Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: svchost.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2012, 19:19   #1
Lukas1997
 
svchost.exe - Standard

svchost.exe



Also, ich habe folgendes Problem:
Seit kurzem blockt Bitdefender immer einen Prozess namens svchost.exe.
Es ist aber NICHT die svchost.exe in system32, sondern die Datei liegt unter meinem Benutzerkonto in AppData\Roaming\Microsoft.
Allerdings kann ich die Datei nicht mit dem Windows-Explorer finden und Bitdefender findet auch bei einem Systemscan nichts verdächtiges.
Ich habe auch schon Programme wie Spybot S&D ausprobiert, aber die finden auch nichts.
Was soll ich tun?

Ich habe noch etwas vergessen, irgendein Programm deaktiviert ständig den Scan von Bitdefender.
Und hier ist noch der Logfile:

BitDefender Log File

Product : Bitdefender Internet Security 2012
Scanning task : Vollständiger System-Scan
Log date : Dienstag, 29. Mai 2012 09:29:45
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1338275457_1_02.xml

Scan Paths:
Path : C:\

[-]Scan Results
[-]Resolved issues:Object Path Threat Name Final Status
Cookie: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Cookies\8QS8ZOE5.txt Cookie.DoubleClick Deleted

[-]Objects that were not scanned:Object Path Reason Final Status
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page0.html Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2.html Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/title.png Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/options.js Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Babylon.dat Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/BExternal.dll Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/bab091.norecovericon.dat Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/globe.png Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\Users\Lukas\Downloads\AntiVirus2012Download.rar=>AntiVirus2012Download=>AntiVirus2012.rar=>AntiVirus2012.exe Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup-latest-30b.zpb Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/toolBar.jpg Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\SupportFiles.7z=>PowerDVD12.ico Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentadb.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup.exe Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/SetupStrings.dat Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3Lrg.css Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/bab033.tbinst.dat Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3.html Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Setup-tbmntr903.zpb Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/blueStar.png Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/Chrome_tb.zpb Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/sqlite3.dll Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip=>Users/Lukas/AppData/Roaming/Babylon/log_file.txt Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/sign Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/setup.js Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip=>sbRecovery.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2.css Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page3.css Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentadb.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/progress.png Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/pBar.gif Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/eula.html Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/HtmlScreens/page2Lrg.css Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip=>Users/Lukas/AppData/Local/Babylon/Setup/IECookieLow.dll Password-protected Not scanned (file was password-protected)

[-]Detailed Scan Summary
[-]Basic
Scanned items : 293799
Infected items : 1
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 1
Unresolved items : 0 (no issues remained unresolved)

[-]Advanced
Scan time : 0: 17: 40
Files per second : 277
Skipped items : 390853
Password-protected items : 56
Overcompressed items : 0
Scanned archives : 7
Input-output errors : 0
Scanned boot sectors : 4
Scanned processes : 4551
Infected processes : 0
Scanned registry keys : 2010
Infected registry keys : 0
Scanned cookies : 163
Infected cookies : 1

[-]Scan Options
[-]Target Threat Types:
Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Scan for keyloggers : Yes

[-]Target Selection Options:
Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions : none configured
Excluded extensions : none configured

[-]Target Processing:
Default primary action for infected objects : Disinfect
Default secondary action for infected objects : Move to Quarantine
Default primary action for suspicious objects : Move to Quarantine
Default secondary action for suspicious objects : None
Default action for hidden objects : Disinfect
Default action for password-protected objects : Log as not scanned

[-]Scan engines summary
Number of virus signatures : 7245322

Alt 30.05.2012, 15:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 01.06.2012, 21:27   #3
Lukas1997
 
svchost.exe - Standard

svchost.exe



Also, das Problem hat sich erledigt als ich mit Malwarebytes gescannt habe.
Der Virus wurde gefunden und gelöscht.
Hier trotzdem noch der Logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: DESKTOP-PC [Administrator]

Schutz: Aktiviert

01.06.2012 13:13:55
mbam-log-2012-06-01 (13-13-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355180
Laufzeit: 8 Stunde(n), 5 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Trojan.Agent) -> Daten: C:\Users\Lukas\AppData\Roaming\Microsoft\svchost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Lukas\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Windows\System32\cmdow.exe (PUP.Tool) -> Keine Aktion durchgeführt.
C:\Users\Lukas\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\AppData\Roaming\dclogs\2012-05-19-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 02.06.2012, 19:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Außerdem fehlt ESET noch!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2012, 22:47   #5
Lukas1997
 
svchost.exe - Standard

svchost.exe



Ältere Scans von Malwarebytes habe ich nicht, aber hier ist das Ergebnis von
Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7a5294b26c87b84e823767628300806f
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-01 11:54:44
# local_time=2012-06-01 01:54:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 601682 90179643 0 0
# compatibility_mode=8192 67108863 100 0 362 362 0 0
# scanned=7528
# found=0
# cleaned=0
# scan_time=1891
         
Aber wie bereits erwähnt ist die Datei nicht mehr zu finden.


Alt 03.06.2012, 14:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> svchost.exe

Alt 03.06.2012, 16:58   #7
Lukas1997
 
svchost.exe - Standard

svchost.exe



Ja, Windows startet wieder ordnungsgemäß, wenn auch etwas langsamer.
Das hat aber glaube ich eher etwas damit zu tun das Windows nicht aufgeräumt ist.
Und nein, ich habe keine leeren Verzeichnisse gefunden und es ist auch noch alles da.

Alt 03.06.2012, 18:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2012, 13:34   #9
Lukas1997
 
svchost.exe - Standard

svchost.exe



Habe mit OTL gescannt und es hat auch ohne Probleme geklappt.
Da das Log zu groß ist habe ich es als zip angehängt.

