| |
| |||||||
Log-Analyse und Auswertung: Polizei Trojaner(Österreich) Log auswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.11.2012, 19:46
| #1 |
| /// Selecta Jahrusso   |  Polizei Trojaner(Österreich) Log auswertung Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Du hast da ein paar mehr Probleme. Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
13.11.2012, 23:38
| #2 |
| | Polizei Trojaner(Österreich) Log auswertung Hi Daniel,
__________________Erstmal danke für deine schnelle Antwort ! Hoffe das sind nicht allzuschlimme Problme, hier die Log's Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-13 23:24:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3360320AS rev.3.AAM
Running: vo4eteg0.exe; Driver: C:\Users\Exodus\AppData\Local\Temp\pwdiypob.sys
---- System - GMER 1.0.15 ----
SSDT 85FE70E0 ZwAlpcConnectPort
SSDT 85FC1C38 ZwLoadDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInsertQueue + 32D 82083964 4 Bytes [E0, 70, FE, 85]
.text ntoskrnl.exe!KeInsertQueue + 56D 82083BA4 4 Bytes [38, 1C, FC, 85]
? System32\drivers\etbgjpxd.sys Das System kann den angegebenen Pfad nicht finden. !
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9C70B69D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[900] USER32.dll!GetWindowInfo 764B428E 5 Bytes JMP 67634559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[900] USER32.dll!SetMenuItemBitmaps + 71 764C14EE 7 Bytes JMP 67634BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] ntdll.dll!LdrLoadDll 77769378 5 Bytes JMP 674D5B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!HeapSetInformation + 26 75FEA8C0 7 Bytes JMP 674DEF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!LockResource + C 76006B0B 7 Bytes JMP 67717B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!VirtualAllocEx + 54 7600AF70 7 Bytes JMP 67717B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] USER32.dll!GetWindowInfo 764B428E 5 Bytes JMP 6763BBA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] GDI32.dll!SetStretchBltMode + 256 760A745C 7 Bytes JMP 67717AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateFile + 6 777A424A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateFile + B 777A424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateKey + 6 777A428A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateKey + B 777A428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateMutant + 6 777A42BA 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateMutant + B 777A42BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateSection + 6 777A433A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateSection + B 777A433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtMapViewOfSection + 6 777A499A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtMapViewOfSection + B 777A499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenFile + 6 777A4A2A 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenFile + B 777A4A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenKey + 6 777A4A5A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenKey + B 777A4A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenMutant + 6 777A4A7A 4 Bytes CALL 767A5080 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenMutant + B 777A4A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + 6 777A4AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + 6 777A4AAA 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + B 777A4AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + 6 777A4ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + 6 777A4ABA 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + B 777A4ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 777A4ACA 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 777A4ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenSection + 6 777A4ADA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenSection + B 777A4ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThread + 6 777A4B1A 4 Bytes CALL 767A5121 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThread + B 777A4B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + 6 777A4B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + 6 777A4B2A 4 Bytes CALL 767A5132 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + B 777A4B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 777A4B3A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 777A4B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 777A4BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryAttributesFile + B 777A4BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 777A4C7A 4 Bytes CALL 767A527F C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 777A4C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationFile + 6 777A515A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationFile + B 777A515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + 6 777A51AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + 6 777A51AA 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + B 777A51AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 777A544A 4 Bytes CALL 767A5A53 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 777A544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateProcessW 75FC1BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateProcessA 75FC1C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!OpenEventW 75FDC033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateEventW 7600B87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!DeleteObject 760A5A37 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetDeviceCaps 760A617F 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectObject 760A62A0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetTextColor 760A666B 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetBkMode 760A6716 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!DeleteDC 760A68CD 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetCurrentObject 760A6B58 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetStretchBltMode 760A7206 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SaveDC 760A75BA 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!RestoreDC 760A7675 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StretchDIBits 760A78CF 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtSelectClipRgn 760A79F8 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectClipRgn 760A7AF9 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!MoveToEx 760A7C33 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!Rectangle 760A7EA9 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextAlign 760A82E0 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetTextAlign 760A85CB 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtTextOutW 760A872B 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextMetricsW 760A8A81 5 Bytes JMP 00080E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!IntersectClipRect 760A8B64 