| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 0access rootkit und Sirefef.D,Bootfähigkeit verlorenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.12.2012, 21:18
| #16 |
 |  0access rootkit und Sirefef.D,Bootfähigkeit verloren ich mach einfach nochmal nen backup, aus ner gepackten datei sollten ja trojaner nicht ausbrechen können. kann sein, dass das etwas dauert. Bis hierher auf jeden Fall schonmal ein ganz herzliches Danke!! |
|
06.12.2012, 21:21
| #17 |
| /// TB-Ausbilder  | 0access rootkit und Sirefef.D,Bootfähigkeit verloren du hast ja jetzt durch den ESET scan gesehen, welche Dateien infiziert sind. Also packe alle deine Nutzdaten zusammen und dann öffenen wir die F-Platte ganz vorsichtig und machen dein Win7 wieder flott.
__________________
__________________ |
|
06.12.2012, 21:35
| #18 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren ich hab jetz nen backup mit acronis true image gestartet (auf ne externe platte), beim kopieren der daten selbst kam immer "zugriff verweigert".
__________________Das dauert laut acronis nun noch 9 stunden (usb kann nicht mehr). Soll doch auch nur zur Sicherheit sein oder werden wir auf jeden fall daten von F verlieren? |
|
06.12.2012, 21:48
| #19 |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren du sollst nicht die platte komplett sichern sondern NUR deine nutzdaten zur Sicherheit. Wir geben uns grosse Mühe, dass du überhaupt keinen Datenverlust (ausser der Malware hast)
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.12.2012, 22:00
| #20 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren ok, er sichert jetzt die nutzdaten. Laut Win Xp dauerts nun nur knapp 3 h  ich melde mich dann wenn ich alles hab, wird wohl eher morgen sein. |
|
06.12.2012, 22:05
| #21 |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Kein problem - melde dich dann einfach mit dem FRST-Logfile und dann killen wir die Malware
__________________ --> 0access rootkit und Sirefef.D,Bootfähigkeit verloren |
|
06.12.2012, 22:19
| #22 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Ok, mach ich, danke so hier das scanergebnis: [CODE] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012 Ran by SYSTEM at 07-12-2012 17:06:06 Running from H:\ Windows 7 Professional (X64) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe [49152 2011-05-25] () HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s [984576 2011-09-05] (Panda Security, S.L.) HKLM-x32\...\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe" [68928 2010-06-11] (Panda Security, S.L.) HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net) HKU\Administrator\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4 [127040 2011-10-10] (ICQ, LLC.) HKU\Administrator\...\Run: [] [x] HKU\***\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4 [127040 2011-10-10] (ICQ, LLC.) HKU\***\...\Run: [] [x] HKU\***\...\Run: [Peysyhipca] "C:\Users\***\AppData\Roaming\Ociwci\inyt.exe" [x] HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) Winlogon\Notify\avldr: avldr64.dll (On-Access Anti-Malware Scanner Sync) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6810dbc73758a48a9685b9942ffb4ae1\n. ATTENTION! ====> ZeroAccess Tcpip\..\Interfaces\{6124B780-E1F5-4C27-8D22-685920D660D1}: [NameServer]192.168.0.10 ==================== Services (Whitelisted) =================== 2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112744 2010-12-06] (Acronis) 2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-04-16] (Acronis) 3 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) 2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-07-30] (Devguru Co., Ltd.) 2 dgdersvc; C:\Windows\SysWow64\dgdersvc.exe [95568 2010-07-30] (Devguru Co., Ltd.) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 Panda Software Controller; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe" [173312 2009-08-10] (Panda Security, S.L.) 2 PAVFNSVR; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe" [202048 2010-09-13] (Panda Security, S.L.) 2 PavPrSrv; "C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe" [62768 2008-02-04] (Panda Security, S.L.) 2 PAVSRV; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe" [314176 2010-06-04] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-30] () 2 PSHost; "C:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE" [226560 2009-11-26] (Panda Security International) 2 PSIMSVC; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe" [108288 2008-06-19] (Panda Security S.L.) 2 PskSvcRetail; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe" [28992 2010-08-16] (Panda Security, S.L.) 2 TPSrv; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe" [174400 2010-09-29] (Panda Security, S.L.) 3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x] ==================== Drivers (Whitelisted) ===================== 0 1d0c19e5776cf02b; C:\Windows\System32\Drivers\1d0c19e5776cf02b.sys [85432 2012-08-28] () ATTENTION =====> Rootkit? 2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-05-21] (Panda Security, S.L.) 2 APPFLT; \??\C:\Windows\system32\Drivers\APPFLT64.SYS [118280 2010-02-18] (Panda Security, S.L.) 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] () 1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-06] () 3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () 3 avmeject; C:\Windows\System32\Drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) 3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) 2 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [15928 2010-10-04] () 3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-07-30] (Devguru Co., Ltd) 3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [18120 2010-07-30] (Devguru Co., Ltd) 2 DSAFLT; \??\C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.) 2 FNETMON; \??\C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.) 3 fwlanusbn; C:\Windows\System32\Drivers\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) 3 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [58368 2011-05-18] (GenesysLogic) 2 IDSFLT; \??\C:\Windows\system32\Drivers\IDSFLT64.SYS [78856 2009-09-25] (Panda Security, S.L.) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () 2 NETFLTDI; \??\C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.) 3 NETIMFLT01060042; C:\Windows\System32\DRIVERS\n64i1642.sys [214536 2010-02-18] (Panda Security, S.L.) 0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.) 3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) 3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) 3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2010-12-02] (Feitian Technologies Co., Ltd.) 1 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.) 0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) 0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) 0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) 4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-04-02] (Duplex Secure Ltd.) 2 WNMFLT; \??\C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.) 3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [1075712 2008-08-05] (Atheros Communications, Inc.) 3 cpuz130; \??\C:\Users\THORST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] 3 GPU-Z; \??\C:\Users\THORST~1\AppData\Local\Temp\GPU-Z.sys [x] 3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x] 3 Prot6Flt; C:\Windows\System32\DRIVERS\Prot6Flt.sys [x] 3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-07 17:05 - 2012-12-07 17:05 - 00000000 ____D C:\FRST 2012-12-02 23:49 - 2012-12-03 00:30 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-12-02 18:16 - 2012-12-02 18:16 - 00001174 ____A C:\Windows\PFRO.log 2012-12-02 18:08 - 2012-12-03 20:27 - 00000000 ____D C:\Users\All Users\4AD0184B93A71FBF00004ACFCD852922 2012-12-02 18:06 - 2012-12-03 22:23 - 00000000 ____D C:\Users\***\AppData\Roaming\Ociwci 2012-12-02 18:03 - 2012-12-02 17:52 - 00000504 ____A C:\Users\***\Documents\options.ini 2012-12-02 17:28 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data 2012-12-02 16:01 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Stronghold Crusader 2012-12-02 15:52 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Data 2012-12-02 00:16 - 2012-12-02 17:39 - 00120012 ____A C:\Windows\DirectX.log 2012-12-02 00:04 - 2012-12-02 18:16 - 00000280 ____A C:\Windows\setupact.log 2012-12-02 00:04 - 2012-12-02 00:04 - 00000000 ____A C:\Windows\setuperr.log 2012-11-26 21:52 - 2012-11-26 21:52 - 00001945 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\All Users\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2012-11-19 10:50 - 2012-11-19 10:50 - 00076257 ____A C:\Users\***\Desktop\Evaluation Referenten v3.1.odt 2012-11-18 11:23 - 2012-11-18 11:25 - 00001594 ____A C:\Windows\VPNUnInstall.MIF 2012-11-15 23:11 - 2012-11-15 23:11 - 00012180 ____A C:\Users\***\Desktop\Bewertungen PhysikI.xlsx 2012-11-12 20:08 - 2012-11-12 20:26 - 00000000 ____D C:\Users\***\Desktop\Imaginaerum ==================== One Month Modified Files and Folders ======= 2012-12-07 17:05 - 2012-12-07 17:05 - 00000000 ____D C:\FRST 2012-12-03 22:23 - 2012-12-02 18:06 - 00000000 ____D C:\Users\***\AppData\Roaming\Ociwci 2012-12-03 20:27 - 2012-12-02 18:08 - 00000000 ____D C:\Users\All Users\4AD0184B93A71FBF00004ACFCD852922 2012-12-03 20:27 - 2012-12-02 17:28 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data 2012-12-03 20:27 - 2012-12-02 16:01 - 00000000 ____D C:\Users\***\Documents\Stronghold Crusader 2012-12-03 20:27 - 2012-12-02 15:52 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Data 2012-12-03 20:27 - 2012-10-21 15:16 - 00000000 ____D C:\users\Administrator 2012-12-03 20:27 - 2010-12-08 22:17 - 00000000 ____D C:\Users\***\AppData\Roaming\JGsoft 2012-12-03 20:27 - 2010-10-02 15:56 - 00000000 ____D C:\users\*** 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2012-12-03 20:26 - 2010-10-04 14:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-12-03 00:30 - 2012-12-02 23:49 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-12-03 00:12 - 2010-10-04 17:40 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ 2012-12-02 23:29 - 2010-10-04 15:47 - 00146520 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-02 23:23 - 2010-10-23 13:08 - 00743936 __ASH C:\Users\***\Desktop\Thumbs.db 2012-12-02 18:20 - 2009-07-14 18:58 - 00709726 ____A C:\Windows\System32\perfh007.dat 2012-12-02 18:20 - 2009-07-14 18:58 - 00154078 ____A C:\Windows\System32\perfc007.dat 2012-12-02 18:20 - 2009-07-14 06:13 - 01643640 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-02 18:17 - 2012-01-15 13:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox 2012-12-02 18:17 - 2010-10-04 14:21 - 00000068 ____A C:\Windows\System32\Drivers\etc\NetFlt.cfg.bck 2012-12-02 18:17 - 2010-10-04 14:21 - 00000068 ____A C:\Windows\System32\Drivers\etc\NetFlt.cfg 2012-12-02 18:17 - 2010-10-04 14:20 - 00000152 ____A C:\Windows\System32\Drivers\etc\NetAdapt.cfg.bck 2012-12-02 18:17 - 2010-10-04 14:20 - 00000152 ____A C:\Windows\System32\Drivers\etc\NetAdapt.cfg 2012-12-02 18:16 - 2012-12-02 18:16 - 00001174 ____A