Alt 06.06.2012, 15:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=HP_ss&mntrId=9ac4fba1000000000000001f1f607b79
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A BF 56 48 A2 2F CD 01  [binary data]
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=100512_1_&babsrc=SP_ss&mntrId=9ac4fba1000000000000001f1f607b79
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=KW_ss&mntrId=9ac4fba1000000000000001f1f607b79&q="
[2012.05.12 10:29:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.29 18:30:39 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.07.03 07:07:02 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:32 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 06:59:54 | 000,001,982 | R--- | M] () - D:\autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.06.20 07:01:00 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:30 | 000,087,060 | R--- | M] () - D:\autorun.obj -- [ CDFS ]
O33 - MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2003.06.25 12:17:32 | 001,101,824 | R--- | M] ()
:Files
C:\Users\Lukas\AppData\Roaming\Babylon
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2012, 16:41   #11
Lukas1997
 
svchost.exe - Standard

svchost.exe



Hat alles super geklappt und hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "https://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=113480&tt=100512_1_&babsrc=KW_ss&mntrId=9ac4fba1000000000000001f1f607b79&q=" removed from keyword.URL
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1452557258-77057033-3389612022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.csf scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.obj scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c571211-9bae-11e1-a016-806e6f6e6963}\ not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Lukas\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj\7.0.1428_0\icons folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj\7.0.1428_0 folder moved successfully.
C:\Users\Lukas\AppData\Roaming\kndnlpadobhdmiplckgecjhpeibcepkj folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lukas
->Temp folder emptied: 404034864 bytes
->Temporary Internet Files folder emptied: 79206664 bytes
->FireFox cache emptied: 1119809179 bytes
->Flash cache emptied: 28889 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 326432 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46666183 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.608,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lukas
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.1 log created on 06062012_163356

Files\Folders moved on Reboot...
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.csf scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.obj scheduled to be moved on reboot.
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\~bdC452.tmp not found!

Registry entries deleted on Reboot...
         

Alt 06.06.2012, 16:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2012, 17:03   #13
Lukas1997
 
