Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner hat Windows gesperrt (nur bei Internetverbindung) (https://www.trojaner-board.de/125880-gvu-trojaner-hat-windows-gesperrt-nur-internetverbindung.html)

cosinus 24.10.2012 20:07
Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-3301761118-1903657304-3574901416-1000\..\SearchScopes\{53BABF4F-EA44-4177-95E9-EE3863E5F4B6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=5c9b722c-0349-433d-a7e2-d230ddb13519&apn_sauid=76772C1F-F389-4602-8A10-6C5E90DAFEBB
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
:Files
C:\ProgramData\*.pad
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Flusenkopf 25.10.2012 15:58
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3301761118-1903657304-3574901416-1000\Software\Microsoft\Internet Explorer\SearchScopes\{53BABF4F-EA44-4177-95E9-EE3863E5F4B6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53BABF4F-EA44-4177-95E9-EE3863E5F4B6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== FILES ==========
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\** Benutzer **\Downloads\cmd.bat deleted successfully.
C:\Users\** Benutzer **\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ** Benutzer **
->Temp folder emptied: 5891601 bytes
->Temporary Internet Files folder emptied: 9186454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68119972 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 736 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 565588 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 80,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252012_165026

Files\Folders moved on Reboot...
C:\Users\** Benutzer **\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 25.10.2012 19:20
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Flusenkopf 25.10.2012 19:30
Hat nichts gefunden! Hier das Log:

Code:
20:22:42.0423 5584  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:22:42.0798 5584  ============================================================
20:22:42.0798 5584  Current date / time: 2012/10/25 20:22:42.0798
20:22:42.0798 5584  SystemInfo:
20:22:42.0798 5584 
20:22:42.0798 5584  OS Version: 6.1.7601 ServicePack: 1.0
20:22:42.0798 5584  Product type: Workstation
20:22:42.0798 5584  ComputerName: ** benutzer **-PC
20:22:42.0798 5584  UserName: ** benutzer **
20:22:42.0798 5584  Windows directory: C:\Windows
20:22:42.0798 5584  System windows directory: C:\Windows
20:22:42.0798 5584  Running under WOW64
20:22:42.0798 5584  Processor architecture: Intel x64
20:22:42.0798 5584  Number of processors: 4
20:22:42.0798 5584  Page size: 0x1000
20:22:42.0798 5584  Boot type: Normal boot
20:22:42.0798 5584  ============================================================
20:22:43.0156 5584  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:43.0156 5584  ============================================================
20:22:43.0156 5584  \Device\Harddisk0\DR0:
20:22:43.0156 5584  MBR partitions:
20:22:43.0156 5584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x1C839800
20:22:43.0188 5584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F03A800, BlocksNum 0x19326800
20:22:43.0188 5584  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38361000, BlocksNum 0x124F6000
20:22:43.0188 5584  ============================================================
20:22:43.0219 5584  C: <-> \Device\Harddisk0\DR0\Partition1
20:22:43.0266 5584  D: <-> \Device\Harddisk0\DR0\Partition3
20:22:43.0312 5584  E: <-> \Device\Harddisk0\DR0\Partition2
20:22:43.0312 5584  ============================================================
20:22:43.0312 5584  Initialize success
20:22:43.0312 5584  ============================================================
20:23:45.0416 5532  ============================================================
20:23:45.0416 5532  Scan started
20:23:45.0416 5532  Mode: Manual; SigCheck; TDLFS;
20:23:45.0416 5532  ============================================================
20:23:45.0713 5532  ================ Scan system memory ========================
20:23:45.0713 5532  System memory - ok
20:23:45.0713 5532  ================ Scan services =============================
20:23:45.0853 5532  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:23:45.0993 5532  1394ohci - ok
20:23:46.0025 5532  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:23:46.0040 5532  ACPI - ok
20:23:46.0087 5532  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
20:23:46.0134 5532  AcpiPmi - ok
20:23:46.0290 5532  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:23:46.0321 5532  AdobeARMservice - ok
20:23:46.0477 5532  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:46.0493 5532  AdobeFlashPlayerUpdateSvc - ok
20:23:46.0539 5532  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:46.0571 5532  adp94xx - ok
20:23:46.0617 5532  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
20:23:46.0633 5532  adpahci - ok
20:23:46.0664 5532  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
20:23:46.0680 5532  adpu320 - ok
20:23:46.0711 5532  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:23:46.0742 5532  AeLookupSvc - ok
20:23:46.0820 5532  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
20:23:46.0898 5532  AFD - ok
20:23:46.0929 5532  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:23:46.0945 5532  agp440 - ok
20:23:46.0976 5532  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
20:23:46.0992 5532  ALG - ok
20:23:47.0039 5532  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:23:47.0054 5532  aliide - ok
20:23:47.0085 5532  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:23:47.0101 5532  amdide - ok
20:23:47.0117 5532  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
