21:06:48.0376 2572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:06:48.0392 2572 wcncsvc - ok
21:06:48.0408 2572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:06:48.0408 2572 WcsPlugInService - ok
21:06:48.0454 2572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:06:48.0470 2572 Wd - ok
21:06:48.0517 2572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:06:48.0532 2572 Wdf01000 - ok
21:06:48.0548 2572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:06:48.0548 2572 WdiServiceHost - ok
21:06:48.0548 2572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:06:48.0564 2572 WdiSystemHost - ok
21:06:48.0595 2572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:06:48.0610 2572 WebClient - ok
21:06:48.0610 2572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:06:48.0642 2572 Wecsvc - ok
21:06:48.0642 2572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:06:48.0657 2572 wercplsupport - ok
21:06:48.0673 2572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:06:48.0704 2572 WerSvc - ok
21:06:48.0735 2572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:06:48.0782 2572 WfpLwf - ok
21:06:48.0782 2572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:06:48.0798 2572 WIMMount - ok
21:06:48.0829 2572 WinDefend - ok
21:06:48.0829 2572 WinHttpAutoProxySvc - ok
21:06:48.0876 2572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:06:48.0907 2572 Winmgmt - ok
21:06:48.0985 2572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:06:49.0016 2572 WinRM - ok
21:06:49.0125 2572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:06:49.0156 2572 Wlansvc - ok
21:06:49.0281 2572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:06:49.0312 2572 wlidsvc - ok
21:06:49.0422 2572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:06:49.0437 2572 WmiAcpi - ok
21:06:49.0484 2572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:06:49.0500 2572 wmiApSrv - ok
21:06:49.0515 2572 WMPNetworkSvc - ok
21:06:49.0546 2572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:06:49.0562 2572 WPCSvc - ok
21:06:49.0578 2572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:06:49.0593 2572 WPDBusEnum - ok
21:06:49.0609 2572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:06:49.0640 2572 ws2ifsl - ok
21:06:49.0656 2572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:06:49.0671 2572 wscsvc - ok
21:06:49.0671 2572 WSearch - ok
21:06:49.0687 2572 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
21:06:49.0702 2572 wsvd - ok
21:06:49.0796 2572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:06:49.0827 2572 wuauserv - ok
21:06:49.0921 2572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:06:49.0968 2572 WudfPf - ok
21:06:49.0983 2572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:49.0999 2572 WUDFRd - ok
21:06:50.0014 2572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:06:50.0046 2572 wudfsvc - ok
21:06:50.0046 2572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:06:50.0061 2572 WwanSvc - ok
21:06:50.0077 2572 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0
21:06:51.0886 2572 \Device\Harddisk0\DR0 - ok
21:06:51.0886 2572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
21:06:51.0949 2572 \Device\Harddisk4\DR4 - ok
21:06:51.0980 2572 Boot (0x1200) (0fde04d6cc1f6e4f54c2f20a73cf1e33) \Device\Harddisk0\DR0\Partition0
21:06:51.0980 2572 \Device\Harddisk0\DR0\Partition0 - ok
21:06:51.0996 2572 Boot (0x1200) (5bbaa6b6ff12245822fc9b92c2195a83) \Device\Harddisk0\DR0\Partition1
21:06:51.0996 2572 \Device\Harddisk0\DR0\Partition1 - ok
21:06:52.0027 2572 Boot (0x1200) (05b3e66d96f35d87bf620ed76b6d70d4) \Device\Harddisk0\DR0\Partition2
21:06:52.0027 2572 \Device\Harddisk0\DR0\Partition2 - ok
21:06:52.0027 2572 Boot (0x1200) (7df5c5e9f9bfd98ef4245e6cf5d598ca) \Device\Harddisk4\DR4\Partition0
21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition0 - ok
21:06:52.0042 2572 Boot (0x1200) (3984f4922ac71dfe2a1ff7bf23177306) \Device\Harddisk4\DR4\Partition1
21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition1 - ok
21:06:52.0042 2572 ============================================================
21:06:52.0042 2572 Scan finished
21:06:52.0042 2572 ============================================================
21:06:52.0058 3736 Detected object count: 1
21:06:52.0058 3736 Actual detected object count: 1
|
|
11.08.2012, 21:48
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Log ist leider unvollständig, die untere Zusammenfassung fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2012, 22:37
| #21 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? entschuldige... jetzt komplett: Code:
ATTFilter 21:06:17.0286 4052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:06:17.0551 4052 ============================================================
21:06:17.0551 4052 Current date / time: 2012/08/11 21:06:17.0551
21:06:17.0551 4052 SystemInfo:
21:06:17.0551 4052
21:06:17.0551 4052 OS Version: 6.1.7601 ServicePack: 1.0
21:06:17.0551 4052 Product type: Workstation
21:06:17.0551 4052 ComputerName: GW-PC
21:06:17.0551 4052 UserName: GW
21:06:17.0551 4052 Windows directory: C:\Windows
21:06:17.0551 4052 System windows directory: C:\Windows
21:06:17.0551 4052 Running under WOW64
21:06:17.0551 4052 Processor architecture: Intel x64
21:06:17.0551 4052 Number of processors: 4
21:06:17.0551 4052 Page size: 0x1000
21:06:17.0551 4052 Boot type: Normal boot
21:06:17.0551 4052 ============================================================
21:06:17.0847 4052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:17.0863 4052 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:17.0910 4052 ============================================================
21:06:17.0910 4052 \Device\Harddisk0\DR0:
21:06:17.0910 4052 MBR partitions:
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3000
21:06:17.0910 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6E105800, BlocksNum 0x6400000
21:06:17.0910 4052 \Device\Harddisk4\DR4:
21:06:17.0910 4052 MBR partitions:
21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A80000
21:06:17.0910 4052 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x87387000
21:06:17.0910 4052 ============================================================
21:06:18.0003 4052 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:18.0066 4052 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:18.0112 4052 I: <-> \Device\Harddisk4\DR4\Partition1
21:06:18.0144 4052 J: <-> \Device\Harddisk4\DR4\Partition0
21:06:18.0144 4052 ============================================================
21:06:18.0144 4052 Initialize success
21:06:18.0144 4052 ============================================================
21:06:28.0830 2572 ============================================================
21:06:28.0830 2572 Scan started
21:06:28.0830 2572 Mode: Manual; SigCheck; TDLFS;
21:06:28.0830 2572 ============================================================
21:06:29.0126 2572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:06:29.0173 2572 1394ohci - ok
21:06:29.0204 2572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:06:29.0220 2572 ACPI - ok
21:06:29.0251 2572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:06:29.0251 2572 AcpiPmi - ok
21:06:29.0376 2572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:29.0391 2572 AdobeARMservice - ok
21:06:29.0422 2572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:06:29.0438 2572 adp94xx - ok
21:06:29.0485 2572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:06:29.0500 2572 adpahci - ok