svchost.exe - Standard

svchost.exe



Er hat irgend etwas im Alcohol 52% Verzeichniss gefunden.:-(
Ich hab die Datei in Quarantäne verschoben.
Hier das Log:
Code:
ATTFilter
16:54:31.0729 3312	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:54:33.0499 3312	============================================================
16:54:33.0499 3312	Current date / time: 2012/06/06 16:54:33.0499
16:54:33.0499 3312	SystemInfo:
16:54:33.0499 3312	
16:54:33.0499 3312	OS Version: 6.1.7601 ServicePack: 1.0
16:54:33.0499 3312	Product type: Workstation
16:54:33.0499 3312	ComputerName: DESKTOP-PC
16:54:33.0500 3312	UserName: Lukas
16:54:33.0500 3312	Windows directory: C:\Windows
16:54:33.0500 3312	System windows directory: C:\Windows
16:54:33.0500 3312	Running under WOW64
16:54:33.0500 3312	Processor architecture: Intel x64
16:54:33.0500 3312	Number of processors: 6
16:54:33.0500 3312	Page size: 0x1000
16:54:33.0500 3312	Boot type: Normal boot
16:54:33.0500 3312	============================================================
16:54:35.0046 3312	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:54:35.0058 3312	============================================================
16:54:35.0058 3312	\Device\Harddisk0\DR0:
16:54:35.0058 3312	MBR partitions:
16:54:35.0058 3312	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:54:35.0058 3312	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:54:35.0058 3312	============================================================
16:54:35.0079 3312	C: <-> \Device\Harddisk0\DR0\Partition1
16:54:35.0079 3312	============================================================
16:54:35.0079 3312	Initialize success
16:54:35.0079 3312	============================================================
16:55:04.0990 3468	============================================================
16:55:04.0990 3468	Scan started
16:55:04.0990 3468	Mode: Manual; SigCheck; TDLFS; 
16:55:04.0990 3468	============================================================
16:55:05.0473 3468	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:55:05.0536 3468	1394ohci - ok
16:55:05.0583 3468	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:55:05.0598 3468	ACPI - ok
16:55:05.0598 3468	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:55:05.0629 3468	AcpiPmi - ok
16:55:05.0676 3468	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:05.0707 3468	adp94xx - ok
16:55:05.0707 3468	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:55:05.0723 3468	adpahci - ok
16:55:05.0739 3468	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:55:05.0754 3468	adpu320 - ok
16:55:05.0785 3468	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:55:05.0832 3468	AeLookupSvc - ok
16:55:05.0863 3468	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:55:05.0879 3468	AFD - ok
16:55:05.0910 3468	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:55:05.0941 3468	agp440 - ok
16:55:05.0957 3468	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:55:05.0988 3468	ALG - ok
16:55:06.0004 3468	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:55:06.0019 3468	aliide - ok
16:55:06.0066 3468	ALSysIO - ok
16:55:06.0129 3468	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:55:06.0191 3468	AMD External Events Utility - ok
16:55:06.0253 3468	AMD FUEL Service - ok
16:55:06.0300 3468	AMDFusionSVC    (b2b7d8f695b5d97a63eda789e9d237e1) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
16:55:06.0347 3468	AMDFusionSVC - ok
16:55:06.0363 3468	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:55:06.0363 3468	amdide - ok
16:55:06.0394 3468	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:55:06.0394 3468	amdiox64 - ok
16:55:06.0409 3468	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:55:06.0441 3468	AmdK8 - ok
16:55:06.0815 3468	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:55:07.0143 3468	amdkmdag - ok
16:55:07.0221 3468	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:55:07.0252 3468	amdkmdap - ok
16:55:07.0267 3468	AmdLLD64        (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
16:55:07.0283 3468	AmdLLD64 - ok
16:55:07.0299 3468	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:55:07.0330 3468	AmdPPM - ok
16:55:07.0361 3468	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:55:07.0377 3468	amdsata - ok
16:55:07.0377 3468	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:07.0392 3468	amdsbs - ok
16:55:07.0408 3468	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:55:07.0408 3468	amdxata - ok
16:55:07.0423 3468	AODDriver4.1    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:55:07.0439 3468	AODDriver4.1 - ok
16:55:07.0486 3468	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:55:07.0564 3468	AppID - ok
16:55:07.0595 3468	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:55:07.0657 3468	AppIDSvc - ok
16:55:07.0704 3468	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:55:07.0751 3468	Appinfo - ok
16:55:07.0767 3468	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:55:07.0782 3468	AppMgmt - ok
16:55:07.0798 3468	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:55:07.0813 3468	arc - ok
16:55:07.0813 3468	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:55:07.0829 3468	arcsas - ok
16:55:07.0860 3468	asmthub3        (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
16:55:07.0876 3468	asmthub3 - ok
16:55:07.0907 3468	asmtxhci        (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
16:55:07.0938 3468	asmtxhci - ok
16:55:08.0063 3468	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:55:08.0079 3468	aspnet_state - ok
16:55:08.0110 3468	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:08.0157 3468	AsyncMac - ok
16:55:08.0188 3468	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:55:08.0219 3468	atapi - ok
16:55:08.0266 3468	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
16:55:08.0297 3468	AtiHDAudioService - ok
16:55:08.0344 3468	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:55:08.0406 3468	AudioEndpointBuilder - ok
16:55:08.0406 3468	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:55:08.0453 3468	AudioSrv - ok
16:55:08.0515 3468	avc3            (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
16:55:08.0547 3468	avc3 - ok
16:55:08.0578 3468	avchv           (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
16:55:08.0593 3468	avchv - ok
16:55:08.0609 3468	avckf           (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
16:55:08.0625 3468	avckf - ok
16:55:08.0749 3468	AxAutoMntSrv    (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
16:55:08.0765 3468	AxAutoMntSrv - ok
16:55:08.0812 3468	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:55:08.0874 3468	AxInstSV - ok
16:55:08.0905 3468	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:55:08.0937 3468	b06bdrv - ok
16:55:08.0968 3468	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:55:08.0999 3468	b57nd60a - ok
16:55:09.0030 3468	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:55:09.0061 3468	BDESVC - ok
16:55:09.0186 3468	BdfNdisf        (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
16:55:09.0202 3468	BdfNdisf - ok
16:55:09.0233 3468	bdfsfltr        (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
16:55:09.0249 3468	bdfsfltr - ok
16:55:09.0295 3468	bdfwfpf         (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
16:55:09.0327 3468	bdfwfpf - ok
16:55:09.0358 3468	bdsandbox       (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
16:55:09.0358 3468	bdsandbox - ok
16:55:09.0373 3468	BDVEDISK        (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
16:55:09.0389 3468	BDVEDISK - ok
16:55:09.0389 3468	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:55:09.0483 3468	Beep - ok
16:55:09.0576 3468	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:55:09.0639 3468	BFE - ok
16:55:09.0685 3468	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:55:09.0732 3468	BITS - ok
16:55:09.0763 3468	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:09.0779 3468	blbdrive - ok
16:55:09.0795 3468	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:55:09.0826 3468	bowser - ok
16:55:09.0857 3468	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:09.0904 3468	BrFiltLo - ok
16:55:09.0904 3468	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:09.0919 3468	BrFiltUp - ok
16:55:09.0966 3468	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:55:09.0997 3468	Browser - ok
16:55:10.0013 3468	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:55:10.0060 3468	Brserid - ok
16:55:10.0075 3468	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:10.0091 3468	BrSerWdm - ok
16:55:10.0091 3468	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:10.0107 3468	BrUsbMdm - ok
16:55:10.0122 3468	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:10.0138 3468	BrUsbSer - ok
16:55:10.0138 3468	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:10.0169 3468	BTHMODEM - ok
16:55:10.0216 3468	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:55:10.0263 3468	bthserv - ok
16:55:10.0263 3468	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:10.0309 3468	cdfs - ok
16:55:10.0341 3468	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:10.0372 3468	cdrom - ok
16:55:10.0387 3468	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:55:10.0434 3468	CertPropSvc - ok
16:55:10.0465 3468	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:55:10.0481 3468	circlass - ok
16:55:10.0497 3468	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:55:10.0512 3468	CLFS - ok
16:55:10.0653 3468	CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