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetClipBox 760A9071 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetICMMode 760A94E7 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateDCW 760AA91D 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateDCA 760AAA49 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateICW 760AB2E9 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextFaceW 760AB637 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetFontData 760ABA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetFontData 760ABA6C 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextExtentPoint32W 760AC01A 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetWorldTransform 760AC46A 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!LineTo 760AC65E 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextMetricsA 760ACCEB 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtTextOutA 760B00A5 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextExtentPoint32A 760B0E58 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtEscape 760B22A7 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!Escape 760B27F1 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ResetDCW 760B3132 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndPage 760B375E 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetPolyFillMode 760B61D3 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetMiterLimit 760B62E2 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextFaceA 760BF4C5 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetGlyphOutlineW 760CA41F 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateScalableFontResourceW 760CC88B 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!AddFontResourceW 760CCC93 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!RemoveFontResourceW 760CD129 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!AbortDoc 760D2CC4 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndDoc 760D30D8 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StartPage 760D31C3 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StartDocW 760D3CA7 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!BeginPath 760D4465 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectClipPath 760D44BC 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CloseFigure 760D4517 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndPath 760D456E 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StrokePath 760D47A0 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!FillPath 760D482C 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolylineTo 760D4C95 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolyBezierTo 760D4D25 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolyDraw 760D4DD6 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetCursor 764AD37D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatW 764AD6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatW 764AD6AC 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ActivateKeyboardLayout 764B478C 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!IsWindowVisible 764B878A 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MonitorFromWindow 764B88D4 4 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MonitorFromWindow + 5 764B88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ScreenToClient 764B8C56 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClientRect 764B8F0D 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetParent 764B90AA 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatA 764BA111 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!PostMessageW 764BA175 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MapWindowPoints 764BA30D 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardFormatNameA 764BA552 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetOpenClipboardWindow 764C26A6 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetClipboardViewer 764CBA2D 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!IsClipboardFormatAvailable 764CC2E3 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!CloseClipboard 764CC2F7 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!OpenClipboard 764CC31D 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetTopWindow 764CCE0A 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardSequenceNumber 764CD8B7 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ChangeClipboardChain 764CDF83 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!CountClipboardFormats 764D0048 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardOwner 764D26EF 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetClipboardData 764E6410 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!EnumClipboardFormats 764E6D16 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetCursorPos 764E6FB2 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardData 764E715A 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardFormatNameW 764EA99F 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!EmptyClipboard 7650398B 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardViewer 765039ED 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetPriorityClipboardFormat 76503AEF 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleGetClipboard 763C74C9 5 Bytes JMP 000A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleSetClipboard 763F11E3 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleIsCurrentClipboard 763FA8F9 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!FreeContextBuffer 75C92D83 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!DeleteSecurityContext 75C92F18 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!FreeCredentialsHandle 75C93598 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!EncryptMessage 75C93745 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!DecryptMessage 75C93813 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!InitializeSecurityContextA 75C987DF 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!AcquireCredentialsHandleA 75C98A43 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!QueryContextAttributesA 75C98E77 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!ApplyControlToken 75C9DE4F 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!QueryCredentialsAttributesA 75C9E052 5 Bytes JMP 000C00B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter 23:25:11.0767 2908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:25:11.0860 2908 ============================================================
23:25:11.0860 2908 Current date / time: 2012/11/13 23:25:11.0860
23:25:11.0860 2908 SystemInfo:
23:25:11.0860 2908
23:25:11.0860 2908 OS Version: 6.0.6002 ServicePack: 2.0
23:25:11.0860 2908 Product type: Workstation
23:25:11.0860 2908 ComputerName: EXODUS-PC
23:25:11.0860 2908 UserName: Exodus
23:25:11.0860 2908 Windows directory: C:\Windows
23:25:11.0860 2908 System windows directory: C:\Windows
23:25:11.0860 2908 Processor architecture: Intel x86