C:\Windows\PFRO.log 2012-12-02 18:16 - 2012-12-02 00:04 - 00000280 ____A C:\Windows\setupact.log 2012-12-02 18:16 - 2010-11-16 01:19 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-02 18:16 - 2010-10-04 14:22 - 00000320 ____A C:\Windows\System32\Drivers\etc\NetLoc.wlt 2012-12-02 18:16 - 2010-10-04 14:20 - 00000064 ____A C:\Windows\System32\Drivers\etc\NetAR.wlt.bck 2012-12-02 18:16 - 2010-10-04 14:20 - 00000064 ____A C:\Windows\System32\Drivers\etc\NetAR.wlt 2012-12-02 18:16 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-02 18:12 - 2009-07-14 05:45 - 00513136 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-02 18:07 - 2010-10-04 14:17 - 01032256 ____A C:\Windows\System32\Drivers\APPFCONT.DAT.bck 2012-12-02 18:07 - 2010-10-04 14:17 - 01032256 ____A C:\Windows\System32\Drivers\APPFCONT.DAT 2012-12-02 17:52 - 2012-12-02 18:03 - 00000504 ____A C:\Users\***\Documents\options.ini 2012-12-02 17:44 - 2012-04-10 21:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-02 17:39 - 2012-12-02 00:16 - 00120012 ____A C:\Windows\DirectX.log 2012-12-02 17:16 - 2010-11-16 01:19 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-02 16:39 - 2009-07-14 05:45 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-02 16:39 - 2009-07-14 05:45 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-02 00:04 - 2012-12-02 00:04 - 00000000 ____A C:\Windows\setuperr.log 2012-12-01 23:59 - 2011-04-02 11:09 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite 2012-12-01 23:58 - 2010-10-06 20:14 - 00000000 ____D C:\Windows\Minidump 2012-12-01 15:11 - 2012-10-28 22:24 - 00000000 ____D C:\Users\***\Desktop\Protokolle PIA2 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\WnmFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\WnmFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\DsaFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\DsaFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:21 - 00000252 ____A C:\Windows\System32\Drivers\etc\IdsFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:21 - 00000252 ____A C:\Windows\System32\Drivers\etc\IdsFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:17 - 00001132 ____A C:\Windows\System32\Drivers\APPFLTR.CFG.bck 2012-12-01 14:02 - 2010-10-04 14:17 - 00001132 ____A C:\Windows\System32\Drivers\APPFLTR.CFG 2012-11-28 21:40 - 2010-10-04 20:36 - 00000000 ____D C:\Users\***\Desktop\Dateien 2012-11-26 21:52 - 2012-11-26 21:52 - 00001945 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\All Users\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2012-11-26 20:56 - 2012-09-14 13:45 - 00000000 ____D C:\Program Files\Recuva 2012-11-26 11:14 - 2010-10-07 17:39 - 00000000 ____D C:\Users\All Users\Adobe 2012-11-26 11:13 - 2012-04-10 21:48 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-26 11:13 - 2011-05-29 10:00 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-11-24 13:49 - 2012-10-01 21:52 - 00000141 ____A C:\Windows\spwdrhag.INI 2012-11-24 13:49 - 2012-10-01 21:52 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery 2012-11-21 21:27 - 2012-02-17 15:04 - 00000150 ____A C:\Users\***\.Xauthority 2012-11-21 21:27 - 2012-02-17 15:04 - 00000000 ____D C:\Users\***\.nx 2012-11-19 10:50 - 2012-11-19 10:50 - 00076257 ____A C:\Users\***\Desktop\Evaluation Referenten v3.1.odt 2012-11-18 12:20 - 2012-02-17 15:05 - 00000000 ____D C:\Users\***\.ssh 2012-11-18 12:19 - 2010-11-20 15:55 - 00001615 ____A C:\Windows\VPNInstall.MIF 2012-11-18 11:25 - 2012-11-18 11:23 - 00001594 ____A C:\Windows\VPNUnInstall.MIF 2012-11-15 23:11 - 2012-11-15 23:11 - 00012180 ____A C:\Users\***\Desktop\Bewertungen PhysikI.xlsx 2012-11-15 21:18 - 2012-01-22 17:09 - 00000000 ____D C:\Program Files (x86)\MyFree Codec 2012-11-14 10:25 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-12 20:26 - 2012-11-12 20:08 - 00000000 ____D C:\Users\***\Desktop\Imaginaerum 2012-11-10 17:50 - 2012-11-03 16:01 - 00076054 ____A C:\Users\***\Desktop\Evaluation Referenten v3.0.odt ZeroAccess: C:\$Recycle.Bin\S-1-5-21-765039588-535241434-544004008-1000\$6810dbc73758a48a9685b9942ffb4ae1 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$6810dbc73758a48a9685b9942ffb4ae1 ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8190.18 MB Available physical RAM: 7369.67 MB Total Pagefile: 8188.33 MB Available Pagefile: 7369.2 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:450 GB) (Free:212.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:250 GB) (Free:147.48 GB) NTFS 3 Drive e: () (Fixed) (Total:231.5 GB) (Free:93.2 GB) NTFS 4 Drive f: (MEDIIGOLD_DISC1) (CDROM) (Total:7.4 GB) (Free:0 GB) UDF 5 Drive g: (GRMCPRXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF 6 Drive h: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.14 GB) FAT 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 931 GB 0 B Datentr„ger 1 Online 246 MB 0 B Partitions of Disk 0: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 450 GB 31 KB Partition 2 Prim„r 250 GB 450 GB Partition 3 Prim„r 231 GB 700 GB ================================================================================== Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 450 GB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 250 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E NTFS Partition 231 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E NTFS Partition 231 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 245 MB 16 KB ================================================================================== Disk: 1 Partition 1 Typ : 06 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H USB DISK FAT Wechselmed 245 MB Fehlerfre ========================================================= Disk: 1 Partition 1 Typ : 06 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H USB DISK FAT Wechselmed 245 MB Fehlerfre ========================================================= Last Boot: 2012-11-27 10:15 ==================== End Of Log ============================= [CODE] oh sorry, da ist mir wohl ein / abhanden gekommen. hier nochmal: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012 Ran by SYSTEM at 07-12-2012 17:06:06 Running from H:\ Windows 7 Professional (X64) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe [49152 2011-05-25] () HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s [984576 2011-09-05] (Panda Security, S.L.) HKLM-x32\...\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe" [68928 2010-06-11] (Panda Security, S.L.) HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net) HKU\Administrator\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4 [127040 2011-10-10] (ICQ, LLC.) HKU\Administrator\...\Run: [] [x] HKU\***\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4 [127040 2011-10-10] (ICQ, LLC.) HKU\***\...\Run: [] [x] HKU\***\...\Run: [Peysyhipca] "C:\Users\***\AppData\Roaming\Ociwci\inyt.exe" [x] HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) Winlogon\Notify\avldr: avldr64.dll (On-Access Anti-Malware Scanner Sync) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6810dbc73758a48a9685b9942ffb4ae1\n. ATTENTION! ====> ZeroAccess Tcpip\..\Interfaces\{6124B780-E1F5-4C27-8D22-685920D660D1}: [NameServer]192.168.0.10 ==================== Services (Whitelisted) =================== 2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112744 2010-12-06] (Acronis) 2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-04-16] (Acronis) 3 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) 2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-07-30] (Devguru Co., Ltd.) 2 dgdersvc; C:\Windows\SysWow64\dgdersvc.exe [95568 2010-07-30] (Devguru Co., Ltd.) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 Panda Software Controller; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe" [173312 2009-08-10] (Panda Security, S.L.) 2 PAVFNSVR; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe" [202048 2010-09-13] (Panda Security, S.L.) 2 PavPrSrv; "C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe" [62768 2008-02-04] (Panda Security, S.L.) 2 PAVSRV; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe" [314176 2010-06-04] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-30] () 2 PSHost; "C:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE" [226560 2009-11-26] (Panda Security International) 2 PSIMSVC; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe" [108288 2008-06-19] (Panda Security S.L.) 2 PskSvcRetail; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe" [28992 2010-08-16] (Panda Security, S.L.) 2 TPSrv; "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe" [174400 2010-09-29] (Panda Security, S.L.) 3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x] ==================== Drivers (Whitelisted) ===================== 0 1d0c19e5776cf02b; C:\Windows\System32\Drivers\1d0c19e5776cf02b.sys [85432 2012-08-28] () ATTENTION =====> Rootkit? 2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-05-21] (Panda Security, S.L.) 2 APPFLT; \??\C:\Windows\system32\Drivers\APPFLT64.SYS [118280 2010-02-18] (Panda Security, S.L.) 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] () 1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-06] () 3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () 3 avmeject; C:\Windows\System32\Drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) 3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) 2 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [15928 2010-10-04] () 3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-07-30] (Devguru Co., Ltd) 3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [18120 2010-07-30] (Devguru Co., Ltd) 2 DSAFLT; \??\C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.) 2 FNETMON; \??\C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.) 3 fwlanusbn; C:\Windows\System32\Drivers\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) 3 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [58368 2011-05-18] (GenesysLogic) 2 IDSFLT; \??\C:\Windows\system32\Drivers\IDSFLT64.SYS [78856 2009-09-25] (Panda Security, S.L.) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () 2 NETFLTDI; \??\C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.) 3 NETIMFLT01060042; C:\Windows\System32\DRIVERS\n64i1642.sys [214536 2010-02-18] (Panda Security, S.L.) 0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.) 3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) 3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) 3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2010-12-02] (Feitian Technologies Co., Ltd.) 1 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.) 0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) 0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) 0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) 4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-04-02] (Duplex Secure Ltd.) 2 WNMFLT; \??\C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.) 3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [1075712 2008-08-05] (Atheros Communications, Inc.) 3 cpuz130; \??