16:55:10.0684 3468	CLHNServiceForPowerDVD12 - ok
16:55:10.0746 3468	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:55:10.0762 3468	clr_optimization_v2.0.50727_32 - ok
16:55:10.0793 3468	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:55:10.0809 3468	clr_optimization_v2.0.50727_64 - ok
16:55:10.0855 3468	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:55:10.0871 3468	clr_optimization_v4.0.30319_32 - ok
16:55:10.0902 3468	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:55:10.0918 3468	clr_optimization_v4.0.30319_64 - ok
16:55:10.0949 3468	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:10.0980 3468	CmBatt - ok
16:55:11.0011 3468	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:55:11.0027 3468	cmdide - ok
16:55:11.0074 3468	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:55:11.0089 3468	CNG - ok
16:55:11.0121 3468	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:11.0136 3468	Compbatt - ok
16:55:11.0292 3468	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:55:11.0339 3468	CompositeBus - ok
16:55:11.0355 3468	COMSysApp - ok
16:55:11.0370 3468	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:11.0386 3468	crcdisk - ok
16:55:11.0433 3468	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:55:11.0479 3468	CryptSvc - ok
16:55:11.0542 3468	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:55:11.0589 3468	CSC - ok
16:55:11.0620 3468	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:55:11.0667 3468	CscService - ok
16:55:11.0760 3468	CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
16:55:11.0776 3468	CyberLink PowerDVD 12 Media Server Monitor Service - ok
16:55:11.0807 3468	CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
16:55:11.0823 3468	CyberLink PowerDVD 12 Media Server Service - ok
16:55:11.0854 3468	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:55:11.0916 3468	DcomLaunch - ok
16:55:11.0932 3468	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:55:11.0994 3468	defragsvc - ok
16:55:12.0025 3468	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:55:12.0088 3468	DfsC - ok
16:55:12.0103 3468	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:55:12.0181 3468	Dhcp - ok
16:55:12.0181 3468	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:55:12.0213 3468	discache - ok
16:55:12.0228 3468	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:55:12.0244 3468	Disk - ok
16:55:12.0259 3468	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:55:12.0291 3468	Dnscache - ok
16:55:12.0322 3468	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:55:12.0369 3468	dot3svc - ok
16:55:12.0400 3468	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:55:12.0431 3468	DPS - ok
16:55:12.0462 3468	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:55:12.0478 3468	drmkaud - ok
16:55:12.0525 3468	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:12.0540 3468	DXGKrnl - ok
16:55:12.0571 3468	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:55:12.0587 3468	E1G60 - ok
16:55:12.0587 3468	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:55:12.0634 3468	EapHost - ok
16:55:12.0759 3468	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:55:12.0868 3468	ebdrv - ok
16:55:12.0946 3468	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:55:12.0977 3468	EFS - ok
16:55:13.0024 3468	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:55:13.0071 3468	ehRecvr - ok
16:55:13.0086 3468	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:55:13.0102 3468	ehSched - ok
16:55:13.0149 3468	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:55:13.0164 3468	elxstor - ok
16:55:13.0195 3468	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:55:13.0227 3468	ErrDev - ok
16:55:13.0273 3468	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:55:13.0305 3468	EventSystem - ok
16:55:13.0320 3468	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:55:13.0367 3468	exfat - ok
16:55:13.0383 3468	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:55:13.0414 3468	fastfat - ok
16:55:13.0476 3468	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:55:13.0507 3468	Fax - ok
16:55:13.0523 3468	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:55:13.0554 3468	fdc - ok
16:55:13.0585 3468	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:55:13.0617 3468	fdPHost - ok
16:55:13.0617 3468	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:55:13.0663 3468	FDResPub - ok
16:55:13.0663 3468	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:55:13.0679 3468	FileInfo - ok
16:55:13.0679 3468	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:55:13.0726 3468	Filetrace - ok
16:55:13.0741 3468	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:13.0757 3468	flpydisk - ok
16:55:13.0788 3468	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:55:13.0819 3468	FltMgr - ok
16:55:13.0882 3468	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:55:13.0913 3468	FontCache - ok
16:55:13.0975 3468	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:55:13.0991 3468	FontCache3.0.0.0 - ok
16:55:14.0007 3468	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:55:14.0038 3468	FsDepends - ok
16:55:14.0053 3468	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:14.0053 3468	Fs_Rec - ok
16:55:14.0178 3468	Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
16:55:14.0225 3468	Futuremark SystemInfo Service - ok
16:55:14.0287 3468	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:55:14.0303 3468	fvevol - ok
16:55:14.0319 3468	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:14.0334 3468	gagp30kx - ok
16:55:14.0397 3468	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:55:14.0443 3468	gpsvc - ok
16:55:14.0521 3468	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:55:14.0553 3468	gupdate - ok
16:55:14.0553 3468	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:55:14.0568 3468	gupdatem - ok
16:55:14.0584 3468	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:55:14.0677 3468	gusvc - ok
16:55:14.0693 3468	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:55:14.0709 3468	hcw85cir - ok
16:55:14.0771 3468	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:55:14.0818 3468	HdAudAddService - ok
16:55:14.0849 3468	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:55:14.0865 3468	HDAudBus - ok
16:55:14.0896 3468	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:14.0911 3468	HidBatt - ok
16:55:14.0927 3468	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:55:14.0958 3468	HidBth - ok
16:55:14.0974 3468	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:55:14.0989 3468	HidIr - ok
16:55:15.0021 3468	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:55:15.0052 3468	hidserv - ok
16:55:15.0067 3468	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:55:15.0083 3468	HidUsb - ok
16:55:15.0130 3468	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:55:15.0177 3468	hkmsvc - ok
16:55:15.0208 3468	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:55:15.0255 3468	HomeGroupListener - ok
16:55:15.0301 3468	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:55:15.0348 3468	HomeGroupProvider - ok
16:55:15.0364 3468	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:55:15.0395 3468	HpSAMD - ok
16:55:15.0473 3468	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:55:15.0535 3468	HTTP - ok
16:55:15.0567 3468	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:55:15.0567 3468	hwpolicy - ok
16:55:15.0598 3468	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:55:15.0629 3468	i8042prt - ok
16:55:15.0691 3468	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:55:15.0723 3468	iaStorV - ok
16:55:15.0832 3468	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:55:15.0879 3468	idsvc - ok
16:55:15.0879 3468	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:55:15.0894 3468	iirsp - ok
16:55:15.0941 3468	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:55:15.0988 3468	IKEEXT - ok
16:55:16.0159 3468	IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys
16:55:16.0206 3468	IntcAzAudAddService - ok
16:55:16.0269 3468	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:55:16.0284 3468	intelide - ok
16:55:16.0347 3468	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:16.0378 3468	intelppm - ok
16:55:16.0409 3468	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:55:16.0440 3468	IPBusEnum - ok
16:55:16.0471 3468	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:16.0518 3468	IpFilterDriver - ok
16:55:16.0581 3468	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:55:16.0612 3468	iphlpsvc - ok
16:55:16.0627 3468	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:55:16.0659 3468	IPMIDRV - ok
16:55:16.0674 3468	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:55:16.0705 3468	IPNAT - ok
16:55:16.0721 3468	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:55:16.0752 3468	IRENUM - ok
16:55:16.0768 3468	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:55:16.0768 3468	isapnp - ok
16:55:16.0799 3468	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:55:16.0815 3468	iScsiPrt - ok
16:55:16.0830 3468	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:55:16.0846 3468	kbdclass - ok
16:55:16.0861 3468	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:55:16.0861 3468	kbdhid - ok
16:55:16.0893 3468	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:16.0908 3468	KeyIso - ok
16:55:16.0924 3468	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:55:16.0939 3468	KSecDD - ok
16:55:16.0955 3468	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:55:16.0971 3468	KSecPkg - ok
