| |
| |||||||
Log-Analyse und Auswertung: W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2013, 23:15
| #1 |
 | ![W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe - Standard](images/icons/icon1.gif){kind=icon} W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Hallo, avira zeigt mir dauernd die Meldung über einen Virus im oben angegebenen Link. Ich hab leider absolut keine Ahnung von sowas... Allerdings hab ich hier im Forum einen Thread zum selben Problem gefunden, nur konnte ich dort nichts schreiben sondern sollte einen neuen Thread eröffnen. Ich hab bereits die ersten Schritte durchgeführt: Systemscan mit ZOEK Bitte lade die zoek.exe von hier: hxxp://hijackthis.nl/smeenk/ Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen. Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer). Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten". Kopiere untenstehende Code in das Textfeld: Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist. Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart). Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen. Poste mir das Log File zoek-results.log Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Miyu on 16.05.2013 at 23:43:25,59.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Possible Rootkit Infection ======================
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\00000004.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000004.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000008.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\000000cb.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000000.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000064.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F06E3DE7-1455-4FB0-BBC3-CC20D5BC4F2E} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
---- Lines e58eiiaak@mfvpopmjpwu.edu removed from prefs.js ----
user_pref("extensions.bootstrappedAddons", "{\"e58eiiaak@mfvpopmjpwu.edu\":{\"version\":\"1.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\e58eiiaak@mfvpopmjpwu.edu\"}}");
---- Lines e58eiiaak@mfvpopmjpwu.edu modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Swiss Academic Software\\\\Citavi Picker\\\\Firefox\",\"mtime\":1357745866117}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365773224882},\"{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\",\"mtime\":1365773221579}}},{\"name\":\"app-profile\",\"addons\":{\"e58eiiaak@mfvpopmjpwu.edu\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\e58eiiaak@mfvpopmjpwu.edu\",\"mtime\":1368694760550},\"ffxtlbr@Facemoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@Facemoods.com\",\"mtime\":1356616061046},\"ffxtlbr@privitize.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@privitize.com\",\"mtime\":1367182205103},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1361624807781}}}]");
---- Lines e58eiiaak@mfvpopmjpwu.edu removed from user.js ----
---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "7c8d394800000000000050465d578377");
user_pref("extensions.delta.instlDay", "15841");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1612:28:36");
---- Lines delta modified from prefs.js ----
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "7c8d394800000000000050465d578377");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15841");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1612:28:36");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines privitize removed from prefs.js ----
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.hpOld0", "hxxp://google.de/");
user_pref("extensions.privitize.id", "7c8d394800000000000050465d578377");
user_pref("extensions.privitize.instlDay", "15823");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.lastB", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.2222:49:29");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2222:49:29");
---- Lines privitize modified from prefs.js ----
user_pref("extensions.enabledAddons", "%7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14,ffxtlbr%40privitize.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Swiss Academic Software\\\\Citavi Picker\\\\Firefox\",\"mtime\":1357745866117}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365773224882},\"{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\",\"mtime\":1365773221579}}},{\"name\":\"app-profile\",\"addons\":{\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\disabled\",\"mtime\":1368694760550},\"ffxtlbr@Facemoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@Facemoods.com\",\"mtime\":1356616061046},\"ffxtlbr@privitize.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@privitize.com\",\"mtime\":1367182205103},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1361624807781}}}]");
---- Lines privitize removed from user.js ----
user_pref("extensions.privitize.hpOld0", "hxxp://google.de/");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377&q=");
user_pref("extensions.privitize.id", "7c8d394800000000000050465d578377");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.instlDay", "15823");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2222:49:29");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaulturl", "hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.searchmainia.info/?unqvl=15");
---- Lines WebSearch modified from prefs.js ----
---- Lines searchou removed from prefs.js ----
---- Lines searchou modified from prefs.js ----
---- Lines babylon removed from prefs.js ----
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines babylon modified from prefs.js ----
---- Lines helperbar removed from prefs.js ----
user_pref("extensions.helperbar.DockingPositionDown", false);
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
---- Lines helperbar modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
---- Lines SweetIM modified from prefs.js ----
---- Lines smartbar removed from prefs.js ----
---- Lines smartbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
user__2345_.backup
prefs__2345_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\delta.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\privitize.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\WebSearch.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\babylon.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\babylon.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\Web Search.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\WebSearch.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\00000004.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\201d3dde" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\76603ac3" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000004.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000008.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\000000cb.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000000.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000032.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000064.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}" not deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U" not deleted
"C:\Windows\syswow64\appdata" deleted
"C:\Program Files (x86)\TornTV.com" deleted
"C:\ProgramData\MagniPicc" deleted
"C:\Program Files (x86)\SimpleSpeedy" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Program Files (x86)\facemoods.com" deleted
"C:\Users\Miyu\AppData\Roaming\Babylon" deleted
"C:\ProgramData\StarApp" deleted
"C:\ProgramData\CLSoft LTD" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Miyu\AppData\LocalLow\facemoods.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\e58eiiaak@mfvpopmjpwu.edu" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@privitize.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@privitize.com" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Miyu\AppData\Local\Temp ====
2013-05-16 10:32:25 C44D9888D0FF4F39AF4584EC3778AA58 395248 ----a-w- C:\Users\Miyu\AppData\Local\Temp\uninst1.exe
2013-05-16 09:02:51 5AF326123070F03D451A07E478875449 14495928 ----a-w- C:\Users\Miyu\AppData\Local\Temp\stpass_trial_609446.exe
====== C:\Windows\SysWOW64 =====
2013-05-05 01:42:08 8255AD29A44B2E14B2DD99319F92A0AB 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-05-16 20:55:23 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-16 10:21:03 -------- d-----w- C:\Program Files (x86)\x264 Video Codec
2013-05-03 18:45:21 -------- d-----w- C:\Program Files (x86)\RaidCall
======= C: =====
====== C:\Users\Miyu\AppData\Roaming ======
2013-05-16 11:09:13 -------- d-----w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2013-05-16 11:08:36 -------- d-----w- C:\users\Miyu\AppData\Local\Torch
2013-05-16 10:59:06 -------- d-----w- C:\users\Miyu\AppData\Roaming\Media Player Classic
2013-05-16 10:21:05 -------- d-----w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-05-16 09:01:41 -------- d-----w- C:\users\Miyu\AppData\Roaming\uTorrent
2013-05-03 18:45:26 -------- d-----w- C:\users\Miyu\AppData\Roaming\raidcall
2013-05-03 18:45:26 -------- d-----w- C:\users\Miyu\AppData\Locallow\RCTW
2013-05-03 18:45:25 -------- d-----w- C:\users\Miyu\AppData\Locallow\raidcall
2013-05-03 18:45:24 -------- d-----w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2013-04-28 20:50:00 -------- d-----w- C:\users\Miyu\AppData\Local\Programs
2013-04-28 20:49:49 -------- d-----w- C:\users\Miyu\AppData\Local\Google
2013-04-28 13:25:24 -------- d-----w- C:\users\Miyu\AppData\Roaming\TERA
====== C:\Users\Miyu ======
2013-05-03 18:45:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
====== C: exe-files ==
2013-05-16 20:55:23 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-16 20:55:23 5FF8FFD589DA25F43C4FE944A4B2AE0A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-16 11:09:14 7E44B9C73BF54E49D37CC504F12C2C1C 1123168 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Update\25.0.0.3256\TorchUpdate.exe
2013-05-16 11:09:14 0F6F7695E99202E2DE79762F69AA228F 2352480 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
2013-05-16 11:09:13 0F6F7695E99202E2DE79762F69AA228F 2352480 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Plugins\Torrent\25.0.0.3256\TorchTorrent.exe
2013-05-16 11:09:12 C051562BC50CC43659B59F7F5616476F 80224 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\chrome_frame_helper.exe
2013-05-16 11:09:12 8DDE82A7537336054F38FC391B5B569A 1749856 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Installer\setup.exe
2013-05-16 11:09:12 75705E313BF9F2D4F9CD6CF320658234 1241440 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\nacl64.exe
2013-05-16 11:09:12 682AF7BFACD447F5C332D83E7AD23A05 84320 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\chrome_launcher.exe
2013-05-16 11:09:12 19D9E23D439ACF44CE406BCF627E9F6D 1377120 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\torch.exe
2013-05-16 11:09:12 0DBAD93F16EA4048B8A39993CE0263F4 902496 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\delegate_execute.exe
2013-05-16 11:08:24 3040AD70B1689A4646B28099DDA47ADA 1158848 ----a-w- C:\Users\Miyu\Desktop\TorchSetup.exe
2013-05-16 10:58:56 30FADBA93E9430A63F19DA9935DE4369 4411392 ----a-w- C:\Users\Miyu\Desktop\mplayerc.exe
2013-05-16 10:32:25 C44D9888D0FF4F39AF4584EC3778AA58 395248 ----a-w- C:\Users\Miyu\AppData\Local\Temp\uninst1.exe
2013-05-16 10:31:32 A14F3786E4CDD0BBCF9E7C752949DB70 828976 ----a-w- C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BKTKHPT\TornTVApp[1].exe
2013-05-16 10:28:15 280E9D0D3311CC57C7D3DD7F5E437CFC 1102024 ----a-w- C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GS19JJ8\yontoosetup[1].exe
2013-05-16 10:21:12 98C41AB0F6C05B0DEC773EC74526EACC 371561 ----a-w- C:\Program Files (x86)\x264 Video Codec\Uninstall.exe
2013-05-16 09:02:51 AD039BD721859550F23064D42E7DDA44 1045072 ----a-w- C:\Users\Miyu\AppData\Roaming\uTorrent\uTorrent.exe
2013-05-16 09:02:51 5AF326123070F03D451A07E478875449 14495928 ----a-w- C:\Users\Miyu\AppData\Local\Temp\stpass_trial_609446.exe
2013-05-16 08:57:48 0E73D05D7066C2D12202595AB23D1C6F 1677543 ----a-w- C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BKTKHPT\search_d_soft_quick[1].exe
2013-05-13 07:38:47 C44D9888D0FF4F39AF4584EC3778AA58 395248 ----a-w- C:\Users\Miyu\AppData\Local\Temp\906C1CFE-BAB0-7891-B065-48F1E22A2FA5\Latest\GUninstaller.exe
2013-05-12 13:55:56 0E53466F4CB535CB79786A42F49E9D6A 162376 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Uninstall.exe
2013-05-11 10:37:30 DC5ECEA062C0633346B6D199FA2B578D 1402440 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
2013-05-11 10:37:30 ADC4503F6AA64E12569C6AF8A78DFEE3 694352 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
2013-05-11 10:37:28 32D24478E61AAFD13FCD49DCF2181A26 131664 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
2013-05-11 10:37:28 0917EC61C939310D08C71E606B2A0642 264776 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe
2013-05-11 10:37:28 05D1768506AAFE8F818817BFD906BF66 36952 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroTextExtractor.exe
2013-05-11 10:37:26 ADDA5E1951B90D3D23C56D3CF0622ADC 65640 ----a-w- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=== C: other files ==
2013-05-16 20:55:23 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-16 20:55:23 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-16 11:09:14 F24CBEA84AD3E58E7953337AB3B41D36 761288 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Plugins\TorchPlugin.crx
2013-05-16 11:09:11 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\youtube.crx
2013-05-16 11:09:11 B49400C68BA70FE79986D2B0170CFA0F 141635 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\torchhelper.crx
2013-05-16 11:09:11 94B4D0D4EFD42E014052CDBE98830BAC 43780 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\torch_music_ext.crx
2013-05-16 11:09:11 92E2DA26DFC0396BEC293729D6A0FAAD 43164 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\torch_music_app.crx
2013-05-16 11:09:11 91EEDBAA29227F82631CB15BEB7CC8DE 400406 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\ask_toolbar_6_0_0.crx
2013-05-16 11:09:11 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\drive.crx
2013-05-16 11:09:11 4F0780FF343D3DC7C8B249EEE8EDC1A4 1140283 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\drop_to_s.crx
2013-05-16 11:09:11 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\gmail.crx
2013-05-16 11:09:11 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\docs.crx
2013-05-16 10:28:02 E1BCBA938C81A2ABA1E35F80F80776B0 213470 ----a-w- C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\torntv2@torntv.com.xpi
2013-05-12 10:17:00 591A05C4D202D8EB94FD5B60F8E0D34B 390077 ----a-w- C:\Users\Miyu\AppData\Local\Temp\906C1CFE-BAB0-7891-B065-48F1E22A2FA5\Latest\delta1.crx
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"facemoods"="C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe /md I"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="D:\Programme\iTunesHelper.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
==== Startup Folders ======================
2013-01-09 15:28:05 769 ----a-w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2013-01-10 14:44:23 1235 ----a-w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 20:00]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000Core.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000UA.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
- Facemoods - %ProfilePath%\extensions\ffxtlbr@Facemoods.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- uTorrentBar_DE - %ProfilePath%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11
C899B98999270821EDFFA56044DE2377 - C:\Users\Miyu\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
3FCF47BD73094FA62D81373515F46110 - D:\Programme\Mozilla Plugins\npitunes.dll - iTunes Application Detector
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Miyu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.crx[]
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Miyu\AppData\Local\Torch\Plugins\TorchPlugin.crx[12.05.2013 15:54]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[]
MagniPicc - Miyu - Default\Extensions\nfalanmklbefgpmgnjbdkhlonkjglldb
==== Chrome Fix ======================
C:\Users\Miyu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfalanmklbefgpmgnjbdkhlonkjglldb deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www1.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=7C8D50465D578377"
"Search Page"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"Search Bar"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://websearch.searchmainia.info/?unqvl=15"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://websearch.searchmainia.info/?unqvl=15"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"SearchAssistant"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 will be deleted at reboot
C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Miyu\AppData\Local\Mozilla\Firefox\Profiles\bqji94cx.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Miyu\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5" not found
==== EOF on 16.05.2013 at 23:50:47,01 ======================
|
|
16.05.2013, 23:18
| #2 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben. Drücke Start Scan Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\) Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt Poste den Inhalt bitte in jedem Fall hier in deinen Thread. Code:
ATTFilter 23:53:36.0601 4792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:53:36.0721 4792 ============================================================
23:53:36.0721 4792 Current date / time: 2013/05/16 23:53:36.0721
23:53:36.0721 4792 SystemInfo:
23:53:36.0721 4792
23:53:36.0721 4792 OS Version: 6.1.7601 ServicePack: 1.0
23:53:36.0721 4792 Product type: Workstation
23:53:36.0721 4792 ComputerName: MIYU-PC
23:53:36.0721 4792 UserName: Miyu
23:53:36.0721 4792 Windows directory: C:\Windows
23:53:36.0721 4792 System windows directory: C:\Windows
23:53:36.0721 4792 Running under WOW64
23:53:36.0721 4792 Processor architecture: Intel x64
23:53:36.0721 4792 Number of processors: 8
23:53:36.0721 4792 Page size: 0x1000
23:53:36.0721 4792 Boot type: Normal boot
23:53:36.0721 4792 ============================================================
23:53:39.0282 4792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:53:39.0292 4792 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:53:39.0292 4792 ============================================================
23:53:39.0292 4792 \Device\Harddisk0\DR0:
23:53:39.0292 4792 MBR partitions:
23:53:39.0292 4792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:53:39.0292 4792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBF96000
23:53:39.0292 4792 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xBFC8800, BlocksNum 0x19465800
23:53:39.0292 4792 \Device\Harddisk1\DR1:
23:53:39.0292 4792 MBR partitions:
23:53:39.0292 4792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
23:53:39.0292 4792 ============================================================
23:53:39.0312 4792 C: <-> \Device\Harddisk0\DR0\Partition2
23:53:39.0332 4792 D: <-> \Device\Harddisk0\DR0\Partition3
23:53:39.0332 4792 F: <-> \Device\Harddisk1\DR1\Partition1
23:53:39.0332 4792 ============================================================
23:53:39.0332 4792 Initialize success
23:53:39.0332 4792 ============================================================
23:54:10.0085 5008 ============================================================
23:54:10.0085 5008 Scan started
23:54:10.0085 5008 Mode: Manual; SigCheck; TDLFS;
23:54:10.0085 5008 ============================================================
23:54:10.0475 5008 ================ Scan system memory ========================
23:54:10.0475 5008 System memory - ok
23:54:10.0475 5008 ================ Scan services =============================
23:54:10.0685 5008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:54:10.0845 5008 1394ohci - ok
23:54:10.0885 5008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:54:10.0905 5008 ACPI - ok
23:54:10.0945 5008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:54:11.0015 5008 AcpiPmi - ok
23:54:11.0085 5008 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:54:11.0115 5008 AdobeARMservice - ok
23:54:11.0245 5008 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:54:11.0285 5008 AdobeFlashPlayerUpdateSvc - ok
23:54:11.0335 5008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:54:11.0395 5008 adp94xx - ok
23:54:11.0415 5008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:54:11.0445 5008 adpahci - ok
23:54:11.0465 5008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:54:11.0485 5008 adpu320 - ok