\C:\Users\THORST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] 3 GPU-Z; \??\C:\Users\THORST~1\AppData\Local\Temp\GPU-Z.sys [x] 3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x] 3 Prot6Flt; C:\Windows\System32\DRIVERS\Prot6Flt.sys [x] 3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-07 17:05 - 2012-12-07 17:05 - 00000000 ____D C:\FRST 2012-12-02 23:49 - 2012-12-03 00:30 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-12-02 18:16 - 2012-12-02 18:16 - 00001174 ____A C:\Windows\PFRO.log 2012-12-02 18:08 - 2012-12-03 20:27 - 00000000 ____D C:\Users\All Users\4AD0184B93A71FBF00004ACFCD852922 2012-12-02 18:06 - 2012-12-03 22:23 - 00000000 ____D C:\Users\***\AppData\Roaming\Ociwci 2012-12-02 18:03 - 2012-12-02 17:52 - 00000504 ____A C:\Users\***\Documents\options.ini 2012-12-02 17:28 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data 2012-12-02 16:01 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Stronghold Crusader 2012-12-02 15:52 - 2012-12-03 20:27 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Data 2012-12-02 00:16 - 2012-12-02 17:39 - 00120012 ____A C:\Windows\DirectX.log 2012-12-02 00:04 - 2012-12-02 18:16 - 00000280 ____A C:\Windows\setupact.log 2012-12-02 00:04 - 2012-12-02 00:04 - 00000000 ____A C:\Windows\setuperr.log 2012-11-26 21:52 - 2012-11-26 21:52 - 00001945 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\All Users\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2012-11-19 10:50 - 2012-11-19 10:50 - 00076257 ____A C:\Users\***\Desktop\Evaluation Referenten v3.1.odt 2012-11-18 11:23 - 2012-11-18 11:25 - 00001594 ____A C:\Windows\VPNUnInstall.MIF 2012-11-15 23:11 - 2012-11-15 23:11 - 00012180 ____A C:\Users\***\Desktop\Bewertungen PhysikI.xlsx 2012-11-12 20:08 - 2012-11-12 20:26 - 00000000 ____D C:\Users\***\Desktop\Imaginaerum ==================== One Month Modified Files and Folders ======= 2012-12-07 17:05 - 2012-12-07 17:05 - 00000000 ____D C:\FRST 2012-12-03 22:23 - 2012-12-02 18:06 - 00000000 ____D C:\Users\***\AppData\Roaming\Ociwci 2012-12-03 20:27 - 2012-12-02 18:08 - 00000000 ____D C:\Users\All Users\4AD0184B93A71FBF00004ACFCD852922 2012-12-03 20:27 - 2012-12-02 17:28 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data 2012-12-03 20:27 - 2012-12-02 16:01 - 00000000 ____D C:\Users\***\Documents\Stronghold Crusader 2012-12-03 20:27 - 2012-12-02 15:52 - 00000000 ____D C:\Users\***\Documents\Command and Conquer Generals Data 2012-12-03 20:27 - 2012-10-21 15:16 - 00000000 ____D C:\users\Administrator 2012-12-03 20:27 - 2010-12-08 22:17 - 00000000 ____D C:\Users\***\AppData\Roaming\JGsoft 2012-12-03 20:27 - 2010-10-02 15:56 - 00000000 ____D C:\users\*** 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2012-12-03 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2012-12-03 20:26 - 2010-10-04 14:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-12-03 00:30 - 2012-12-02 23:49 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-12-03 00:12 - 2010-10-04 17:40 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ 2012-12-02 23:29 - 2010-10-04 15:47 - 00146520 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-02 23:23 - 2010-10-23 13:08 - 00743936 __ASH C:\Users\***\Desktop\Thumbs.db 2012-12-02 18:20 - 2009-07-14 18:58 - 00709726 ____A C:\Windows\System32\perfh007.dat 2012-12-02 18:20 - 2009-07-14 18:58 - 00154078 ____A C:\Windows\System32\perfc007.dat 2012-12-02 18:20 - 2009-07-14 06:13 - 01643640 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-02 18:17 - 2012-01-15 13:31 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox 2012-12-02 18:17 - 2010-10-04 14:21 - 00000068 ____A C:\Windows\System32\Drivers\etc\NetFlt.cfg.bck 2012-12-02 18:17 - 2010-10-04 14:21 - 00000068 ____A C:\Windows\System32\Drivers\etc\NetFlt.cfg 2012-12-02 18:17 - 2010-10-04 14:20 - 00000152 ____A C:\Windows\System32\Drivers\etc\NetAdapt.cfg.bck 2012-12-02 18:17 - 2010-10-04 14:20 - 00000152 ____A C:\Windows\System32\Drivers\etc\NetAdapt.cfg 2012-12-02 18:16 - 2012-12-02 18:16 - 00001174 ____A C:\Windows\PFRO.log 2012-12-02 18:16 - 2012-12-02 00:04 - 00000280 ____A C:\Windows\setupact.log 2012-12-02 18:16 - 2010-11-16 01:19 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-02 18:16 - 2010-10-04 14:22 - 00000320 ____A C:\Windows\System32\Drivers\etc\NetLoc.wlt 2012-12-02 18:16 - 2010-10-04 14:20 - 00000064 ____A C:\Windows\System32\Drivers\etc\NetAR.wlt.bck 2012-12-02 18:16 - 2010-10-04 14:20 - 00000064 ____A C:\Windows\System32\Drivers\etc\NetAR.wlt 2012-12-02 18:16 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-02 18:12 - 2009-07-14 05:45 - 00513136 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-02 18:07 - 2010-10-04 14:17 - 01032256 ____A C:\Windows\System32\Drivers\APPFCONT.DAT.bck 2012-12-02 18:07 - 2010-10-04 14:17 - 01032256 ____A C:\Windows\System32\Drivers\APPFCONT.DAT 2012-12-02 17:52 - 2012-12-02 18:03 - 00000504 ____A C:\Users\***\Documents\options.ini 2012-12-02 17:44 - 2012-04-10 21:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-02 17:39 - 2012-12-02 00:16 - 00120012 ____A C:\Windows\DirectX.log 2012-12-02 17:16 - 2010-11-16 01:19 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-02 16:39 - 2009-07-14 05:45 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-02 16:39 - 2009-07-14 05:45 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-02 00:04 - 2012-12-02 00:04 - 00000000 ____A C:\Windows\setuperr.log 2012-12-01 23:59 - 2011-04-02 11:09 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite 2012-12-01 23:58 - 2010-10-06 20:14 - 00000000 ____D C:\Windows\Minidump 2012-12-01 15:11 - 2012-10-28 22:24 - 00000000 ____D C:\Users\***\Desktop\Protokolle PIA2 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\WnmFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\WnmFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\DsaFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:22 - 00000056 ____A C:\Windows\System32\Drivers\etc\DsaFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:21 - 00000252 ____A C:\Windows\System32\Drivers\etc\IdsFlt.cfg.bck 2012-12-01 14:02 - 2010-10-04 14:21 - 00000252 ____A C:\Windows\System32\Drivers\etc\IdsFlt.cfg 2012-12-01 14:02 - 2010-10-04 14:17 - 00001132 ____A C:\Windows\System32\Drivers\APPFLTR.CFG.bck 2012-12-01 14:02 - 2010-10-04 14:17 - 00001132 ____A C:\Windows\System32\Drivers\APPFLTR.CFG 2012-11-28 21:40 - 2010-10-04 20:36 - 00000000 ____D C:\Users\***\Desktop\Dateien 2012-11-26 21:52 - 2012-11-26 21:52 - 00001945 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Users\All Users\Canneverbe Limited 2012-11-26 21:52 - 2012-11-26 21:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2012-11-26 20:56 - 2012-09-14 13:45 - 00000000 ____D C:\Program Files\Recuva 2012-11-26 11:14 - 2010-10-07 17:39 - 00000000 ____D C:\Users\All Users\Adobe 2012-11-26 11:13 - 2012-04-10 21:48 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-26 11:13 - 2011-05-29 10:00 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-11-24 13:49 - 2012-10-01 21:52 - 00000141 ____A C:\Windows\spwdrhag.INI 2012-11-24 13:49 - 2012-10-01 21:52 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery 2012-11-21 21:27 - 2012-02-17 15:04 - 00000150 ____A C:\Users\***\.Xauthority 2012-11-21 21:27 - 2012-02-17 15:04 - 00000000 ____D C:\Users\***\.nx 2012-11-19 10:50 - 2012-11-19 10:50 - 00076257 ____A C:\Users\***\Desktop\Evaluation Referenten v3.1.odt 2012-11-18 12:20 - 2012-02-17 15:05 - 00000000 ____D C:\Users\***\.ssh 2012-11-18 12:19 - 2010-11-20 15:55 - 00001615 ____A C:\Windows\VPNInstall.MIF 2012-11-18 11:25 - 2012-11-18 11:23 - 00001594 ____A C:\Windows\VPNUnInstall.MIF 2012-11-15 23:11 - 2012-11-15 23:11 - 00012180 ____A C:\Users\***\Desktop\Bewertungen PhysikI.xlsx 2012-11-15 21:18 - 2012-01-22 17:09 - 00000000 ____D C:\Program Files (x86)\MyFree Codec 2012-11-14 10:25 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-12 20:26 - 2012-11-12 20:08 - 00000000 ____D C:\Users\***\Desktop\Imaginaerum 2012-11-10 17:50 - 2012-11-03 16:01 - 00076054 ____A C:\Users\***\Desktop\Evaluation Referenten v3.0.odt ZeroAccess: C:\$Recycle.Bin\S-1-5-21-765039588-535241434-544004008-1000\$6810dbc73758a48a9685b9942ffb4ae1 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$6810dbc73758a48a9685b9942ffb4ae1 ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8190.18 MB Available physical RAM: 7369.67 MB Total Pagefile: 8188.33 MB Available Pagefile: 7369.2 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:450 GB) (Free:212.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:250 GB) (Free:147.48 GB) NTFS 3 Drive e: () (Fixed) (Total:231.5 GB) (Free:93.2 GB) NTFS 4 Drive f: (MEDIIGOLD_DISC1) (CDROM) (Total:7.4 GB) (Free:0 GB) UDF 5 Drive g: (GRMCPRXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF 6 Drive h: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.14 GB) FAT 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 931 GB 0 B Datentr„ger 1 Online 246 MB 0 B Partitions of Disk 0: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 450 GB 31 KB Partition 2 Prim„r 250 GB 450 GB Partition 3 Prim„r 231 GB 700 GB ================================================================================== Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 450 GB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 250 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E NTFS Partition 231 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E NTFS Partition 231 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 245 MB 16 KB ================================================================================== Disk: 1 Partition 1 Typ : 06 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H USB DISK FAT Wechselmed 245 MB Fehlerfre ========================================================= Disk: 1 Partition 1 Typ : 06 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H USB DISK FAT Wechselmed 245 MB Fehlerfre ========================================================= Last Boot: 2012-11-27 10:15 ==================== End Of Log ============================= |
|
08.12.2012, 13:08
| #23 | |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren So ich hoffe du weißt noch genau was du da editiert hast und kannst das rückgängig machen. Fix mit FRST
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.12.2012, 13:38
| #24 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren ok, hab ich gemacht: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2012
Ran by SYSTEM at 2012-12-08 13:36:27 Run:1
Running from H:\
==============================================
1d0c19e5776cf02b service deleted successfully.
C:\Windows\System32\Drivers\1d0c19e5776cf02b.sys moved successfully.
C:\Users\All Users\4AD0184B93A71FBF00004ACFCD852922 moved successfully.
HKEY_USERS***\Software\Microsoft\Windows\CurrentVersion\Run\\Peysyhipca Value deleted successfully.
C:\Users\***\AppData\Roaming\Ociwci moved successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\$Recycle.Bin\S-1-5-21-765039588-535241434-544004008-1000 moved successfully.
C:\$Recycle.Bin\S-1-5-18 moved successfully.