16:55:16.0986 3468	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:55:17.0033 3468	ksthunk - ok
16:55:17.0049 3468	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:55:17.0111 3468	KtmRm - ok
16:55:17.0127 3468	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:55:17.0158 3468	LanmanServer - ok
16:55:17.0189 3468	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:55:17.0267 3468	LanmanWorkstation - ok
16:55:17.0283 3468	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:17.0329 3468	lltdio - ok
16:55:17.0345 3468	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:55:17.0392 3468	lltdsvc - ok
16:55:17.0407 3468	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:55:17.0439 3468	lmhosts - ok
16:55:17.0454 3468	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:17.0470 3468	LSI_FC - ok
16:55:17.0470 3468	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:17.0485 3468	LSI_SAS - ok
16:55:17.0485 3468	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:17.0501 3468	LSI_SAS2 - ok
16:55:17.0501 3468	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:17.0517 3468	LSI_SCSI - ok
16:55:17.0532 3468	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:55:17.0579 3468	luafv - ok
16:55:17.0595 3468	MBfilt          (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
16:55:17.0610 3468	MBfilt - ok
16:55:17.0641 3468	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:55:17.0657 3468	Mcx2Svc - ok
16:55:17.0657 3468	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:55:17.0673 3468	megasas - ok
16:55:17.0688 3468	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:17.0704 3468	MegaSR - ok
16:55:17.0735 3468	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:55:17.0766 3468	MMCSS - ok
16:55:17.0782 3468	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:55:17.0813 3468	Modem - ok
16:55:17.0829 3468	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:55:17.0860 3468	monitor - ok
16:55:17.0860 3468	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:55:17.0875 3468	mouclass - ok
16:55:17.0875 3468	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:17.0891 3468	mouhid - ok
16:55:17.0922 3468	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:55:17.0938 3468	mountmgr - ok
16:55:18.0016 3468	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:55:18.0047 3468	MozillaMaintenance - ok
16:55:18.0078 3468	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:55:18.0094 3468	mpio - ok
16:55:18.0094 3468	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:55:18.0125 3468	mpsdrv - ok
16:55:18.0203 3468	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:55:18.0281 3468	MpsSvc - ok
16:55:18.0312 3468	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:55:18.0343 3468	MRxDAV - ok
16:55:18.0375 3468	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:18.0390 3468	mrxsmb - ok
16:55:18.0406 3468	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:18.0421 3468	mrxsmb10 - ok
16:55:18.0437 3468	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:18.0468 3468	mrxsmb20 - ok
16:55:18.0484 3468	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:55:18.0484 3468	msahci - ok
16:55:18.0499 3468	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:55:18.0515 3468	msdsm - ok
16:55:18.0531 3468	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:55:18.0546 3468	MSDTC - ok
16:55:18.0562 3468	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:55:18.0593 3468	Msfs - ok
16:55:18.0624 3468	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:55:18.0671 3468	mshidkmdf - ok
16:55:18.0702 3468	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:55:18.0718 3468	msisadrv - ok
16:55:18.0749 3468	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:55:18.0796 3468	MSiSCSI - ok
16:55:18.0796 3468	msiserver - ok
16:55:18.0811 3468	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:18.0843 3468	MSKSSRV - ok
16:55:18.0874 3468	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:18.0905 3468	MSPCLOCK - ok
16:55:18.0905 3468	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:55:18.0936 3468	MSPQM - ok
16:55:18.0983 3468	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:55:19.0014 3468	MsRPC - ok
16:55:19.0030 3468	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:55:19.0045 3468	mssmbios - ok
16:55:19.0045 3468	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:55:19.0092 3468	MSTEE - ok
16:55:19.0108 3468	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:19.0108 3468	MTConfig - ok
16:55:19.0139 3468	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:55:19.0139 3468	Mup - ok
16:55:19.0201 3468	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:55:19.0264 3468	napagent - ok
16:55:19.0311 3468	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:19.0342 3468	NativeWifiP - ok
16:55:19.0482 3468	NAUpdate        (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
16:55:19.0513 3468	NAUpdate - ok
16:55:19.0529 3468	NBVol           (daca803a8d732fe5eeaa024ec342f81d) C:\Windows\system32\DRIVERS\NBVol.sys
16:55:19.0545 3468	NBVol - ok
16:55:19.0560 3468	NBVolUp         (6208f622e9e35860dfb0753dff56f0c0) C:\Windows\system32\DRIVERS\NBVolUp.sys
16:55:19.0576 3468	NBVolUp - ok
16:55:19.0623 3468	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:55:19.0654 3468	NDIS - ok
16:55:19.0669 3468	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:19.0716 3468	NdisCap - ok
16:55:19.0732 3468	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:19.0763 3468	NdisTapi - ok
16:55:19.0810 3468	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:19.0857 3468	Ndisuio - ok
16:55:19.0903 3468	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:19.0966 3468	NdisWan - ok
16:55:20.0013 3468	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:55:20.0075 3468	NDProxy - ok
16:55:20.0075 3468	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:55:20.0122 3468	NetBIOS - ok
16:55:20.0153 3468	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:55:20.0215 3468	NetBT - ok
16:55:20.0231 3468	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:20.0247 3468	Netlogon - ok
16:55:20.0309 3468	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:55:20.0387 3468	Netman - ok
16:55:20.0465 3468	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0496 3468	NetMsmqActivator - ok
16:55:20.0512 3468	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0512 3468	NetPipeActivator - ok
16:55:20.0527 3468	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:55:20.0574 3468	netprofm - ok
16:55:20.0637 3468	netr28ux        (c9e9017ac2291e96ed3376b72bc7cf8d) C:\Windows\system32\DRIVERS\netr28ux.sys
16:55:20.0668 3468	netr28ux - ok
16:55:20.0683 3468	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0699 3468	NetTcpActivator - ok
16:55:20.0699 3468	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:55:20.0715 3468	NetTcpPortSharing - ok
16:55:20.0746 3468	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:20.0746 3468	nfrd960 - ok
16:55:20.0793 3468	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:55:20.0855 3468	NlaSvc - ok
16:55:20.0855 3468	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:55:20.0886 3468	Npfs - ok
16:55:20.0902 3468	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:55:20.0933 3468	nsi - ok
16:55:20.0949 3468	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:55:20.0980 3468	nsiproxy - ok
16:55:21.0042 3468	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:55:21.0089 3468	Ntfs - ok
16:55:21.0214 3468	ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
16:55:21.0229 3468	ntk_PowerDVD12 - ok
16:55:21.0276 3468	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:55:21.0323 3468	Null - ok
16:55:21.0354 3468	nvlddmkm - ok
16:55:21.0401 3468	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:55:21.0432 3468	nvraid - ok
16:55:21.0463 3468	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:55:21.0495 3468	nvstor - ok
16:55:21.0526 3468	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:55:21.0541 3468	nv_agp - ok
16:55:21.0557 3468	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:55:21.0588 3468	ohci1394 - ok
16:55:21.0635 3468	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:21.0713 3468	ose - ok
16:55:21.0760 3468	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:55:21.0791 3468	p2pimsvc - ok
16:55:21.0822 3468	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:55:21.0853 3468	p2psvc - ok
16:55:21.0869 3468	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:55:21.0900 3468	Parport - ok
16:55:21.0931 3468	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:55:21.0947 3468	partmgr - ok
16:55:21.0963 3468	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:55:21.0994 3468	PcaSvc - ok
16:55:22.0009 3468	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:55:22.0025 3468	pci - ok
16:55:22.0041 3468	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:55:22.0056 3468	pciide - ok
16:55:22.0056 3468	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:55:22.0072 3468	pcmcia - ok
16:55:22.0087 3468	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:55:22.0103 3468	pcw - ok
16:55:22.0119 3468	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:55:22.0165 3468	PEAUTH - ok
16:55:22.0212 3468	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:55:22.0243 3468	PeerDistSvc - ok
16:55:22.0290 3468	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:55:22.0321 3468	PerfHost - ok
16:55:22.0446 3468	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:55:22.0509 3468	pla - ok