20:23:47.0148 5532  AmdK8 - ok
20:23:47.0163 5532  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:23:47.0195 5532  AmdPPM - ok
20:23:47.0226 5532  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
20:23:47.0273 5532  amdsata - ok
20:23:47.0288 5532  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:47.0304 5532  amdsbs - ok
20:23:47.0351 5532  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
20:23:47.0351 5532  amdxata - ok
20:23:47.0397 5532  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
20:23:47.0444 5532  AppID - ok
20:23:47.0475 5532  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:23:47.0522 5532  AppIDSvc - ok
20:23:47.0538 5532  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
20:23:47.0585 5532  Appinfo - ok
20:23:47.0616 5532  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
20:23:47.0631 5532  arc - ok
20:23:47.0647 5532  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:23:47.0663 5532  arcsas - ok
20:23:47.0694 5532  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
20:23:47.0741 5532  aswFsBlk - ok
20:23:47.0756 5532  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
20:23:47.0772 5532  aswMonFlt - ok
20:23:47.0787 5532  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
20:23:47.0803 5532  aswRdr - ok
20:23:47.0819 5532  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:23:47.0850 5532  aswSnx - ok
20:23:47.0881 5532  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
20:23:47.0897 5532  aswSP - ok
20:23:47.0912 5532  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:23:47.0928 5532  aswTdi - ok
20:23:47.0943 5532  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:47.0975 5532  AsyncMac - ok
20:23:48.0021 5532  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
20:23:48.0053 5532  atapi - ok
20:23:48.0099 5532  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:23:48.0162 5532  AudioEndpointBuilder - ok
20:23:48.0162 5532  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:23:48.0209 5532  AudioSrv - ok
20:23:48.0302 5532  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:23:48.0318 5532  avast! Antivirus - ok
20:23:48.0380 5532  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:23:48.0427 5532  AxInstSV - ok
20:23:48.0489 5532  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:48.0521 5532  b06bdrv - ok
20:23:48.0552 5532  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:48.0583 5532  b57nd60a - ok
20:23:48.0599 5532  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:23:48.0614 5532  BDESVC - ok
20:23:48.0630 5532  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:23:48.0692 5532  Beep - ok
20:23:48.0755 5532  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
20:23:48.0833 5532  BFE - ok
20:23:48.0879 5532  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:23:48.0926 5532  BITS - ok
20:23:48.0957 5532  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:48.0973 5532  blbdrive - ok
20:23:48.0989 5532  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:23:49.0051 5532  bowser - ok
20:23:49.0098 5532  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:49.0129 5532  BrFiltLo - ok
20:23:49.0129 5532  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:49.0145 5532  BrFiltUp - ok
20:23:49.0191 5532  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
20:23:49.0207 5532  Browser - ok
20:23:49.0238 5532  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
20:23:49.0269 5532  Brserid - ok
20:23:49.0285 5532  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:49.0301 5532  BrSerWdm - ok
20:23:49.0316 5532  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:49.0347 5532  BrUsbMdm - ok
20:23:49.0363 5532  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:49.0379 5532  BrUsbSer - ok
20:23:49.0394 5532  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:49.0410 5532  BTHMODEM - ok
20:23:49.0457 5532  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
20:23:49.0519 5532  bthserv - ok
20:23:49.0550 5532  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:23:49.0628 5532  cdfs - ok
20:23:49.0675 5532  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:23:49.0706 5532  cdrom - ok
20:23:49.0737 5532  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
20:23:49.0800 5532  CertPropSvc - ok
20:23:49.0831 5532  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:23:49.0847 5532  circlass - ok
20:23:49.0893 5532  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:23:49.0909 5532  CLFS - ok
20:23:49.0971 5532  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:50.0003 5532  clr_optimization_v2.0.50727_32 - ok
20:23:50.0081 5532  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:50.0112 5532  clr_optimization_v2.0.50727_64 - ok
20:23:50.0174 5532  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:50.0205 5532  clr_optimization_v4.0.30319_32 - ok
20:23:50.0237 5532  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:50.0252 5532  clr_optimization_v4.0.30319_64 - ok
20:23:50.0283 5532  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:50.0330 5532  CmBatt - ok
20:23:50.0361 5532  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:23:50.0377 5532  cmdide - ok
20:23:50.0408 5532  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
20:23:50.0486 5532  CNG - ok
20:23:50.0564 5532  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:23:50.0580 5532  Compbatt - ok
20:23:50.0627 5532  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:23:50.0673 5532  CompositeBus - ok
20:23:50.0689 5532  COMSysApp - ok
20:23:50.0705 5532  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:50.0720 5532  crcdisk - ok