==== End of Fixlog ====
|
|
08.12.2012, 13:44
| #25 |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren In Ordnung. Dann versuche bitte wieder zu booten.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.12.2012, 14:02
| #26 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Er bootet! Klasse |
|
08.12.2012, 14:06
| #27 |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Gut. Dann Finger weg ... nix weiter machen. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.12.2012, 14:38
| #28 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Defogger scan: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:10 on 08/12/2012 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
fehlercode: Code:
ATTFilter Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: aswMBR.exe
Anwendungsversion: 0.9.9.1707
Anwendungszeitstempel: 509be8bf
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.1.7601.17725
Fehlermodulzeitstempel: 4ec49b8f
Ausnahmecode: c0000005
Ausnahmeoffset: 0002e3be
Betriebsystemversion: 6.1.7601.2.1.0.256.48
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789
Geändert von Dexteron (08.12.2012 um 15:01 Uhr) |
|
08.12.2012, 14:39
| #29 |
| /// TB-Ausbilder | 0access rootkit und Sirefef.D,Bootfähigkeit verloren Ok dann unten links "(none)" auswählen und Log so erstellen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.12.2012, 14:54
| #30 |
| | 0access rootkit und Sirefef.D,Bootfähigkeit verloren aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-08 14:43:41
-----------------------------
14:43:41.413 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:41.413 Number of processors: 4 586 0x403
14:43:41.413 ComputerName: TWTOWER UserName:
14:43:48.979 Initialize success
14:43:55.937 AVAST engine defs: 12120701
14:44:26.887 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:44:26.887 Disk 0 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
14:44:26.918 Disk 0 MBR read successfully
14:44:26.918 Disk 0 MBR scan
14:44:26.918 Disk 0 Windows 7 default MBR code
14:44:26.934 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 460801 MB offset 63
14:44:26.965 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 256004 MB offset 943722360
14:44:26.996 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237060 MB offset 1468019700
14:44:27.074 Disk 0 scanning C:\Windows\system32\drivers
14:45:12.033 Service scanning
14:45:54.169 Modules scanning
14:45:54.169 Disk 0 trace - called modules:
14:45:54.185 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:45:54.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c7d060]
14:45:54.185 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa80075df520]
14:45:54.185 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80075db680]
14:45:54.185 Scan finished successfully
14:46:03.638 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
14:46:03.638 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 14:39:59.0596 4816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:40:00.0361 4816 ============================================================
14:40:00.0361 4816 Current date / time: 2012/12/08 14:40:00.0361
14:40:00.0361 4816 SystemInfo:
14:40:00.0361 4816
14:40:00.0361 4816 OS Version: 6.1.7601 ServicePack: 1.0
14:40:00.0361 4816 Product type: Workstation
14:40:00.0361 4816 ComputerName: TWTOWER
14:40:00.0361 4816 UserName: ***
14:40:00.0361 4816 Windows directory: C:\Windows
14:40:00.0361 4816 System windows directory: C:\Windows
14:40:00.0361 4816 Running under WOW64
14:40:00.0361 4816 Processor architecture: Intel x64
14:40:00.0361 4816 Number of processors: 4
14:40:00.0361 4816 Page size: 0x1000
14:40:00.0361 4816 Boot type: Normal boot
14:40:00.0361 4816 ============================================================
14:40:01.0593 4816 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:40:01.0593 4816 ============================================================
14:40:01.0593 4816 \Device\Harddisk0\DR0:
14:40:01.0593 4816 MBR partitions:
14:40:01.0593 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38400F39
14:40:01.0593 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38400F78, BlocksNum 0x1F40247C
14:40:01.0593 4816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x578033F4, BlocksNum 0x1CF025CD
14:40:01.0593 4816 ============================================================
14:40:01.0609 4816 C: <-> \Device\Harddisk0\DR0\Partition1
14:40:01.0624 4816 D: <-> \Device\Harddisk0\DR0\Partition2
14:40:01.0655 4816 E: <-> \Device\Harddisk0\DR0\Partition3
14:40:01.0655 4816 ============================================================
14:40:01.0655 4816 Initialize success
14:40:01.0655 4816 ============================================================
14:40:27.0770 0648 ============================================================
14:40:27.0770 0648 Scan started
14:40:27.0770 0648 Mode: Manual; TDLFS;
14:40:27.0770 0648 ============================================================
14:40:28.0581 0648 ================ Scan system memory ========================
14:40:28.0581 0648 System memory - ok
14:40:28.0581 0648 ================ Scan services =============================
14:40:28.0706 0648 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:40:28.0706 0648 1394ohci - ok
14:40:28.0737 0648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:40:28.0753 0648 ACPI - ok
14:40:28.0784 0648 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:40:28.0784 0648 AcpiPmi - ok
14:40:28.0893 0648 [ 3DD353A5BF7AF6DB7AFF1166435D4AE0 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:40:29.0189 0648 AcrSch2Svc - ok
14:40:29.0267 0648 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:40:29.0283 0648 AdobeARMservice - ok
14:40:29.0377 0648 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:29.0377 0648 AdobeFlashPlayerUpdateSvc - ok
14:40:29.0408 0648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:40:29.0423 0648 adp94xx - ok
14:40:29.0423 0648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:40:29.0423 0648 adpahci - ok
14:40:29.0439 0648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:40:29.0439 0648 adpu320 - ok
14:40:29.0455 0648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:40:29.0455 0648 AeLookupSvc - ok
14:40:29.0486 0648 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
14:40:29.0486 0648 afcdp - ok
14:40:29.0533 0648 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
14:40:29.0564 0648 afcdpsrv - ok
14:40:29.0642 0648 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:40:29.0642 0648 AFD - ok
14:40:29.0673 0648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:40:29.0673 0648 agp440 - ok
14:40:29.0689 0648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:40:29.0689 0648 ALG - ok
14:40:29.0704 0648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:40:29.0704 0648 aliide - ok
14:40:29.0720 0648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:40:29.0735 0648 amdide - ok
14:40:29.0751 0648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:40:29.0751 0648 AmdK8 - ok
14:40:29.0782 0648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:40:29.0782 0648 AmdPPM - ok
14:40:29.0813 0648 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:40:29.0813 0648 amdsata - ok
14:40:29.0845 0648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:40:29.0845 0648 amdsbs - ok
14:40:29.0860 0648 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:40:29.0860 0648 amdxata - ok
14:40:29.0891 0648 [ 71336E77F98A65EFAAEB950902611D3F ] AmFSM C:\Windows\system32\DRIVERS\amm6460.sys
14:40:29.0891 0648 AmFSM - ok
14:40:29.0923 0648 [ E86908BFE8B20BB8A30E4737CE3284DA ] APPFLT C:\Windows\system32\Drivers\APPFLT64.SYS
14:40:29.0923 0648 APPFLT - ok
14:40:29.0954 0648 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:40:29.0954 0648 AppID - ok
14:40:29.0954 0648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:40:29.0969 0648 AppIDSvc - ok
14:40:29.0985 0648 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:40:29.0985 0648 Appinfo - ok
14:40:30.0047 0648 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:30.0063 0648 Apple Mobile Device - ok
14:40:30.0079 0648 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:40:30.0079 0648 AppMgmt - ok
14:40:30.0094 0648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:40:30.0094 0648 arc - ok
14:40:30.0110 0648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:40:30.0110 0648 arcsas - ok
14:40:30.0172 0648 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
14:40:30.0172 0648 AsIO - ok
14:40:30.0266 0648 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:40:30.0281 0648 aspnet_state - ok
14:40:30.0281 0648 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
14:40:30.0281 0648 AsUpIO - ok
14:40:30.0313 0648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:30.0313 0648 AsyncMac - ok
14:40:30.0313 0648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:40:30.0313 0648 atapi - ok
14:40:30.0359 0648 [ B07E6681D303A612680223C729B021E2 ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
14:40:30.0359 0648 ATITool - ok
14:40:30.0391 0648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:40:30.0391 0648 AudioEndpointBuilder - ok
14:40:30.0406 0648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:40:30.0406 0648 AudioSrv - ok
14:40:30.0469 0648 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
14:40:30.0484 0648 AVM WLAN Connection Service - ok
14:40:30.0515 0648 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
14:40:30.0515 0648 avmeject - ok
14:40:30.0531 0648 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:40:30.0531 0648 AxInstSV - ok
14:40:30.0547 0648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:40:30.0562 0648 b06bdrv - ok
14:40:30.0562 0648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:40:30.0562 0648 b57nd60a - ok
14:40:30.0578 0648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:40:30.0578 0648 BDESVC - ok
14:40:30.0593 0648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:40:30.0593 0648 Beep - ok
14:40:30.0640 0648 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:40:30.0640 0648 BFE - ok
14:40:30.0687 0648 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:40:30.0687 0648 BITS - ok
14:40:30.0703 0648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:40:30.0703 0648 blbdrive - ok
14:40:30.0765 0648 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:30.0765 0648 Bonjour Service - ok
14:40:30.0796 0648 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:40:30.0796 0648 bowser - ok
14:40:30.0812 0648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:40:30.0812 0648 BrFiltLo - ok
14:40:30.0827 0648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:40:30.0827 0648 BrFiltUp - ok
14:40:30.0859 0648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:40:30.0859 0648 Browser - ok
14:40:30.0859 0648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:40:30.0859 0648 Brserid - ok
14:40:30.0874 0648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:40:30.0874 0648 BrSerWdm - ok
14:40:30.0874 0648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:40:30.0874 0648 BrUsbMdm - ok
14:40:30.0890 0648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:40:30.0890 0648 BrUsbSer - ok
14:40:30.0921 0648 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
14:40:30.0921 0648 BthAvrcp - ok
14:40:30.0952 0648 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:40:30.0952 0648 BthEnum - ok
14:40:30.0952 0648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:40:30.0952 0648 BTHMODEM - ok
14:40:30.0968 0648 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:40:30.0983 0648 BthPan - ok
14:40:30.0999 0648 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:40:30.0999 0648 BTHPORT - ok
14:40:31.0015 0648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:40:31.0015 0648 bthserv - ok
14:40:31.0046 0648 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:40:31.0046 0648 BTHUSB - ok
14:40:31.0046 0648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:40:31.0046 0648 cdfs - ok
14:40:31.0077 0648 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:40:31.0077 0648 cdrom - ok
14:40:31.0108 0648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:40:31.0108 0648 CertPropSvc - ok
14:40:31.0124 0648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:40:31.0124 0648 circlass - ok
14:40:31.0139 0648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:40:31.0139 0648 CLFS - ok
14:40:31.0186 0648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:31.0202 0648 clr_optimization_v2.0.50727_32 - ok
14:40:31.0233 0648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:40:31.0233 0648 clr_optimization_v2.0.50727_64 - ok
14:40:31.0295 0648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:40:31.0295 0648 clr_optimization_v4.0.30319_32 - ok
14:40:31.0327 0648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:40:31.0327 0648 clr_optimization_v4.0.30319_64 - ok
14:40:31.0358 0648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:31.0358 0648 CmBatt - ok
14:40:31.0373 0648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:40:31.0373 0648 cmdide - ok
14:40:31.0389 0648 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:40:31.0405 0648 CNG - ok
14:40:31.0451 0648 [ 8A64C45F467FB30C47A30AE2819DDD62 ] ComFiltr C:\Windows\system32\DRIVERS\COMFiltr.sys
14:40:31.0451 0648 ComFiltr - ok
14:40:31.0451 0648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:40:31.0451 0648 Compbatt - ok
14:40:31.0483 0648 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:40:31.0483 0648 CompositeBus - ok
14:40:31.0483 0648 COMSysApp - ok
14:40:31.0561 0648 cpuz130 - ok
14:40:31.0561 0648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:40:31.0561 0648 crcdisk - ok
14:40:31.0607 0648 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:40:31.0607 0648 CryptSvc - ok
14:40:31.0639 0648 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:40:31.0639 0648 CSC - ok
14:40:31.0763 0648 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:40:31.0763 0648 CscService - ok