21:06:29.0532 2572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:06:29.0547 2572 adpu320 - ok
21:06:29.0578 2572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:06:29.0610 2572 AeLookupSvc - ok
21:06:29.0672 2572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:06:29.0688 2572 AFD - ok
21:06:29.0734 2572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:06:29.0734 2572 agp440 - ok
21:06:29.0750 2572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:06:29.0766 2572 ALG - ok
21:06:29.0781 2572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:06:29.0797 2572 aliide - ok
21:06:29.0812 2572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:06:29.0828 2572 amdide - ok
21:06:29.0844 2572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:06:29.0859 2572 AmdK8 - ok
21:06:29.0875 2572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:06:29.0890 2572 AmdPPM - ok
21:06:29.0906 2572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:06:29.0922 2572 amdsata - ok
21:06:29.0953 2572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:06:29.0968 2572 amdsbs - ok
21:06:29.0968 2572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:06:29.0984 2572 amdxata - ok
21:06:30.0062 2572 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
21:06:30.0078 2572 AntiVirMailService - ok
21:06:30.0140 2572 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:06:30.0140 2572 AntiVirSchedulerService - ok
21:06:30.0156 2572 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:06:30.0171 2572 AntiVirService - ok
21:06:30.0187 2572 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:06:30.0202 2572 AntiVirWebService - ok
21:06:30.0234 2572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:06:30.0249 2572 AppID - ok
21:06:30.0265 2572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:06:30.0296 2572 AppIDSvc - ok
21:06:30.0296 2572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:06:30.0327 2572 Appinfo - ok
21:06:30.0358 2572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:06:30.0358 2572 arc - ok
21:06:30.0358 2572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:06:30.0374 2572 arcsas - ok
21:06:30.0405 2572 asmthub3 (d6d2bb2f4f5868549dde75f3146bc84e) C:\Windows\system32\drivers\asmthub3.sys
21:06:30.0421 2572 asmthub3 - ok
21:06:30.0452 2572 asmtxhci (1e758172367dc2a3653f16586d62a3f0) C:\Windows\system32\drivers\asmtxhci.sys
21:06:30.0468 2572 asmtxhci - ok
21:06:30.0483 2572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:30.0514 2572 AsyncMac - ok
21:06:30.0546 2572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:06:30.0561 2572 atapi - ok
21:06:30.0608 2572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:30.0639 2572 AudioEndpointBuilder - ok
21:06:30.0655 2572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:30.0670 2572 AudioSrv - ok
21:06:30.0717 2572 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:06:30.0717 2572 avgntflt - ok
21:06:30.0733 2572 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:06:30.0748 2572 avipbb - ok
21:06:30.0748 2572 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:06:30.0764 2572 avkmgr - ok
21:06:30.0826 2572 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
21:06:30.0842 2572 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:06:30.0842 2572 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
21:06:30.0858 2572 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
21:06:30.0858 2572 avmeject - ok
21:06:30.0904 2572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:06:30.0904 2572 AxInstSV - ok
21:06:30.0951 2572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:06:30.0967 2572 b06bdrv - ok
21:06:30.0998 2572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:31.0014 2572 b57nd60a - ok
21:06:31.0060 2572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:06:31.0076 2572 BDESVC - ok
21:06:31.0076 2572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:06:31.0123 2572 Beep - ok
21:06:31.0138 2572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:06:31.0170 2572 BFE - ok
21:06:31.0216 2572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:06:31.0248 2572 BITS - ok
21:06:31.0310 2572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:06:31.0326 2572 blbdrive - ok
21:06:31.0357 2572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:06:31.0372 2572 bowser - ok
21:06:31.0388 2572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:06:31.0404 2572 BrFiltLo - ok
21:06:31.0419 2572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:06:31.0435 2572 BrFiltUp - ok
21:06:31.0466 2572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:06:31.0513 2572 Browser - ok
21:06:31.0528 2572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:06:31.0544 2572 Brserid - ok
21:06:31.0560 2572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:31.0575 2572 BrSerWdm - ok
21:06:31.0591 2572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:31.0606 2572 BrUsbMdm - ok
21:06:31.0606 2572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:31.0622 2572 BrUsbSer - ok
21:06:31.0638 2572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:06:31.0638 2572 BTHMODEM - ok
21:06:31.0684 2572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:06:31.0700 2572 bthserv - ok
21:06:31.0731 2572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:31.0747 2572 cdfs - ok
21:06:31.0778 2572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:31.0794 2572 cdrom - ok
21:06:31.0809 2572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:31.0825 2572 CertPropSvc - ok
21:06:31.0840 2572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:06:31.0856 2572 circlass - ok
21:06:31.0887 2572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:06:31.0887 2572 CLFS - ok
21:06:31.0934 2572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:31.0950 2572 clr_optimization_v2.0.50727_32 - ok
21:06:31.0981 2572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:31.0981 2572 clr_optimization_v2.0.50727_64 - ok
21:06:32.0059 2572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:32.0074 2572 clr_optimization_v4.0.30319_32 - ok
21:06:32.0090 2572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:32.0106 2572 clr_optimization_v4.0.30319_64 - ok
21:06:32.0121 2572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:06:32.0121 2572 CmBatt - ok
21:06:32.0137 2572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:06:32.0152 2572 cmdide - ok
21:06:32.0199 2572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:06:32.0230 2572 CNG - ok
21:06:32.0262 2572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:06:32.0262 2572 Compbatt - ok
21:06:32.0308 2572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:06:32.0324 2572 CompositeBus - ok
21:06:32.0324 2572 COMSysApp - ok
21:06:32.0340 2572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:06:32.0355 2572 crcdisk - ok
21:06:32.0386 2572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:06:32.0402 2572 CryptSvc - ok
21:06:32.0449 2572 dc3d (c7259495924d21f1afa26467d9f4dae0) C:\Windows\system32\DRIVERS\dc3d.sys
21:06:32.0464 2572 dc3d - ok
21:06:32.0496 2572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:32.0527 2572 DcomLaunch - ok
21:06:32.0558 2572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:06:32.0589 2572 defragsvc - ok
21:06:32.0605 2572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:06:32.0636 2572 DfsC - ok
21:06:32.0652 2572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:06:32.0667 2572 Dhcp - ok