23:25:11.0860 2908 Number of processors: 2
23:25:11.0860 2908 Page size: 0x1000
23:25:11.0860 2908 Boot type: Normal boot
23:25:11.0860 2908 ============================================================
23:25:12.0375 2908 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:25:12.0484 2908 ============================================================
23:25:12.0484 2908 \Device\Harddisk0\DR0:
23:25:12.0484 2908 MBR partitions:
23:25:12.0484 2908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xDC50000
23:25:12.0484 2908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEDE4800, BlocksNum 0x1B0CEDB0
23:25:12.0484 2908 ============================================================
23:25:12.0515 2908 C: <-> \Device\Harddisk0\DR0\Partition1
23:25:12.0562 2908 D: <-> \Device\Harddisk0\DR0\Partition2
23:25:12.0562 2908 ============================================================
23:25:12.0562 2908 Initialize success
23:25:12.0562 2908 ============================================================
23:25:24.0106 3168 ============================================================
23:25:24.0106 3168 Scan started
23:25:24.0106 3168 Mode: Manual;
23:25:24.0106 3168 ============================================================
23:25:24.0730 3168 ================ Scan system memory ========================
23:25:24.0730 3168 System memory - ok
23:25:24.0730 3168 ================ Scan services =============================
23:25:24.0902 3168 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
23:25:24.0902 3168 acedrv11 - ok
23:25:24.0933 3168 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:25:24.0933 3168 ACPI - ok
23:25:24.0964 3168 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:25:24.0964 3168 AdobeARMservice - ok
23:25:25.0027 3168 [ E827F15D53A7F79C635DBF6A155C5E1B ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:25:25.0027 3168 AdobeFlashPlayerUpdateSvc - ok
23:25:25.0058 3168 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:25:25.0073 3168 adp94xx - ok
23:25:25.0151 3168 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:25:25.0167 3168 adpahci - ok
23:25:25.0183 3168 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:25:25.0214 3168 adpu160m - ok
23:25:25.0245 3168 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:25:25.0245 3168 adpu320 - ok
23:25:25.0292 3168 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:25:25.0292 3168 AeLookupSvc - ok
23:25:25.0307 3168 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:25:25.0323 3168 AFD - ok
23:25:25.0339 3168 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:25:25.0354 3168 agp440 - ok
23:25:25.0385 3168 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:25:25.0385 3168 aic78xx - ok
23:25:25.0401 3168 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:25:25.0401 3168 ALG - ok
23:25:25.0417 3168 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:25:25.0417 3168 aliide - ok
23:25:25.0432 3168 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:25:25.0432 3168 amdagp - ok
23:25:25.0479 3168 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:25:25.0479 3168 amdide - ok
23:25:25.0510 3168 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:25:25.0510 3168 AmdK7 - ok
23:25:25.0526 3168 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:25:25.0526 3168 AmdK8 - ok
23:25:25.0573 3168 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:25:25.0573 3168 Appinfo - ok
23:25:25.0635 3168 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:25.0635 3168 Apple Mobile Device - ok
23:25:25.0666 3168 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:25:25.0666 3168 arc - ok
23:25:25.0697 3168 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:25:25.0697 3168 arcsas - ok
23:25:25.0775 3168 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:25:25.0775 3168 aspnet_state - ok
23:25:25.0807 3168 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:25.0807 3168 AsyncMac - ok
23:25:25.0822 3168 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:25:25.0822 3168 atapi - ok
23:25:25.0853 3168 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:25.0853 3168 AudioEndpointBuilder - ok
23:25:25.0869 3168 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:25:25.0885 3168 Audiosrv - ok
23:25:25.0900 3168 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:25:25.0900 3168 Beep - ok
23:25:25.0931 3168 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:25:25.0947 3168 BFE - ok
23:25:26.0025 3168 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys
23:25:26.0056 3168 BHDrvx86 - ok
23:25:26.0103 3168 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:25:26.0119 3168 BITS - ok
23:25:26.0150 3168 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:25:26.0150 3168 blbdrive - ok
23:25:26.0197 3168 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:25:26.0197 3168 Bonjour Service - ok
23:25:26.0228 3168 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:25:26.0228 3168 bowser - ok
23:25:26.0259 3168 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:25:26.0259 3168 BrFiltLo - ok
23:25:26.0275 3168 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:25:26.0275 3168 BrFiltUp - ok
23:25:26.0306 3168 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:25:26.0306 3168 Browser - ok
23:25:26.0321 3168 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:25:26.0321 3168 Brserid - ok
23:25:26.0337 3168 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:25:26.0337 3168 BrSerWdm - ok
23:25:26.0353 3168 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:25:26.0353 3168 BrUsbMdm - ok
23:25:26.0353 3168 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:25:26.0368 3168 BrUsbSer - ok
23:25:26.0384 3168 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:25:26.0384 3168 BTHMODEM - ok
23:25:26.0431 3168 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\Windows\system32\drivers\NAV\1309000.009\ccSetx86.sys
23:25:26.0431 3168 ccSet_NAV - ok
23:25:26.0446 3168 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:25:26.0446 3168 cdfs - ok
23:25:26.0477 3168 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:25:26.0477 3168 cdrom - ok
23:25:26.0509 3168 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:25:26.0509 3168 CertPropSvc - ok
23:25:26.0524 3168 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:25:26.0524 3168 circlass - ok
23:25:26.0540 3168 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:25:26.0555 3168 CLFS - ok
23:25:26.0587 3168 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:26.0587 3168 clr_optimization_v2.0.50727_32 - ok
23:25:26.0633 3168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:26.0633 3168 clr_optimization_v4.0.30319_32 - ok
23:25:26.0649 3168 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:25:26.0649 3168 cmdide - ok
23:25:26.0649 3168 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:25:26.0649 3168 Compbatt - ok
23:25:26.0665 3168 COMSysApp - ok