14:40:31.0810 0648 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
14:40:31.0810 0648 CVirtA - ok
14:40:31.0904 0648 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:40:31.0919 0648 DAUpdaterSvc - ok
14:40:31.0951 0648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:40:31.0951 0648 DcomLaunch - ok
14:40:31.0966 0648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:40:31.0966 0648 defragsvc - ok
14:40:31.0997 0648 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:40:31.0997 0648 DfsC - ok
14:40:32.0044 0648 [ DEF365F0F6E017888C4B869D3BA4B8E0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
14:40:32.0044 0648 dgderdrv - ok
14:40:32.0075 0648 [ BC3C53000ADCD440F1B23E46DAC302EF ] dgdersvc C:\Windows\system32\dgdersvc.exe
14:40:32.0075 0648 dgdersvc - ok
14:40:32.0091 0648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:40:32.0091 0648 Dhcp - ok
14:40:32.0091 0648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:40:32.0091 0648 discache - ok
14:40:32.0122 0648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:40:32.0122 0648 Disk - ok
14:40:32.0153 0648 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:40:32.0153 0648 Dnscache - ok
14:40:32.0185 0648 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:40:32.0185 0648 dot3svc - ok
14:40:32.0200 0648 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:40:32.0216 0648 DPS - ok
14:40:32.0247 0648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:40:32.0247 0648 drmkaud - ok
14:40:32.0263 0648 [ 64648B677D5005749F2FE412254512B7 ] DSAFLT C:\Windows\system32\Drivers\DSAFLT64.SYS
14:40:32.0263 0648 DSAFLT - ok
14:40:32.0278 0648 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:40:32.0278 0648 DXGKrnl - ok
14:40:32.0294 0648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:40:32.0294 0648 EapHost - ok
14:40:32.0341 0648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:40:32.0372 0648 ebdrv - ok
14:40:32.0403 0648 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:40:32.0403 0648 EFS - ok
14:40:32.0434 0648 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:40:32.0450 0648 ehRecvr - ok
14:40:32.0465 0648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:40:32.0481 0648 ehSched - ok
14:40:32.0497 0648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:40:32.0497 0648 elxstor - ok
14:40:32.0559 0648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:40:32.0559 0648 ErrDev - ok
14:40:32.0590 0648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:40:32.0590 0648 EventSystem - ok
14:40:32.0606 0648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:40:32.0606 0648 exfat - ok
14:40:32.0606 0648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:40:32.0621 0648 fastfat - ok
14:40:32.0653 0648 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:40:32.0653 0648 Fax - ok
14:40:32.0653 0648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:40:32.0653 0648 fdc - ok
14:40:32.0668 0648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:40:32.0668 0648 fdPHost - ok
14:40:32.0668 0648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:40:32.0668 0648 FDResPub - ok
14:40:32.0684 0648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:40:32.0684 0648 FileInfo - ok
14:40:32.0699 0648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:40:32.0699 0648 Filetrace - ok
14:40:32.0699 0648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:32.0699 0648 flpydisk - ok
14:40:32.0746 0648 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:40:32.0746 0648 FltMgr - ok
14:40:32.0746 0648 [ 50C6C310A98108A94E985FD46B4E150C ] FNETMON C:\Windows\system32\Drivers\fnetm64.SYS
14:40:32.0746 0648 FNETMON - ok
14:40:32.0777 0648 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:40:32.0793 0648 FontCache - ok
14:40:32.0840 0648 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:40:32.0840 0648 FontCache3.0.0.0 - ok
14:40:32.0840 0648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:40:32.0840 0648 FsDepends - ok
14:40:32.0871 0648 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:40:32.0871 0648 Fs_Rec - ok
14:40:32.0902 0648 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:40:32.0902 0648 fvevol - ok
14:40:32.0949 0648 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
14:40:32.0965 0648 fwlanusbn - ok
14:40:32.0996 0648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:40:32.0996 0648 gagp30kx - ok
14:40:33.0043 0648 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:40:33.0043 0648 GEARAspiWDM - ok
14:40:33.0089 0648 [ 676B3710A6F3D3A97A4B5859BC0E0BB7 ] GeneStor C:\Windows\system32\DRIVERS\GeneStor.sys
14:40:33.0089 0648 GeneStor - ok
14:40:33.0136 0648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:40:33.0136 0648 gpsvc - ok
14:40:33.0152 0648 GPU-Z - ok
14:40:33.0245 0648 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:40:33.0245 0648 gupdate - ok
14:40:33.0261 0648 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:40:33.0261 0648 gupdatem - ok
14:40:33.0277 0648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:40:33.0277 0648 hcw85cir - ok
14:40:33.0308 0648 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:40:33.0308 0648 HdAudAddService - ok
14:40:33.0323 0648 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:40:33.0323 0648 HDAudBus - ok
14:40:33.0339 0648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:40:33.0339 0648 HidBatt - ok
14:40:33.0355 0648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:40:33.0355 0648 HidBth - ok
14:40:33.0370 0648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:40:33.0370 0648 HidIr - ok
14:40:33.0386 0648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:40:33.0386 0648 hidserv - ok
14:40:33.0417 0648 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:40:33.0417 0648 HidUsb - ok
14:40:33.0433 0648 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:40:33.0448 0648 hkmsvc - ok
14:40:33.0464 0648 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:40:33.0479 0648 HomeGroupListener - ok
14:40:33.0511 0648 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:40:33.0511 0648 HomeGroupProvider - ok
14:40:33.0526 0648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:40:33.0526 0648 HpSAMD - ok
14:40:33.0557 0648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:40:33.0573 0648 HTTP - ok
14:40:33.0589 0648 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:40:33.0589 0648 hwpolicy - ok
14:40:33.0604 0648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:40:33.0604 0648 i8042prt - ok
14:40:33.0651 0648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:40:33.0651 0648 iaStorV - ok
14:40:33.0667 0648 [ 731791F5391083F0CC8CB5A00BBD5E89 ] IDSFLT C:\Windows\system32\Drivers\IDSFLT64.SYS
14:40:33.0667 0648 IDSFLT - ok
14:40:33.0682 0648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:40:33.0713 0648 idsvc - ok
14:40:33.0729 0648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:40:33.0729 0648 iirsp - ok
14:40:33.0745 0648 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:40:33.0760 0648 IKEEXT - ok
14:40:33.0823 0648 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:40:33.0854 0648 IntcAzAudAddService - ok
14:40:33.0885 0648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:40:33.0885 0648 intelide - ok
14:40:33.0916 0648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:40:33.0916 0648 intelppm - ok
14:40:33.0947 0648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:40:33.0963 0648 IPBusEnum - ok
14:40:33.0979 0648 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:33.0979 0648 IpFilterDriver - ok
14:40:34.0010 0648 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:40:34.0010 0648 IPMIDRV - ok
14:40:34.0041 0648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:40:34.0041 0648 IPNAT - ok
14:40:34.0088 0648 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:40:34.0103 0648 iPod Service - ok
14:40:34.0119 0648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:40:34.0119 0648 IRENUM - ok
14:40:34.0135 0648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:40:34.0135 0648 isapnp - ok
14:40:34.0166 0648 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:40:34.0166 0648 iScsiPrt - ok
14:40:34.0181 0648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:40:34.0181 0648 kbdclass - ok
14:40:34.0197 0648 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:40:34.0197 0648 kbdhid - ok
14:40:34.0213 0648 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:40:34.0213 0648 KeyIso - ok
14:40:34.0228 0648 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:40:34.0228 0648 KSecDD - ok
14:40:34.0259 0648 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:40:34.0259 0648 KSecPkg - ok
14:40:34.0275 0648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:40:34.0275 0648 ksthunk - ok
14:40:34.0306 0648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:40:34.0306 0648 KtmRm - ok
14:40:34.0337 0648 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:40:34.0337 0648 LanmanServer - ok
14:40:34.0369 0648 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:40:34.0369 0648 LanmanWorkstation - ok
14:40:34.0447 0648 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:40:34.0462 0648 LBTServ - ok
14:40:34.0478 0648 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
14:40:34.0478 0648 LGBusEnum - ok
14:40:34.0493 0648 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
14:40:34.0493 0648 LGVirHid - ok
14:40:34.0525 0648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:40:34.0525 0648 lltdio - ok
14:40:34.0540 0648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:40:34.0540 0648 lltdsvc - ok
14:40:34.0556 0648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:40:34.0556 0648 lmhosts - ok
14:40:34.0571 0648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:40:34.0571 0648 LSI_FC - ok
14:40:34.0571 0648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:40:34.0587 0648 LSI_SAS - ok
14:40:34.0587 0648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:40:34.0587 0648 LSI_SAS2 - ok
14:40:34.0603 0648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:40:34.0603 0648 LSI_SCSI - ok
14:40:34.0618 0648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:40:34.0618 0648 luafv - ok
14:40:34.0681 0648 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:40:34.0696 0648 MBAMScheduler - ok
14:40:34.0712 0648 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:40:34.0712 0648 Mcx2Svc - ok
14:40:34.0727 0648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:40:34.0727 0648 megasas - ok
14:40:34.0727 0648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:40:34.0743 0648 MegaSR - ok
14:40:34.0759 0648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:40:34.0759 0648 MMCSS - ok
14:40:34.0774 0648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:40:34.0774 0648 Modem - ok
14:40:34.0790 0648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:40:34.0790 0648 monitor - ok
14:40:34.0805 0648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:40:34.0805 0648 mouclass - ok
14:40:34.0837 0648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:40:34.0837 0648 mouhid - ok
14:40:34.0852 0648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:40:34.0852 0648 mountmgr - ok
14:40:34.0868 0648 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:40:34.0868 0648 mpio - ok
14:40:34.0883 0648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:40:34.0883 0648 mpsdrv - ok
14:40:34.0915 0648 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:40:34.0915 0648 MRxDAV - ok
14:40:34.0930 0648 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:34.0930 0648 mrxsmb - ok
14:40:34.0961 0648 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:34.0961 0648 mrxsmb10 - ok
14:40:34.0961 0648 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:34.0961 0648 mrxsmb20 - ok
14:40:34.0993 0648 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:40:34.0993 0648 msahci - ok
14:40:35.0008 0648 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:40:35.0008 0648 msdsm - ok
14:40:35.0024 0648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:40:35.0024 0648 MSDTC - ok
14:40:35.0039 0648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:40:35.0039 0648 Msfs - ok
14:40:35.0039 0648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:40:35.0039 0648 mshidkmdf - ok
14:40:35.0055 0648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:40:35.0055 0648 msisadrv - ok
14:40:35.0071 0648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:40:35.0071 0648 MSiSCSI - ok
14:40:35.0071 0648 msiserver - ok
14:40:35.0102 0648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:40:35.0102 0648 MSKSSRV - ok
14:40:35.0133 0648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:35.0133 0648 MSPCLOCK - ok
14:40:35.0149 0648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:40:35.0149 0648 MSPQM - ok
14:40:35.0164 0648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:40:35.0164 0648 MsRPC - ok
14:40:35.0180 0648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:40:35.0180 0648 mssmbios - ok
14:40:35.0195 0648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:40:35.0195 0648 MSTEE - ok
14:40:35.0211 0648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:40:35.0211 0648 MTConfig - ok
14:40:35.0227 0648 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
14:40:35.0227 0648 MTsensor - ok
14:40:35.0258 0648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:40:35.0258 0648 Mup - ok
14:40:35.0289 0648 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:40:35.0289 0648 napagent - ok
14:40:35.0305 0648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:40:35.0305 0648 NativeWifiP - ok
14:40:35.0320 0648 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:40:35.0336 0648 NDIS - ok
14:40:35.0336 0648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:40:35.0336 0648 NdisCap - ok
14:40:35.0351 0648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:40:35.0351 0648 NdisTapi - ok