21:06:32.0698 2572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:06:32.0714 2572 discache - ok
21:06:32.0761 2572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:06:32.0776 2572 Disk - ok
21:06:32.0808 2572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:06:32.0823 2572 Dnscache - ok
21:06:32.0870 2572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:06:32.0901 2572 dot3svc - ok
21:06:32.0901 2572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:06:32.0917 2572 DPS - ok
21:06:32.0964 2572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:06:32.0964 2572 drmkaud - ok
21:06:33.0010 2572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:33.0042 2572 DXGKrnl - ok
21:06:33.0057 2572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:06:33.0088 2572 EapHost - ok
21:06:33.0182 2572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:06:33.0213 2572 ebdrv - ok
21:06:33.0307 2572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:06:33.0322 2572 EFS - ok
21:06:33.0385 2572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:06:33.0400 2572 ehRecvr - ok
21:06:33.0416 2572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:06:33.0432 2572 ehSched - ok
21:06:33.0494 2572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:06:33.0525 2572 elxstor - ok
21:06:33.0525 2572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:06:33.0541 2572 ErrDev - ok
21:06:33.0588 2572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:06:33.0619 2572 EventSystem - ok
21:06:33.0650 2572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:06:33.0666 2572 exfat - ok
21:06:33.0681 2572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:06:33.0697 2572 fastfat - ok
21:06:33.0728 2572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:06:33.0744 2572 Fax - ok
21:06:33.0775 2572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:06:33.0775 2572 fdc - ok
21:06:33.0775 2572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:06:33.0806 2572 fdPHost - ok
21:06:33.0822 2572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:06:33.0837 2572 FDResPub - ok
21:06:33.0868 2572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:06:33.0868 2572 FileInfo - ok
21:06:33.0884 2572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:06:33.0915 2572 Filetrace - ok
21:06:33.0993 2572 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:06:34.0009 2572 FLEXnet Licensing Service - ok
21:06:34.0040 2572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:06:34.0056 2572 flpydisk - ok
21:06:34.0087 2572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:06:34.0102 2572 FltMgr - ok
21:06:34.0165 2572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:06:34.0196 2572 FontCache - ok
21:06:34.0258 2572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:34.0274 2572 FontCache3.0.0.0 - ok
21:06:34.0305 2572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:06:34.0321 2572 FsDepends - ok
21:06:34.0352 2572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:34.0352 2572 Fs_Rec - ok
21:06:34.0383 2572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:06:34.0399 2572 fvevol - ok
21:06:34.0446 2572 fwlanusbn (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys
21:06:34.0461 2572 fwlanusbn - ok
21:06:34.0492 2572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:06:34.0508 2572 gagp30kx - ok
21:06:34.0555 2572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:06:34.0586 2572 gpsvc - ok
21:06:34.0617 2572 gupdate - ok
21:06:34.0617 2572 gupdatem - ok
21:06:34.0648 2572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:06:34.0664 2572 hcw85cir - ok
21:06:34.0711 2572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:06:34.0726 2572 HdAudAddService - ok
21:06:34.0773 2572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:06:34.0789 2572 HDAudBus - ok
21:06:34.0804 2572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:06:34.0820 2572 HidBatt - ok
21:06:34.0836 2572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:06:34.0851 2572 HidBth - ok
21:06:34.0882 2572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:06:34.0898 2572 HidIr - ok
21:06:34.0914 2572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:06:34.0929 2572 hidserv - ok
21:06:34.0976 2572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:34.0976 2572 HidUsb - ok
21:06:34.0992 2572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:06:35.0023 2572 hkmsvc - ok
21:06:35.0023 2572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:06:35.0038 2572 HomeGroupListener - ok
21:06:35.0054 2572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:06:35.0070 2572 HomeGroupProvider - ok
21:06:35.0070 2572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:06:35.0085 2572 HpSAMD - ok
21:06:35.0132 2572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:06:35.0179 2572 HTTP - ok
21:06:35.0179 2572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:06:35.0194 2572 hwpolicy - ok
21:06:35.0226 2572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:06:35.0241 2572 i8042prt - ok
21:06:35.0272 2572 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
21:06:35.0304 2572 iaStor - ok
21:06:35.0366 2572 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:06:35.0382 2572 IAStorDataMgrSvc - ok
21:06:35.0413 2572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:06:35.0444 2572 iaStorV - ok
21:06:35.0522 2572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:35.0538 2572 idsvc - ok
21:06:35.0725 2572 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:35.0787 2572 igfx - ok
21:06:35.0896 2572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:06:35.0896 2572 iirsp - ok
21:06:35.0959 2572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:06:35.0990 2572 IKEEXT - ok
21:06:36.0130 2572 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
21:06:36.0162 2572 IntcAzAudAddService - ok
21:06:36.0255 2572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:06:36.0271 2572 intelide - ok
21:06:36.0286 2572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:36.0302 2572 intelppm - ok
21:06:36.0318 2572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:06:36.0349 2572 IPBusEnum - ok
21:06:36.0364 2572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:36.0396 2572 IpFilterDriver - ok
21:06:36.0411 2572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:06:36.0442 2572 iphlpsvc - ok
21:06:36.0474 2572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:06:36.0474 2572 IPMIDRV - ok
21:06:36.0474 2572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:06:36.0505 2572 IPNAT - ok
21:06:36.0505 2572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:06:36.0520 2572 IRENUM - ok
21:06:36.0536 2572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:06:36.0552 2572 isapnp - ok
21:06:36.0567 2572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:06:36.0598 2572 iScsiPrt - ok
21:06:36.0614 2572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:36.0630 2572 kbdclass - ok
21:06:36.0645 2572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:06:36.0645 2572 kbdhid - ok
21:06:36.0676 2572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:36.0692 2572 KeyIso - ok
21:06:36.0723 2572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:06:36.0739 2572 KSecDD - ok
21:06:36.0754 2572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:06:36.0770 2572 KSecPkg - ok
21:06:36.0786 2572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:06:36.0817 2572 ksthunk - ok