23:25:26.0696 3168 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:25:26.0696 3168 crcdisk - ok
23:25:26.0696 3168 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:25:26.0696 3168 Crusoe - ok
23:25:26.0743 3168 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:25:26.0743 3168 CryptSvc - ok
23:25:26.0789 3168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:25:26.0805 3168 DcomLaunch - ok
23:25:26.0836 3168 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files\Common Files\Desura\desura_service.exe
23:25:26.0836 3168 Desura Install Service - ok
23:25:26.0867 3168 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:25:26.0867 3168 DfsC - ok
23:25:26.0945 3168 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:25:26.0992 3168 DFSR - ok
23:25:27.0023 3168 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:25:27.0039 3168 Dhcp - ok
23:25:27.0070 3168 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:25:27.0070 3168 disk - ok
23:25:27.0101 3168 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:25:27.0101 3168 Dnscache - ok
23:25:27.0117 3168 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:25:27.0133 3168 dot3svc - ok
23:25:27.0148 3168 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:25:27.0148 3168 DPS - ok
23:25:27.0179 3168 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:25:27.0179 3168 drmkaud - ok
23:25:27.0211 3168 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:25:27.0211 3168 dtsoftbus01 - ok
23:25:27.0257 3168 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:25:27.0257 3168 DXGKrnl - ok
23:25:27.0289 3168 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:25:27.0304 3168 E1G60 - ok
23:25:27.0304 3168 EagleXNt - ok
23:25:27.0335 3168 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:25:27.0335 3168 EapHost - ok
23:25:27.0351 3168 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:25:27.0351 3168 Ecache - ok
23:25:27.0398 3168 [ 788C8ED8978E848095A64F3F54D714C7 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:25:27.0413 3168 eeCtrl - ok
23:25:27.0460 3168 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:25:27.0476 3168 ehRecvr - ok
23:25:27.0476 3168 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:25:27.0491 3168 ehSched - ok
23:25:27.0507 3168 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:25:27.0507 3168 ehstart - ok
23:25:27.0538 3168 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:25:27.0538 3168 elxstor - ok
23:25:27.0585 3168 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:25:27.0585 3168 EMDMgmt - ok
23:25:27.0616 3168 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:25:27.0616 3168 EraserUtilRebootDrv - ok
23:25:27.0647 3168 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:25:27.0647 3168 ErrDev - ok
23:25:27.0679 3168 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:25:27.0679 3168 EventSystem - ok
23:25:27.0710 3168 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:25:27.0710 3168 exfat - ok
23:25:27.0725 3168 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:25:27.0725 3168 fastfat - ok
23:25:27.0741 3168 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:25:27.0741 3168 fdc - ok
23:25:27.0757 3168 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:25:27.0757 3168 fdPHost - ok
23:25:27.0772 3168 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:25:27.0772 3168 FDResPub - ok
23:25:27.0788 3168 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:25:27.0788 3168 FileInfo - ok
23:25:27.0803 3168 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:25:27.0803 3168 Filetrace - ok
23:25:27.0835 3168 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:27.0835 3168 flpydisk - ok
23:25:27.0850 3168 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:25:27.0850 3168 FltMgr - ok
23:25:27.0897 3168 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:25:27.0928 3168 FontCache - ok
23:25:27.0975 3168 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:27.0975 3168 FontCache3.0.0.0 - ok
23:25:27.0991 3168 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:25:27.0991 3168 Fs_Rec - ok
23:25:28.0022 3168 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:25:28.0022 3168 gagp30kx - ok
23:25:28.0053 3168 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:28.0053 3168 GEARAspiWDM - ok
23:25:28.0084 3168 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:25:28.0100 3168 gpsvc - ok
23:25:28.0178 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:28.0178 3168 gupdate - ok
23:25:28.0193 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:28.0193 3168 gupdatem - ok
23:25:28.0240 3168 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:25:28.0240 3168 hamachi - ok
23:25:28.0256 3168 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:28.0271 3168 HdAudAddService - ok
23:25:28.0303 3168 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:25:28.0303 3168 HDAudBus - ok
23:25:28.0318 3168 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:25:28.0318 3168 HidBth - ok
23:25:28.0334 3168 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:25:28.0334 3168 HidIr - ok
23:25:28.0365 3168 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:25:28.0365 3168 hidserv - ok
23:25:28.0396 3168 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:25:28.0396 3168 HidUsb - ok
23:25:28.0412 3168 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:25:28.0412 3168 hkmsvc - ok
23:25:28.0443 3168 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:25:28.0443 3168 HpCISSs - ok
23:25:28.0474 3168 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:25:28.0474 3168 HTTP - ok
23:25:28.0490 3168 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:25:28.0490 3168 i2omp - ok
23:25:28.0521 3168 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:25:28.0521 3168 i8042prt - ok
23:25:28.0537 3168 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:25:28.0537 3168 iaStorV - ok
23:25:28.0583 3168 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:28.0615 3168 idsvc - ok
23:25:28.0661 3168 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys
23:25:28.0661 3168 IDSVix86 - ok
23:25:28.0708 3168 [ 506801C7D47BE8CD1CF342BF28EB17EC ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
23:25:28.0708 3168 IGDCTRL - ok
23:25:28.0724 3168 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:25:28.0724 3168 iirsp - ok
23:25:28.0755 3168 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:25:28.0771 3168 IKEEXT - ok
23:25:28.0880 3168 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:25:28.0911 3168 IntcAzAudAddService - ok
23:25:28.0927 3168 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:25:28.0927 3168 intelide - ok
23:25:28.0958 3168 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:25:28.0958 3168 intelppm - ok
23:25:28.0989 3168 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:25:28.0989 3168 IPBusEnum - ok
23:25:29.0005 3168 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:29.0005 3168 IpFilterDriver - ok
23:25:29.0005 3168 IpInIp - ok