14:40:35.0383 0648 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:40:35.0383 0648 Ndisuio - ok
14:40:35.0398 0648 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:40:35.0414 0648 NdisWan - ok
14:40:35.0445 0648 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:40:35.0445 0648 NDProxy - ok
14:40:35.0445 0648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:40:35.0445 0648 NetBIOS - ok
14:40:35.0476 0648 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:40:35.0492 0648 NetBT - ok
14:40:35.0507 0648 [ BA99A34A9B5EB737CE54BC0A7C596609 ] NETFLTDI C:\Windows\system32\Drivers\NETTDI64.SYS
14:40:35.0507 0648 NETFLTDI - ok
14:40:35.0507 0648 [ 4D69EBC1A362D392226662560CB8A8B0 ] NETIMFLT01060042 C:\Windows\system32\DRIVERS\n64i1642.sys
14:40:35.0507 0648 NETIMFLT01060042 - ok
14:40:35.0523 0648 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:40:35.0523 0648 Netlogon - ok
14:40:35.0570 0648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:40:35.0570 0648 Netman - ok
14:40:35.0632 0648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:40:35.0648 0648 NetMsmqActivator - ok
14:40:35.0648 0648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:40:35.0648 0648 NetPipeActivator - ok
14:40:35.0663 0648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:40:35.0663 0648 netprofm - ok
14:40:35.0679 0648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:40:35.0679 0648 NetTcpActivator - ok
14:40:35.0679 0648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:40:35.0679 0648 NetTcpPortSharing - ok
14:40:35.0695 0648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:40:35.0695 0648 nfrd960 - ok
14:40:35.0726 0648 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:40:35.0726 0648 NlaSvc - ok
14:40:35.0741 0648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:40:35.0741 0648 Npfs - ok
14:40:35.0741 0648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:40:35.0741 0648 nsi - ok
14:40:35.0757 0648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:40:35.0757 0648 nsiproxy - ok
14:40:35.0804 0648 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:40:35.0819 0648 Ntfs - ok
14:40:35.0835 0648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:40:35.0835 0648 Null - ok
14:40:35.0866 0648 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:40:35.0882 0648 nusb3hub - ok
14:40:35.0913 0648 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:40:35.0913 0648 nusb3xhc - ok
14:40:35.0960 0648 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:40:35.0960 0648 NVENETFD - ok
14:40:36.0147 0648 [ F12C5F17D48D9F5C70E4408B3CCB5443 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:40:36.0241 0648 nvlddmkm - ok
14:40:36.0256 0648 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:40:36.0272 0648 nvraid - ok
14:40:36.0287 0648 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:40:36.0287 0648 nvstor - ok
14:40:36.0334 0648 [ 69920E391EB69C595886E960855990D7 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
14:40:36.0334 0648 nvstor64 - ok
14:40:36.0381 0648 [ 8A55543C379B0582F0C33DB447D1C892 ] NVSvc C:\Windows\system32\nvvsvc.exe
14:40:36.0381 0648 NVSvc - ok
14:40:36.0412 0648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:40:36.0412 0648 nv_agp - ok
14:40:36.0490 0648 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:40:36.0521 0648 odserv - ok
14:40:36.0568 0648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:40:36.0568 0648 ohci1394 - ok
14:40:36.0599 0648 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:37.0239 0648 ose - ok
14:40:37.0364 0648 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:40:37.0535 0648 osppsvc - ok
14:40:37.0551 0648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:40:37.0551 0648 p2pimsvc - ok
14:40:37.0567 0648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:40:37.0567 0648 p2psvc - ok
14:40:37.0629 0648 [ 78B7642B0C51F24F0835C0226540D58B ] Panda Software Controller C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
14:40:37.0629 0648 Panda Software Controller - ok
14:40:37.0645 0648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:40:37.0645 0648 Parport - ok
14:40:37.0660 0648 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:40:37.0660 0648 partmgr - ok
14:40:37.0676 0648 [ 337A81B3FF34F9851D245D42A725FC22 ] pavboot C:\Windows\system32\Drivers\pavboot64.sys
14:40:37.0676 0648 pavboot - ok
14:40:37.0707 0648 [ BDD6EF7BADC2D4F8FF036150491F0204 ] PAVFNSVR C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
14:40:37.0723 0648 PAVFNSVR - ok
14:40:37.0738 0648 [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
14:40:37.0738 0648 PavPrSrv - ok
14:40:37.0754 0648 [ 97005413310966001FB6F4A5C503149C ] PAVSRV C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
14:40:37.0988 0648 PAVSRV - ok
14:40:38.0003 0648 PavTPK.sys - ok
14:40:38.0035 0648 [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64 C:\Windows\system32\Drivers\PCAMp50a64.sys
14:40:38.0035 0648 PCAMp50a64 - ok
14:40:38.0035 0648 [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64 C:\Windows\system32\Drivers\PCASp50a64.sys
14:40:38.0035 0648 PCASp50a64 - ok
14:40:38.0050 0648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:40:38.0050 0648 PcaSvc - ok
14:40:38.0066 0648 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:40:38.0066 0648 pccsmcfd - ok
14:40:38.0097 0648 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:40:38.0097 0648 pci - ok
14:40:38.0113 0648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:40:38.0113 0648 pciide - ok
14:40:38.0128 0648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:40:38.0128 0648 pcmcia - ok
14:40:38.0144 0648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:40:38.0144 0648 pcw - ok
14:40:38.0144 0648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:40:38.0159 0648 PEAUTH - ok
14:40:38.0191 0648 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:40:38.0191 0648 PeerDistSvc - ok
14:40:38.0237 0648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:40:38.0253 0648 PerfHost - ok
14:40:38.0284 0648 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:40:38.0300 0648 pla - ok
14:40:38.0331 0648 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:40:38.0331 0648 PlugPlay - ok
14:40:38.0362 0648 PnkBstrA - ok
14:40:38.0378 0648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:40:38.0378 0648 PNRPAutoReg - ok
14:40:38.0393 0648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:40:38.0393 0648 PNRPsvc - ok
14:40:38.0409 0648 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:40:38.0409 0648 PolicyAgent - ok
14:40:38.0425 0648 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:40:38.0425 0648 Power - ok
14:40:38.0456 0648 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:40:38.0456 0648 PptpMiniport - ok
14:40:38.0456 0648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:40:38.0456 0648 Processor - ok
14:40:38.0487 0648 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:40:38.0487 0648 ProfSvc - ok
14:40:38.0503 0648 Prot6Flt - ok
14:40:38.0503 0648 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:40:38.0518 0648 ProtectedStorage - ok
14:40:38.0534 0648 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:40:38.0534 0648 Psched - ok
14:40:38.0549 0648 [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
14:40:38.0565 0648 PSHost - ok
14:40:38.0581 0648 [ 196C450F2779D0B462C444DA4906EA7F ] PSIMSVC C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
14:40:38.0799 0648 PSIMSVC - ok
14:40:38.0815 0648 [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe
14:40:38.0815 0648 PskSvcRetail - ok
14:40:38.0846 0648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:40:38.0846 0648 ql2300 - ok
14:40:38.0861 0648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:40:38.0861 0648 ql40xx - ok
14:40:38.0877 0648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:40:38.0877 0648 QWAVE - ok
14:40:38.0893 0648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:40:38.0893 0648 QWAVEdrv - ok
14:40:38.0893 0648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:40:38.0893 0648 RasAcd - ok
14:40:38.0924 0648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:40:38.0924 0648 RasAgileVpn - ok
14:40:38.0939 0648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:40:38.0939 0648 RasAuto - ok
14:40:38.0971 0648 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:40:38.0971 0648 Rasl2tp - ok
14:40:39.0002 0648 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:40:39.0002 0648 RasMan - ok
14:40:39.0017 0648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:40:39.0017 0648 RasPppoe - ok
14:40:39.0033 0648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:40:39.0033 0648 RasSstp - ok
14:40:39.0049 0648 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:40:39.0049 0648 rdbss - ok
14:40:39.0064 0648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:40:39.0064 0648 rdpbus - ok
14:40:39.0064 0648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:40:39.0064 0648 RDPCDD - ok
14:40:39.0095 0648 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:40:39.0095 0648 RDPDR - ok
14:40:39.0111 0648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:40:39.0111 0648 RDPENCDD - ok
14:40:39.0111 0648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:40:39.0111 0648 RDPREFMP - ok
14:40:39.0142 0648 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:40:39.0142 0648 RDPWD - ok
14:40:39.0173 0648 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:40:39.0173 0648 rdyboost - ok
14:40:39.0189 0648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:40:39.0189 0648 RemoteAccess - ok
14:40:39.0205 0648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:40:39.0205 0648 RemoteRegistry - ok
14:40:39.0236 0648 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:40:39.0236 0648 RFCOMM - ok
14:40:39.0283 0648 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
14:40:39.0283 0648 RMCAST - ok
14:40:39.0314 0648 [ A241B009194E322D6F21CF61BB998A56 ] ROCKEYNT C:\Windows\system32\DRIVERS\Rockey4.sys
14:40:39.0314 0648 ROCKEYNT - ok
14:40:39.0329 0648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:40:39.0329 0648 RpcEptMapper - ok
14:40:39.0345 0648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:40:39.0345 0648 RpcLocator - ok
14:40:39.0376 0648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:40:39.0376 0648 RpcSs - ok
14:40:39.0392 0648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:40:39.0392 0648 rspndr - ok
14:40:39.0423 0648 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:40:39.0439 0648 RTL8167 - ok
14:40:39.0454 0648 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
14:40:39.0470 0648 RTL8187 - ok
14:40:39.0485 0648 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:40:39.0485 0648 s3cap - ok
14:40:39.0485 0648 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:40:39.0485 0648 SamSs - ok
14:40:39.0517 0648 SANDRA - ok
14:40:39.0532 0648 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:40:39.0532 0648 sbp2port - ok
14:40:39.0548 0648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:40:39.0548 0648 SCardSvr - ok
14:40:39.0563 0648 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:40:39.0579 0648 scfilter - ok
14:40:39.0610 0648 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:40:39.0610 0648 Schedule - ok
14:40:39.0641 0648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:40:39.0641 0648 SCPolicySvc - ok
14:40:39.0673 0648 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:40:39.0673 0648 SDRSVC - ok
14:40:39.0688 0648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:40:39.0688 0648 secdrv - ok
14:40:39.0719 0648 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:40:39.0719 0648 seclogon - ok
14:40:39.0735 0648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:40:39.0735 0648 SENS - ok
14:40:39.0751 0648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:40:39.0751 0648 SensrSvc - ok
14:40:39.0782 0648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:40:39.0782 0648 Serenum - ok
14:40:39.0797 0648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:40:39.0797 0648 Serial - ok
14:40:39.0829 0648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:40:39.0829 0648 sermouse - ok
14:40:39.0891 0648 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:40:39.0922 0648 ServiceLayer - ok
14:40:39.0953 0648 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:40:39.0953 0648 SessionEnv - ok
14:40:39.0969 0648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:40:39.0969 0648 sffdisk - ok
14:40:39.0985 0648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:40:39.0985 0648 sffp_mmc - ok
14:40:39.0985 0648 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:40:39.0985 0648 sffp_sd - ok
14:40:40.0000 0648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:40:40.0000 0648 sfloppy - ok
14:40:40.0016 0648 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:40:40.0016 0648 ShellHWDetection - ok
14:40:40.0031 0648 [ 03639A3B26AA808BAE79D89FDB4B151C ] ShldFlt C:\Windows\system32\DRIVERS\ShldFlt.sys
14:40:40.0031 0648 ShldFlt - ok
14:40:40.0063 0648 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
14:40:40.0063 0648 SI3132 - ok
14:40:40.0063 0648 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
14:40:40.0063 0648 SiFilter - ok
14:40:40.0078 0648 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
14:40:40.0078 0648 SiRemFil - ok
14:40:40.0078 0648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:40:40.0078 0648 SiSRaid2 - ok
14:40:40.0094 0648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:40:40.0094 0648 SiSRaid4 - ok
14:40:40.0141 0648 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:40:42.0621 0648 SkypeUpdate - ok
14:40:42.0652 0648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:40:42.0652 0648 Smb - ok
14:40:42.0715 0648 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
14:40:42.0715 0648 snapman - ok
14:40:42.0746 0648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:40:42.0746 0648 SNMPTRAP - ok