21:06:36.0848 2572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:06:36.0864 2572 KtmRm - ok
21:06:36.0895 2572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:06:36.0926 2572 LanmanServer - ok
21:06:36.0942 2572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:06:36.0973 2572 LanmanWorkstation - ok
21:06:37.0004 2572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:37.0020 2572 lltdio - ok
21:06:37.0051 2572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:06:37.0082 2572 lltdsvc - ok
21:06:37.0082 2572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:06:37.0113 2572 lmhosts - ok
21:06:37.0191 2572 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:06:37.0207 2572 LMS - ok
21:06:37.0238 2572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:06:37.0254 2572 LSI_FC - ok
21:06:37.0285 2572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:06:37.0300 2572 LSI_SAS - ok
21:06:37.0332 2572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:06:37.0332 2572 LSI_SAS2 - ok
21:06:37.0363 2572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:06:37.0378 2572 LSI_SCSI - ok
21:06:37.0410 2572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:06:37.0456 2572 luafv - ok
21:06:37.0488 2572 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:06:37.0503 2572 MBAMProtector - ok
21:06:37.0550 2572 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:06:37.0566 2572 MBAMService - ok
21:06:37.0597 2572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:06:37.0612 2572 Mcx2Svc - ok
21:06:37.0628 2572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:06:37.0644 2572 megasas - ok
21:06:37.0675 2572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:06:37.0706 2572 MegaSR - ok
21:06:37.0722 2572 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
21:06:37.0737 2572 MEIx64 - ok
21:06:37.0784 2572 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
21:06:37.0800 2572 MemeoBackgroundService - ok
21:06:37.0815 2572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:37.0846 2572 MMCSS - ok
21:06:37.0862 2572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:06:37.0893 2572 Modem - ok
21:06:37.0909 2572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:06:37.0909 2572 monitor - ok
21:06:37.0940 2572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:37.0956 2572 mouclass - ok
21:06:37.0971 2572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:37.0987 2572 mouhid - ok
21:06:38.0018 2572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:06:38.0034 2572 mountmgr - ok
21:06:38.0049 2572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:06:38.0065 2572 mpio - ok
21:06:38.0065 2572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:06:38.0096 2572 mpsdrv - ok
21:06:38.0127 2572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:06:38.0158 2572 MpsSvc - ok
21:06:38.0190 2572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:06:38.0190 2572 MRxDAV - ok
21:06:38.0221 2572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:38.0236 2572 mrxsmb - ok
21:06:38.0252 2572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:38.0268 2572 mrxsmb10 - ok
21:06:38.0283 2572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:38.0283 2572 mrxsmb20 - ok
21:06:38.0299 2572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:06:38.0314 2572 msahci - ok
21:06:38.0330 2572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:06:38.0346 2572 msdsm - ok
21:06:38.0361 2572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:06:38.0377 2572 MSDTC - ok
21:06:38.0392 2572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:06:38.0408 2572 Msfs - ok
21:06:38.0439 2572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:06:38.0455 2572 mshidkmdf - ok
21:06:38.0470 2572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:06:38.0470 2572 msisadrv - ok
21:06:38.0486 2572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:06:38.0517 2572 MSiSCSI - ok
21:06:38.0517 2572 msiserver - ok
21:06:38.0548 2572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:38.0564 2572 MSKSSRV - ok
21:06:38.0580 2572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:38.0611 2572 MSPCLOCK - ok
21:06:38.0611 2572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:06:38.0626 2572 MSPQM - ok
21:06:38.0642 2572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:06:38.0658 2572 MsRPC - ok
21:06:38.0673 2572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:06:38.0673 2572 mssmbios - ok
21:06:38.0673 2572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:06:38.0704 2572 MSTEE - ok
21:06:38.0720 2572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:06:38.0720 2572 MTConfig - ok
21:06:38.0736 2572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:06:38.0751 2572 Mup - ok
21:06:38.0782 2572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:06:38.0798 2572 napagent - ok
21:06:38.0829 2572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:38.0845 2572 NativeWifiP - ok
21:06:38.0892 2572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:06:38.0923 2572 NDIS - ok
21:06:38.0923 2572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:38.0954 2572 NdisCap - ok
21:06:38.0970 2572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:38.0985 2572 NdisTapi - ok
21:06:39.0016 2572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:39.0032 2572 Ndisuio - ok
21:06:39.0063 2572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:39.0079 2572 NdisWan - ok
21:06:39.0094 2572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:06:39.0126 2572 NDProxy - ok
21:06:39.0126 2572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:06:39.0141 2572 NetBIOS - ok
21:06:39.0157 2572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:06:39.0172 2572 NetBT - ok
21:06:39.0219 2572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:39.0235 2572 Netlogon - ok
21:06:39.0266 2572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:06:39.0313 2572 Netman - ok
21:06:39.0328 2572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:06:39.0360 2572 netprofm - ok
21:06:39.0422 2572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:06:39.0438 2572 NetTcpPortSharing - ok
21:06:39.0453 2572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:06:39.0469 2572 nfrd960 - ok
21:06:39.0500 2572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:06:39.0531 2572 NlaSvc - ok
21:06:39.0547 2572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:06:39.0562 2572 Npfs - ok
21:06:39.0578 2572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:06:39.0594 2572 nsi - ok
21:06:39.0609 2572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:06:39.0625 2572 nsiproxy - ok
21:06:39.0703 2572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:06:39.0734 2572 Ntfs - ok
21:06:39.0828 2572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:06:39.0859 2572 Null - ok
21:06:39.0906 2572 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:06:39.0921 2572 NVENETFD - ok
21:06:39.0968 2572 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
21:06:39.0984 2572 NVHDA - ok
21:06:40.0374 2572 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:40.0530 2572 nvlddmkm - ok
21:06:40.0623 2572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:06:40.0639 2572 nvraid - ok
21:06:40.0654 2572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:06:40.0670 2572 nvstor - ok
21:06:40.0717 2572 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
21:06:40.0748 2572 nvsvc - ok