23:54:11.0515 5008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:54:11.0645 5008 AeLookupSvc - ok
23:54:11.0695 5008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:54:11.0755 5008 AFD - ok
23:54:11.0785 5008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:54:11.0805 5008 agp440 - ok
23:54:11.0825 5008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:54:11.0866 5008 ALG - ok
23:54:11.0896 5008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:54:11.0906 5008 aliide - ok
23:54:12.0006 5008 ALSysIO - ok
23:54:12.0046 5008 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:54:12.0176 5008 AMD External Events Utility - ok
23:54:12.0216 5008 AMD FUEL Service - ok
23:54:12.0256 5008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:54:12.0286 5008 amdide - ok
23:54:12.0316 5008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:54:12.0366 5008 AmdK8 - ok
23:54:12.0666 5008 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:54:13.0116 5008 amdkmdag - ok
23:54:13.0156 5008 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:54:13.0196 5008 amdkmdap - ok
23:54:13.0216 5008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:54:13.0256 5008 AmdPPM - ok
23:54:13.0296 5008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:54:13.0336 5008 amdsata - ok
23:54:13.0346 5008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:54:13.0366 5008 amdsbs - ok
23:54:13.0376 5008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:54:13.0386 5008 amdxata - ok
23:54:13.0416 5008 [ A4947E035B441D946422BD9A5D411C98 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
23:54:13.0426 5008 amd_sata - ok
23:54:13.0456 5008 [ 7A0E0CE7AECEE3F175CB2DAC81694499 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
23:54:13.0466 5008 amd_xata - ok
23:54:13.0526 5008 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:54:13.0556 5008 AntiVirSchedulerService - ok
23:54:13.0586 5008 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:54:13.0616 5008 AntiVirService - ok
23:54:13.0646 5008 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:54:13.0666 5008 AODDriver4.2 - ok
23:54:13.0716 5008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:54:13.0896 5008 AppID - ok
23:54:13.0926 5008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:54:14.0006 5008 AppIDSvc - ok
23:54:14.0046 5008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:54:14.0096 5008 Appinfo - ok
23:54:14.0146 5008 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:54:14.0176 5008 Apple Mobile Device - ok
23:54:14.0216 5008 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:54:14.0276 5008 AppMgmt - ok
23:54:14.0316 5008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:54:14.0336 5008 arc - ok
23:54:14.0346 5008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:54:14.0366 5008 arcsas - ok
23:54:14.0406 5008 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
23:54:14.0456 5008 asmthub3 - ok
23:54:14.0476 5008 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
23:54:14.0536 5008 asmtxhci - ok
23:54:14.0566 5008 aspnet_state - ok
23:54:14.0586 5008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:14.0636 5008 AsyncMac - ok
23:54:14.0666 5008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:54:14.0686 5008 atapi - ok
23:54:14.0716 5008 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:54:14.0746 5008 AtiHDAudioService - ok
23:54:14.0796 5008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:54:14.0906 5008 AudioEndpointBuilder - ok
23:54:14.0926 5008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:54:14.0966 5008 AudioSrv - ok
23:54:14.0976 5008 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:54:14.0986 5008 avgntflt - ok
23:54:15.0026 5008 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:54:15.0036 5008 avipbb - ok
23:54:15.0056 5008 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:54:15.0066 5008 avkmgr - ok
23:54:15.0106 5008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:54:15.0196 5008 AxInstSV - ok
23:54:15.0226 5008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:54:15.0316 5008 b06bdrv - ok
23:54:15.0346 5008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:54:15.0396 5008 b57nd60a - ok
23:54:15.0446 5008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:54:15.0476 5008 BDESVC - ok
23:54:15.0506 5008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:54:15.0576 5008 Beep - ok
23:54:15.0586 5008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:54:15.0616 5008 blbdrive - ok
23:54:15.0666 5008 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:54:15.0686 5008 Bonjour Service - ok
23:54:15.0756 5008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:54:15.0826 5008 bowser - ok
23:54:15.0877 5008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:54:16.0007 5008 BrFiltLo - ok
23:54:16.0007 5008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:54:16.0037 5008 BrFiltUp - ok
23:54:16.0067 5008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:54:16.0137 5008 Browser - ok
23:54:16.0157 5008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:54:16.0197 5008 Brserid - ok
23:54:16.0197 5008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:54:16.0227 5008 BrSerWdm - ok
23:54:16.0237 5008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:54:16.0267 5008 BrUsbMdm - ok
23:54:16.0277 5008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:54:16.0287 5008 BrUsbSer - ok
23:54:16.0317 5008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:54:16.0337 5008 BTHMODEM - ok
23:54:16.0367 5008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:54:16.0437 5008 bthserv - ok
23:54:16.0457 5008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:54:16.0507 5008 cdfs - ok
23:54:16.0557 5008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:54:16.0597 5008 cdrom - ok
23:54:16.0647 5008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:54:16.0737 5008 CertPropSvc - ok
23:54:16.0767 5008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:54:16.0787 5008 circlass - ok
23:54:16.0807 5008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:54:16.0837 5008 CLFS - ok
23:54:16.0857 5008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:54:16.0877 5008 clr_optimization_v2.0.50727_32 - ok
23:54:16.0927 5008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:54:16.0967 5008 clr_optimization_v2.0.50727_64 - ok
23:54:17.0027 5008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:17.0107 5008 clr_optimization_v4.0.30319_32 - ok
23:54:17.0137 5008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:54:17.0147 5008 clr_optimization_v4.0.30319_64 - ok
23:54:17.0187 5008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:17.0237 5008 CmBatt - ok
23:54:17.0257 5008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:54:17.0287 5008 cmdide - ok
23:54:17.0317 5008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:54:17.0367 5008 CNG - ok
23:54:17.0387 5008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:54:17.0407 5008 Compbatt - ok
23:54:17.0427 5008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:54:17.0457 5008 CompositeBus - ok
23:54:17.0487 5008 COMSysApp - ok
23:54:17.0597 5008 [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer D:\Programme\CPUCooL\CooLSrv.exe
23:54:17.0667 5008 CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
23:54:17.0667 5008 CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
23:54:17.0687 5008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:54:17.0707 5008 crcdisk - ok
23:54:17.0747 5008 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:54:17.0807 5008 CryptSvc - ok
23:54:17.0837 5008 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:54:17.0957 5008 CSC - ok
23:54:17.0997 5008 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:54:18.0027 5008 CscService - ok
23:54:18.0097 5008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:54:18.0167 5008 DcomLaunch - ok
23:54:18.0217 5008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:54:18.0317 5008 defragsvc - ok
23:54:18.0367 5008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:54:18.0437 5008 DfsC - ok
23:54:18.0507 5008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:54:18.0617 5008 Dhcp - ok
23:54:18.0647 5008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:54:18.0727 5008 discache - ok
23:54:18.0757 5008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:54:18.0777 5008 Disk - ok
23:54:18.0837 5008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:54:18.0947 5008 Dnscache - ok
23:54:18.0987 5008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:54:19.0107 5008 dot3svc - ok
23:54:19.0147 5008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:54:19.0197 5008 DPS - ok
23:54:19.0217 5008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:54:19.0247 5008 drmkaud - ok
23:54:19.0307 5008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:54:19.0337 5008 DXGKrnl - ok
23:54:19.0357 5008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:54:19.0397 5008 EapHost - ok
23:54:19.0487 5008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:54:19.0627 5008 ebdrv - ok
23:54:19.0667 5008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:54:19.0737 5008 EFS - ok
23:54:19.0807 5008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:54:19.0907 5008 ehRecvr - ok
23:54:19.0927 5008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:54:19.0957 5008 ehSched - ok
23:54:19.0997 5008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:54:20.0057 5008 elxstor - ok
23:54:20.0097 5008 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
23:54:20.0117 5008 EpsonScanSvc - ok
23:54:20.0157 5008 [ A7E8186E04F38E836C19AC147F8B2ED0 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
23:54:20.0187 5008 EPSON_PM_RPCV4_05 - ok
23:54:20.0217 5008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:54:20.0237 5008 ErrDev - ok
23:54:20.0267 5008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:54:20.0357 5008 EventSystem - ok
23:54:20.0377 5008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:54:20.0427 5008 exfat - ok
23:54:20.0437 5008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:54:20.0497 5008 fastfat - ok
23:54:20.0557 5008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:54:20.0637 5008 Fax - ok
23:54:20.0667 5008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:54:20.0697 5008 fdc - ok
23:54:20.0707 5008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:54:20.0777 5008 fdPHost - ok
23:54:20.0797 5008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:54:20.0847 5008 FDResPub - ok
23:54:20.0857 5008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:54:20.0877 5008 FileInfo - ok
23:54:20.0887 5008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:54:20.0917 5008 Filetrace - ok
23:54:20.0937 5008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:20.0947 5008 flpydisk - ok
23:54:20.0987 5008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:54:21.0047 5008 FltMgr - ok
23:54:21.0107 5008 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:54:21.0197 5008 FontCache - ok
23:54:21.0227 5008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:54:21.0257 5008 FontCache3.0.0.0 - ok
23:54:21.0287 5008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:54:21.0307 5008 FsDepends - ok
23:54:21.0337 5008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:54:21.0357 5008 Fs_Rec - ok
23:54:21.0387 5008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:54:21.0437 5008 fvevol - ok
23:54:21.0457 5008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:54:21.0477 5008 gagp30kx - ok
23:54:21.0527 5008 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:54:21.0557 5008 GEARAspiWDM - ok
23:54:21.0607 5008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:54:21.0687 5008 gpsvc - ok
23:54:21.0717 5008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:54:21.0767 5008 hcw85cir - ok
23:54:21.0807 5008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:54:21.0857 5008 HdAudAddService - ok
23:54:21.0877 5008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:54:21.0907 5008 HDAudBus - ok
23:54:21.0927 5008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:54:21.0957 5008 HidBatt - ok
23:54:21.0967 5008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:54:21.0997 5008 HidBth - ok
23:54:22.0017 5008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:54:22.0047 5008 HidIr - ok
23:54:22.0067 5008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:54:22.0107 5008 hidserv - ok
23:54:22.0167 5008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:54:22.0187 5008 HidUsb - ok
23:54:22.0217 5008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:54:22.0287 5008 hkmsvc - ok
23:54:22.0317 5008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:54:22.0367 5008 HomeGroupListener - ok
23:54:22.0377 5008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:54:22.0417 5008 HomeGroupProvider - ok
23:54:22.0437 5008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:54:22.0457 5008 HpSAMD - ok
23:54:22.0497 5008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:54:22.0587 5008 HTTP - ok
23:54:22.0617 5008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:54:22.0627 5008 hwpolicy - ok
23:54:22.0657 5008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:54:22.0677 5008 i8042prt - ok
23:54:22.0707 5008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:54:22.0727 5008 iaStorV - ok
23:54:22.0777 5008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:54:22.0817 5008 idsvc - ok
23:54:22.0837 5008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:54:22.0847 5008 iirsp - ok
23:54:22.0897 5008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:54:22.0977 5008 IKEEXT - ok
23:54:23.0087 5008 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:54:23.0147 5008 IntcAzAudAddService - ok
23:54:23.0177 5008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:54:23.0187 5008 intelide - ok
23:54:23.0217 5008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:54:23.0237 5008 intelppm - ok
23:54:23.0257 5008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:54:23.0297 5008 IPBusEnum - ok
23:54:23.0327 5008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:23.0367 5008 IpFilterDriver - ok
23:54:23.0387 5008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:54:23.0417 5008 IPMIDRV - ok
23:54:23.0447 5008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:54:23.0517 5008 IPNAT - ok
23:54:23.0557 5008 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:54:23.0567 5008 iPod Service - ok
23:54:23.0587 5008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:54:23.0667 5008 IRENUM - ok
23:54:23.0697 5008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:54:23.0717 5008 isapnp - ok
23:54:23.0737 5008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:54:23.0767 5008 iScsiPrt - ok
23:54:23.0797 5008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:54:23.0817 5008 kbdclass - ok
23:54:23.0827 5008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:54:23.0857 5008 kbdhid - ok
23:54:23.0878 5008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:54:23.0888 5008 KeyIso - ok
23:54:23.0918 5008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:54:23.0938 5008 KSecDD - ok
23:54:23.0978 5008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:54:23.0998 5008 KSecPkg - ok
23:54:24.0028 5008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:54:24.0098 5008 ksthunk - ok
23:54:24.0128 5008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:54:24.0188 5008 KtmRm - ok
23:54:24.0228 5008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:54:24.0318 5008 LanmanServer - ok
23:54:24.0348 5008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:54:24.0398 5008 LanmanWorkstation - ok
23:54:24.0438 5008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:54:24.0508 5008 lltdio - ok
23:54:24.0538 5008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:54:24.0598 5008 lltdsvc - ok
23:54:24.0618 5008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:54:24.0648 5008 lmhosts - ok
23:54:24.0668 5008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:54:24.0678 5008 LSI_FC - ok
23:54:24.0708 5008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:54:24.0718 5008 LSI_SAS - ok
23:54:24.0728 5008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:54:24.0738 5008 LSI_SAS2 - ok
23:54:24.0748 5008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:54:24.0768 5008 LSI_SCSI - ok
23:54:24.0788 5008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:54:24.0818 5008 luafv - ok
23:54:24.0848 5008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:54:24.0858 5008 Mcx2Svc - ok
23:54:24.0888 5008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:54:24.0898 5008 megasas - ok
23:54:24.0928 5008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:54:24.0948 5008 MegaSR - ok
23:54:24.0978 5008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:54:25.0038 5008 MMCSS - ok
23:54:25.0058 5008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:54:25.0088 5008 Modem - ok
23:54:25.0108 5008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:54:25.0118 5008 monitor - ok
23:54:25.0158 5008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:54:25.0188 5008 mouclass - ok
23:54:25.0208 5008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:54:25.0228 5008 mouhid - ok
23:54:25.0248 5008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:54:25.0268 5008 mountmgr - ok
23:54:25.0298 5008 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:54:25.0318 5008 MozillaMaintenance - ok
23:54:25.0328 5008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:54:25.0348 5008 mpio - ok
23:54:25.0368 5008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:54:25.0418 5008 mpsdrv - ok
23:54:25.0438 5008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:54:25.0488 5008 MRxDAV - ok
23:54:25.0518 5008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:25.0578 5008 mrxsmb - ok
23:54:25.0598 5008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:25.0628 5008 mrxsmb10 - ok
23:54:25.0648 5008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:25.0668 5008 mrxsmb20 - ok
23:54:25.0678 5008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:54:25.0698 5008 msahci - ok
23:54:25.0728 5008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:54:25.0758 5008 msdsm - ok
23:54:25.0768 5008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:54:25.0798 5008 MSDTC - ok
23:54:25.0828 5008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:54:25.0858 5008 Msfs - ok
23:54:25.0878 5008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:54:25.0918 5008 mshidkmdf - ok
23:54:25.0938 5008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:54:25.0958 5008 msisadrv - ok
23:54:25.0998 5008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:54:26.0068 5008 MSiSCSI - ok
23:54:26.0068 5008 msiserver - ok
23:54:26.0098 5008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:54:26.0138 5008 MSKSSRV - ok
23:54:26.0158 5008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:26.0218 5008 MSPCLOCK - ok
23:54:26.0238 5008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:54:26.0278 5008 MSPQM - ok
23:54:26.0318 5008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:54:26.0358 5008 MsRPC - ok
23:54:26.0388 5008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:54:26.0398 5008 mssmbios - ok
23:54:26.0418 5008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:54:26.0458 5008 MSTEE - ok
23:54:26.0468 5008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:54:26.0488 5008 MTConfig - ok
23:54:26.0518 5008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:54:26.0528 5008 Mup - ok
23:54:26.0558 5008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:54:26.0638 5008 napagent - ok
23:54:26.0668 5008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:54:26.0698 5008 NativeWifiP - ok
23:54:26.0768 5008 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:54:26.0818 5008 NDIS - ok
23:54:26.0838 5008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:54:26.0868 5008 NdisCap - ok
23:54:26.0888 5008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:26.0918 5008 NdisTapi - ok
23:54:26.0938 5008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:26.0978 5008 Ndisuio - ok
23:54:27.0008 5008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:27.0078 5008 NdisWan - ok
23:54:27.0108 5008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:54:27.0158 5008 NDProxy - ok
23:54:27.0188 5008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:54:27.0248 5008 NetBIOS - ok