14:40:42.0746 0648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:40:42.0746 0648 spldr - ok
14:40:42.0777 0648 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:40:42.0777 0648 Spooler - ok
14:40:42.0855 0648 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:40:42.0871 0648 sppsvc - ok
14:40:42.0871 0648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:40:42.0871 0648 sppuinotify - ok
14:40:42.0933 0648 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
14:40:42.0933 0648 sptd - ok
14:40:42.0964 0648 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:40:42.0964 0648 srv - ok
14:40:42.0980 0648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:40:42.0980 0648 srv2 - ok
14:40:42.0995 0648 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:40:42.0995 0648 srvnet - ok
14:40:43.0027 0648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:40:43.0027 0648 SSDPSRV - ok
14:40:43.0042 0648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:40:43.0042 0648 SstpSvc - ok
14:40:43.0073 0648 [ D21FF3592DAEE244EE8376830A672B52 ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
14:40:43.0089 0648 ss_bus - ok
14:40:43.0089 0648 [ 451DB3D10E6112E06B4506D4A7BECEC1 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
14:40:43.0089 0648 ss_mdfl - ok
14:40:43.0105 0648 [ EF40C8A268A5263A0EF48FED8E57CBED ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
14:40:43.0105 0648 ss_mdm - ok
14:40:43.0151 0648 Steam Client Service - ok
14:40:43.0167 0648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:40:43.0167 0648 stexstor - ok
14:40:43.0198 0648 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:40:43.0198 0648 StillCam - ok
14:40:43.0229 0648 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:40:43.0229 0648 stisvc - ok
14:40:43.0261 0648 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:40:43.0261 0648 storflt - ok
14:40:43.0276 0648 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:40:43.0276 0648 StorSvc - ok
14:40:43.0292 0648 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:40:43.0292 0648 storvsc - ok
14:40:43.0292 0648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:40:43.0292 0648 swenum - ok
14:40:43.0323 0648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:40:43.0323 0648 swprv - ok
14:40:43.0370 0648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:40:43.0370 0648 SysMain - ok
14:40:43.0385 0648 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:40:43.0385 0648 TabletInputService - ok
14:40:43.0401 0648 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:40:43.0401 0648 TapiSrv - ok
14:40:43.0417 0648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:40:43.0417 0648 TBS - ok
14:40:43.0479 0648 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:40:43.0495 0648 Tcpip - ok
14:40:43.0541 0648 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:40:43.0557 0648 TCPIP6 - ok
14:40:43.0573 0648 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:40:43.0573 0648 tcpipreg - ok
14:40:43.0604 0648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:40:43.0604 0648 TDPIPE - ok
14:40:43.0651 0648 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
14:40:43.0666 0648 tdrpman273 - ok
14:40:43.0697 0648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:40:43.0697 0648 TDTCP - ok
14:40:43.0729 0648 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:40:43.0729 0648 tdx - ok
14:40:43.0729 0648 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:40:43.0729 0648 TermDD - ok
14:40:43.0775 0648 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:40:43.0775 0648 TermService - ok
14:40:43.0807 0648 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
14:40:43.0807 0648 TFsExDisk - ok
14:40:43.0822 0648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:40:43.0822 0648 Themes - ok
14:40:43.0838 0648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:40:43.0838 0648 THREADORDER - ok
14:40:43.0869 0648 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
14:40:43.0885 0648 timounter - ok
14:40:43.0900 0648 [ AEEF3C000F9250EF0B1534A8DC5A06AD ] TPSrv C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
14:40:43.0900 0648 TPSrv - ok
14:40:43.0916 0648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:40:43.0916 0648 TrkWks - ok
14:40:43.0947 0648 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
14:40:43.0963 0648 truecrypt - ok
14:40:43.0994 0648 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:40:43.0994 0648 TrustedInstaller - ok
14:40:44.0025 0648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:40:44.0025 0648 tssecsrv - ok
14:40:44.0056 0648 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:40:44.0056 0648 TsUsbFlt - ok
14:40:44.0087 0648 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:40:44.0087 0648 tunnel - ok
14:40:44.0103 0648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:40:44.0103 0648 uagp35 - ok
14:40:44.0134 0648 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:40:44.0134 0648 udfs - ok
14:40:44.0150 0648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:40:44.0150 0648 UI0Detect - ok
14:40:44.0181 0648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:40:44.0181 0648 uliagpkx - ok
14:40:44.0212 0648 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:40:44.0212 0648 umbus - ok
14:40:44.0228 0648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:40:44.0228 0648 UmPass - ok
14:40:44.0243 0648 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:40:44.0259 0648 UmRdpService - ok
14:40:44.0259 0648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:40:44.0259 0648 upnphost - ok
14:40:44.0290 0648 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:40:44.0290 0648 usbccgp - ok
14:40:44.0321 0648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:40:44.0321 0648 usbcir - ok
14:40:44.0353 0648 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:40:44.0353 0648 usbehci - ok
14:40:44.0353 0648 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:40:44.0368 0648 usbhub - ok
14:40:44.0368 0648 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:40:44.0368 0648 usbohci - ok
14:40:44.0384 0648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:40:44.0384 0648 usbprint - ok
14:40:44.0415 0648 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:40:44.0415 0648 USBSTOR - ok
14:40:44.0415 0648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:40:44.0415 0648 usbuhci - ok
14:40:44.0446 0648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:40:44.0446 0648 UxSms - ok
14:40:44.0446 0648 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:40:44.0446 0648 VaultSvc - ok
14:40:44.0477 0648 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
14:40:44.0477 0648 VClone - ok
14:40:44.0493 0648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:40:44.0493 0648 vdrvroot - ok
14:40:44.0524 0648 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:40:44.0524 0648 vds - ok
14:40:44.0555 0648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:40:44.0555 0648 vga - ok
14:40:44.0571 0648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:40:44.0571 0648 VgaSave - ok
14:40:44.0587 0648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:40:44.0587 0648 vhdmp - ok
14:40:44.0602 0648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:40:44.0602 0648 viaide - ok
14:40:44.0618 0648 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:40:44.0618 0648 vmbus - ok
14:40:44.0633 0648 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:40:44.0633 0648 VMBusHID - ok
14:40:44.0649 0648 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:40:44.0649 0648 volmgr - ok
14:40:44.0680 0648 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:40:44.0680 0648 volmgrx - ok
14:40:44.0711 0648 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:40:44.0711 0648 volsnap - ok
14:40:44.0743 0648 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
14:40:44.0743 0648 vpcbus - ok
14:40:44.0774 0648 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:40:44.0774 0648 vpcnfltr - ok
14:40:44.0789 0648 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
14:40:44.0789 0648 vpcusb - ok
14:40:44.0836 0648 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
14:40:44.0836 0648 vpcvmm - ok
14:40:44.0836 0648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:40:44.0836 0648 vsmraid - ok
14:40:44.0867 0648 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:40:44.0883 0648 VSS - ok
14:40:44.0899 0648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:40:44.0899 0648 vwifibus - ok
14:40:44.0930 0648 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:40:44.0930 0648 vwififlt - ok
14:40:44.0930 0648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:40:44.0945 0648 W32Time - ok
14:40:44.0945 0648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:40:44.0945 0648 WacomPen - ok
14:40:44.0977 0648 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:40:44.0977 0648 WANARP - ok
14:40:44.0992 0648 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:40:44.0992 0648 Wanarpv6 - ok
14:40:45.0055 0648 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:40:45.0086 0648 WatAdminSvc - ok
14:40:45.0117 0648 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:40:45.0117 0648 wbengine - ok
14:40:45.0148 0648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:40:45.0148 0648 WbioSrvc - ok
14:40:45.0179 0648 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:40:45.0179 0648 wcncsvc - ok
14:40:45.0195 0648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:40:45.0195 0648 WcsPlugInService - ok
14:40:45.0211 0648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:40:45.0211 0648 Wd - ok
14:40:45.0226 0648 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:40:45.0226 0648 Wdf01000 - ok
14:40:45.0242 0648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:40:45.0242 0648 WdiServiceHost - ok
14:40:45.0242 0648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:40:45.0242 0648 WdiSystemHost - ok
14:40:45.0273 0648 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:40:45.0273 0648 WebClient - ok
14:40:45.0289 0648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:40:45.0289 0648 Wecsvc - ok
14:40:45.0289 0648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:40:45.0289 0648 wercplsupport - ok
14:40:45.0320 0648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:40:45.0320 0648 WerSvc - ok
14:40:45.0335 0648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:40:45.0335 0648 WfpLwf - ok
14:40:45.0351 0648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:40:45.0351 0648 WIMMount - ok
14:40:45.0351 0648 WinHttpAutoProxySvc - ok
14:40:45.0382 0648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:40:45.0398 0648 Winmgmt - ok
14:40:45.0445 0648 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:40:45.0460 0648 WinRM - ok
14:40:45.0491 0648 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:40:45.0507 0648 WinUsb - ok
14:40:45.0538 0648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:40:45.0538 0648 Wlansvc - ok
14:40:45.0569 0648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:40:45.0569 0648 WmiAcpi - ok
14:40:45.0585 0648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:40:45.0601 0648 wmiApSrv - ok
14:40:45.0632 0648 WMPNetworkSvc - ok
14:40:45.0632 0648 [ C1B61612FCCC6E750AD0A6E19C77EE85 ] WNMFLT C:\Windows\system32\Drivers\WNMFLT64.SYS
14:40:45.0632 0648 WNMFLT - ok
14:40:45.0647 0648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:40:45.0647 0648 WPCSvc - ok
14:40:45.0663 0648 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:40:45.0663 0648 WPDBusEnum - ok
14:40:45.0710 0648 [ 788914C42AD8318F1DD7A565EAFFB049 ] WPN111 C:\Windows\system32\DRIVERS\WPN111vx.sys
14:40:45.0725 0648 WPN111 - ok
14:40:45.0725 0648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:40:45.0725 0648 ws2ifsl - ok
14:40:45.0741 0648 WSearch - ok
14:40:45.0788 0648 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:40:45.0803 0648 wuauserv - ok
14:40:45.0835 0648 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:40:45.0835 0648 WudfPf - ok
14:40:45.0881 0648 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:40:45.0881 0648 WUDFRd - ok
14:40:45.0897 0648 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:40:45.0897 0648 wudfsvc - ok
14:40:45.0913 0648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:40:45.0928 0648 WwanSvc - ok
14:40:45.0991 0648 ================ Scan global ===============================
14:40:46.0006 0648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:40:46.0037 0648 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:40:46.0053 0648 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:40:46.0069 0648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:40:46.0084 0648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:40:46.0084 0648 [Global] - ok
14:40:46.0084 0648 ================ Scan MBR ==================================
14:40:46.0100 0648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:40:46.0271 0648 \Device\Harddisk0\DR0 - ok
14:40:46.0287 0648 ================ Scan VBR ==================================
14:40:46.0287 0648 [ 9698A2CB1FC282BBFDF6B3AEE832DA65 ] \Device\Harddisk0\DR0\Partition1
14:40:46.0287 0648 \Device\Harddisk0\DR0\Partition1 - ok
14:40:46.0303 0648 [ 3885AC46AF31D0F1139378F49830D22C ] \Device\Harddisk0\DR0\Partition2
14:40:46.0303 0648 \Device\Harddisk0\DR0\Partition2 - ok
14:40:46.0318 0648 [ 91EE0087E549154F1848396C96F56EA8 ] \Device\Harddisk0\DR0\Partition3
14:40:46.0318 0648 \Device\Harddisk0\DR0\Partition3 - ok
14:40:46.0318 0648 ============================================================
14:40:46.0318 0648 Scan finished
14:40:46.0318 0648 ============================================================
14:40:46.0318 5700 Detected object count: 0
14:40:46.0318 5700 Actual detected object count: 0
14:43:03.0676 5376 Deinitialize success
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by *** at 14:46:38 on 2012-12-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6066 [GMT 1:00]
.