16:55:22.0540 3468	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:55:22.0571 3468	PlugPlay - ok
16:55:22.0587 3468	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:55:22.0587 3468	PNRPAutoReg - ok
16:55:22.0602 3468	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:55:22.0618 3468	PNRPsvc - ok
16:55:22.0649 3468	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:55:22.0696 3468	PolicyAgent - ok
16:55:22.0727 3468	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:55:22.0805 3468	Power - ok
16:55:22.0852 3468	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:22.0914 3468	PptpMiniport - ok
16:55:22.0930 3468	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:55:22.0945 3468	Processor - ok
16:55:22.0992 3468	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:55:23.0039 3468	ProfSvc - ok
16:55:23.0070 3468	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:23.0086 3468	ProtectedStorage - ok
16:55:23.0117 3468	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:55:23.0164 3468	Psched - ok
16:55:23.0226 3468	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:55:23.0273 3468	ql2300 - ok
16:55:23.0335 3468	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:55:23.0351 3468	ql40xx - ok
16:55:23.0382 3468	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:55:23.0398 3468	QWAVE - ok
16:55:23.0413 3468	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:55:23.0445 3468	QWAVEdrv - ok
16:55:23.0460 3468	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:23.0491 3468	RasAcd - ok
16:55:23.0507 3468	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:55:23.0538 3468	RasAgileVpn - ok
16:55:23.0554 3468	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:55:23.0601 3468	RasAuto - ok
16:55:23.0632 3468	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:23.0679 3468	Rasl2tp - ok
16:55:23.0710 3468	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:55:23.0772 3468	RasMan - ok
16:55:23.0772 3468	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:23.0819 3468	RasPppoe - ok
16:55:23.0835 3468	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:23.0881 3468	RasSstp - ok
16:55:23.0913 3468	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:23.0959 3468	rdbss - ok
16:55:23.0959 3468	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:23.0975 3468	rdpbus - ok
16:55:23.0991 3468	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:24.0022 3468	RDPCDD - ok
16:55:24.0069 3468	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:55:24.0084 3468	RDPDR - ok
16:55:24.0100 3468	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:55:24.0131 3468	RDPENCDD - ok
16:55:24.0147 3468	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:55:24.0193 3468	RDPREFMP - ok
16:55:24.0240 3468	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:55:24.0271 3468	RdpVideoMiniport - ok
16:55:24.0303 3468	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:55:24.0349 3468	RDPWD - ok
16:55:24.0412 3468	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:55:24.0443 3468	rdyboost - ok
16:55:24.0474 3468	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:55:24.0505 3468	RemoteAccess - ok
16:55:24.0521 3468	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:55:24.0568 3468	RemoteRegistry - ok
16:55:24.0615 3468	RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
16:55:24.0646 3468	RMCAST - ok
16:55:24.0677 3468	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:55:24.0708 3468	RpcEptMapper - ok
16:55:24.0724 3468	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:55:24.0755 3468	RpcLocator - ok
16:55:24.0802 3468	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:55:24.0849 3468	RpcSs - ok
16:55:24.0989 3468	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:25.0051 3468	rspndr - ok
16:55:25.0114 3468	rt61x64         (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\netr6164.sys
16:55:25.0145 3468	rt61x64 - ok
16:55:25.0192 3468	RTL8167         (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:55:25.0207 3468	RTL8167 - ok
16:55:25.0223 3468	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:55:25.0254 3468	s3cap - ok
16:55:25.0270 3468	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:25.0285 3468	SamSs - ok
16:55:25.0301 3468	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:55:25.0301 3468	sbp2port - ok
16:55:25.0317 3468	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:55:25.0363 3468	SCardSvr - ok
16:55:25.0395 3468	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:55:25.0473 3468	scfilter - ok
16:55:25.0551 3468	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:55:25.0613 3468	Schedule - ok
16:55:25.0644 3468	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:55:25.0675 3468	SCPolicySvc - ok
16:55:25.0707 3468	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:55:25.0738 3468	SDRSVC - ok
16:55:25.0769 3468	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:55:25.0816 3468	secdrv - ok
16:55:25.0847 3468	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:55:25.0894 3468	seclogon - ok
16:55:25.0894 3468	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:55:25.0941 3468	SENS - ok
16:55:25.0956 3468	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:55:25.0972 3468	SensrSvc - ok
16:55:25.0987 3468	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:55:26.0019 3468	Serenum - ok
16:55:26.0019 3468	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:55:26.0050 3468	Serial - ok
16:55:26.0081 3468	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:55:26.0112 3468	sermouse - ok
16:55:26.0143 3468	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:55:26.0190 3468	SessionEnv - ok
16:55:26.0206 3468	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:55:26.0221 3468	sffdisk - ok
16:55:26.0237 3468	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:55:26.0253 3468	sffp_mmc - ok
16:55:26.0253 3468	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:55:26.0284 3468	sffp_sd - ok
16:55:26.0284 3468	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:26.0299 3468	sfloppy - ok
16:55:26.0346 3468	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:55:26.0393 3468	SharedAccess - ok
16:55:26.0440 3468	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:55:26.0502 3468	ShellHWDetection - ok
16:55:26.0502 3468	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:26.0518 3468	SiSRaid2 - ok
16:55:26.0518 3468	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:26.0533 3468	SiSRaid4 - ok
16:55:26.0596 3468	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:55:26.0611 3468	SkypeUpdate - ok
16:55:26.0627 3468	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:55:26.0658 3468	Smb - ok
16:55:26.0674 3468	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:55:26.0705 3468	SNMPTRAP - ok
16:55:26.0721 3468	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:55:26.0721 3468	spldr - ok
16:55:26.0767 3468	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:55:26.0799 3468	Spooler - ok
16:55:26.0986 3468	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:55:27.0079 3468	sppsvc - ok
16:55:27.0157 3468	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:55:27.0235 3468	sppuinotify - ok
16:55:27.0313 3468	sptd            (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
16:55:27.0345 3468	sptd - ok
16:55:27.0376 3468	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:55:27.0407 3468	srv - ok
16:55:27.0438 3468	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:55:27.0454 3468	srv2 - ok
16:55:27.0469 3468	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:27.0501 3468	srvnet - ok
16:55:27.0532 3468	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:55:27.0594 3468	SSDPSRV - ok
16:55:27.0610 3468	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:55:27.0657 3468	SstpSvc - ok
16:55:27.0750 3468	StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
16:55:27.0750 3468	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
16:55:27.0750 3468	StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
16:55:27.0797 3468	Steam Client Service - ok
16:55:27.0828 3468	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:27.0844 3468	stexstor - ok
16:55:27.0906 3468	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:55:27.0953 3468	stisvc - ok
16:55:27.0969 3468	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:55:27.0984 3468	storflt - ok
16:55:28.0015 3468	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:55:28.0047 3468	storvsc - ok
16:55:28.0047 3468	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:55:28.0062 3468	swenum - ok
16:55:28.0093 3468	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:55:28.0156 3468	swprv - ok
16:55:28.0156 3468	Synth3dVsc - ok
16:55:28.0281 3468	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:55:28.0312 3468	SysMain - ok
16:55:28.0390 3468	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:55:28.0421 3468	TabletInputService - ok
16:55:28.0468 3468	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:55:28.0530 3468	TapiSrv - ok
16:55:28.0546 3468	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:55:28.0593 3468	TBS - ok
16:55:28.0702 3468	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:55:28.0733 3468	Tcpip - ok
16:55:28.0873 3468	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:28.0936 3468	TCPIP6 - ok
16:55:28.0983 3468	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:55:29.0061 3468	tcpipreg - ok
16:55:29.0076 3468	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:55:29.0092 3468	TDPIPE - ok