23:54:27.0278 5008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:54:27.0348 5008 NetBT - ok
23:54:27.0358 5008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:54:27.0368 5008 Netlogon - ok
23:54:27.0418 5008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:54:27.0508 5008 Netman - ok
23:54:27.0528 5008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:54:27.0588 5008 netprofm - ok
23:54:27.0618 5008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:54:27.0628 5008 NetTcpPortSharing - ok
23:54:27.0648 5008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:54:27.0668 5008 nfrd960 - ok
23:54:27.0698 5008 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:54:27.0788 5008 NlaSvc - ok
23:54:27.0808 5008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:54:27.0838 5008 Npfs - ok
23:54:27.0858 5008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:54:27.0899 5008 nsi - ok
23:54:27.0929 5008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:54:27.0999 5008 nsiproxy - ok
23:54:28.0069 5008 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:54:28.0159 5008 Ntfs - ok
23:54:28.0219 5008 [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp C:\Windows\system32\drivers\ntiopnp.sys
23:54:28.0229 5008 ntiopnp - ok
23:54:28.0249 5008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:54:28.0289 5008 Null - ok
23:54:28.0309 5008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:54:28.0329 5008 nvraid - ok
23:54:28.0359 5008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:54:28.0399 5008 nvstor - ok
23:54:28.0419 5008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:54:28.0459 5008 nv_agp - ok
23:54:28.0479 5008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:54:28.0519 5008 ohci1394 - ok
23:54:28.0559 5008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:54:28.0599 5008 p2pimsvc - ok
23:54:28.0619 5008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:54:28.0659 5008 p2psvc - ok
23:54:28.0689 5008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:54:28.0709 5008 Parport - ok
23:54:28.0739 5008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:54:28.0759 5008 partmgr - ok
23:54:28.0779 5008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:54:28.0829 5008 PcaSvc - ok
23:54:28.0859 5008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:54:28.0879 5008 pci - ok
23:54:28.0889 5008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:54:28.0909 5008 pciide - ok
23:54:28.0939 5008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:54:28.0969 5008 pcmcia - ok
23:54:28.0979 5008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:54:28.0999 5008 pcw - ok
23:54:29.0029 5008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:54:29.0119 5008 PEAUTH - ok
23:54:29.0169 5008 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:54:29.0219 5008 PeerDistSvc - ok
23:54:29.0309 5008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:54:29.0359 5008 PerfHost - ok
23:54:29.0439 5008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:54:29.0549 5008 pla - ok
23:54:29.0619 5008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:54:29.0729 5008 PlugPlay - ok
23:54:29.0749 5008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:54:29.0779 5008 PNRPAutoReg - ok
23:54:29.0799 5008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:54:29.0819 5008 PNRPsvc - ok
23:54:29.0879 5008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:54:29.0989 5008 PolicyAgent - ok
23:54:30.0009 5008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:54:30.0039 5008 Power - ok
23:54:30.0079 5008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:54:30.0169 5008 PptpMiniport - ok
23:54:30.0199 5008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:54:30.0229 5008 Processor - ok
23:54:30.0269 5008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:54:30.0339 5008 ProfSvc - ok
23:54:30.0349 5008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:54:30.0369 5008 ProtectedStorage - ok
23:54:30.0399 5008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:54:30.0459 5008 Psched - ok
23:54:30.0509 5008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:54:30.0619 5008 ql2300 - ok
23:54:30.0649 5008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:54:30.0679 5008 ql40xx - ok
23:54:30.0709 5008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:54:30.0769 5008 QWAVE - ok
23:54:30.0779 5008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:54:30.0799 5008 QWAVEdrv - ok
23:54:30.0819 5008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:54:30.0859 5008 RasAcd - ok
23:54:30.0899 5008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:54:30.0929 5008 RasAgileVpn - ok
23:54:30.0949 5008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:54:30.0999 5008 RasAuto - ok
23:54:31.0019 5008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:31.0049 5008 Rasl2tp - ok
23:54:31.0089 5008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:54:31.0149 5008 RasMan - ok
23:54:31.0179 5008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:31.0249 5008 RasPppoe - ok
23:54:31.0269 5008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:54:31.0299 5008 RasSstp - ok
23:54:31.0339 5008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:54:31.0379 5008 rdbss - ok
23:54:31.0409 5008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:54:31.0419 5008 rdpbus - ok
23:54:31.0429 5008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:31.0469 5008 RDPCDD - ok
23:54:31.0509 5008 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:54:31.0529 5008 RDPDR - ok
23:54:31.0569 5008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:54:31.0619 5008 RDPENCDD - ok
23:54:31.0629 5008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:54:31.0659 5008 RDPREFMP - ok
23:54:31.0679 5008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:54:31.0729 5008 RDPWD - ok
23:54:31.0769 5008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:54:31.0819 5008 rdyboost - ok
23:54:31.0849 5008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:54:31.0909 5008 RemoteAccess - ok
23:54:31.0929 5008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:54:31.0969 5008 RemoteRegistry - ok
23:54:31.0989 5008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:54:32.0029 5008 RpcEptMapper - ok
23:54:32.0049 5008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:54:32.0069 5008 RpcLocator - ok
23:54:32.0099 5008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:54:32.0129 5008 RpcSs - ok
23:54:32.0159 5008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:54:32.0219 5008 rspndr - ok
23:54:32.0259 5008 [ 3713DACCA1025B05A6343104112708D9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:54:32.0299 5008 RTL8167 - ok
23:54:32.0329 5008 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:54:32.0359 5008 s3cap - ok
23:54:32.0369 5008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:54:32.0389 5008 SamSs - ok
23:54:32.0399 5008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:54:32.0409 5008 sbp2port - ok
23:54:32.0429 5008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:54:32.0469 5008 SCardSvr - ok
23:54:32.0499 5008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:54:32.0539 5008 scfilter - ok
23:54:32.0589 5008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:54:32.0679 5008 Schedule - ok
23:54:32.0689 5008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:54:32.0719 5008 SCPolicySvc - ok
23:54:32.0739 5008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:54:32.0769 5008 SDRSVC - ok
23:54:32.0809 5008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:54:32.0869 5008 secdrv - ok
23:54:32.0889 5008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:54:32.0929 5008 seclogon - ok
23:54:32.0949 5008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:54:32.0999 5008 SENS - ok
23:54:33.0019 5008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:54:33.0039 5008 SensrSvc - ok
23:54:33.0069 5008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:54:33.0099 5008 Serenum - ok
23:54:33.0119 5008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:54:33.0159 5008 Serial - ok
23:54:33.0179 5008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:54:33.0189 5008 sermouse - ok
23:54:33.0229 5008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:54:33.0279 5008 SessionEnv - ok
23:54:33.0309 5008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:54:33.0349 5008 sffdisk - ok
23:54:33.0359 5008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:54:33.0389 5008 sffp_mmc - ok
23:54:33.0399 5008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:54:33.0419 5008 sffp_sd - ok
23:54:33.0449 5008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:54:33.0459 5008 sfloppy - ok
23:54:33.0499 5008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:54:33.0589 5008 ShellHWDetection - ok
23:54:33.0609 5008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:54:33.0619 5008 SiSRaid2 - ok
23:54:33.0629 5008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:54:33.0649 5008 SiSRaid4 - ok
23:54:33.0679 5008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:54:33.0739 5008 Smb - ok
23:54:33.0769 5008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:54:33.0789 5008 SNMPTRAP - ok
23:54:33.0829 5008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:54:33.0849 5008 spldr - ok
23:54:33.0899 5008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:54:33.0949 5008 Spooler - ok
23:54:34.0079 5008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:54:34.0189 5008 sppsvc - ok
23:54:34.0239 5008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:54:34.0309 5008 sppuinotify - ok
23:54:34.0339 5008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:54:34.0419 5008 srv - ok
23:54:34.0439 5008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:54:34.0469 5008 srv2 - ok
23:54:34.0479 5008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:54:34.0519 5008 srvnet - ok
23:54:34.0549 5008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:54:34.0599 5008 SSDPSRV - ok
23:54:34.0609 5008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:54:34.0639 5008 SstpSvc - ok
23:54:34.0679 5008 Steam Client Service - ok
23:54:34.0709 5008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:54:34.0729 5008 stexstor - ok
23:54:34.0789 5008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:54:34.0879 5008 stisvc - ok
23:54:34.0889 5008 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:54:34.0899 5008 storflt - ok
23:54:34.0919 5008 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:54:34.0959 5008 StorSvc - ok
23:54:34.0989 5008 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:54:35.0019 5008 storvsc - ok
23:54:35.0039 5008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:54:35.0059 5008 swenum - ok
23:54:35.0099 5008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:54:35.0189 5008 swprv - ok
23:54:35.0259 5008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:54:35.0339 5008 SysMain - ok
23:54:35.0369 5008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:54:35.0399 5008 TabletInputService - ok
23:54:35.0429 5008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:54:35.0479 5008 TapiSrv - ok
23:54:35.0499 5008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:54:35.0529 5008 TBS - ok
23:54:35.0599 5008 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:54:35.0699 5008 Tcpip - ok
23:54:35.0759 5008 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:54:35.0799 5008 TCPIP6 - ok
23:54:35.0829 5008 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:54:35.0899 5008 tcpipreg - ok
23:54:35.0919 5008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:54:35.0949 5008 TDPIPE - ok
23:54:35.0969 5008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:54:35.0999 5008 TDTCP - ok
23:54:36.0039 5008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:54:36.0099 5008 tdx - ok
23:54:36.0119 5008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:54:36.0129 5008 TermDD - ok
23:54:36.0149 5008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:54:36.0209 5008 TermService - ok
23:54:36.0229 5008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:54:36.0259 5008 Themes - ok
23:54:36.0279 5008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:54:36.0309 5008 THREADORDER - ok
23:54:36.0329 5008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:54:36.0369 5008 TrkWks - ok
23:54:36.0419 5008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:36.0489 5008 TrustedInstaller - ok
23:54:36.0539 5008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:36.0589 5008 tssecsrv - ok
23:54:36.0639 5008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:54:36.0669 5008 TsUsbFlt - ok
23:54:36.0719 5008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:54:36.0789 5008 tunnel - ok
23:54:36.0819 5008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:54:36.0829 5008 uagp35 - ok
23:54:36.0849 5008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:54:36.0889 5008 udfs - ok
23:54:36.0919 5008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:54:36.0939 5008 UI0Detect - ok
23:54:36.0969 5008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:54:36.0999 5008 uliagpkx - ok
23:54:37.0029 5008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:54:37.0039 5008 umbus - ok
23:54:37.0079 5008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:54:37.0099 5008 UmPass - ok
23:54:37.0139 5008 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:54:37.0179 5008 UmRdpService - ok
23:54:37.0219 5008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:54:37.0269 5008 upnphost - ok
23:54:37.0319 5008 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:54:37.0369 5008 usbaudio - ok
23:54:37.0399 5008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:37.0439 5008 usbccgp - ok
23:54:37.0469 5008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:54:37.0489 5008 usbcir - ok
23:54:37.0499 5008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:54:37.0529 5008 usbehci - ok
23:54:37.0559 5008 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
23:54:37.0579 5008 usbfilter - ok
23:54:37.0599 5008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:54:37.0639 5008 usbhub - ok
23:54:37.0659 5008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:54:37.0679 5008 usbohci - ok
23:54:37.0719 5008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:54:37.0749 5008 usbprint - ok
23:54:37.0769 5008 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:54:37.0789 5008 usbscan - ok
23:54:37.0799 5008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:37.0839 5008 USBSTOR - ok
23:54:37.0869 5008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:54:37.0910 5008 usbuhci - ok
23:54:37.0930 5008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:54:38.0000 5008 UxSms - ok
23:54:38.0020 5008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:54:38.0030 5008 VaultSvc - ok
23:54:38.0050 5008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:54:38.0060 5008 vdrvroot - ok
23:54:38.0120 5008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:54:38.0220 5008 vds - ok
23:54:38.0250 5008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:38.0260 5008 vga - ok
23:54:38.0280 5008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:54:38.0310 5008 VgaSave - ok
23:54:38.0350 5008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:54:38.0360 5008 vhdmp - ok
23:54:38.0390 5008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:54:38.0400 5008 viaide - ok
23:54:38.0420 5008 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:54:38.0440 5008 vmbus - ok
23:54:38.0450 5008 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:54:38.0470 5008 VMBusHID - ok
23:54:38.0490 5008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:54:38.0500 5008 volmgr - ok
23:54:38.0530 5008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:54:38.0580 5008 volmgrx - ok
23:54:38.0620 5008 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:54:38.0650 5008 volsnap - ok
23:54:38.0680 5008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:54:38.0700 5008 vsmraid - ok
23:54:38.0770 5008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:54:38.0890 5008 VSS - ok
23:54:38.0900 5008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:54:38.0930 5008 vwifibus - ok
23:54:38.0960 5008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:54:39.0030 5008 W32Time - ok
23:54:39.0060 5008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:54:39.0080 5008 WacomPen - ok
23:54:39.0120 5008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:54:39.0180 5008 WANARP - ok
23:54:39.0180 5008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:54:39.0220 5008 Wanarpv6 - ok
23:54:39.0280 5008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:54:39.0390 5008 wbengine - ok
23:54:39.0410 5008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:54:39.0430 5008 WbioSrvc - ok
23:54:39.0470 5008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:54:39.0490 5008 wcncsvc - ok
23:54:39.0500 5008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:39.0520 5008 WcsPlugInService - ok
23:54:39.0560 5008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:54:39.0590 5008 Wd - ok
23:54:39.0630 5008 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:54:39.0700 5008 Wdf01000 - ok
23:54:39.0710 5008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:54:39.0790 5008 WdiServiceHost - ok
23:54:39.0810 5008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:54:39.0830 5008 WdiSystemHost - ok
23:54:39.0860 5008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:54:39.0890 5008 WebClient - ok
23:54:39.0920 5008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:54:39.0960 5008 Wecsvc - ok
23:54:39.0980 5008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:54:40.0020 5008 wercplsupport - ok
23:54:40.0050 5008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:54:40.0080 5008 WerSvc - ok
23:54:40.0120 5008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:54:40.0150 5008 WfpLwf - ok
23:54:40.0160 5008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:54:40.0170 5008 WIMMount - ok
23:54:40.0170 5008 WinHttpAutoProxySvc - ok
23:54:40.0220 5008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:40.0310 5008 Winmgmt - ok
23:54:40.0380 5008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:40.0490 5008 WinRM - ok
23:54:40.0550 5008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:54:40.0590 5008 WinUsb - ok
23:54:40.0630 5008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:40.0710 5008 Wlansvc - ok
23:54:40.0840 5008 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:54:40.0940 5008 wlidsvc - ok
23:54:40.0970 5008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:54:40.0990 5008 WmiAcpi - ok
23:54:41.0010 5008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:41.0040 5008 wmiApSrv - ok
23:54:41.0070 5008 WMPNetworkSvc - ok
23:54:41.0090 5008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:41.0120 5008 WPCSvc - ok
23:54:41.0150 5008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:41.0170 5008 WPDBusEnum - ok
23:54:41.0200 5008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:54:41.0240 5008 ws2ifsl - ok
23:54:41.0240 5008 WSearch - ok
23:54:41.0270 5008 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:54:41.0280 5008 WudfPf - ok
23:54:41.0320 5008 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:41.0340 5008 WUDFRd - ok
23:54:41.0360 5008 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:54:41.0390 5008 wudfsvc - ok
23:54:41.0410 5008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:54:41.0430 5008 WwanSvc - ok
23:54:41.0440 5008 ================ Scan global ===============================
23:54:41.0470 5008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:54:41.0500 5008 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:54:41.0530 5008 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:54:41.0550 5008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:54:41.0590 5008 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
23:54:41.0590 5008 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
23:54:41.0590 5008 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
23:54:41.0590 5008 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
23:54:41.0590 5008 ================ Scan MBR ==================================
23:54:41.0610 5008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:54:41.0990 5008 \Device\Harddisk0\DR0 - ok