AV: Panda Internet Security 2011 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Internet Security 2011 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2011 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dgdersvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UMonit.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Softwarenetz\Terminkalender2\kalender2.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uProxyOverride = fritz.box;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmieren\Java\jre6\bin\jp2ssv.dll
TB: Gutscheinmieze: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll
TB: Gutscheinmieze: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll
uRun: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe"
mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
StartupFolder: C:\Users\THORST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\THORST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TERMIN~1.LNK - C:\Softwarenetz\Terminkalender2\kalender2.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{3490F978-561C-44BA-A817-252703B49C38} : DHCPNameServer = 212.23.97.2 212.23.97.3
TCP: Interfaces\{367E2848-DB33-4857-B4FE-A0629F551C3F} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{367E2848-DB33-4857-B4FE-A0629F551C3F}\64259445A51275C414E402255607561647562702E4F274 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{5D4CC1C7-0061-4958-B406-778319C94A31} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{6124B780-E1F5-4C27-8D22-685920D660D1} : NameServer = 192.168.0.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7cit0qvn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
FF - plugin: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Programme\Microsoft Silverlight\3.0.40723.0\npctrl.dll
FF - plugin: C:\Programme\Microsoft Silverlight\3.0.40818.0\npctrl.dll
FF - plugin: C:\Programme\Microsoft Silverlight\3.0.50106.0\npctrl.dll
FF - plugin: C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll
FF - plugin: C:\Programme\Microsoft Silverlight\4.0.50826.0\npctrl.dll
FF - plugin: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: E:\Programmieren\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: E:\Programmieren\Java\jre6\bin\new_plugin\npjp2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2010-10-4 30792]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-4-16 1263200]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2010-10-4 48136]
R2 afcdpsrv;Acronis Nonstop Backup-Dienst;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-4-16 3246040]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2010-10-4 65608]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2010-10-4 118280]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2010-10-4 15928]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-7-30 119632]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2010-10-4 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2010-10-4 31752]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2010-10-4 78856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-21 399432]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2010-10-4 170504]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrlS.exe [2010-10-4 173312]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe [2010-10-4 202048]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2010-10-4 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe [2010-10-4 314176]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\psksvc.exe [2010-10-4 28992]
R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2010-10-4 74760]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-4-16 285280]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-7-30 20552]
R3 fwlanusbn;FRITZ!WLAN N;C:\Windows\System32\drivers\fwlanusbn.sys [2011-11-4 714368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;C:\Windows\System32\drivers\n64i1642.sys [2010-10-4 214536]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2010-10-4 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2010-10-4 41280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 avmeject;AVM Eject;C:\Windows\System32\drivers\avmeject.sys [2010-10-22 14120]
S3 BthAvrcp;Bluetooth-AVRCP-Profil;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-8-17 25832]
S3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\drivers\GeneStor.sys [2012-8-25 58368]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-22 16392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-27 59392]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-4 1255736]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2011-11-13 1075712]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.
=============== Created Last 30 ================
.
2012-12-07 16:05:56 -------- d-----w- C:\FRST
2012-12-02 22:49:02 -------- d-----w- C:\ProgramData\HitmanPro
2012-12-01 23:08:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F952A6FB-6BC9-4D6D-8F4A-DBD780A35542}\offreg.dll
2012-11-26 20:52:57 -------- d-----w- C:\Users\***\AppData\Roaming\Canneverbe Limited
2012-11-26 20:52:57 -------- d-----w- C:\ProgramData\Canneverbe Limited
2012-11-26 20:15:33 -------- d-----w- C:\ProgramData\Tarma Installer
.
==================== Find3M ====================
.
2012-11-26 10:13:46 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-26 10:13:46 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-29 17:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-21 11:16:28 133248 ----a-w- C:\Windows\System32\drivers\dnelwf64.sys
.
============= FINISH: 14:47:06,78 ===============
--- --- --- [/CODE] Attach: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02.10.2010 16:56:32
System Uptime: 08.12.2012 14:01:38 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89TD PRO USB3
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 211,451 GiB free.
D: is FIXED (NTFS) - 250 GiB total, 147,482 GiB free.
E: is FIXED (NTFS) - 232 GiB total, 93,199 GiB free.
F: is CDROM (UDF)
G: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Description: ATITool Driver
Device ID: ROOT\*ATITOOLDEVICE\0000
Manufacturer: W1zzard
Name: ATITool Driver
PNP Device ID: ROOT\*ATITOOLDEVICE\0000
Service: ATITool
.
==== System Restore Points ===================
.
RP562: 08.12.2012 14:06:15 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Acronis*True*Image*Home 2011
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Adobe Shockwave Player 11.5
ANNO 1602 Königs-Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
AVM FRITZ!WLAN
Battlefield 1942
Battlefield 2(TM)
BF2SP64
Black & White® 2
Blasc3
Bombermaaan 1.4
Bonjour
Call of Duty
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM) Demo
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series
Canon MX850 series Benutzerregistrierung
Canon My Printer
CCleaner
CDBurnerXP
Darksiders
DarksidersInstaller
DataStudio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Derive 6 Demo
Dragon Age: Origins
Dropbox
Easy File Undelete
eReg
FileRestorePlus™ 3.0.3.514
Fityk 0.9.8
Free PDF to Word Doc Converter v1.1
Genesys USB Mass Storage Device
GetDataBack for NTFS
Google Earth
Google Update Helper
Gtk+ Runtime Environment 2.12.9-2
Half-Life 2
Half-Life 2: Deathmatch
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ICQ7.6
Icy Tower v1.4
Igor Pro
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Just Great Software EditPad Lite DE 6.6.4
LibreOffice 3.6
Logitech GamePanel Software 3.06.109
Logitech SetPoint 6.15
Malwarebytes Anti-Malware Version 1.65.1.1000
Medieval II Total War
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (German) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (German) 2010
Microsoft Office Word MUI (German) 2007
Microsoft Publisher 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiKTeX 2.8
Moorhuhn Remake
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Thunderbird 16.0.2 (x86 de)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.1 MuseScore score typesetter
MyFreeCodec
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
NVIDIA Display Control Panel
NVIDIA Grafiktreiber 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA StereoUSB Driver
NX Client for Windows 3.3.0-6
ODF Add-In für Microsoft Office
Origin 8.5.1
OriginPro 8.5.1
OutlookAddInNet3Setup
Ovi Desktop Sync Engine
OviMPlatform
Panda Internet Security 2011
Panda Secure Vault 5
Pasco USB Driver
PascoCommonFiles
PC Connectivity Solution
PDF24 Creator 4.7.0
PDFCreator
Plus Pack für Acronis True Image Home 2011
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
resident evil 4
RESIDENT EVIL 5
Restorer Ultimate 7.5
SAMSUNG USB Driver for Mobile Phones
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 5.10
Smart File Advisor 1.1.1
Softwarenetz Terminkalender2
Star Wars JK II Jedi Outcast
STDU Converter version 2.0.103.0
Steam
Stellar Phoenix Windows Data Recovery - Home
StreamTransport version: 1.0.2.2171
Stronghold Crusader Extreme
Tactical_Sailing_de
TeamSpeak 3 Client
TeXnicCenter Version 2.0 Alpha 3
toolstar®recovery 2011 professional
TrueCrypt
Ubisoft Game Launcher
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
VLC media player 1.1.4
VMD 1.9
Vsk5 - patch1
WavePad Sound Editor
WinDjView 1.0.3
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows-Treiberpaket - PASCO Scientific (WinUSB) Pasco Interface (08/14/2008 1.0.0.0)
WinRAR
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
Xfire (remove only)
XnView 1.98.1
.
==== End Of File ===========================
Geändert von Dexteron (08.12.2012 um 15:00 Uhr) |
|
| Themen zu 0access rootkit und Sirefef.D,Bootfähigkeit verloren |
| application/pdf:, bho, browser, canon, desktop, entfernen, error, fehler, festplatte, flash player, google, helper, home, homepage, immer wieder da, intranet, logfile, mozilla, nicht möglich, ntdll.dll, nvidia update, plug-in, problem, realtek, registry, rootkit, scan, security, server, software, starten, testdisk, viren, windows, windows internet |
+ R Taste und schreibe notepad in das Ausführen Fenster.
Linear-Darstellung