21:06:40.0842 2572 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:06:40.0873 2572 nvUpdatusService - ok
21:06:40.0966 2572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:06:40.0982 2572 nv_agp - ok
21:06:41.0076 2572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:06:41.0091 2572 odserv - ok
21:06:41.0122 2572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:06:41.0138 2572 ohci1394 - ok
21:06:41.0154 2572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:06:41.0169 2572 ose - ok
21:06:41.0200 2572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:06:41.0216 2572 p2pimsvc - ok
21:06:41.0232 2572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:06:41.0247 2572 p2psvc - ok
21:06:41.0278 2572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:06:41.0278 2572 Parport - ok
21:06:41.0310 2572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:06:41.0310 2572 partmgr - ok
21:06:41.0325 2572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:06:41.0341 2572 PcaSvc - ok
21:06:41.0356 2572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:06:41.0356 2572 pci - ok
21:06:41.0372 2572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:06:41.0388 2572 pciide - ok
21:06:41.0419 2572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:06:41.0419 2572 pcmcia - ok
21:06:41.0434 2572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:06:41.0450 2572 pcw - ok
21:06:41.0481 2572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:06:41.0512 2572 PEAUTH - ok
21:06:41.0575 2572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:06:41.0590 2572 PerfHost - ok
21:06:41.0637 2572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:06:41.0684 2572 pla - ok
21:06:41.0731 2572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:06:41.0746 2572 PlugPlay - ok
21:06:41.0778 2572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:06:41.0793 2572 PNRPAutoReg - ok
21:06:41.0809 2572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:06:41.0824 2572 PNRPsvc - ok
21:06:41.0871 2572 Point64 (32d374c60778253b81fa76c2fe19e155) C:\Windows\system32\DRIVERS\point64.sys
21:06:41.0887 2572 Point64 - ok
21:06:41.0918 2572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:06:41.0965 2572 PolicyAgent - ok
21:06:41.0996 2572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:06:42.0012 2572 Power - ok
21:06:42.0043 2572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:06:42.0074 2572 PptpMiniport - ok
21:06:42.0090 2572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:06:42.0105 2572 Processor - ok
21:06:42.0136 2572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:06:42.0152 2572 ProfSvc - ok
21:06:42.0168 2572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:42.0183 2572 ProtectedStorage - ok
21:06:42.0214 2572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:06:42.0230 2572 Psched - ok
21:06:42.0292 2572 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:06:42.0308 2572 PSI_SVC_2 - ok
21:06:42.0386 2572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:06:42.0417 2572 ql2300 - ok
21:06:42.0480 2572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:06:42.0495 2572 ql40xx - ok
21:06:42.0511 2572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:06:42.0542 2572 QWAVE - ok
21:06:42.0558 2572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:06:42.0573 2572 QWAVEdrv - ok
21:06:42.0573 2572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:06:42.0604 2572 RasAcd - ok
21:06:42.0620 2572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:06:42.0636 2572 RasAgileVpn - ok
21:06:42.0651 2572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:06:42.0682 2572 RasAuto - ok
21:06:42.0682 2572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:42.0714 2572 Rasl2tp - ok
21:06:42.0729 2572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:06:42.0760 2572 RasMan - ok
21:06:42.0760 2572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:42.0776 2572 RasPppoe - ok
21:06:42.0792 2572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:06:42.0823 2572 RasSstp - ok
21:06:42.0838 2572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:06:42.0854 2572 rdbss - ok
21:06:42.0885 2572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:06:42.0885 2572 rdpbus - ok
21:06:42.0901 2572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:42.0916 2572 RDPCDD - ok
21:06:42.0932 2572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:06:42.0948 2572 RDPENCDD - ok
21:06:42.0963 2572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:06:42.0994 2572 RDPREFMP - ok
21:06:43.0026 2572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:06:43.0041 2572 RDPWD - ok
21:06:43.0088 2572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:06:43.0104 2572 rdyboost - ok
21:06:43.0119 2572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:06:43.0150 2572 RemoteAccess - ok
21:06:43.0166 2572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:06:43.0197 2572 RemoteRegistry - ok
21:06:43.0197 2572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:06:43.0213 2572 RpcEptMapper - ok
21:06:43.0228 2572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:06:43.0228 2572 RpcLocator - ok
21:06:43.0244 2572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:43.0275 2572 RpcSs - ok
21:06:43.0291 2572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:06:43.0306 2572 rspndr - ok
21:06:43.0369 2572 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:06:43.0384 2572 RTL8167 - ok
21:06:43.0447 2572 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
21:06:43.0478 2572 RTL8192su - ok
21:06:43.0478 2572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:43.0494 2572 SamSs - ok
21:06:43.0509 2572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:06:43.0525 2572 sbp2port - ok
21:06:43.0540 2572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:06:43.0556 2572 SCardSvr - ok
21:06:43.0587 2572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:06:43.0603 2572 scfilter - ok
21:06:43.0634 2572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:06:43.0665 2572 Schedule - ok
21:06:43.0681 2572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:43.0712 2572 SCPolicySvc - ok
21:06:43.0728 2572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:06:43.0728 2572 SDRSVC - ok
21:06:43.0774 2572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:06:43.0790 2572 secdrv - ok
21:06:43.0821 2572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:06:43.0837 2572 seclogon - ok
21:06:43.0852 2572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:06:43.0868 2572 SENS - ok
21:06:43.0884 2572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:06:43.0899 2572 SensrSvc - ok
21:06:43.0915 2572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:06:43.0930 2572 Serenum - ok
21:06:43.0946 2572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:06:43.0946 2572 Serial - ok
21:06:43.0962 2572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:06:43.0962 2572 sermouse - ok
21:06:43.0993 2572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:06:44.0008 2572 SessionEnv - ok
21:06:44.0024 2572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:06:44.0040 2572 sffdisk - ok
21:06:44.0055 2572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:06:44.0055 2572 sffp_mmc - ok
21:06:44.0071 2572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:06:44.0071 2572 sffp_sd - ok
21:06:44.0118 2572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:06:44.0118 2572 sfloppy - ok