23:25:29.0020 3168 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:25:29.0020 3168 IPMIDRV - ok
23:25:29.0036 3168 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:25:29.0036 3168 IPNAT - ok
23:25:29.0067 3168 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:25:29.0083 3168 iPod Service - ok
23:25:29.0098 3168 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:25:29.0098 3168 IRENUM - ok
23:25:29.0129 3168 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:25:29.0129 3168 isapnp - ok
23:25:29.0149 3168 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:25:29.0149 3168 iScsiPrt - ok
23:25:29.0159 3168 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:25:29.0159 3168 iteatapi - ok
23:25:29.0179 3168 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:25:29.0189 3168 iteraid - ok
23:25:29.0209 3168 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:29.0209 3168 kbdclass - ok
23:25:29.0219 3168 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:29.0229 3168 kbdhid - ok
23:25:29.0259 3168 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:25:29.0259 3168 KeyIso - ok
23:25:29.0299 3168 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:25:29.0299 3168 KSecDD - ok
23:25:29.0339 3168 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:25:29.0359 3168 KtmRm - ok
23:25:29.0379 3168 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:25:29.0389 3168 LanmanServer - ok
23:25:29.0419 3168 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:29.0429 3168 LanmanWorkstation - ok
23:25:29.0449 3168 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:25:29.0449 3168 lltdio - ok
23:25:29.0469 3168 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:25:29.0479 3168 lltdsvc - ok
23:25:29.0489 3168 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:25:29.0489 3168 lmhosts - ok
23:25:29.0509 3168 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:25:29.0509 3168 LSI_FC - ok
23:25:29.0529 3168 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:25:29.0529 3168 LSI_SAS - ok
23:25:29.0559 3168 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:25:29.0559 3168 LSI_SCSI - ok
23:25:29.0579 3168 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:25:29.0579 3168 luafv - ok
23:25:29.0609 3168 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:25:29.0609 3168 MBAMProtector - ok
23:25:29.0649 3168 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:25:29.0659 3168 MBAMScheduler - ok
23:25:29.0699 3168 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:25:29.0709 3168 MBAMService - ok
23:25:29.0729 3168 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:25:29.0739 3168 Mcx2Svc - ok
23:25:29.0769 3168 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:25:29.0769 3168 megasas - ok
23:25:29.0809 3168 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:25:29.0819 3168 MegaSR - ok
23:25:29.0849 3168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:25:29.0849 3168 MMCSS - ok
23:25:29.0869 3168 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:25:29.0869 3168 Modem - ok
23:25:29.0889 3168 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:25:29.0889 3168 monitor - ok
23:25:29.0899 3168 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:25:29.0909 3168 mouclass - ok
23:25:29.0929 3168 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:25:29.0929 3168 mouhid - ok
23:25:29.0939 3168 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:25:29.0939 3168 MountMgr - ok
23:25:29.0979 3168 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:25:29.0979 3168 mpio - ok
23:25:29.0999 3168 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:25:29.0999 3168 mpsdrv - ok
23:25:30.0029 3168 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:25:30.0049 3168 MpsSvc - ok
23:25:30.0059 3168 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:25:30.0059 3168 Mraid35x - ok
23:25:30.0069 3168 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:25:30.0069 3168 MRxDAV - ok
23:25:30.0099 3168 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:30.0099 3168 mrxsmb - ok
23:25:30.0109 3168 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:30.0109 3168 mrxsmb10 - ok
23:25:30.0129 3168 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:30.0129 3168 mrxsmb20 - ok
23:25:30.0139 3168 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
23:25:30.0139 3168 msahci - ok
23:25:30.0159 3168 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:25:30.0159 3168 msdsm - ok
23:25:30.0179 3168 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:25:30.0179 3168 MSDTC - ok
23:25:30.0199 3168 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:25:30.0199 3168 Msfs - ok
23:25:30.0219 3168 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:25:30.0219 3168 msisadrv - ok
23:25:30.0239 3168 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:25:30.0239 3168 MSiSCSI - ok
23:25:30.0239 3168 msiserver - ok
23:25:30.0259 3168 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:25:30.0259 3168 MSKSSRV - ok
23:25:30.0279 3168 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:30.0279 3168 MSPCLOCK - ok
23:25:30.0299 3168 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:25:30.0299 3168 MSPQM - ok
23:25:30.0319 3168 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:25:30.0319 3168 MsRPC - ok
23:25:30.0329 3168 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:25:30.0329 3168 mssmbios - ok
23:25:30.0349 3168 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:25:30.0359 3168 MSTEE - ok
23:25:30.0369 3168 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:25:30.0369 3168 Mup - ok
23:25:30.0399 3168 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:25:30.0399 3168 napagent - ok
23:25:30.0429 3168 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:25:30.0429 3168 NativeWifiP - ok
23:25:30.0589 3168 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
23:25:30.0619 3168 NAUpdate - ok
23:25:30.0649 3168 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
23:25:30.0649 3168 NAV - ok
23:25:30.0679 3168 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS
23:25:30.0689 3168 NAVENG - ok
23:25:30.0729 3168 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS
23:25:30.0769 3168 NAVEX15 - ok
23:25:30.0809 3168 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:25:30.0809 3168 NDIS - ok
23:25:30.0829 3168 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:30.0829 3168 NdisTapi - ok
23:25:30.0849 3168 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:30.0849 3168 Ndisuio - ok
23:25:30.0879 3168 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:30.0879 3168 NdisWan - ok
23:25:30.0889 3168 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:25:30.0899 3168 NDProxy - ok
23:25:30.0909 3168 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:25:30.0909 3168 NetBIOS - ok
23:25:30.0939 3168 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:25:30.0939 3168 netbt - ok