16:55:29.0107 3468	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:55:29.0123 3468	TDTCP - ok
16:55:29.0170 3468	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:55:29.0232 3468	tdx - ok
16:55:29.0248 3468	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:55:29.0248 3468	TermDD - ok
16:55:29.0279 3468	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:55:29.0341 3468	TermService - ok
16:55:29.0357 3468	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:55:29.0373 3468	Themes - ok
16:55:29.0404 3468	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:55:29.0435 3468	THREADORDER - ok
16:55:29.0451 3468	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:55:29.0482 3468	TrkWks - ok
16:55:29.0529 3468	trufos          (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
16:55:29.0544 3468	trufos - ok
16:55:29.0622 3468	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:55:29.0669 3468	TrustedInstaller - ok
16:55:29.0700 3468	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:29.0731 3468	tssecsrv - ok
16:55:29.0763 3468	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:55:29.0794 3468	TsUsbFlt - ok
16:55:29.0825 3468	tsusbhub - ok
16:55:29.0872 3468	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:29.0950 3468	tunnel - ok
16:55:29.0965 3468	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:29.0965 3468	uagp35 - ok
16:55:30.0043 3468	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:55:30.0090 3468	udfs - ok
16:55:30.0121 3468	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:55:30.0153 3468	UI0Detect - ok
16:55:30.0168 3468	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:55:30.0184 3468	uliagpkx - ok
16:55:30.0215 3468	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:55:30.0246 3468	umbus - ok
16:55:30.0262 3468	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:55:30.0277 3468	UmPass - ok
16:55:30.0293 3468	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:55:30.0324 3468	UmRdpService - ok
16:55:30.0418 3468	Update Server   (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
16:55:30.0465 3468	Update Server - ok
16:55:30.0480 3468	UPDATESRV       (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
16:55:30.0511 3468	UPDATESRV - ok
16:55:30.0543 3468	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:55:30.0574 3468	upnphost - ok
16:55:30.0589 3468	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
16:55:30.0605 3468	usbccgp - ok
16:55:30.0621 3468	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:55:30.0636 3468	usbcir - ok
16:55:30.0652 3468	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:30.0683 3468	usbehci - ok
16:55:30.0714 3468	usbfilter       (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
16:55:30.0714 3468	usbfilter - ok
16:55:30.0745 3468	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:30.0761 3468	usbhub - ok
16:55:30.0761 3468	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:55:30.0777 3468	usbohci - ok
16:55:30.0792 3468	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:30.0808 3468	usbprint - ok
16:55:30.0823 3468	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:30.0855 3468	USBSTOR - ok
16:55:30.0855 3468	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:55:30.0886 3468	usbuhci - ok
16:55:30.0901 3468	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:55:30.0948 3468	UxSms - ok
16:55:30.0964 3468	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:30.0979 3468	VaultSvc - ok
16:55:31.0011 3468	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:55:31.0011 3468	vdrvroot - ok
16:55:31.0057 3468	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:55:31.0104 3468	vds - ok
16:55:31.0120 3468	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:31.0135 3468	vga - ok
16:55:31.0151 3468	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:55:31.0198 3468	VgaSave - ok
16:55:31.0198 3468	VGPU - ok
16:55:31.0229 3468	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
16:55:31.0245 3468	vhdmp - ok
16:55:31.0260 3468	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:55:31.0260 3468	viaide - ok
16:55:31.0291 3468	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:55:31.0307 3468	vmbus - ok
16:55:31.0323 3468	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:55:31.0354 3468	VMBusHID - ok
16:55:31.0369 3468	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:55:31.0369 3468	volmgr - ok
16:55:31.0432 3468	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:55:31.0463 3468	volmgrx - ok
16:55:31.0494 3468	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:55:31.0510 3468	volsnap - ok
16:55:31.0510 3468	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:31.0525 3468	vsmraid - ok
16:55:31.0635 3468	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:55:31.0728 3468	VSS - ok
16:55:31.0791 3468	vsserv - ok
16:55:31.0869 3468	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:55:31.0900 3468	vwifibus - ok
16:55:31.0915 3468	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:55:31.0947 3468	vwififlt - ok
16:55:31.0978 3468	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:55:32.0040 3468	W32Time - ok
16:55:32.0056 3468	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:32.0071 3468	WacomPen - ok
16:55:32.0103 3468	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:32.0134 3468	WANARP - ok
16:55:32.0149 3468	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:32.0181 3468	Wanarpv6 - ok
16:55:32.0259 3468	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:55:32.0290 3468	wbengine - ok
16:55:32.0337 3468	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:55:32.0368 3468	WbioSrvc - ok
16:55:32.0399 3468	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:55:32.0446 3468	wcncsvc - ok
16:55:32.0461 3468	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:55:32.0493 3468	WcsPlugInService - ok
16:55:32.0493 3468	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:55:32.0508 3468	Wd - ok
16:55:32.0539 3468	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:55:32.0555 3468	Wdf01000 - ok
16:55:32.0555 3468	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:32.0586 3468	WdiServiceHost - ok
16:55:32.0586 3468	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:32.0602 3468	WdiSystemHost - ok
16:55:32.0649 3468	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:55:32.0680 3468	WebClient - ok
16:55:32.0695 3468	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:55:32.0742 3468	Wecsvc - ok
16:55:32.0742 3468	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:55:32.0789 3468	wercplsupport - ok
16:55:32.0805 3468	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:55:32.0883 3468	WerSvc - ok
16:55:32.0883 3468	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:32.0914 3468	WfpLwf - ok
16:55:32.0945 3468	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:55:32.0945 3468	WIMMount - ok
16:55:32.0961 3468	WinDefend - ok
16:55:32.0976 3468	WinHttpAutoProxySvc - ok
16:55:33.0039 3468	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:55:33.0085 3468	Winmgmt - ok
16:55:33.0163 3468	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:55:33.0241 3468	WinRM - ok
16:55:33.0304 3468	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:55:33.0351 3468	Wlansvc - ok
16:55:33.0522 3468	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:55:33.0569 3468	wlidsvc - ok
16:55:33.0631 3468	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:55:33.0647 3468	WmiAcpi - ok
16:55:33.0678 3468	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:55:33.0694 3468	wmiApSrv - ok
16:55:33.0709 3468	WMPNetworkSvc - ok
16:55:33.0725 3468	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:55:33.0741 3468	WPCSvc - ok
16:55:33.0772 3468	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:55:33.0787 3468	WPDBusEnum - ok
16:55:33.0803 3468	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:33.0850 3468	ws2ifsl - ok
16:55:33.0865 3468	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:55:33.0881 3468	wscsvc - ok
16:55:33.0881 3468	WSearch - ok
16:55:33.0990 3468	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:55:34.0053 3468	wuauserv - ok
16:55:34.0115 3468	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:55:34.0146 3468	WudfPf - ok
16:55:34.0162 3468	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:34.0209 3468	WUDFRd - ok
16:55:34.0240 3468	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:55:34.0287 3468	wudfsvc - ok
16:55:34.0302 3468	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:55:34.0333 3468	WwanSvc - ok
16:55:34.0443 3468	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
16:55:34.0474 3468	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:55:34.0489 3468	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:55:34.0926 3468	\Device\Harddisk0\DR0 - ok
16:55:34.0942 3468	Boot (0x1200)   (ebb00998683ced5cd70ccc17db0318ef) \Device\Harddisk0\DR0\Partition0
16:55:34.0942 3468	\Device\Harddisk0\DR0\Partition0 - ok
16:55:34.0973 3468	Boot (0x1200)   (e8a9755a912a76970f21c8208fe9f7bc) \Device\Harddisk0\DR0\Partition1
16:55:34.0973 3468	\Device\Harddisk0\DR0\Partition1 - ok
16:55:34.0973 3468	============================================================
16:55:34.0973 3468	Scan finished
16:55:34.0973 3468	============================================================
16:55:34.0989 3464	Detected object count: 1
16:55:34.0989 3464	Actual detected object count: 1
16:56:33.0613 3464	C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe - copied to quarantine
16:56:33.0613 3464	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
         