21:06:44.0149 2572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:06:44.0180 2572 SharedAccess - ok
21:06:44.0211 2572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:06:44.0258 2572 ShellHWDetection - ok
21:06:44.0274 2572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:06:44.0289 2572 SiSRaid2 - ok
21:06:44.0289 2572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:06:44.0305 2572 SiSRaid4 - ok
21:06:44.0336 2572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:06:44.0383 2572 Smb - ok
21:06:44.0414 2572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:06:44.0414 2572 SNMPTRAP - ok
21:06:44.0430 2572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:06:44.0430 2572 spldr - ok
21:06:44.0461 2572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:06:44.0492 2572 Spooler - ok
21:06:44.0601 2572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:06:44.0648 2572 sppsvc - ok
21:06:44.0710 2572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:06:44.0742 2572 sppuinotify - ok
21:06:44.0804 2572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:06:44.0835 2572 srv - ok
21:06:44.0851 2572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:06:44.0851 2572 srv2 - ok
21:06:44.0882 2572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:06:44.0882 2572 srvnet - ok
21:06:44.0929 2572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:06:44.0960 2572 SSDPSRV - ok
21:06:44.0960 2572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:06:44.0991 2572 SstpSvc - ok
21:06:45.0069 2572 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:06:45.0085 2572 Stereo Service - ok
21:06:45.0116 2572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:06:45.0116 2572 stexstor - ok
21:06:45.0163 2572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:06:45.0194 2572 stisvc - ok
21:06:45.0210 2572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:06:45.0210 2572 swenum - ok
21:06:45.0256 2572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:06:45.0303 2572 swprv - ok
21:06:45.0366 2572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:06:45.0397 2572 SysMain - ok
21:06:45.0459 2572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:06:45.0490 2572 TabletInputService - ok
21:06:45.0490 2572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:06:45.0522 2572 TapiSrv - ok
21:06:45.0522 2572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:06:45.0553 2572 TBS - ok
21:06:45.0662 2572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:06:45.0693 2572 Tcpip - ok
21:06:45.0771 2572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:06:45.0802 2572 TCPIP6 - ok
21:06:45.0834 2572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:06:45.0849 2572 tcpipreg - ok
21:06:45.0865 2572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:06:45.0880 2572 TDPIPE - ok
21:06:45.0896 2572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:06:45.0896 2572 TDTCP - ok
21:06:45.0927 2572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:06:45.0943 2572 tdx - ok
21:06:45.0974 2572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:06:45.0974 2572 TermDD - ok
21:06:46.0005 2572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:06:46.0036 2572 TermService - ok
21:06:46.0036 2572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:06:46.0052 2572 Themes - ok
21:06:46.0068 2572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:46.0083 2572 THREADORDER - ok
21:06:46.0099 2572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:06:46.0114 2572 TrkWks - ok
21:06:46.0161 2572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:06:46.0208 2572 TrustedInstaller - ok
21:06:46.0224 2572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:46.0270 2572 tssecsrv - ok
21:06:46.0286 2572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:06:46.0286 2572 TsUsbFlt - ok
21:06:46.0317 2572 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:06:46.0317 2572 TsUsbGD - ok
21:06:46.0333 2572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:06:46.0364 2572 tunnel - ok
21:06:46.0380 2572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:06:46.0395 2572 uagp35 - ok
21:06:46.0411 2572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:06:46.0426 2572 udfs - ok
21:06:46.0442 2572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:06:46.0458 2572 UI0Detect - ok
21:06:46.0489 2572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:06:46.0504 2572 uliagpkx - ok
21:06:46.0520 2572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:06:46.0536 2572 umbus - ok
21:06:46.0551 2572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:06:46.0551 2572 UmPass - ok
21:06:46.0692 2572 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:06:46.0723 2572 UNS - ok
21:06:46.0816 2572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:06:46.0848 2572 upnphost - ok
21:06:46.0879 2572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:46.0894 2572 usbccgp - ok
21:06:46.0926 2572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:06:46.0941 2572 usbcir - ok
21:06:46.0941 2572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:06:46.0957 2572 usbehci - ok
21:06:46.0972 2572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:06:46.0988 2572 usbhub - ok
21:06:47.0004 2572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:06:47.0019 2572 usbohci - ok
21:06:47.0035 2572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:06:47.0050 2572 usbprint - ok
21:06:47.0082 2572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:06:47.0082 2572 usbscan - ok
21:06:47.0113 2572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:47.0113 2572 USBSTOR - ok
21:06:47.0144 2572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:06:47.0144 2572 usbuhci - ok
21:06:47.0175 2572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:06:47.0191 2572 UxSms - ok
21:06:47.0238 2572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:06:47.0238 2572 VaultSvc - ok
21:06:47.0269 2572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:06:47.0269 2572 vdrvroot - ok
21:06:47.0300 2572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:06:47.0331 2572 vds - ok
21:06:47.0362 2572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:47.0378 2572 vga - ok
21:06:47.0394 2572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:06:47.0425 2572 VgaSave - ok
21:06:47.0456 2572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:06:47.0456 2572 vhdmp - ok
21:06:47.0487 2572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:06:47.0503 2572 viaide - ok
21:06:47.0518 2572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:06:47.0518 2572 volmgr - ok
21:06:47.0550 2572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:06:47.0565 2572 volmgrx - ok
21:06:47.0596 2572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:06:47.0612 2572 volsnap - ok
21:06:47.0628 2572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:06:47.0643 2572 vsmraid - ok
21:06:47.0706 2572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:06:47.0752 2572 VSS - ok
21:06:47.0846 2572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:06:47.0862 2572 vwifibus - ok
21:06:47.0877 2572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:06:47.0893 2572 vwififlt - ok
21:06:47.0924 2572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:06:47.0955 2572 W32Time - ok
21:06:47.0971 2572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:06:47.0986 2572 WacomPen - ok