23:25:30.0959 3168 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:25:30.0959 3168 Netlogon - ok
23:25:31.0009 3168 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:25:31.0019 3168 Netman - ok
23:25:31.0030 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0034 3168 NetMsmqActivator - ok
23:25:31.0041 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0043 3168 NetPipeActivator - ok
23:25:31.0066 3168 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:25:31.0070 3168 netprofm - ok
23:25:31.0087 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0089 3168 NetTcpActivator - ok
23:25:31.0109 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0111 3168 NetTcpPortSharing - ok
23:25:31.0184 3168 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:25:31.0184 3168 nfrd960 - ok
23:25:31.0215 3168 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:25:31.0215 3168 NlaSvc - ok
23:25:31.0230 3168 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:25:31.0230 3168 Npfs - ok
23:25:31.0246 3168 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:25:31.0246 3168 nsi - ok
23:25:31.0262 3168 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:25:31.0262 3168 nsiproxy - ok
23:25:31.0308 3168 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:25:31.0308 3168 Ntfs - ok
23:25:31.0340 3168 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:25:31.0355 3168 ntrigdigi - ok
23:25:31.0371 3168 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:25:31.0371 3168 Null - ok
23:25:32.0776 3168 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:32.0885 3168 nvlddmkm - ok
23:25:32.0901 3168 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:25:32.0916 3168 nvraid - ok
23:25:32.0916 3168 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:25:32.0916 3168 nvstor - ok
23:25:32.0932 3168 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:25:32.0947 3168 nv_agp - ok
23:25:32.0947 3168 NwlnkFlt - ok
23:25:32.0947 3168 NwlnkFwd - ok
23:25:32.0979 3168 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:25:32.0979 3168 ohci1394 - ok
23:25:33.0010 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:25:33.0025 3168 p2pimsvc - ok
23:25:33.0057 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:25:33.0057 3168 p2psvc - ok
23:25:33.0088 3168 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:25:33.0088 3168 Parport - ok
23:25:33.0119 3168 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:25:33.0119 3168 partmgr - ok
23:25:33.0135 3168 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:25:33.0135 3168 Parvdm - ok
23:25:33.0135 3168 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:25:33.0135 3168 PcaSvc - ok
23:25:33.0166 3168 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:25:33.0166 3168 pci - ok
23:25:33.0181 3168 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:25:33.0181 3168 pciide - ok
23:25:33.0197 3168 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:25:33.0213 3168 pcmcia - ok
23:25:33.0228 3168 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:25:33.0244 3168 PEAUTH - ok
23:25:33.0279 3168 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:25:33.0319 3168 pla - ok
23:25:33.0339 3168 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:25:33.0339 3168 PlugPlay - ok
23:25:33.0379 3168 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
23:25:33.0379 3168 PnkBstrA - ok
23:25:33.0419 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:25:33.0419 3168 PNRPAutoReg - ok
23:25:33.0439 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:25:33.0449 3168 PNRPsvc - ok
23:25:33.0469 3168 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:25:33.0479 3168 PolicyAgent - ok
23:25:33.0499 3168 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:25:33.0499 3168 PptpMiniport - ok
23:25:33.0519 3168 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:25:33.0519 3168 Processor - ok
23:25:33.0549 3168 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:25:33.0549 3168 ProfSvc - ok
23:25:33.0559 3168 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:33.0569 3168 ProtectedStorage - ok
23:25:33.0589 3168 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:25:33.0589 3168 PSched - ok
23:25:33.0629 3168 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:25:33.0659 3168 ql2300 - ok
23:25:33.0669 3168 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:25:33.0669 3168 ql40xx - ok
23:25:33.0689 3168 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:25:33.0699 3168 QWAVE - ok
23:25:33.0709 3168 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:25:33.0709 3168 QWAVEdrv - ok
23:25:33.0729 3168 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:25:33.0729 3168 RasAcd - ok
23:25:33.0739 3168 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:25:33.0739 3168 RasAuto - ok
23:25:33.0749 3168 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:33.0749 3168 Rasl2tp - ok
23:25:33.0769 3168 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:25:33.0769 3168 RasMan - ok
23:25:33.0789 3168 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:33.0799 3168 RasPppoe - ok
23:25:33.0799 3168 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:25:33.0799 3168 RasSstp - ok
23:25:33.0829 3168 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:25:33.0829 3168 rdbss - ok
23:25:33.0839 3168 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:33.0839 3168 RDPCDD - ok
23:25:33.0859 3168 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:25:33.0869 3168 rdpdr - ok
23:25:33.0869 3168 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:25:33.0879 3168 RDPENCDD - ok
23:25:33.0909 3168 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:25:33.0909 3168 RDPWD - ok
23:25:33.0929 3168 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:25:33.0939 3168 RemoteAccess - ok
23:25:33.0969 3168 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:25:33.0969 3168 RemoteRegistry - ok
23:25:33.0979 3168 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:25:33.0989 3168 RpcLocator - ok
23:25:34.0019 3168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:25:34.0019 3168 RpcSs - ok
23:25:34.0049 3168 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:25:34.0049 3168 rspndr - ok
23:25:34.0079 3168 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:25:34.0079 3168 RTL8023xp - ok
23:25:34.0099 3168 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
23:25:34.0099 3168 RTL8169 - ok
23:25:34.0109 3168 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:25:34.0119 3168 SamSs - ok
23:25:34.0129 3168 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:25:34.0139 3168 sbp2port - ok
23:25:34.0159 3168 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:25:34.0169 3168 SCardSvr - ok
23:25:34.0199 3168 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:25:34.0219 3168 Schedule - ok
23:25:34.0229 3168 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:25:34.0229 3168 SCPolicySvc - ok
23:25:34.0239 3168 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:25:34.0249 3168 SDRSVC - ok