Alt 06.06.2012, 17:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe - Standard

svchost.exe



Zitat:
Er hat irgend etwas im Alcohol 52% Verzeichniss gefunden.:-(
Ich hab die Datei in Quarantäne verschoben.
Was hast du an meinem Hinweis denn nicht verstanden

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2012, 17:23   #15
Lukas1997
 
svchost.exe - Standard

svchost.exe



Asche über mein Haupt, da war ich wohl etwas voreilig.
Was soll ich jetzt tun?

Antwort

Themen zu svchost.exe
.exe, appdata, ausprobiert, babylontoolbar, benutzerkonto, bitdefender, block, blockt, datei, defender, folge, folgendes, kurzem, namens, nichts, problem, programme, prozess, roaming, spybot, svchost.exe, system, system32, systemscan, windows-explorer



Ähnliche Themen: svchost.exe


  1. svchost.exe ( Svchost Prozess Analyser)
    Log-Analyse und Auswertung - 23.09.2011 (7)
  2. 10x svchost.exe
    Log-Analyse und Auswertung - 13.04.2011 (1)
  3. svchost Virus ! C:\Benutzer\Windows\Install\svchost.exe - WORM/Rebhip.A.318
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
  4. svchost.bat? Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (43)
  5. svchost.exe
    Log-Analyse und Auswertung - 07.12.2010 (1)
  6. svchost.exe 100%
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (13)
  7. Svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (2)
  8. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  9. Svchost.exe
    Log-Analyse und Auswertung - 25.02.2009 (3)
  10. Svchost.exe ca 20 mal
    Alles rund um Windows - 05.01.2008 (2)
  11. svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.12.2007 (3)
  12. svchost
    Log-Analyse und Auswertung - 14.12.2007 (8)
  13. svchost.exe
    Mülltonne - 21.10.2007 (1)
  14. Svchost.exe
    Log-Analyse und Auswertung - 26.09.2007 (11)
  15. svchost.exe??
    Plagegeister aller Art und deren Bekämpfung - 22.12.2005 (3)
  16. 5 svchost.exe!?
    Log-Analyse und Auswertung - 03.04.2005 (5)
  17. svchost.exe
    Log-Analyse und Auswertung - 27.02.2005 (1)

Zum Thema svchost.exe - Also, ich habe folgendes Problem: Seit kurzem blockt Bitdefender immer einen Prozess namens svchost.exe. Es ist aber NICHT die svchost.exe in system32, sondern die Datei liegt unter meinem Benutzerkonto in - svchost.exe...
Archiv
Du betrachtest: svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.