23:54:41.0990 5008 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
23:54:42.0130 5008 \Device\Harddisk1\DR1 - ok
23:54:42.0130 5008 ================ Scan VBR ==================================
23:54:42.0160 5008 [ 68B82B246768EF82EB205AD8FEA0B354 ] \Device\Harddisk0\DR0\Partition1
23:54:42.0160 5008 \Device\Harddisk0\DR0\Partition1 - ok
23:54:42.0170 5008 [ C9AE3F60E508B4D7265B0F0A677BB1C4 ] \Device\Harddisk0\DR0\Partition2
23:54:42.0180 5008 \Device\Harddisk0\DR0\Partition2 - ok
23:54:42.0190 5008 [ 24AB7B9F5D1E078FC08801A04960FC4F ] \Device\Harddisk0\DR0\Partition3
23:54:42.0190 5008 \Device\Harddisk0\DR0\Partition3 - ok
23:54:42.0190 5008 [ 59046DE0DDDC09ED714C182AAA88A132 ] \Device\Harddisk1\DR1\Partition1
23:54:42.0200 5008 \Device\Harddisk1\DR1\Partition1 - ok
23:54:42.0200 5008 ============================================================
23:54:42.0200 5008 Scan finished
23:54:42.0200 5008 ============================================================
23:54:42.0210 5000 Detected object count: 2
23:54:42.0210 5000 Actual detected object count: 2
23:55:02.0802 5000 CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:02.0802 5000 CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:02.0802 5000 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
23:55:02.0802 5000 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
23:55:55.0628 3284 ============================================================
23:55:55.0628 3284 Scan started
23:55:55.0628 3284 Mode: Manual; SigCheck; TDLFS;
23:55:55.0628 3284 ============================================================
23:55:56.0048 3284 ================ Scan system memory ========================
23:55:56.0048 3284 System memory - ok
23:55:56.0058 3284 ================ Scan services =============================
23:55:56.0188 3284 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:55:56.0228 3284 1394ohci - ok
23:55:56.0268 3284 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:55:56.0298 3284 ACPI - ok
23:55:56.0328 3284 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:55:56.0358 3284 AcpiPmi - ok
23:55:56.0418 3284 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:55:56.0438 3284 AdobeARMservice - ok
23:55:56.0548 3284 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:56.0578 3284 AdobeFlashPlayerUpdateSvc - ok
23:55:56.0618 3284 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:55:56.0658 3284 adp94xx - ok
23:55:56.0678 3284 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:55:56.0698 3284 adpahci - ok
23:55:56.0718 3284 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:55:56.0728 3284 adpu320 - ok
23:55:56.0768 3284 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:55:56.0798 3284 AeLookupSvc - ok
23:55:56.0838 3284 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:55:56.0868 3284 AFD - ok
23:55:56.0898 3284 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:55:56.0908 3284 agp440 - ok
23:55:56.0918 3284 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:55:56.0928 3284 ALG - ok
23:55:56.0958 3284 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:55:56.0968 3284 aliide - ok
23:55:57.0048 3284 ALSysIO - ok
23:55:57.0088 3284 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:55:57.0108 3284 AMD External Events Utility - ok
23:55:57.0138 3284 AMD FUEL Service - ok
23:55:57.0158 3284 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:55:57.0178 3284 amdide - ok
23:55:57.0208 3284 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:55:57.0218 3284 AmdK8 - ok
23:55:57.0448 3284 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:55:57.0558 3284 amdkmdag - ok
23:55:57.0588 3284 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:55:57.0608 3284 amdkmdap - ok
23:55:57.0618 3284 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:55:57.0628 3284 AmdPPM - ok
23:55:57.0648 3284 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:55:57.0658 3284 amdsata - ok
23:55:57.0678 3284 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:55:57.0688 3284 amdsbs - ok
23:55:57.0698 3284 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:55:57.0708 3284 amdxata - ok
23:55:57.0728 3284 [ A4947E035B441D946422BD9A5D411C98 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
23:55:57.0738 3284 amd_sata - ok
23:55:57.0748 3284 [ 7A0E0CE7AECEE3F175CB2DAC81694499 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
23:55:57.0758 3284 amd_xata - ok
23:55:57.0808 3284 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:55:57.0828 3284 AntiVirSchedulerService - ok
23:55:57.0848 3284 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:55:57.0858 3284 AntiVirService - ok
23:55:57.0878 3284 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:55:57.0888 3284 AODDriver4.2 - ok
23:55:57.0918 3284 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:55:57.0958 3284 AppID - ok
23:55:57.0988 3284 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:55:58.0018 3284 AppIDSvc - ok
23:55:58.0038 3284 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:55:58.0068 3284 Appinfo - ok
23:55:58.0108 3284 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:55:58.0128 3284 Apple Mobile Device - ok
23:55:58.0158 3284 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:55:58.0178 3284 AppMgmt - ok
23:55:58.0208 3284 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:55:58.0218 3284 arc - ok
23:55:58.0238 3284 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:55:58.0258 3284 arcsas - ok
23:55:58.0288 3284 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
23:55:58.0308 3284 asmthub3 - ok
23:55:58.0328 3284 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
23:55:58.0348 3284 asmtxhci - ok
23:55:58.0388 3284 aspnet_state - ok
23:55:58.0398 3284 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:58.0418 3284 AsyncMac - ok
23:55:58.0448 3284 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:55:58.0458 3284 atapi - ok
23:55:58.0488 3284 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:55:58.0498 3284 AtiHDAudioService - ok
23:55:58.0558 3284 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:55:58.0598 3284 AudioEndpointBuilder - ok
23:55:58.0628 3284 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:55:58.0658 3284 AudioSrv - ok
23:55:58.0678 3284 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:55:58.0688 3284 avgntflt - ok
23:55:58.0718 3284 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:55:58.0728 3284 avipbb - ok
23:55:58.0758 3284 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:55:58.0768 3284 avkmgr - ok
23:55:58.0788 3284 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:55:58.0808 3284 AxInstSV - ok
23:55:58.0838 3284 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:55:58.0848 3284 b06bdrv - ok
23:55:58.0868 3284 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:55:58.0878 3284 b57nd60a - ok
23:55:58.0898 3284 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:55:58.0908 3284 BDESVC - ok
23:55:58.0918 3284 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:55:58.0948 3284 Beep - ok
23:55:58.0958 3284 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:55:58.0968 3284 blbdrive - ok
23:55:59.0009 3284 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:55:59.0039 3284 Bonjour Service - ok
23:55:59.0069 3284 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:55:59.0089 3284 bowser - ok
23:55:59.0109 3284 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:55:59.0129 3284 BrFiltLo - ok
23:55:59.0129 3284 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:55:59.0149 3284 BrFiltUp - ok
23:55:59.0179 3284 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:55:59.0199 3284 Browser - ok
23:55:59.0229 3284 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:55:59.0239 3284 Brserid - ok
23:55:59.0249 3284 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:55:59.0259 3284 BrSerWdm - ok
23:55:59.0259 3284 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:55:59.0269 3284 BrUsbMdm - ok
23:55:59.0279 3284 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:55:59.0289 3284 BrUsbSer - ok
23:55:59.0289 3284 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:55:59.0299 3284 BTHMODEM - ok
23:55:59.0329 3284 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:55:59.0349 3284 bthserv - ok
23:55:59.0359 3284 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:55:59.0389 3284 cdfs - ok
23:55:59.0429 3284 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:55:59.0449 3284 cdrom - ok
23:55:59.0479 3284 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:55:59.0509 3284 CertPropSvc - ok
23:55:59.0529 3284 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:55:59.0539 3284 circlass - ok
23:55:59.0569 3284 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:55:59.0579 3284 CLFS - ok
23:55:59.0599 3284 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:59.0609 3284 clr_optimization_v2.0.50727_32 - ok
23:55:59.0659 3284 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:55:59.0679 3284 clr_optimization_v2.0.50727_64 - ok
23:55:59.0739 3284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:59.0759 3284 clr_optimization_v4.0.30319_32 - ok
23:55:59.0789 3284 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:55:59.0799 3284 clr_optimization_v4.0.30319_64 - ok
23:55:59.0819 3284 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:59.0829 3284 CmBatt - ok
23:55:59.0839 3284 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:55:59.0839 3284 cmdide - ok
23:55:59.0869 3284 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:55:59.0889 3284 CNG - ok
23:55:59.0909 3284 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:55:59.0919 3284 Compbatt - ok
23:55:59.0939 3284 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:55:59.0949 3284 CompositeBus - ok
23:55:59.0949 3284 COMSysApp - ok
23:56:00.0029 3284 [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer D:\Programme\CPUCooL\CooLSrv.exe
23:56:00.0049 3284 CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
23:56:00.0049 3284 CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
23:56:00.0069 3284 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:56:00.0069 3284 crcdisk - ok
23:56:00.0109 3284 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:56:00.0129 3284 CryptSvc - ok
23:56:00.0179 3284 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:56:00.0199 3284 CSC - ok
23:56:00.0239 3284 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:56:00.0249 3284 CscService - ok
23:56:00.0289 3284 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:56:00.0319 3284 DcomLaunch - ok
23:56:00.0339 3284 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:56:00.0369 3284 defragsvc - ok
23:56:00.0409 3284 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:56:00.0449 3284 DfsC - ok
23:56:00.0479 3284 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:56:00.0509 3284 Dhcp - ok
23:56:00.0529 3284 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:56:00.0549 3284 discache - ok
23:56:00.0559 3284 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:56:00.0569 3284 Disk - ok
23:56:00.0599 3284 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:56:00.0609 3284 Dnscache - ok
23:56:00.0639 3284 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:56:00.0669 3284 dot3svc - ok
23:56:00.0699 3284 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:56:00.0719 3284 DPS - ok
23:56:00.0749 3284 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:56:00.0759 3284 drmkaud - ok
23:56:00.0819 3284 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:56:00.0839 3284 DXGKrnl - ok
23:56:00.0859 3284 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:56:00.0899 3284 EapHost - ok
23:56:00.0989 3284 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:56:01.0029 3284 ebdrv - ok
23:56:01.0059 3284 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:56:01.0069 3284 EFS - ok
23:56:01.0119 3284 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:56:01.0149 3284 ehRecvr - ok
23:56:01.0169 3284 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:56:01.0179 3284 ehSched - ok
23:56:01.0219 3284 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:56:01.0229 3284 elxstor - ok
23:56:01.0259 3284 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
23:56:01.0269 3284 EpsonScanSvc - ok
23:56:01.0309 3284 [ A7E8186E04F38E836C19AC147F8B2ED0 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
23:56:01.0329 3284 EPSON_PM_RPCV4_05 - ok
23:56:01.0359 3284 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:56:01.0389 3284 ErrDev - ok
23:56:01.0419 3284 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:56:01.0449 3284 EventSystem - ok
23:56:01.0479 3284 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:56:01.0509 3284 exfat - ok
23:56:01.0529 3284 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:56:01.0549 3284 fastfat - ok
23:56:01.0599 3284 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:56:01.0609 3284 Fax - ok
23:56:01.0639 3284 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:56:01.0649 3284 fdc - ok
23:56:01.0659 3284 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:56:01.0689 3284 fdPHost - ok
23:56:01.0699 3284 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:56:01.0719 3284 FDResPub - ok
23:56:01.0739 3284 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:56:01.0749 3284 FileInfo - ok
23:56:01.0749 3284 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:56:01.0779 3284 Filetrace - ok
23:56:01.0799 3284 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:56:01.0809 3284 flpydisk - ok
23:56:01.0839 3284 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:56:01.0849 3284 FltMgr - ok
23:56:01.0889 3284 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:56:01.0929 3284 FontCache - ok
23:56:01.0969 3284 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:56:01.0989 3284 FontCache3.0.0.0 - ok
23:56:02.0019 3284 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:56:02.0029 3284 FsDepends - ok
23:56:02.0049 3284 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:56:02.0069 3284 Fs_Rec - ok
23:56:02.0099 3284 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:56:02.0119 3284 fvevol - ok
23:56:02.0129 3284 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:56:02.0139 3284 gagp30kx - ok
23:56:02.0159 3284 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:56:02.0169 3284 GEARAspiWDM - ok
23:56:02.0209 3284 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:56:02.0259 3284 gpsvc - ok
23:56:02.0279 3284 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:56:02.0289 3284 hcw85cir - ok
23:56:02.0319 3284 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:56:02.0329 3284 HdAudAddService - ok
23:56:02.0349 3284 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:56:02.0359 3284 HDAudBus - ok
23:56:02.0369 3284 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:56:02.0379 3284 HidBatt - ok
23:56:02.0389 3284 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:56:02.0399 3284 HidBth - ok
23:56:02.0409 3284 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:56:02.0419 3284 HidIr - ok
23:56:02.0439 3284 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:56:02.0469 3284 hidserv - ok
23:56:02.0489 3284 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:56:02.0499 3284 HidUsb - ok
23:56:02.0529 3284 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:56:02.0559 3284 hkmsvc - ok
23:56:02.0589 3284 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:56:02.0599 3284 HomeGroupListener - ok
23:56:02.0609 3284 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:56:02.0619 3284 HomeGroupProvider - ok
23:56:02.0649 3284 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:56:02.0659 3284 HpSAMD - ok
23:56:02.0679 3284 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:56:02.0709 3284 HTTP - ok
23:56:02.0739 3284 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:56:02.0769 3284 hwpolicy - ok
23:56:02.0799 3284 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:56:02.0809 3284 i8042prt - ok
23:56:02.0819 3284 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:56:02.0839 3284 iaStorV - ok
23:56:02.0889 3284 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:56:02.0909 3284 idsvc - ok
23:56:02.0929 3284 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:56:02.0939 3284 iirsp - ok
23:56:02.0979 3284 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:56:03.0009 3284 IKEEXT - ok
23:56:03.0120 3284 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:56:03.0170 3284 IntcAzAudAddService - ok
23:56:03.0200 3284 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:56:03.0210 3284 intelide - ok
23:56:03.0220 3284 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:56:03.0230 3284 intelppm - ok
23:56:03.0250 3284 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:56:03.0280 3284 IPBusEnum - ok
23:56:03.0310 3284 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:56:03.0340 3284 IpFilterDriver - ok
23:56:03.0350 3284 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:56:03.0360 3284 IPMIDRV - ok
23:56:03.0360 3284 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:56:03.0390 3284 IPNAT - ok
23:56:03.0420 3284 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:56:03.0440 3284 iPod Service - ok
23:56:03.0450 3284 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:56:03.0460 3284 IRENUM - ok
23:56:03.0490 3284 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:56:03.0500 3284 isapnp - ok
23:56:03.0520 3284 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:56:03.0530 3284 iScsiPrt - ok
23:56:03.0540 3284 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:56:03.0550 3284 kbdclass - ok
23:56:03.0550 3284 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:56:03.0560 3284 kbdhid - ok
23:56:03.0590 3284 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:56:03.0600 3284 KeyIso - ok
23:56:03.0620 3284 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:56:03.0630 3284 KSecDD - ok
23:56:03.0670 3284 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:56:03.0680 3284 KSecPkg - ok
23:56:03.0700 3284 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:56:03.0730 3284 ksthunk - ok
23:56:03.0760 3284 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:56:03.0790 3284 KtmRm - ok
23:56:03.0820 3284 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:56:03.0850 3284 LanmanServer - ok
23:56:03.0880 3284 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:56:03.0910 3284 LanmanWorkstation - ok
23:56:03.0930 3284 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:56:03.0960 3284 lltdio - ok
23:56:03.0980 3284 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:56:04.0010 3284 lltdsvc - ok
23:56:04.0020 3284 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:56:04.0050 3284 lmhosts - ok
23:56:04.0070 3284 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:56:04.0080 3284 LSI_FC - ok
23:56:04.0100 3284 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:56:04.0110 3284 LSI_SAS - ok
23:56:04.0130 3284 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:56:04.0140 3284 LSI_SAS2 - ok
23:56:04.0150 3284 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:56:04.0160 3284 LSI_SCSI - ok
23:56:04.0180 3284 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:56:04.0210 3284 luafv - ok
23:56:04.0240 3284 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:56:04.0250 3284 Mcx2Svc - ok
23:56:04.0270 3284 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:56:04.0280 3284 megasas - ok
23:56:04.0300 3284 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:56:04.0310 3284 MegaSR - ok
23:56:04.0330 3284 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:56:04.0360 3284 MMCSS - ok
23:56:04.0370 3284 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:56:04.0400 3284 Modem - ok
23:56:04.0410 3284 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:56:04.0420 3284 monitor - ok
23:56:04.0450 3284 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:56:04.0460 3284 mouclass - ok
23:56:04.0480 3284 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:56:04.0490 3284 mouhid - ok
23:56:04.0520 3284 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:56:04.0530 3284 mountmgr - ok
23:56:04.0550 3284 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:56:04.0560 3284 MozillaMaintenance - ok
23:56:04.0570 3284 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:56:04.0580 3284 mpio - ok
23:56:04.0590 3284 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:56:04.0620 3284 mpsdrv - ok
23:56:04.0640 3284 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:56:04.0660 3284 MRxDAV - ok