23:25:34.0279 3168 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:25:34.0279 3168 secdrv - ok
23:25:34.0289 3168 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:25:34.0299 3168 seclogon - ok
23:25:34.0329 3168 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:25:34.0339 3168 SENS - ok
23:25:34.0349 3168 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:25:34.0349 3168 Serenum - ok
23:25:34.0369 3168 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:25:34.0369 3168 Serial - ok
23:25:34.0379 3168 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:25:34.0389 3168 sermouse - ok
23:25:34.0409 3168 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:25:34.0419 3168 SessionEnv - ok
23:25:34.0429 3168 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:25:34.0429 3168 sffdisk - ok
23:25:34.0449 3168 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:25:34.0449 3168 sffp_mmc - ok
23:25:34.0459 3168 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:25:34.0459 3168 sffp_sd - ok
23:25:34.0469 3168 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:25:34.0469 3168 sfloppy - ok
23:25:34.0499 3168 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:25:34.0509 3168 SharedAccess - ok
23:25:34.0519 3168 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:34.0529 3168 ShellHWDetection - ok
23:25:34.0549 3168 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:25:34.0549 3168 sisagp - ok
23:25:34.0559 3168 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:25:34.0559 3168 SiSRaid2 - ok
23:25:34.0569 3168 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:25:34.0569 3168 SiSRaid4 - ok
23:25:34.0789 3168 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:25:34.0869 3168 slsvc - ok
23:25:34.0889 3168 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:25:34.0899 3168 SLUINotify - ok
23:25:34.0909 3168 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:25:34.0909 3168 Smb - ok
23:25:34.0929 3168 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:25:34.0929 3168 SNMPTRAP - ok
23:25:34.0959 3168 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:25:34.0959 3168 spldr - ok
23:25:34.0979 3168 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:25:34.0989 3168 Spooler - ok
23:25:35.0019 3168 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NAV\1309000.009\SRTSP.SYS
23:25:35.0039 3168 SRTSP - ok
23:25:35.0039 3168 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NAV\1309000.009\SRTSPX.SYS
23:25:35.0039 3168 SRTSPX - ok
23:25:35.0059 3168 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:25:35.0069 3168 srv - ok
23:25:35.0099 3168 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:25:35.0099 3168 srv2 - ok
23:25:35.0109 3168 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:25:35.0109 3168 srvnet - ok
23:25:35.0139 3168 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:25:35.0149 3168 SSDPSRV - ok
23:25:35.0169 3168 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:25:35.0169 3168 SstpSvc - ok
23:25:35.0199 3168 Steam Client Service - ok
23:25:35.0239 3168 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:25:35.0259 3168 stisvc - ok
23:25:35.0289 3168 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:25:35.0289 3168 swenum - ok
23:25:35.0319 3168 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:25:35.0345 3168 swprv - ok
23:25:35.0361 3168 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:25:35.0361 3168 Symc8xx - ok
23:25:35.0392 3168 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NAV\1309000.009\SYMDS.SYS
23:25:35.0392 3168 SymDS - ok
23:25:35.0423 3168 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NAV\1309000.009\SYMEFA.SYS
23:25:35.0439 3168 SymEFA - ok
23:25:35.0470 3168 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:25:35.0470 3168 SymEvent - ok
23:25:35.0485 3168 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NAV\1309000.009\Ironx86.SYS
23:25:35.0485 3168 SymIRON - ok
23:25:35.0517 3168 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NAV\1309000.009\SYMTDIV.SYS
23:25:35.0517 3168 SYMTDIv - ok
23:25:35.0532 3168 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:25:35.0532 3168 Sym_hi - ok
23:25:35.0532 3168 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:25:35.0532 3168 Sym_u3 - ok
23:25:35.0563 3168 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:25:35.0579 3168 SysMain - ok
23:25:35.0579 3168 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:35.0595 3168 TabletInputService - ok
23:25:35.0610 3168 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:25:35.0610 3168 TapiSrv - ok
23:25:35.0626 3168 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:25:35.0626 3168 TBS - ok
23:25:35.0657 3168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:25:35.0673 3168 Tcpip - ok
23:25:35.0704 3168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:25:35.0704 3168 Tcpip6 - ok
23:25:35.0719 3168 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:25:35.0719 3168 tcpipreg - ok
23:25:35.0751 3168 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:25:35.0751 3168 TDPIPE - ok
23:25:35.0751 3168 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:25:35.0766 3168 TDTCP - ok
23:25:35.0766 3168 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:25:35.0766 3168 tdx - ok
23:25:35.0782 3168 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:25:35.0782 3168 TermDD - ok
23:25:35.0829 3168 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:25:35.0844 3168 TermService - ok
23:25:35.0860 3168 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:25:35.0860 3168 Themes - ok
23:25:35.0875 3168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:25:35.0875 3168 THREADORDER - ok
23:25:35.0875 3168 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:25:35.0891 3168 TrkWks - ok
23:25:35.0938 3168 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:35.0938 3168 TrustedInstaller - ok
23:25:35.0953 3168 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:35.0953 3168 tssecsrv - ok
23:25:35.0969 3168 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:25:35.0969 3168 tunmp - ok
23:25:35.0969 3168 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:25:35.0985 3168 tunnel - ok
23:25:36.0000 3168 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:25:36.0000 3168 uagp35 - ok
23:25:36.0016 3168 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:25:36.0016 3168 udfs - ok
23:25:36.0047 3168 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:25:36.0047 3168 UI0Detect - ok
23:25:36.0063 3168 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:25:36.0063 3168 uliagpkx - ok
23:25:36.0078 3168 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:25:36.0094 3168 uliahci - ok
23:25:36.0094 3168 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:25:36.0094 3168 UlSata - ok
23:25:36.0109 3168 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:25:36.0125 3168 ulsata2 - ok