21:06:48.0018 2572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:48.0049 2572 WANARP - ok
21:06:48.0049 2572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:48.0080 2572 Wanarpv6 - ok
21:06:48.0158 2572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:06:48.0189 2572 WatAdminSvc - ok
21:06:48.0252 2572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:06:48.0267 2572 wbengine - ok
21:06:48.0345 2572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:06:48.0361 2572 WbioSrvc - ok
21:06:48.0376 2572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:06:48.0392 2572 wcncsvc - ok
21:06:48.0408 2572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:06:48.0408 2572 WcsPlugInService - ok
21:06:48.0454 2572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:06:48.0470 2572 Wd - ok
21:06:48.0517 2572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:06:48.0532 2572 Wdf01000 - ok
21:06:48.0548 2572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:06:48.0548 2572 WdiServiceHost - ok
21:06:48.0548 2572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:06:48.0564 2572 WdiSystemHost - ok
21:06:48.0595 2572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:06:48.0610 2572 WebClient - ok
21:06:48.0610 2572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:06:48.0642 2572 Wecsvc - ok
21:06:48.0642 2572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:06:48.0657 2572 wercplsupport - ok
21:06:48.0673 2572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:06:48.0704 2572 WerSvc - ok
21:06:48.0735 2572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:06:48.0782 2572 WfpLwf - ok
21:06:48.0782 2572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:06:48.0798 2572 WIMMount - ok
21:06:48.0829 2572 WinDefend - ok
21:06:48.0829 2572 WinHttpAutoProxySvc - ok
21:06:48.0876 2572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:06:48.0907 2572 Winmgmt - ok
21:06:48.0985 2572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:06:49.0016 2572 WinRM - ok
21:06:49.0125 2572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:06:49.0156 2572 Wlansvc - ok
21:06:49.0281 2572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:06:49.0312 2572 wlidsvc - ok
21:06:49.0422 2572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:06:49.0437 2572 WmiAcpi - ok
21:06:49.0484 2572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:06:49.0500 2572 wmiApSrv - ok
21:06:49.0515 2572 WMPNetworkSvc - ok
21:06:49.0546 2572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:06:49.0562 2572 WPCSvc - ok
21:06:49.0578 2572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:06:49.0593 2572 WPDBusEnum - ok
21:06:49.0609 2572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:06:49.0640 2572 ws2ifsl - ok
21:06:49.0656 2572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:06:49.0671 2572 wscsvc - ok
21:06:49.0671 2572 WSearch - ok
21:06:49.0687 2572 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
21:06:49.0702 2572 wsvd - ok
21:06:49.0796 2572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:06:49.0827 2572 wuauserv - ok
21:06:49.0921 2572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:06:49.0968 2572 WudfPf - ok
21:06:49.0983 2572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:49.0999 2572 WUDFRd - ok
21:06:50.0014 2572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:06:50.0046 2572 wudfsvc - ok
21:06:50.0046 2572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:06:50.0061 2572 WwanSvc - ok
21:06:50.0077 2572 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0
21:06:51.0886 2572 \Device\Harddisk0\DR0 - ok
21:06:51.0886 2572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
21:06:51.0949 2572 \Device\Harddisk4\DR4 - ok
21:06:51.0980 2572 Boot (0x1200) (0fde04d6cc1f6e4f54c2f20a73cf1e33) \Device\Harddisk0\DR0\Partition0
21:06:51.0980 2572 \Device\Harddisk0\DR0\Partition0 - ok
21:06:51.0996 2572 Boot (0x1200) (5bbaa6b6ff12245822fc9b92c2195a83) \Device\Harddisk0\DR0\Partition1
21:06:51.0996 2572 \Device\Harddisk0\DR0\Partition1 - ok
21:06:52.0027 2572 Boot (0x1200) (05b3e66d96f35d87bf620ed76b6d70d4) \Device\Harddisk0\DR0\Partition2
21:06:52.0027 2572 \Device\Harddisk0\DR0\Partition2 - ok
21:06:52.0027 2572 Boot (0x1200) (7df5c5e9f9bfd98ef4245e6cf5d598ca) \Device\Harddisk4\DR4\Partition0
21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition0 - ok
21:06:52.0042 2572 Boot (0x1200) (3984f4922ac71dfe2a1ff7bf23177306) \Device\Harddisk4\DR4\Partition1
21:06:52.0042 2572 \Device\Harddisk4\DR4\Partition1 - ok
21:06:52.0042 2572 ============================================================
21:06:52.0042 2572 Scan finished
21:06:52.0042 2572 ============================================================
21:06:52.0058 3736 Detected object count: 1
21:06:52.0058 3736 Actual detected object count: 1
21:36:51.0907 3736 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:51.0907 3736 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:17.0912 4060 Deinitialize success
|
|
12.08.2012, 13:12
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 13:44
| #23 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier der nächste Riesencode. Der IE geht jetzt nicht mehr, vermiss ihn aber nicht; werde mal versuchen "von Hand ?!" zu starten Code:
ATTFilter Combofix Logfile: |
|
13.08.2012, 12:44
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 21:17
| #25 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hallo, GMER meldete "didn´t found any modification". Logs konnte ich nicht abrufen, auch wenn man auf copy klickt und die Zwischenablage ansieht. Hier OSAM, danach mach ich mich an aswMBR Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:11:08 on 13.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "wsvd" (wsvd) - "CyberLink" - C:\Windows\System32\DRIVERS\wsvd.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll {9DED7A30-D572-4D21-8D82-6945EA697400} "FlashPaperContextHandler Class" - ? - C:\Program Files (x86)\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.2.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\GW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\wlangui.exe "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "OTL" - "OldTimer Tools" - "C:\Users\GaWi\Downloads\OTL.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "MemeoBackgroundService" (MemeoBackgroundService) - "Memeo" - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 22:20:14
-----------------------------
22:20:14.784 OS Version: Windows x64 6.1.7601 Service Pack 1
22:20:14.784 Number of processors: 4 586 0x2A07
22:20:14.784 ComputerName: MaxMustermann-PC UserName: MaxMustermann
22:20:15.767 Initialize success
22:23:48.183 AVAST engine defs: 12081301
22:42:33.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:42:33.834 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
22:42:33.834 Disk 0 MBR read successfully
22:42:33.850 Disk 0 MBR scan
22:42:33.850 Disk 0 unknown MBR code
22:42:33.850 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:42:33.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848
22:42:33.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864
22:42:33.912 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
22:42:33.959 Disk 0 scanning C:\Windows\system32\drivers
22:42:40.370 Service scanning
22:42:58.014 Modules scanning
22:42:58.014 Disk 0 trace - called modules:
22:42:58.544 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:42:58.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060]