23:56:04.0690 3284 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:04.0720 3284 mrxsmb - ok
23:56:04.0740 3284 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:04.0750 3284 mrxsmb10 - ok
23:56:04.0790 3284 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:04.0820 3284 mrxsmb20 - ok
23:56:04.0830 3284 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:56:04.0840 3284 msahci - ok
23:56:04.0880 3284 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:56:04.0890 3284 msdsm - ok
23:56:04.0900 3284 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:56:04.0920 3284 MSDTC - ok
23:56:04.0940 3284 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:56:04.0970 3284 Msfs - ok
23:56:04.0980 3284 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:56:05.0010 3284 mshidkmdf - ok
23:56:05.0030 3284 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:56:05.0040 3284 msisadrv - ok
23:56:05.0070 3284 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:56:05.0100 3284 MSiSCSI - ok
23:56:05.0100 3284 msiserver - ok
23:56:05.0120 3284 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:56:05.0150 3284 MSKSSRV - ok
23:56:05.0150 3284 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:05.0180 3284 MSPCLOCK - ok
23:56:05.0190 3284 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:56:05.0220 3284 MSPQM - ok
23:56:05.0260 3284 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:56:05.0270 3284 MsRPC - ok
23:56:05.0300 3284 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:56:05.0310 3284 mssmbios - ok
|
|
16.05.2013, 23:19
| #3 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exeCode:
ATTFilter 23:56:05.0320 3284 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:56:05.0350 3284 MSTEE - ok
23:56:05.0360 3284 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:56:05.0370 3284 MTConfig - ok
23:56:05.0380 3284 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:56:05.0390 3284 Mup - ok
23:56:05.0430 3284 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:56:05.0460 3284 napagent - ok
23:56:05.0480 3284 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:56:05.0490 3284 NativeWifiP - ok
23:56:05.0540 3284 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:56:05.0580 3284 NDIS - ok
23:56:05.0600 3284 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:56:05.0630 3284 NdisCap - ok
23:56:05.0650 3284 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:56:05.0670 3284 NdisTapi - ok
23:56:05.0690 3284 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:56:05.0720 3284 Ndisuio - ok
23:56:05.0740 3284 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:56:05.0770 3284 NdisWan - ok
23:56:05.0780 3284 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:56:05.0810 3284 NDProxy - ok
23:56:05.0820 3284 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:56:05.0850 3284 NetBIOS - ok
23:56:05.0880 3284 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:56:05.0910 3284 NetBT - ok
23:56:05.0920 3284 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:56:05.0930 3284 Netlogon - ok
23:56:05.0960 3284 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:56:05.0990 3284 Netman - ok
23:56:06.0020 3284 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:56:06.0050 3284 netprofm - ok
23:56:06.0080 3284 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:06.0090 3284 NetTcpPortSharing - ok
23:56:06.0110 3284 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:56:06.0120 3284 nfrd960 - ok
23:56:06.0150 3284 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:56:06.0180 3284 NlaSvc - ok
23:56:06.0200 3284 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:56:06.0220 3284 Npfs - ok
23:56:06.0250 3284 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:56:06.0270 3284 nsi - ok
23:56:06.0300 3284 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:56:06.0320 3284 nsiproxy - ok
23:56:06.0400 3284 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:56:06.0420 3284 Ntfs - ok
23:56:06.0450 3284 [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp C:\Windows\system32\drivers\ntiopnp.sys
23:56:06.0460 3284 ntiopnp - ok
23:56:06.0480 3284 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:56:06.0500 3284 Null - ok
23:56:06.0510 3284 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:56:06.0520 3284 nvraid - ok
23:56:06.0560 3284 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:56:06.0570 3284 nvstor - ok
23:56:06.0580 3284 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:56:06.0600 3284 nv_agp - ok
23:56:06.0630 3284 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:56:06.0640 3284 ohci1394 - ok
23:56:06.0660 3284 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:56:06.0670 3284 p2pimsvc - ok
23:56:06.0690 3284 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:56:06.0700 3284 p2psvc - ok
23:56:06.0730 3284 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:56:06.0740 3284 Parport - ok
23:56:06.0770 3284 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:56:06.0780 3284 partmgr - ok
23:56:06.0800 3284 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:56:06.0810 3284 PcaSvc - ok
23:56:06.0840 3284 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:56:06.0850 3284 pci - ok
23:56:06.0890 3284 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:56:06.0890 3284 pciide - ok
23:56:06.0910 3284 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:56:06.0920 3284 pcmcia - ok
23:56:06.0940 3284 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:56:06.0950 3284 pcw - ok
23:56:06.0970 3284 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:56:07.0000 3284 PEAUTH - ok
23:56:07.0050 3284 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:56:07.0080 3284 PeerDistSvc - ok
23:56:07.0140 3284 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:56:07.0150 3284 PerfHost - ok
23:56:07.0220 3284 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:56:07.0260 3284 pla - ok
23:56:07.0290 3284 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:56:07.0300 3284 PlugPlay - ok
23:56:07.0320 3284 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:56:07.0330 3284 PNRPAutoReg - ok
23:56:07.0350 3284 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:56:07.0360 3284 PNRPsvc - ok
23:56:07.0390 3284 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:56:07.0420 3284 PolicyAgent - ok
23:56:07.0450 3284 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:56:07.0480 3284 Power - ok
23:56:07.0510 3284 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:56:07.0540 3284 PptpMiniport - ok
23:56:07.0560 3284 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:56:07.0570 3284 Processor - ok
23:56:07.0600 3284 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:56:07.0610 3284 ProfSvc - ok
23:56:07.0620 3284 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:56:07.0630 3284 ProtectedStorage - ok
23:56:07.0650 3284 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:56:07.0680 3284 Psched - ok
23:56:07.0720 3284 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:56:07.0740 3284 ql2300 - ok
23:56:07.0770 3284 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:56:07.0780 3284 ql40xx - ok
23:56:07.0810 3284 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:56:07.0820 3284 QWAVE - ok
23:56:07.0840 3284 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:56:07.0850 3284 QWAVEdrv - ok
23:56:07.0860 3284 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:56:07.0890 3284 RasAcd - ok
23:56:07.0900 3284 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:56:07.0930 3284 RasAgileVpn - ok
23:56:07.0950 3284 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:56:07.0980 3284 RasAuto - ok
23:56:07.0990 3284 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:56:08.0020 3284 Rasl2tp - ok
23:56:08.0050 3284 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:56:08.0080 3284 RasMan - ok
23:56:08.0120 3284 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:56:08.0140 3284 RasPppoe - ok
23:56:08.0160 3284 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:56:08.0190 3284 RasSstp - ok
23:56:08.0210 3284 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:56:08.0230 3284 rdbss - ok
23:56:08.0260 3284 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:56:08.0270 3284 rdpbus - ok
23:56:08.0280 3284 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:56:08.0310 3284 RDPCDD - ok
23:56:08.0340 3284 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:56:08.0350 3284 RDPDR - ok
23:56:08.0370 3284 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:56:08.0400 3284 RDPENCDD - ok
23:56:08.0410 3284 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:56:08.0430 3284 RDPREFMP - ok
23:56:08.0460 3284 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:56:08.0470 3284 RDPWD - ok
23:56:08.0500 3284 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:56:08.0510 3284 rdyboost - ok
23:56:08.0540 3284 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:56:08.0560 3284 RemoteAccess - ok
23:56:08.0590 3284 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:56:08.0610 3284 RemoteRegistry - ok
23:56:08.0630 3284 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:56:08.0660 3284 RpcEptMapper - ok
23:56:08.0670 3284 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:56:08.0680 3284 RpcLocator - ok
23:56:08.0720 3284 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:56:08.0750 3284 RpcSs - ok
23:56:08.0770 3284 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:56:08.0800 3284 rspndr - ok
23:56:08.0830 3284 [ 3713DACCA1025B05A6343104112708D9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:56:08.0850 3284 RTL8167 - ok
23:56:08.0880 3284 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:56:08.0890 3284 s3cap - ok
23:56:08.0890 3284 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:56:08.0900 3284 SamSs - ok
23:56:08.0920 3284 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:56:08.0930 3284 sbp2port - ok
23:56:08.0940 3284 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:56:08.0970 3284 SCardSvr - ok
23:56:09.0000 3284 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:56:09.0030 3284 scfilter - ok
23:56:09.0080 3284 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:56:09.0120 3284 Schedule - ok
23:56:09.0130 3284 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:56:09.0150 3284 SCPolicySvc - ok
23:56:09.0190 3284 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:56:09.0200 3284 SDRSVC - ok
23:56:09.0220 3284 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:56:09.0250 3284 secdrv - ok
23:56:09.0270 3284 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:56:09.0300 3284 seclogon - ok
23:56:09.0320 3284 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:56:09.0350 3284 SENS - ok
23:56:09.0360 3284 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:56:09.0370 3284 SensrSvc - ok
23:56:09.0380 3284 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:56:09.0390 3284 Serenum - ok
23:56:09.0410 3284 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:56:09.0420 3284 Serial - ok
23:56:09.0430 3284 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:56:09.0440 3284 sermouse - ok
23:56:09.0480 3284 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:56:09.0510 3284 SessionEnv - ok
23:56:09.0540 3284 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:56:09.0550 3284 sffdisk - ok
23:56:09.0560 3284 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:56:09.0570 3284 sffp_mmc - ok
23:56:09.0570 3284 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:56:09.0590 3284 sffp_sd - ok
23:56:09.0610 3284 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:56:09.0620 3284 sfloppy - ok
23:56:09.0660 3284 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:56:09.0690 3284 ShellHWDetection - ok
23:56:09.0700 3284 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:56:09.0710 3284 SiSRaid2 - ok
23:56:09.0720 3284 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:56:09.0730 3284 SiSRaid4 - ok
23:56:09.0740 3284 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:56:09.0770 3284 Smb - ok
23:56:09.0790 3284 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:56:09.0800 3284 SNMPTRAP - ok
23:56:09.0820 3284 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:56:09.0830 3284 spldr - ok
23:56:09.0870 3284 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:56:09.0880 3284 Spooler - ok
23:56:09.0990 3284 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:56:10.0050 3284 sppsvc - ok
23:56:10.0070 3284 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:56:10.0100 3284 sppuinotify - ok
23:56:10.0140 3284 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:56:10.0150 3284 srv - ok
23:56:10.0170 3284 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:56:10.0180 3284 srv2 - ok
23:56:10.0200 3284 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:56:10.0210 3284 srvnet - ok
23:56:10.0220 3284 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:56:10.0250 3284 SSDPSRV - ok
23:56:10.0270 3284 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:56:10.0300 3284 SstpSvc - ok
23:56:10.0310 3284 Steam Client Service - ok
23:56:10.0340 3284 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:56:10.0350 3284 stexstor - ok
23:56:10.0380 3284 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:56:10.0400 3284 stisvc - ok
23:56:10.0410 3284 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:56:10.0420 3284 storflt - ok
23:56:10.0440 3284 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:56:10.0450 3284 StorSvc - ok
23:56:10.0480 3284 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:56:10.0500 3284 storvsc - ok
23:56:10.0530 3284 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:56:10.0540 3284 swenum - ok
23:56:10.0580 3284 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:56:10.0640 3284 swprv - ok
23:56:10.0690 3284 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:56:10.0720 3284 SysMain - ok
23:56:10.0750 3284 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:56:10.0760 3284 TabletInputService - ok
23:56:10.0800 3284 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:56:10.0830 3284 TapiSrv - ok
23:56:10.0840 3284 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:56:10.0870 3284 TBS - ok
23:56:10.0930 3284 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:56:10.0960 3284 Tcpip - ok
23:56:11.0000 3284 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:56:11.0030 3284 TCPIP6 - ok
23:56:11.0060 3284 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:56:11.0090 3284 tcpipreg - ok
23:56:11.0110 3284 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:56:11.0120 3284 TDPIPE - ok
23:56:11.0140 3284 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:56:11.0150 3284 TDTCP - ok
23:56:11.0180 3284 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:56:11.0210 3284 tdx - ok
23:56:11.0230 3284 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:56:11.0240 3284 TermDD - ok
23:56:11.0260 3284 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:56:11.0300 3284 TermService - ok
23:56:11.0310 3284 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:56:11.0320 3284 Themes - ok
23:56:11.0340 3284 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:56:11.0360 3284 THREADORDER - ok
23:56:11.0380 3284 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:56:11.0400 3284 TrkWks - ok
23:56:11.0460 3284 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:56:11.0490 3284 TrustedInstaller - ok
23:56:11.0520 3284 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:56:11.0550 3284 tssecsrv - ok
23:56:11.0550 3284 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:56:11.0560 3284 TsUsbFlt - ok
23:56:11.0570 3284 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:56:11.0600 3284 tunnel - ok
23:56:11.0620 3284 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:56:11.0630 3284 uagp35 - ok
23:56:11.0660 3284 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:56:11.0690 3284 udfs - ok
23:56:11.0710 3284 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:56:11.0720 3284 UI0Detect - ok
23:56:11.0750 3284 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:56:11.0760 3284 uliagpkx - ok
23:56:11.0770 3284 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:56:11.0780 3284 umbus - ok
23:56:11.0800 3284 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:56:11.0810 3284 UmPass - ok
23:56:11.0840 3284 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:56:11.0850 3284 UmRdpService - ok
23:56:11.0870 3284 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:56:11.0910 3284 upnphost - ok
23:56:11.0940 3284 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:56:11.0950 3284 usbaudio - ok
23:56:11.0990 3284 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:56:12.0010 3284 usbccgp - ok
23:56:12.0030 3284 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:56:12.0050 3284 usbcir - ok
23:56:12.0060 3284 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:56:12.0070 3284 usbehci - ok
23:56:12.0090 3284 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
23:56:12.0100 3284 usbfilter - ok
23:56:12.0110 3284 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:56:12.0130 3284 usbhub - ok
23:56:12.0140 3284 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:56:12.0140 3284 usbohci - ok
23:56:12.0170 3284 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:56:12.0180 3284 usbprint - ok
23:56:12.0200 3284 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:56:12.0210 3284 usbscan - ok
23:56:12.0230 3284 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:56:12.0240 3284 USBSTOR - ok
23:56:12.0260 3284 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:56:12.0270 3284 usbuhci - ok
23:56:12.0280 3284 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:56:12.0310 3284 UxSms - ok
23:56:12.0320 3284 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:56:12.0330 3284 VaultSvc - ok
23:56:12.0340 3284 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:56:12.0350 3284 vdrvroot - ok
23:56:12.0390 3284 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:56:12.0420 3284 vds - ok
23:56:12.0440 3284 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:56:12.0450 3284 vga - ok
23:56:12.0460 3284 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:56:12.0490 3284 VgaSave - ok
23:56:12.0520 3284 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:56:12.0550 3284 vhdmp - ok
23:56:12.0580 3284 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:56:12.0590 3284 viaide - ok
23:56:12.0610 3284 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:56:12.0620 3284 vmbus - ok
23:56:12.0630 3284 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:56:12.0640 3284 VMBusHID - ok
23:56:12.0650 3284 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:56:12.0660 3284 volmgr - ok
23:56:12.0700 3284 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:56:12.0710 3284 volmgrx - ok
23:56:12.0730 3284 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:56:12.0740 3284 volsnap - ok
23:56:12.0760 3284 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:56:12.0770 3284 vsmraid - ok
23:56:12.0830 3284 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:56:12.0870 3284 VSS - ok
23:56:12.0880 3284 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:56:12.0890 3284 vwifibus - ok
23:56:12.0920 3284 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:56:12.0960 3284 W32Time - ok
23:56:12.0980 3284 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:56:12.0980 3284 WacomPen - ok
23:56:13.0020 3284 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:56:13.0041 3284 WANARP - ok
23:56:13.0051 3284 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:56:13.0071 3284 Wanarpv6 - ok
23:56:13.0131 3284 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:56:13.0161 3284 wbengine - ok
23:56:13.0181 3284 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:56:13.0201 3284 WbioSrvc - ok
23:56:13.0231 3284 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:56:13.0251 3284 wcncsvc - ok
23:56:13.0261 3284 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:56:13.0271 3284 WcsPlugInService - ok
23:56:13.0301 3284 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:56:13.0311 3284 Wd - ok
23:56:13.0351 3284 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:56:13.0371 3284 Wdf01000 - ok
23:56:13.0381 3284 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:56:13.0401 3284 WdiServiceHost - ok
23:56:13.0411 3284 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:56:13.0421 3284 WdiSystemHost - ok