23:25:36.0125 3168 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:25:36.0125 3168 umbus - ok
23:25:36.0141 3168 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:25:36.0156 3168 upnphost - ok
23:25:36.0172 3168 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:25:36.0172 3168 USBAAPL - ok
23:25:36.0203 3168 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:36.0203 3168 usbccgp - ok
23:25:36.0219 3168 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:25:36.0219 3168 usbcir - ok
23:25:36.0234 3168 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:25:36.0234 3168 usbehci - ok
23:25:36.0250 3168 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:25:36.0250 3168 usbhub - ok
23:25:36.0281 3168 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:25:36.0281 3168 usbohci - ok
23:25:36.0281 3168 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:25:36.0297 3168 usbprint - ok
23:25:36.0312 3168 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:36.0312 3168 USBSTOR - ok
23:25:36.0328 3168 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:36.0328 3168 usbuhci - ok
23:25:36.0359 3168 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:25:36.0359 3168 UxSms - ok
23:25:36.0375 3168 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:25:36.0390 3168 vds - ok
23:25:36.0406 3168 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:36.0406 3168 vga - ok
23:25:36.0421 3168 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:25:36.0421 3168 VgaSave - ok
23:25:36.0437 3168 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:25:36.0437 3168 viaagp - ok
23:25:36.0453 3168 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:25:36.0453 3168 ViaC7 - ok
23:25:36.0468 3168 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:25:36.0468 3168 viaide - ok
23:25:36.0499 3168 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:25:36.0499 3168 volmgr - ok
23:25:36.0593 3168 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:25:36.0593 3168 volmgrx - ok
23:25:36.0671 3168 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:25:36.0671 3168 volsnap - ok
23:25:36.0702 3168 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:25:36.0702 3168 vsmraid - ok
23:25:36.0749 3168 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:25:36.0827 3168 VSS - ok
23:25:36.0843 3168 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:25:36.0858 3168 W32Time - ok
23:25:36.0874 3168 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:25:36.0874 3168 WacomPen - ok
23:25:36.0889 3168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:25:36.0889 3168 Wanarp - ok
23:25:36.0905 3168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:36.0905 3168 Wanarpv6 - ok
23:25:36.0921 3168 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:36.0936 3168 wcncsvc - ok
23:25:36.0952 3168 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:36.0952 3168 WcsPlugInService - ok
23:25:36.0983 3168 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:25:36.0983 3168 Wd - ok
23:25:37.0014 3168 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:37.0014 3168 Wdf01000 - ok
23:25:37.0030 3168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:37.0045 3168 WdiServiceHost - ok
23:25:37.0045 3168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:37.0061 3168 WdiSystemHost - ok
23:25:37.0077 3168 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:25:37.0077 3168 WebClient - ok
23:25:37.0108 3168 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:37.0108 3168 Wecsvc - ok
23:25:37.0123 3168 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:37.0123 3168 wercplsupport - ok
23:25:37.0139 3168 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:37.0155 3168 WerSvc - ok
23:25:37.0155 3168 WinHttpAutoProxySvc - ok
23:25:37.0217 3168 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:37.0217 3168 Winmgmt - ok
23:25:37.0264 3168 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:37.0295 3168 WinRM - ok
23:25:37.0342 3168 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:37.0342 3168 Wlansvc - ok
23:25:37.0373 3168 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:25:37.0373 3168 WmiAcpi - ok
23:25:37.0389 3168 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:37.0404 3168 wmiApSrv - ok
23:25:37.0467 3168 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:37.0482 3168 WMPNetworkSvc - ok
23:25:37.0498 3168 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:37.0513 3168 WPCSvc - ok
23:25:37.0529 3168 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:37.0545 3168 WPDBusEnum - ok
23:25:37.0560 3168 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:25:37.0560 3168 WpdUsb - ok
23:25:37.0607 3168 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:25:37.0638 3168 WPFFontCache_v0400 - ok
23:25:37.0654 3168 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:37.0654 3168 ws2ifsl - ok
23:25:37.0685 3168 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:25:37.0685 3168 wscsvc - ok
23:25:37.0685 3168 WSearch - ok
23:25:37.0763 3168 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:37.0810 3168 wuauserv - ok
23:25:37.0841 3168 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:37.0841 3168 WUDFRd - ok
23:25:37.0872 3168 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:37.0872 3168 wudfsvc - ok
23:25:37.0888 3168 ================ Scan global ===============================
23:25:37.0903 3168 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:25:37.0935 3168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:25:37.0966 3168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:25:37.0981 3168 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:25:37.0997 3168 [Global] - ok
23:25:37.0997 3168 ================ Scan MBR ==================================
23:25:38.0013 3168 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:25:38.0231 3168 \Device\Harddisk0\DR0 - ok
23:25:38.0231 3168 ================ Scan VBR ==================================
23:25:38.0247 3168 [ D01B867BE080E9AAD1C024861E8AE0F3 ] \Device\Harddisk0\DR0\Partition1
23:25:38.0247 3168 \Device\Harddisk0\DR0\Partition1 - ok
23:25:38.0262 3168 [ DD39AD06903F685253A10C53010D748B ] \Device\Harddisk0\DR0\Partition2
23:25:38.0262 3168 \Device\Harddisk0\DR0\Partition2 - ok
23:25:38.0262 3168 ============================================================
23:25:38.0262 3168 Scan finished
23:25:38.0262 3168 ============================================================
23:25:38.0278 3376 Detected object count: 0
23:25:38.0278 3376 Actual detected object count: 0
23:27:05.0658 0460 Deinitialize success
Mfg Max |
|
| Themen zu Polizei Trojaner(Österreich) Log auswertung |
| antivirus, autorun, avg secure search, bho, black, bonjour, clipgrab, dsl, error, firefox, flash player, google, helper, home, install.exe, jdownloader, logfile, mozilla, plug-in, realtek, registry, rundll, scan, secure search, security, software, soundtrack, super, svchost.exe, symantec, teamspeak, trojaner, vista |
Hybrid-Darstellung