22:42:58.560 3 CLASSPNP.SYS[fffff88001d5243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470a050]
22:42:59.449 AVAST engine scan C:\Windows
22:43:01.976 AVAST engine scan C:\Windows\system32
22:44:32.347 AVAST engine scan C:\Windows\system32\drivers
22:44:42.378 AVAST engine scan C:\Users\MaxMustermann
22:45:02.112 AVAST engine scan C:\ProgramData
22:45:45.933 Scan finished successfully
22:52:39.084 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat"
22:52:39.084 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt"
|
|
14.08.2012, 14:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 18:44
| #27 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Logs nach dem MBR-Fix ... ich fahre am Freitag für 2-3 Wochen Richtung Süden, arbeite nur mehr morgen :-) Kann ich danach den thread einfach wieder hochschieben zum weitermachen, oder wie soll ich das machen? Wie viele Schritte müssen wir noch machen, bis der Rechner unverdächtig ist? War da viele verdächtiges Zeug drauf, ich erkenn ja immer nur chinesische Zeichen... Auf jeden Fall möchte ich mir bei Dir bedanken. Das ist toll, das Du (Ihr) so etwas macht; es kostet ja auch viel Zeit und es ist absolut nicht selbstverständlich, über einen so langen Zeitraum so geduldig zu antworten... Ihr solltet auch so eine Ehrenamts-Medaille wie im analogen Leben bekommen, als PC und Nerven-Retter. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 22:20:14
-----------------------------
22:20:14.784 OS Version: Windows x64 6.1.7601 Service Pack 1
22:20:14.784 Number of processors: 4 586 0x2A07
22:20:14.784 ComputerName: MaxMustermann-PC UserName: MaxMustermann
22:20:15.767 Initialize success
22:23:48.183 AVAST engine defs: 12081301
22:42:33.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:42:33.834 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
22:42:33.834 Disk 0 MBR read successfully
22:42:33.850 Disk 0 MBR scan
22:42:33.850 Disk 0 unknown MBR code
22:42:33.850 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:42:33.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848
22:42:33.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864
22:42:33.912 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
22:42:33.959 Disk 0 scanning C:\Windows\system32\drivers
22:42:40.370 Service scanning
22:42:58.014 Modules scanning
22:42:58.014 Disk 0 trace - called modules:
22:42:58.544 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:42:58.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060]
22:42:58.560 3 CLASSPNP.SYS[fffff88001d5243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470a050]
22:42:59.449 AVAST engine scan C:\Windows
22:43:01.976 AVAST engine scan C:\Windows\system32
22:44:32.347 AVAST engine scan C:\Windows\system32\drivers
22:44:42.378 AVAST engine scan C:\Users\MaxMustermann
22:45:02.112 AVAST engine scan C:\ProgramData
22:45:45.933 Scan finished successfully
22:52:39.084 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat"
22:52:39.084 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 19:08:59
-----------------------------
19:08:59.322 OS Version: Windows x64 6.1.7601 Service Pack 1
19:08:59.322 Number of processors: 4 586 0x2A07
19:08:59.322 ComputerName: MaxMustermann-PC UserName: MaxMustermann
19:09:01.491 Initialize success
19:09:54.470 AVAST engine defs: 12081503
19:10:15.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:10:15.109 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
19:10:15.109 Disk 0 MBR read successfully
19:10:15.109 Disk 0 MBR scan
19:10:15.124 Disk 0 Windows 7 default MBR code
19:10:15.124 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:10:15.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901542 MB offset 206848
19:10:15.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846564864
19:10:15.187 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
19:10:15.234 Disk 0 scanning C:\Windows\system32\drivers
19:10:22.612 Service scanning
19:10:42.487 Modules scanning
19:10:42.487 Disk 0 trace - called modules:
19:10:42.518 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:10:42.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f92060]
19:10:42.534 3 CLASSPNP.SYS[fffff88001d8643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004747050]
19:10:43.735 AVAST engine scan C:\Windows
19:10:45.997 AVAST engine scan C:\Windows\system32
19:12:17.366 AVAST engine scan C:\Windows\system32\drivers
19:12:25.432 AVAST engine scan C:\Users\MaxMustermann
19:12:45.587 AVAST engine scan C:\ProgramData
19:13:35.351 Scan finished successfully
19:26:21.671 Disk 0 MBR has been saved successfully to "C:\Users\MaxMustermann\Downloads\MBR.dat"
19:26:21.702 The log file has been saved successfully to "C:\Users\MaxMustermann\Downloads\aswMBR.txt"
|
|
16.08.2012, 08:35
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 11:12
| #29 |
| | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Hier Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MaxMustermann :: MaxMustermann-PC [limited] 16.08.2012 11:20:17 mbam-log-2012-08-16 (11-20-17).txt Scan type: Full scan (C:\|D:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 374474 Time elapsed: 33 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 12:55 PM
Application Version : 5.5.1012
Core Rules Database Version : 9067
Trace Rules Database Version: 6879
Scan type : Complete Scan
Total Scan Time : 00:35:34
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 73834
Registry threats detected : 0
File items scanned : 80216
File threats detected : 143
Adware.Tracking Cookie
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\VG0W6DGX.txt [ Cookie:MaxMustermann@microsoftsto.112.2o7.net/ ]
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\AUH7RCUQ.txt [ Cookie:MaxMustermann@atdmt.com/ ]
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\8MZDUM6S.txt [ Cookie:MaxMustermann@fl01.ct2.comclick.com/ ]
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\B2LWBE40.txt [ Cookie:MaxMustermann@ad.yieldmanager.com/ ]
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ5N6LW1.txt [ Cookie:MaxMustermann@apmebf.com/ ]
C:\USERS\MaxMustermann\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2MAG69S.txt [ Cookie:MaxMustermann@adfarm1.adition.com/ ]
C:\USERS\MaxMustermann\Cookies\VG0W6DGX.txt [ Cookie:MaxMustermann@microsoftsto.112.2o7.net/ ]
.statcounter.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adformdsp.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adformdsp.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.olympiaverlag.122.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.cinecitta.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracker.vinsight.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pumaonlinestorede.112.2o7.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MaxMustermann\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F1QSEJLY.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MaxMustermann\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
|
|
16.08.2012, 12:35
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen2, RootKit.0Access ... Rechner platt gemacht, was ist mit den gesicherten Daten zu tun? |
| access, anleitung, appdata, atraps, atraps.gen, daten, eingefangen, erkennen, externe festplatte, festplatte, flash player, forum, frage, fund, gmer, installiert, laufwerke, meldung, nichts, platte, player, rechner, rootkit, rootkit.0access, sicherheit, software, suche, tr/atraps.gen, tr/atraps.gen2, update |
Linear-Darstellung