23:56:13.0451 3284 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:56:13.0471 3284 WebClient - ok
23:56:13.0491 3284 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:56:13.0521 3284 Wecsvc - ok
23:56:13.0531 3284 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:56:13.0561 3284 wercplsupport - ok
23:56:13.0571 3284 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:56:13.0601 3284 WerSvc - ok
23:56:13.0631 3284 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:56:13.0651 3284 WfpLwf - ok
23:56:13.0671 3284 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:56:13.0671 3284 WIMMount - ok
23:56:13.0681 3284 WinHttpAutoProxySvc - ok
23:56:13.0731 3284 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:56:13.0761 3284 Winmgmt - ok
23:56:13.0841 3284 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:56:13.0911 3284 WinRM - ok
23:56:13.0931 3284 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:56:13.0941 3284 WinUsb - ok
23:56:13.0981 3284 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:56:14.0001 3284 Wlansvc - ok
23:56:14.0101 3284 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:56:14.0141 3284 wlidsvc - ok
23:56:14.0171 3284 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:56:14.0181 3284 WmiAcpi - ok
23:56:14.0201 3284 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:56:14.0211 3284 wmiApSrv - ok
23:56:14.0231 3284 WMPNetworkSvc - ok
23:56:14.0251 3284 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:56:14.0261 3284 WPCSvc - ok
23:56:14.0281 3284 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:56:14.0291 3284 WPDBusEnum - ok
23:56:14.0311 3284 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:56:14.0341 3284 ws2ifsl - ok
23:56:14.0341 3284 WSearch - ok
23:56:14.0361 3284 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:56:14.0371 3284 WudfPf - ok
23:56:14.0401 3284 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:14.0411 3284 WUDFRd - ok
23:56:14.0441 3284 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:56:14.0451 3284 wudfsvc - ok
23:56:14.0471 3284 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:56:14.0491 3284 WwanSvc - ok
23:56:14.0491 3284 ================ Scan global ===============================
23:56:14.0521 3284 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:56:14.0551 3284 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:56:14.0561 3284 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:56:14.0591 3284 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:56:14.0611 3284 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
23:56:14.0621 3284 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
23:56:14.0621 3284 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
23:56:14.0621 3284 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
23:56:14.0621 3284 ================ Scan MBR ==================================
23:56:14.0631 3284 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:56:14.0951 3284 \Device\Harddisk0\DR0 - ok
23:56:14.0951 3284 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
23:56:15.0041 3284 \Device\Harddisk1\DR1 - ok
23:56:15.0041 3284 ================ Scan VBR ==================================
23:56:15.0061 3284 [ 68B82B246768EF82EB205AD8FEA0B354 ] \Device\Harddisk0\DR0\Partition1
23:56:15.0061 3284 \Device\Harddisk0\DR0\Partition1 - ok
23:56:15.0071 3284 [ C9AE3F60E508B4D7265B0F0A677BB1C4 ] \Device\Harddisk0\DR0\Partition2
23:56:15.0071 3284 \Device\Harddisk0\DR0\Partition2 - ok
23:56:15.0081 3284 [ 24AB7B9F5D1E078FC08801A04960FC4F ] \Device\Harddisk0\DR0\Partition3
23:56:15.0081 3284 \Device\Harddisk0\DR0\Partition3 - ok
23:56:15.0091 3284 [ 59046DE0DDDC09ED714C182AAA88A132 ] \Device\Harddisk1\DR1\Partition1
23:56:15.0091 3284 \Device\Harddisk1\DR1\Partition1 - ok
23:56:15.0091 3284 ============================================================
23:56:15.0091 3284 Scan finished
23:56:15.0091 3284 ============================================================
23:56:15.0091 3088 Detected object count: 2
23:56:15.0091 3088 Actual detected object count: 2
23:56:20.0492 3088 CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:20.0492 3088 CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:56:20.0492 3088 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
23:56:20.0492 3088 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
Ich würde jetzt über Nacht den Virenscanner wieder aktivieren und mal drüber laufen lassen um zu sehen was passiert. Achso, gefunden hab ich das ganze hier: http://www.trojaner-board.de/134645-...vices-exe.html Wäre super wenn mir jemand helfen könnte! Vielen Dank! |
|
16.05.2013, 23:31
| #4 |
| /// Malwareteam / Visitor  | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Hallo Miyuline Starte TDSSKiller nochmals und bei untenstehende Fund for "Cure" wahlen. C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) Nachher der neue Log von TDSSKiller posten 
|
|
17.05.2013, 08:26
| #5 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Hallo smeenk, vielen, vielen Dank das du mir hilfst! War schon leicht am verzweifeln  TDSSKiller hat mir jetzt zwei logs gegeben Code:
ATTFilter 09:13:15.0909 4264 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:13:16.0049 4264 ============================================================
09:13:16.0049 4264 Current date / time: 2013/05/17 09:13:16.0049
09:13:16.0049 4264 SystemInfo:
09:13:16.0049 4264
09:13:16.0049 4264 OS Version: 6.1.7601 ServicePack: 1.0
09:13:16.0049 4264 Product type: Workstation
09:13:16.0049 4264 ComputerName: MIYU-PC
09:13:16.0049 4264 UserName: Miyu
09:13:16.0049 4264 Windows directory: C:\Windows
09:13:16.0049 4264 System windows directory: C:\Windows
09:13:16.0049 4264 Running under WOW64
09:13:16.0049 4264 Processor architecture: Intel x64
09:13:16.0049 4264 Number of processors: 8
09:13:16.0049 4264 Page size: 0x1000
09:13:16.0049 4264 Boot type: Normal boot
09:13:16.0049 4264 ============================================================
09:13:16.0729 4264 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:16.0739 4264 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:13:16.0739 4264 ============================================================
09:13:16.0739 4264 \Device\Harddisk0\DR0:
09:13:16.0739 4264 MBR partitions:
09:13:16.0739 4264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:13:16.0739 4264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBF96000
09:13:16.0739 4264 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xBFC8800, BlocksNum 0x19465800
09:13:16.0739 4264 \Device\Harddisk1\DR1:
09:13:16.0739 4264 MBR partitions:
09:13:16.0739 4264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
09:13:16.0739 4264 ============================================================
09:13:16.0759 4264 C: <-> \Device\Harddisk0\DR0\Partition2
09:13:16.0789 4264 D: <-> \Device\Harddisk0\DR0\Partition3
09:13:16.0799 4264 F: <-> \Device\Harddisk1\DR1\Partition1
09:13:16.0799 4264 ============================================================
09:13:16.0799 4264 Initialize success
09:13:16.0799 4264 ============================================================
09:13:23.0520 3932 ============================================================
09:13:23.0520 3932 Scan started
09:13:23.0520 3932 Mode: Manual; SigCheck; TDLFS;
09:13:23.0520 3932 ============================================================
09:13:24.0050 3932 ================ Scan system memory ========================
09:13:24.0050 3932 System memory - ok
09:13:24.0050 3932 ================ Scan services =============================
09:13:24.0160 3932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:13:24.0220 3932 1394ohci - ok
09:13:24.0270 3932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:13:24.0280 3932 ACPI - ok
09:13:24.0300 3932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:13:24.0320 3932 AcpiPmi - ok
09:13:24.0390 3932 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:13:24.0410 3932 AdobeARMservice - ok
09:13:24.0540 3932 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:13:24.0570 3932 AdobeFlashPlayerUpdateSvc - ok
09:13:24.0620 3932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:13:24.0650 3932 adp94xx - ok
09:13:24.0700 3932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:13:24.0730 3932 adpahci - ok
09:13:24.0760 3932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:13:24.0790 3932 adpu320 - ok
09:13:24.0830 3932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:13:24.0890 3932 AeLookupSvc - ok
09:13:24.0950 3932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:13:24.0960 3932 AFD - ok
09:13:25.0000 3932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:13:25.0010 3932 agp440 - ok
09:13:25.0020 3932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:13:25.0040 3932 ALG - ok
09:13:25.0060 3932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:13:25.0090 3932 aliide - ok
09:13:25.0190 3932 ALSysIO - ok
09:13:25.0230 3932 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:13:25.0270 3932 AMD External Events Utility - ok
09:13:25.0300 3932 AMD FUEL Service - ok
09:13:25.0330 3932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:13:25.0340 3932 amdide - ok
09:13:25.0380 3932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:13:25.0390 3932 AmdK8 - ok
09:13:25.0620 3932 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:13:25.0740 3932 amdkmdag - ok
09:13:25.0780 3932 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:13:25.0820 3932 amdkmdap - ok
09:13:25.0860 3932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:13:25.0870 3932 AmdPPM - ok
09:13:25.0900 3932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:13:25.0930 3932 amdsata - ok
09:13:25.0960 3932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:13:25.0990 3932 amdsbs - ok
09:13:26.0010 3932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:13:26.0020 3932 amdxata - ok
09:13:26.0060 3932 [ A4947E035B441D946422BD9A5D411C98 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
09:13:26.0090 3932 amd_sata - ok
09:13:26.0110 3932 [ 7A0E0CE7AECEE3F175CB2DAC81694499 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
09:13:26.0120 3932 amd_xata - ok
09:13:26.0190 3932 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:13:26.0210 3932 AntiVirSchedulerService - ok
09:13:26.0240 3932 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:13:26.0250 3932 AntiVirService - ok
09:13:26.0280 3932 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
09:13:26.0290 3932 AODDriver4.2 - ok
09:13:26.0340 3932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:13:26.0390 3932 AppID - ok
09:13:26.0410 3932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:13:26.0440 3932 AppIDSvc - ok
09:13:26.0470 3932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:13:26.0530 3932 Appinfo - ok
09:13:26.0580 3932 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:13:26.0600 3932 Apple Mobile Device - ok
09:13:26.0630 3932 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:13:26.0640 3932 AppMgmt - ok
09:13:26.0680 3932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:13:26.0690 3932 arc - ok
09:13:26.0700 3932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:13:26.0710 3932 arcsas - ok
09:13:26.0750 3932 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
09:13:26.0760 3932 asmthub3 - ok
09:13:26.0780 3932 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
09:13:26.0800 3932 asmtxhci - ok
09:13:26.0840 3932 aspnet_state - ok
09:13:26.0860 3932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:26.0890 3932 AsyncMac - ok
09:13:26.0920 3932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:13:26.0920 3932 atapi - ok
09:13:26.0950 3932 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:13:26.0960 3932 AtiHDAudioService - ok
09:13:27.0010 3932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:13:27.0070 3932 AudioEndpointBuilder - ok
09:13:27.0100 3932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:13:27.0130 3932 AudioSrv - ok
09:13:27.0150 3932 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:13:27.0160 3932 avgntflt - ok
09:13:27.0200 3932 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:13:27.0210 3932 avipbb - ok
09:13:27.0240 3932 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:13:27.0250 3932 avkmgr - ok
09:13:27.0290 3932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:13:27.0310 3932 AxInstSV - ok
09:13:27.0340 3932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:13:27.0360 3932 b06bdrv - ok
09:13:27.0390 3932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:13:27.0400 3932 b57nd60a - ok
09:13:27.0430 3932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:13:27.0440 3932 BDESVC - ok
09:13:27.0460 3932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:13:27.0490 3932 Beep - ok
09:13:27.0500 3932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:13:27.0520 3932 blbdrive - ok
09:13:27.0580 3932 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:13:27.0590 3932 Bonjour Service - ok
09:13:27.0640 3932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:13:27.0650 3932 bowser - ok
09:13:27.0680 3932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:13:27.0690 3932 BrFiltLo - ok
09:13:27.0700 3932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:13:27.0710 3932 BrFiltUp - ok
09:13:27.0740 3932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:13:27.0750 3932 Browser - ok
09:13:27.0760 3932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:13:27.0780 3932 Brserid - ok
09:13:27.0780 3932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:13:27.0800 3932 BrSerWdm - ok
09:13:27.0800 3932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:13:27.0810 3932 BrUsbMdm - ok
09:13:27.0820 3932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:13:27.0830 3932 BrUsbSer - ok
09:13:27.0830 3932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:13:27.0850 3932 BTHMODEM - ok
09:13:27.0880 3932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:13:27.0940 3932 bthserv - ok
09:13:27.0960 3932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:13:27.0990 3932 cdfs - ok
09:13:28.0040 3932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:13:28.0070 3932 cdrom - ok
09:13:28.0110 3932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:13:28.0150 3932 CertPropSvc - ok
09:13:28.0180 3932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:13:28.0190 3932 circlass - ok
09:13:28.0210 3932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:13:28.0230 3932 CLFS - ok
09:13:28.0270 3932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:28.0280 3932 clr_optimization_v2.0.50727_32 - ok
09:13:28.0330 3932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:13:28.0340 3932 clr_optimization_v2.0.50727_64 - ok
09:13:28.0400 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:28.0430 3932 clr_optimization_v4.0.30319_32 - ok
09:13:28.0450 3932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:13:28.0460 3932 clr_optimization_v4.0.30319_64 - ok
09:13:28.0500 3932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:28.0510 3932 CmBatt - ok
09:13:28.0520 3932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:13:28.0540 3932 cmdide - ok
09:13:28.0570 3932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:13:28.0590 3932 CNG - ok
09:13:28.0610 3932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:13:28.0620 3932 Compbatt - ok
09:13:28.0640 3932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:13:28.0660 3932 CompositeBus - ok
09:13:28.0670 3932 COMSysApp - ok
09:13:28.0760 3932 [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer D:\Programme\CPUCooL\CooLSrv.exe
09:13:28.0790 3932 CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
09:13:28.0790 3932 CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
09:13:28.0810 3932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:13:28.0840 3932 crcdisk - ok
09:13:28.0890 3932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:13:28.0910 3932 CryptSvc - ok
09:13:28.0940 3932 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:13:28.0970 3932 CSC - ok
09:13:29.0000 3932 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:13:29.0020 3932 CscService - ok
09:13:29.0060 3932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:13:29.0110 3932 DcomLaunch - ok
09:13:29.0140 3932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:13:29.0210 3932 defragsvc - ok
09:13:29.0250 3932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:13:29.0280 3932 DfsC - ok
09:13:29.0350 3932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:13:29.0390 3932 Dhcp - ok
09:13:29.0430 3932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:13:29.0460 3932 discache - ok
09:13:29.0480 3932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:13:29.0490 3932 Disk - ok
09:13:29.0540 3932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:13:29.0550 3932 Dnscache - ok
09:13:29.0580 3932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:13:29.0620 3932 dot3svc - ok
09:13:29.0660 3932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:13:29.0710 3932 DPS - ok
09:13:29.0750 3932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:13:29.0760 3932 drmkaud - ok
09:13:29.0810 3932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:13:29.0850 3932 DXGKrnl - ok
09:13:29.0880 3932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:13:29.0910 3932 EapHost - ok
09:13:29.0990 3932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:13:30.0040 3932 ebdrv - ok
09:13:30.0060 3932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:13:30.0070 3932 EFS - ok
09:13:30.0130 3932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:13:30.0170 3932 ehRecvr - ok
09:13:30.0190 3932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:13:30.0210 3932 ehSched - ok
09:13:30.0250 3932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:13:30.0270 3932 elxstor - ok
09:13:30.0310 3932 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
09:13:30.0350 3932 EpsonScanSvc - ok
09:13:30.0400 3932 [ A7E8186E04F38E836C19AC147F8B2ED0 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
09:13:30.0410 3932 EPSON_PM_RPCV4_05 - ok
09:13:30.0440 3932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:13:30.0460 3932 ErrDev - ok
09:13:30.0490 3932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:13:30.0530 3932 EventSystem - ok
09:13:30.0560 3932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:13:30.0590 3932 exfat - ok
09:13:30.0600 3932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:13:30.0630 3932 fastfat - ok
09:13:30.0690 3932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:13:30.0730 3932 Fax - ok
09:13:30.0760 3932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:13:30.0770 3932 fdc - ok
09:13:30.0780 3932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:13:30.0810 3932 fdPHost - ok
09:13:30.0830 3932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:13:30.0860 3932 FDResPub - ok
09:13:30.0870 3932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:13:30.0880 3932 FileInfo - ok
09:13:30.0890 3932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:13:30.0920 3932 Filetrace - ok
09:13:30.0920 3932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:30.0930 3932 flpydisk - ok
09:13:30.0970 3932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:13:30.0980 3932 FltMgr - ok
09:13:31.0020 3932 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
09:13:31.0060 3932 FontCache - ok
09:13:31.0110 3932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:13:31.0130 3932 FontCache3.0.0.0 - ok
09:13:31.0160 3932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:13:31.0180 3932 FsDepends - ok
09:13:31.0210 3932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:13:31.0220 3932 Fs_Rec - ok
09:13:31.0260 3932 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:13:31.0280 3932 fvevol - ok
09:13:31.0300 3932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:13:31.0310 3932 gagp30kx - ok
09:13:31.0340 3932 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:13:31.0350 3932 GEARAspiWDM - ok
09:13:31.0410 3932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:13:31.0460 3932 gpsvc - ok
09:13:31.0480 3932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:13:31.0490 3932 hcw85cir - ok
09:13:31.0540 3932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:13:31.0580 3932 HdAudAddService - ok
09:13:31.0620 3932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:13:31.0640 3932 HDAudBus - ok
09:13:31.0650 3932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:13:31.0670 3932 HidBatt - ok
09:13:31.0670 3932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:13:31.0690 3932 HidBth - ok
09:13:31.0690 3932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:13:31.0700 3932 HidIr - ok
09:13:31.0730 3932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:13:31.0760 3932 hidserv - ok
09:13:31.0810 3932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:13:31.0840 3932 HidUsb - ok
09:13:31.0870 3932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:13:31.0900 3932 hkmsvc - ok
09:13:31.0940 3932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:13:31.0960 3932 HomeGroupListener - ok
09:13:31.0980 3932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:13:31.0990 3932 HomeGroupProvider - ok
09:13:32.0020 3932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:13:32.0050 3932 HpSAMD - ok
09:13:32.0100 3932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:13:32.0130 3932 HTTP - ok
09:13:32.0170 3932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:13:32.0190 3932 hwpolicy - ok
09:13:32.0230 3932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:13:32.0250 3932 i8042prt - ok
09:13:32.0290 3932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:13:32.0310 3932 iaStorV - ok
09:13:32.0360 3932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:13:32.0400 3932 idsvc - ok
09:13:32.0420 3932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:13:32.0440 3932 iirsp - ok
09:13:32.0500 3932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:13:32.0570 3932 IKEEXT - ok
09:13:32.0680 3932 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:13:32.0740 3932 IntcAzAudAddService - ok
09:13:32.0770 3932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:13:32.0800 3932 intelide - ok
09:13:32.0820 3932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:13:32.0840 3932 intelppm - ok
09:13:32.0860 3932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:13:32.0910 3932 IPBusEnum - ok
09:13:32.0930 3932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:13:32.0960 3932 IpFilterDriver - ok
09:13:32.0990 3932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:13:33.0000 3932 IPMIDRV - ok
09:13:33.0030 3932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:13:33.0060 3932 IPNAT - ok
09:13:33.0100 3932 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:13:33.0120 3932 iPod Service - ok
09:13:33.0130 3932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:13:33.0150 3932 IRENUM - ok
09:13:33.0170 3932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:13:33.0190 3932 isapnp - ok
09:13:33.0210 3932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:13:33.0220 3932 iScsiPrt - ok
09:13:33.0240 3932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:13:33.0260 3932 kbdclass - ok
09:13:33.0280 3932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:13:33.0290 3932 kbdhid - ok
09:13:33.0300 3932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:13:33.0310 3932 KeyIso - ok
09:13:33.0340 3932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:13:33.0350 3932 KSecDD - ok
09:13:33.0380 3932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:13:33.0390 3932 KSecPkg - ok
09:13:33.0420 3932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:13:33.0450 3932 ksthunk - ok
09:13:33.0500 3932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:13:33.0530 3932 KtmRm - ok
09:13:33.0570 3932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:13:33.0610 3932 LanmanServer - ok
09:13:33.0640 3932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:13:33.0670 3932 LanmanWorkstation - ok
09:13:33.0700 3932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:13:33.0730 3932 lltdio - ok
09:13:33.0770 3932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:13:33.0800 3932 lltdsvc - ok
09:13:33.0820 3932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:13:33.0851 3932 lmhosts - ok
09:13:33.0871 3932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:13:33.0881 3932 LSI_FC - ok
09:13:33.0911 3932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:13:33.0921 3932 LSI_SAS - ok
09:13:33.0931 3932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:13:33.0961 3932 LSI_SAS2 - ok
09:13:33.0971 3932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:13:33.0991 3932 LSI_SCSI - ok
09:13:34.0011 3932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:13:34.0031 3932 luafv - ok
09:13:34.0061 3932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:13:34.0081 3932 Mcx2Svc - ok
09:13:34.0091 3932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:13:34.0101 3932 megasas - ok
09:13:34.0111 3932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:13:34.0121 3932 MegaSR - ok
09:13:34.0141 3932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:13:34.0171 3932 MMCSS - ok
09:13:34.0191 3932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:13:34.0221 3932 Modem - ok
09:13:34.0241 3932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:13:34.0251 3932 monitor - ok
09:13:34.0311 3932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:13:34.0341 3932 mouclass - ok
09:13:34.0361 3932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:13:34.0381 3932 mouhid - ok
09:13:34.0401 3932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:13:34.0411 3932 mountmgr - ok
09:13:34.0441 3932 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:13:34.0461 3932 MozillaMaintenance - ok
09:13:34.0471 3932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:13:34.0491 3932 mpio - ok
09:13:34.0511 3932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:13:34.0551 3932 mpsdrv - ok
09:13:34.0581 3932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:13:34.0601 3932 MRxDAV - ok
09:13:34.0631 3932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:13:34.0641 3932 mrxsmb - ok
09:13:34.0661 3932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:13:34.0671 3932 mrxsmb10 - ok
09:13:34.0681 3932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:13:34.0691 3932 mrxsmb20 - ok
09:13:34.0691 3932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:13:34.0701 3932 msahci - ok
09:13:34.0731 3932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:13:34.0741 3932 msdsm - ok
09:13:34.0761 3932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:13:34.0771 3932 MSDTC - ok
09:13:34.0801 3932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:13:34.0821 3932 Msfs - ok
09:13:34.0831 3932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:13:34.0851 3932 mshidkmdf - ok
09:13:34.0881 3932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:13:34.0891 3932 msisadrv - ok
09:13:34.0921 3932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:13:34.0951 3932 MSiSCSI - ok
09:13:34.0961 3932 msiserver - ok
09:13:34.0981 3932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:13:35.0011 3932 MSKSSRV - ok
09:13:35.0031 3932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:13:35.0051 3932 MSPCLOCK - ok
09:13:35.0061 3932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:13:35.0091 3932 MSPQM - ok
09:13:35.0131 3932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:13:35.0141 3932 MsRPC - ok
09:13:35.0171 3932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:13:35.0181 3932 mssmbios - ok
09:13:35.0201 3932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:13:35.0231 3932 MSTEE - ok
09:13:35.0241 3932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:13:35.0251 3932 MTConfig - ok
09:13:35.0271 3932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:13:35.0281 3932 Mup - ok
09:13:35.0321 3932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:13:35.0351 3932 napagent - ok
09:13:35.0381 3932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:13:35.0421 3932 NativeWifiP - ok
09:13:35.0491 3932 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:13:35.0521 3932 NDIS - ok
09:13:35.0531 3932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:13:35.0561 3932 NdisCap - ok
09:13:35.0581 3932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:13:35.0601 3932 NdisTapi - ok
09:13:35.0631 3932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:13:35.0651 3932 Ndisuio - ok
09:13:35.0681 3932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:13:35.0711 3932 NdisWan - ok
09:13:35.0721 3932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:13:35.0751 3932 NDProxy - ok
09:13:35.0781 3932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:13:35.0801 3932 NetBIOS - ok
09:13:35.0831 3932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:13:35.0861 3932 NetBT - ok
09:13:35.0871 3932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:13:35.0881 3932 Netlogon - ok
09:13:35.0921 3932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:13:35.0951 3932 Netman - ok
09:13:35.0971 3932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:13:36.0011 3932 netprofm - ok
09:13:36.0041 3932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:13:36.0051 3932 NetTcpPortSharing - ok
09:13:36.0071 3932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:13:36.0091 3932 nfrd960 - ok
09:13:36.0121 3932 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:13:36.0151 3932 NlaSvc - ok
09:13:36.0161 3932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:13:36.0181 3932 Npfs - ok
09:13:36.0201 3932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:13:36.0231 3932 nsi - ok
09:13:36.0261 3932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:13:36.0281 3932 nsiproxy - ok
09:13:36.0361 3932 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:13:36.0401 3932 Ntfs - ok
09:13:36.0441 3932 [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp C:\Windows\system32\drivers\ntiopnp.sys
09:13:36.0471 3932 ntiopnp - ok
09:13:36.0491 3932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:13:36.0531 3932 Null - ok
09:13:36.0551 3932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:13:36.0571 3932 nvraid - ok
09:13:36.0601 3932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:13:36.0611 3932 nvstor - ok
09:13:36.0641 3932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:13:36.0651 3932 nv_agp - ok
09:13:36.0671 3932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:13:36.0681 3932 ohci1394 - ok
09:13:36.0711 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:13:36.0721 3932 p2pimsvc - ok
09:13:36.0741 3932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:13:36.0751 3932 p2psvc - ok
09:13:36.0791 3932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:13:36.0801 3932 Parport - ok
09:13:36.0831 3932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:13:36.0841 3932 partmgr - ok
09:13:36.0851 3932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:13:36.0871 3932 PcaSvc - ok
09:13:36.0911 3932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:13:36.0921 3932 pci - ok
09:13:36.0951 3932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:13:36.0961 3932 pciide - ok
09:13:36.0981 3932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:13:37.0001 3932 pcmcia - ok
09:13:37.0011 3932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:13:37.0021 3932 pcw - ok
09:13:37.0041 3932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:13:37.0071 3932 PEAUTH - ok
09:13:37.0121 3932 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:13:37.0151 3932 PeerDistSvc - ok
09:13:37.0231 3932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:13:37.0261 3932 PerfHost - ok
09:13:37.0321 3932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:13:37.0391 3932 pla - ok
09:13:37.0431 3932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:13:37.0451 3932 PlugPlay - ok
09:13:37.0471 3932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:13:37.0481 3932 PNRPAutoReg - ok
09:13:37.0501 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:13:37.0511 3932 PNRPsvc - ok
09:13:37.0551 3932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:13:37.0611 3932 PolicyAgent - ok
09:13:37.0631 3932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:13:37.0661 3932 Power - ok
09:13:37.0711 3932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:13:37.0771 3932 PptpMiniport - ok
09:13:37.0801 3932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:13:37.0821 3932 Processor - ok
09:13:37.0851 3932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:13:37.0871 3932 ProfSvc - ok
09:13:37.0871 3932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:13:37.0881 3932 ProtectedStorage - ok
09:13:37.0911 3932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:13:37.0951 3932 Psched - ok
09:13:38.0011 3932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:13:38.0041 3932 ql2300 - ok
09:13:38.0071 3932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:13:38.0081 3932 ql40xx - ok
09:13:38.0111 3932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:13:38.0131 3932 QWAVE - ok
09:13:38.0141 3932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:13:38.0151 3932 QWAVEdrv - ok
09:13:38.0161 3932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:13:38.0191 3932 RasAcd - ok
09:13:38.0221 3932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:13:38.0251 3932 RasAgileVpn - ok
09:13:38.0271 3932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:13:38.0301 3932 RasAuto - ok
09:13:38.0321 3932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:13:38.0351 3932 Rasl2tp - ok
09:13:38.0391 3932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:13:38.0451 3932 RasMan - ok
09:13:38.0471 3932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:13:38.0501 3932 RasPppoe - ok
09:13:38.0521 3932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:13:38.0551 3932 RasSstp - ok
09:13:38.0571 3932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:13:38.0601 3932 rdbss - ok
09:13:38.0621 3932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:13:38.0631 3932 rdpbus - ok
09:13:38.0641 3932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:13:38.0671 3932 RDPCDD - ok
09:13:38.0691 3932 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:13:38.0711 3932 RDPDR - ok
09:13:38.0731 3932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:13:38.0761 3932 RDPENCDD - ok
09:13:38.0771 3932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:13:38.0801 3932 RDPREFMP - ok
09:13:38.0821 3932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:13:38.0841 3932 RDPWD - ok
09:13:38.0881 3932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:13:38.0891 3932 rdyboost - ok
09:13:38.0921 3932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:13:38.0951 3932 RemoteAccess - ok
09:13:38.0971 3932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:13:39.0011 3932 RemoteRegistry - ok
09:13:39.0021 3932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:13:39.0051 3932 RpcEptMapper - ok
09:13:39.0071 3932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:13:39.0091 3932 RpcLocator - ok
09:13:39.0121 3932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:13:39.0151 3932 RpcSs - ok
09:13:39.0181 3932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:13:39.0211 3932 rspndr - ok
09:13:39.0251 3932 [ 3713DACCA1025B05A6343104112708D9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:13:39.0271 3932 RTL8167 - ok
09:13:39.0301 3932 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:13:39.0311 3932 s3cap - ok
09:13:39.0321 3932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:13:39.0331 3932 SamSs - ok
09:13:39.0341 3932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:13:39.0361 3932 sbp2port - ok
09:13:39.0381 3932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:13:39.0411 3932 SCardSvr - ok
09:13:39.0441 3932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:13:39.0461 3932 scfilter - ok
09:13:39.0511 3932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:13:39.0561 3932 Schedule - ok
09:13:39.0561 3932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:13:39.0591 3932 SCPolicySvc - ok
09:13:39.0621 3932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:13:39.0631 3932 SDRSVC - ok
09:13:39.0661 3932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:13:39.0681 3932 secdrv - ok
09:13:39.0721 3932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:13:39.0751 3932 seclogon - ok
09:13:39.0771 3932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:13:39.0801 3932 SENS - ok
09:13:39.0811 3932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:13:39.0831 3932 SensrSvc - ok
09:13:39.0861 3932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:13:39.0871 3932 Serenum - ok
09:13:39.0891 3932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:13:39.0911 3932 Serial - ok
09:13:39.0921 3932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:13:39.0931 3932 sermouse - ok
09:13:39.0971 3932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:13:40.0021 3932 SessionEnv - ok
09:13:40.0041 3932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:13:40.0051 3932 sffdisk - ok
09:13:40.0061 3932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:13:40.0071 3932 sffp_mmc - ok
09:13:40.0091 3932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:13:40.0101 3932 sffp_sd - ok
09:13:40.0131 3932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:13:40.0141 3932 sfloppy - ok
09:13:40.0181 3932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:13:40.0211 3932 ShellHWDetection - ok
09:13:40.0231 3932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:13:40.0241 3932 SiSRaid2 - ok
09:13:40.0251 3932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:13:40.0271 3932 SiSRaid4 - ok
09:13:40.0301 3932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:13:40.0331 3932 Smb - ok
09:13:40.0361 3932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:13:40.0371 3932 SNMPTRAP - ok
09:13:40.0381 3932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:13:40.0391 3932 spldr - ok
09:13:40.0431 3932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:13:40.0451 3932 Spooler - ok
09:13:40.0551 3932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:13:40.0611 3932 sppsvc - ok
09:13:40.0631 3932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:13:40.0661 3932 sppuinotify - ok
09:13:40.0701 3932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:13:40.0711 3932 srv - ok
09:13:40.0731 3932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:13:40.0741 3932 srv2 - ok
09:13:40.0751 3932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:13:40.0761 3932 srvnet - ok
09:13:40.0791 3932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:13:40.0831 3932 SSDPSRV - ok
09:13:40.0851 3932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:13:40.0881 3932 SstpSvc - ok
09:13:40.0921 3932 Steam Client Service - ok
09:13:40.0951 3932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:13:40.0961 3932 stexstor - ok
09:13:41.0001 3932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:13:41.0031 3932 stisvc - ok
09:13:41.0041 3932 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:13:41.0041 3932 storflt - ok
09:13:41.0071 3932 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
09:13:41.0081 3932 StorSvc - ok
09:13:41.0111 3932 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:13:41.0141 3932 storvsc - ok
09:13:41.0171 3932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:13:41.0181 3932 swenum - ok
09:13:41.0211 3932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:13:41.0261 3932 swprv - ok
09:13:41.0331 3932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:13:41.0361 3932 SysMain - ok
09:13:41.0391 3932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:13:41.0431 3932 TabletInputService - ok
09:13:41.0461 3932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:13:41.0511 3932 TapiSrv - ok
09:13:41.0531 3932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:13:41.0561 3932 TBS - ok
09:13:41.0621 3932 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:13:41.0661 3932 Tcpip - ok
09:13:41.0711 3932 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:13:41.0741 3932 TCPIP6 - ok
09:13:41.0771 3932 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:13:41.0801 3932 tcpipreg - ok
09:13:41.0831 3932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:13:41.0841 3932 TDPIPE - ok
09:13:41.0861 3932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:13:41.0871 3932 TDTCP - ok
09:13:41.0901 3932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:13:41.0931 3932 tdx - ok
09:13:41.0961 3932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:13:41.0971 3932 TermDD - ok
09:13:41.0991 3932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:13:42.0031 3932 TermService - ok
09:13:42.0051 3932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:13:42.0071 3932 Themes - ok
09:13:42.0071 3932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:13:42.0101 3932 THREADORDER - ok
09:13:42.0131 3932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:13:42.0161 3932 TrkWks - ok
09:13:42.0211 3932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:13:42.0261 3932 TrustedInstaller - ok
09:13:42.0291 3932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:13:42.0321 3932 tssecsrv - ok
09:13:42.0341 3932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:13:42.0351 3932 TsUsbFlt - ok
09:13:42.0401 3932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:13:42.0451 3932 tunnel - ok
09:13:42.0471 3932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:13:42.0491 3932 uagp35 - ok
09:13:42.0501 3932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:13:42.0541 3932 udfs - ok
09:13:42.0561 3932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:13:42.0571 3932 UI0Detect - ok
09:13:42.0601 3932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:13:42.0611 3932 uliagpkx - ok
09:13:42.0651 3932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:13:42.0681 3932 umbus - ok
09:13:42.0711 3932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:13:42.0731 3932 UmPass - ok
09:13:42.0771 3932 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:13:42.0811 3932 UmRdpService - ok
09:13:42.0841 3932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:13:42.0891 3932 upnphost - ok
09:13:42.0921 3932 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:13:42.0941 3932 usbaudio - ok
09:13:42.0971 3932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:13:43.0001 3932 usbccgp - ok
09:13:43.0021 3932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:13:43.0041 3932 usbcir - ok
09:13:43.0061 3932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:13:43.0071 3932 usbehci - ok
09:13:43.0101 3932 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:13:43.0121 3932 usbfilter - ok
09:13:43.0141 3932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:13:43.0171 3932 usbhub - ok
09:13:43.0191 3932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:13:43.0201 3932 usbohci - ok
09:13:43.0241 3932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:13:43.0251 3932 usbprint - ok
09:13:43.0281 3932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:13:43.0291 3932 usbscan - ok
09:13:43.0311 3932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:13:43.0321 3932 USBSTOR - ok
09:13:43.0351 3932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:13:43.0361 3932 usbuhci - ok
09:13:43.0381 3932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:13:43.0411 3932 UxSms - ok
09:13:43.0421 3932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:13:43.0431 3932 VaultSvc - ok
09:13:43.0451 3932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:13:43.0461 3932 vdrvroot - ok
09:13:43.0501 3932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:13:43.0541 3932 vds - ok
09:13:43.0561 3932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:13:43.0581 3932 vga - ok
09:13:43.0591 3932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:13:43.0621 3932 VgaSave - ok
09:13:43.0651 3932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:13:43.0671 3932 vhdmp - ok
09:13:43.0701 3932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:13:43.0711 3932 viaide - ok
09:13:43.0731 3932 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:13:43.0741 3932 vmbus - ok
09:13:43.0751 3932 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:13:43.0761 3932 VMBusHID - ok
09:13:43.0771 3932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:13:43.0781 3932 volmgr - ok
09:13:43.0821 3932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:13:43.0831 3932 volmgrx - ok
09:13:43.0842 3932 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:13:43.0862 3932 volsnap - ok
09:13:43.0882 3932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:13:43.0892 3932 vsmraid - ok
09:13:43.0952 3932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:13:43.0992 3932 VSS - ok
09:13:44.0012 3932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:13:44.0022 3932 vwifibus - ok
09:13:44.0052 3932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:13:44.0092 3932 W32Time - ok
09:13:44.0112 3932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:13:44.0122 3932 WacomPen - ok
09:13:44.0172 3932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:13:44.0202 3932 WANARP - ok
09:13:44.0212 3932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:13:44.0242 3932 Wanarpv6 - ok
09:13:44.0302 3932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:13:44.0322 3932 wbengine - ok
09:13:44.0342 3932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:13:44.0362 3932 WbioSrvc - ok
09:13:44.0402 3932 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:13:44.0422 3932 wcncsvc - ok
09:13:44.0432 3932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:13:44.0452 3932 WcsPlugInService - ok
09:13:44.0482 3932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:13:44.0492 3932 Wd - ok
09:13:44.0532 3932 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:13:44.0552 3932 Wdf01000 - ok
09:13:44.0562 3932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:13:44.0582 3932 WdiServiceHost - ok
09:13:44.0592 3932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:13:44.0602 3932 WdiSystemHost - ok
09:13:44.0632 3932 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:13:44.0652 3932 WebClient - ok
09:13:44.0672 3932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:13:44.0702 3932 Wecsvc - ok
09:13:44.0722 3932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:13:44.0752 3932 wercplsupport - ok
09:13:44.0772 3932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:13:44.0802 3932 WerSvc - ok
09:13:44.0842 3932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:13:44.0872 3932 WfpLwf - ok
09:13:44.0882 3932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:13:44.0892 3932 WIMMount - ok
09:13:44.0892 3932 WinHttpAutoProxySvc - ok
09:13:44.0942 3932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:13:44.0992 3932 Winmgmt - ok
09:13:45.0062 3932 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:13:45.0112 3932 WinRM - ok
09:13:45.0162 3932 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:13:45.0182 3932 WinUsb - ok
09:13:45.0212 3932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:13:45.0232 3932 Wlansvc - ok
09:13:45.0362 3932 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:13:45.0422 3932 wlidsvc - ok
09:13:45.0452 3932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:13:45.0462 3932 WmiAcpi - ok
09:13:45.0482 3932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:13:45.0492 3932 wmiApSrv - ok
09:13:45.0532 3932 WMPNetworkSvc - ok
09:13:45.0552 3932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:13:45.0572 3932 WPCSvc - ok
09:13:45.0592 3932 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:13:45.0612 3932 WPDBusEnum - ok
09:13:45.0642 3932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:13:45.0672 3932 ws2ifsl - ok
09:13:45.0672 3932 WSearch - ok
09:13:45.0702 3932 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:13:45.0712 3932 WudfPf - ok
09:13:45.0752 3932 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:13:45.0772 3932 WUDFRd - ok
09:13:45.0792 3932 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:13:45.0802 3932 wudfsvc - ok
09:13:45.0842 3932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:13:45.0862 3932 WwanSvc - ok
09:13:45.0872 3932 ================ Scan global ===============================
09:13:45.0892 3932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:13:45.0932 3932 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:13:45.0942 3932 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:13:45.0972 3932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:13:46.0012 3932 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
09:13:46.0012 3932 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
09:13:46.0022 3932 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
09:13:46.0022 3932 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
09:13:46.0022 3932 ================ Scan MBR ==================================
09:13:46.0042 3932 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:13:46.0392 3932 \Device\Harddisk0\DR0 - ok
09:13:46.0402 3932 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
09:13:46.0482 3932 \Device\Harddisk1\DR1 - ok
09:13:46.0482 3932 ================ Scan VBR ==================================
09:13:46.0482 3932 [ 68B82B246768EF82EB205AD8FEA0B354 ] \Device\Harddisk0\DR0\Partition1
09:13:46.0482 3932 \Device\Harddisk0\DR0\Partition1 - ok
09:13:46.0502 3932 [ C9AE3F60E508B4D7265B0F0A677BB1C4 ] \Device\Harddisk0\DR0\Partition2
09:13:46.0512 3932 \Device\Harddisk0\DR0\Partition2 - ok
09:13:46.0522 3932 [ 24AB7B9F5D1E078FC08801A04960FC4F ] \Device\Harddisk0\DR0\Partition3
09:13:46.0522 3932 \Device\Harddisk0\DR0\Partition3 - ok
09:13:46.0532 3932 [ 59046DE0DDDC09ED714C182AAA88A132 ] \Device\Harddisk1\DR1\Partition1
09:13:46.0532 3932 \Device\Harddisk1\DR1\Partition1 - ok
09:13:46.0532 3932 ============================================================
09:13:46.0532 3932 Scan finished
09:13:46.0532 3932 ============================================================
09:13:46.0552 4560 Detected object count: 2
09:13:46.0552 4560 Actual detected object count: 2
09:14:02.0694 4560 CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:02.0694 4560 CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:02.0734 4560 C:\Windows\system32\services.exe - copied to quarantine
09:14:03.0364 4560 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
09:14:03.0364 4560 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
09:14:06.0124 4560 Backup copy not found, trying to cure infected file..
09:14:06.0124 4560 Cure success, using it..
09:14:06.0174 4560 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
09:14:06.0174 4560 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
09:14:06.0174 4560 C:\Windows\system32\services.exe - will be cured on reboot
09:14:06.0174 4560 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
09:14:10.0094 4320 Deinitialize success
Code:
ATTFilter 09:16:03.0377 2844 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:16:03.0596 2844 ============================================================
09:16:03.0596 2844 Current date / time: 2013/05/17 09:16:03.0596
09:16:03.0596 2844 SystemInfo:
09:16:03.0596 2844
09:16:03.0596 2844 OS Version: 6.1.7601 ServicePack: 1.0
09:16:03.0596 2844 Product type: Workstation
09:16:03.0596 2844 ComputerName: MIYU-PC
09:16:03.0596 2844 UserName: Miyu
09:16:03.0596 2844 Windows directory: C:\Windows
09:16:03.0596 2844 System windows directory: C:\Windows
09:16:03.0596 2844 Running under WOW64
09:16:03.0596 2844 Processor architecture: Intel x64
09:16:03.0596 2844 Number of processors: 8
09:16:03.0596 2844 Page size: 0x1000
09:16:03.0596 2844 Boot type: Normal boot
09:16:03.0596 2844 ============================================================
09:16:05.0046 2844 BG loaded
09:16:05.0842 2844 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:05.0858 2844 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:16:05.0858 2844 ============================================================
09:16:05.0858 2844 \Device\Harddisk0\DR0:
09:16:05.0858 2844 MBR partitions:
09:16:05.0858 2844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:16:05.0858 2844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBF96000
09:16:05.0858 2844 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xBFC8800, BlocksNum 0x19465800
09:16:05.0858 2844 \Device\Harddisk1\DR1:
09:16:05.0858 2844 MBR partitions:
09:16:05.0858 2844 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
09:16:05.0858 2844 ============================================================
09:16:05.0920 2844 C: <-> \Device\Harddisk0\DR0\Partition2
09:16:05.0998 2844 D: <-> \Device\Harddisk0\DR0\Partition3
09:16:05.0998 2844 F: <-> \Device\Harddisk1\DR1\Partition1
09:16:05.0998 2844 ============================================================
09:16:05.0998 2844 Initialize success
09:16:05.0998 2844 ============================================================
09:20:23.0880 2820 Deinitialize success
Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Miyu on 17.05.2013 at 9:18:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results16.05.2013-2350.log 41880 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"facemoods"=-
==== Deleting Files \ Folders ======================
"C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec" deleted
"C:\Program Files (x86)\x264 Video Codec" deleted
"C:\Windows\syswow64\appdata" deleted
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="D:\Programme\iTunesHelper.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
==== Startup Folders ======================
2013-01-09 15:28:05 769 ----a-w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2013-01-10 14:44:23 1235 ----a-w- C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 20:00]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000Core.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000UA.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
- Facemoods - %ProfilePath%\extensions\ffxtlbr@Facemoods.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- uTorrentBar_DE - %ProfilePath%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11
C899B98999270821EDFFA56044DE2377 - C:\Users\Miyu\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
3FCF47BD73094FA62D81373515F46110 - D:\Programme\Mozilla Plugins\npitunes.dll - iTunes Application Detector
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Miyu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleting Files \ Folders ======================
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\torntv2@torntv.com.xpi" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@Facemoods.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}" deleted
==== EOF on 17.05.2013 at 9:20:39,49 ======================
Vielen Dank! |
|
17.05.2013, 10:45
| #6 |
| /// Malwareteam / Visitor | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Es sieht alles gelungen aus, Du machst es Prima 
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
17.05.2013, 11:13
| #7 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe So also hier mal der zoek log Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Miyu on 17.05.2013 at 12:11:28,51.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results16.05.2013-2350.log 41880 bytes
C:\zoek-results17.05.2013-0920.log 6862 bytes
==== Deleting Files \ Folders ======================
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\object.ini" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\file0000\object.ini" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\file0000\tsk0000.dta" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\file0000\tsk0000.ini" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\zafs0000\tsk0000.dta" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\zafs0000\tsk0000.ini" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\zafs0000\tsk0001.dta" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\zafs0000\tsk0001.ini" deleted
"C:\TDSSKiller_Quarantine" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\file0000" deleted
"C:\TDSSKiller_Quarantine\17.05.2013_09.13.16\zasubsys0000\zafs0000" deleted
==== EOF on 17.05.2013 at 12:12:12,37 ======================
 Hier den AdwCleaner log AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 17/05/2013 um 12:14:40 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Miyu - MIYU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Miyu\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c55d68db735e849
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\prefs.js
Gelöscht : user_pref("CT2851647.FF19Solved", "true");
Gelöscht : user_pref("CT2851647.UserID", "UN17184191462644514");
Gelöscht : user_pref("CT2851647.autoDisableScopes", -1);
Gelöscht : user_pref("CT2851647.installDate", "16/5/2013 11:02:59");
Gelöscht : user_pref("CT2851647.installerVersion", "1.3.7.3");
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Miyu\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [9080 octets] - [17/05/2013 12:14:40]
########## EOF - C:\AdwCleaner[S1].txt - [9140 octets] ##########
Im neu erstellten Ordner starte bitte die mbar.exe. Hier kommt bei mir ein Fenster: Probable rootkit activity detected Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Note: Press "No" button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again. Do you want to remove this value and restart the tool? |
|
17.05.2013, 11:44
| #8 | |
| /// Malwareteam / Visitor | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exeZitat:
|
|
17.05.2013, 12:17
| #9 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe So, jetzt hab ichs Das ist der Log nach dem ersten Druchgang: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Miyu :: MIYU-PC [administrator]
17.05.2013 12:56:56
mbar-log-2013-05-17 (12-56-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29741
Time elapsed: 9 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Users\Miyu\Downloads\RemoveWAT.exe (HackTool.Wpakill) -> Delete on reboot.
c:\Users\Miyu\Desktop\Win 7 Loader v2.1.9 by DAZ\Windows Loader.exe (Trojan.Dropper) -> Delete on reboot.
(end)
Hier der letzte Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Miyu :: MIYU-PC [administrator]
17.05.2013 13:13:40
mbar-log-2013-05-17 (13-13-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29726
Time elapsed: 11 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
17.05.2013, 12:21
| #10 |
| /// Malwareteam / Visitor | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Ich denke alles ist sauber Noch mal ne Check: Downloade Dir bitte  SecurityCheck und:
|
|
17.05.2013, 12:28
| #11 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Erledigt Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 38
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
17.05.2013, 12:32
| #12 |
| /// Malwareteam / Visitor | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Downloade dir bitte Farbar's Service Scanner
|
|
17.05.2013, 12:36
| #13 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exeCode:
ATTFilter
Farbar Service Scanner Version: 14-04-2013
Ran by Miyu (administrator) on 17-05-2013 at 13:35:18
Running from "C:\Users\Miyu\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 01:54] - [2009-07-14 03:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
17.05.2013, 12:40
| #14 |
| /// Malwareteam / Visitor | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe Downloade dir bitte RestoreBFE.exe. Starte das Tool mit Doppelklick. Nach ein paar Sekunden sollte eine Nachricht mit "Done" aufpoppen. Downloade dir bitte diese Tool von folgendem Link: Service Repair Nach dem Start wird das Tool versuchen einige Standarddienste wiederherzustellen. Poste mit bitte das anfallende Logfile. Rechner nachher neustarten. Erneut eine Farbar Service Scanner Log-Datei erstellen und posten |
|
17.05.2013, 12:49
| #15 |
| | W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exeCode:
ATTFilter Log Opened: 2013-05-17 @ 13:47:56
13:47:56 - -----------------
13:47:56 - | Begin Logging |
13:47:56 - -----------------
13:47:56 - Fix started on a WIN_7 X64 computer
13:47:56 - Prep in progress. Please Wait.
13:47:57 - Prep complete
13:47:57 - Repairing Services Now. Please wait...
13:47:57 - Services Repair Complete.
13:48:24 - Reboot Skipped
Hier der Log Code:
ATTFilter Farbar Service Scanner Version: 14-04-2013
Ran by Miyu (administrator) on 17-05-2013 at 13:53:20
Running from "C:\Users\Miyu\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 01:54] - [2009-07-14 03:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
| Themen zu W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe |
| adobe, browser, c:\windows\system32\services.exe, explorer, firefox, flash player, helper, internet, internet explorer, log file, mozilla, pando media booster, problem, recycle.bin, registry, rootkit, search the web, services.exe, software, starten, system, tarma, temp, torntv.com, virus.win64.zaccess.a, w32/patched.uc, w32/patched.uc' [virus] in 'c:\windows\system32\services.exe, windows |
![W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe](iconimages/log-analyse-auswertung/w32-patched-uc-virus-c-windows-system32-services-exe_ltr.gif)
Linear-Darstellung