20:23:50.0751 5532  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:23:50.0814 5532  CryptSvc - ok
20:23:50.0845 5532  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:23:50.0907 5532  DcomLaunch - ok
20:23:50.0954 5532  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
20:23:51.0032 5532  defragsvc - ok
20:23:51.0048 5532  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:23:51.0079 5532  DfsC - ok
20:23:51.0110 5532  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:23:51.0157 5532  Dhcp - ok
20:23:51.0188 5532  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:23:51.0219 5532  discache - ok
20:23:51.0251 5532  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:23:51.0266 5532  Disk - ok
20:23:51.0297 5532  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:23:51.0329 5532  Dnscache - ok
20:23:51.0360 5532  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:23:51.0407 5532  dot3svc - ok
20:23:51.0453 5532  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
20:23:51.0500 5532  DPS - ok
20:23:51.0531 5532  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:23:51.0594 5532  drmkaud - ok
20:23:51.0641 5532  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:23:51.0672 5532  DXGKrnl - ok
20:23:51.0703 5532  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
20:23:51.0781 5532  EapHost - ok
20:23:51.0875 5532  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
20:23:51.0953 5532  ebdrv - ok
20:23:51.0968 5532  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
20:23:51.0999 5532  EFS - ok
20:23:52.0093 5532  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:23:52.0155 5532  ehRecvr - ok
20:23:52.0171 5532  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
20:23:52.0202 5532  ehSched - ok
20:23:52.0265 5532  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
20:23:52.0296 5532  elxstor - ok
20:23:52.0311 5532  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:23:52.0327 5532  ErrDev - ok
20:23:52.0389 5532  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
20:23:52.0452 5532  EventSystem - ok
20:23:52.0483 5532  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
20:23:52.0545 5532  exfat - ok
20:23:52.0561 5532  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:23:52.0608 5532  fastfat - ok
20:23:52.0639 5532  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
20:23:52.0686 5532  Fax - ok
20:23:52.0686 5532  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
20:23:52.0717 5532  fdc - ok
20:23:52.0748 5532  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:23:52.0795 5532  fdPHost - ok
20:23:52.0811 5532  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:23:52.0857 5532  FDResPub - ok
20:23:52.0889 5532  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:23:52.0904 5532  FileInfo - ok
20:23:52.0920 5532  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:23:52.0967 5532  Filetrace - ok
20:23:52.0967 5532  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:52.0998 5532  flpydisk - ok
20:23:53.0029 5532  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:23:53.0045 5532  FltMgr - ok
20:23:53.0076 5532  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
20:23:53.0107 5532  FontCache - ok
20:23:53.0169 5532  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:53.0185 5532  FontCache3.0.0.0 - ok
20:23:53.0216 5532  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:23:53.0232 5532  FsDepends - ok
20:23:53.0279 5532  [ BBF6C4F16B5400141EE9A71427260CF9 ] fspad_wlh64    C:\Windows\system32\DRIVERS\fspad_wlh64.sys
20:23:53.0310 5532  fspad_wlh64 - ok
20:23:53.0341 5532  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:23:53.0357 5532  Fs_Rec - ok
20:23:53.0388 5532  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:23:53.0403 5532  fvevol - ok
20:23:53.0435 5532  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:53.0450 5532  gagp30kx - ok
20:23:53.0481 5532  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
20:23:53.0544 5532  gpsvc - ok
20:23:53.0559 5532  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:23:53.0591 5532  hcw85cir - ok
20:23:53.0637 5532  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:23:53.0669 5532  HdAudAddService - ok
20:23:53.0684 5532  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:23:53.0715 5532  HDAudBus - ok
20:23:53.0747 5532  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
20:23:53.0762 5532  HECIx64 - ok
20:23:53.0762 5532  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:53.0778 5532  HidBatt - ok
20:23:53.0793 5532  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:23:53.0825 5532  HidBth - ok
20:23:53.0856 5532  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
20:23:53.0871 5532  HidIr - ok
20:23:53.0903 5532  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
20:23:53.0949 5532  hidserv - ok
20:23:53.0996 5532  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:23:54.0027 5532  HidUsb - ok
20:23:54.0043 5532  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:23:54.0090 5532  hkmsvc - ok
20:23:54.0121 5532  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:23:54.0137 5532  HomeGroupListener - ok
20:23:54.0168 5532  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:23:54.0183 5532  HomeGroupProvider - ok
20:23:54.0215 5532  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:23:54.0215 5532  HpSAMD - ok
20:23:54.0261 5532  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:23:54.0339 5532  HTTP - ok
20:23:54.0371 5532  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:23:54.0371 5532  hwpolicy - ok
20:23:54.0402 5532  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:23:54.0433 5532  i8042prt - ok
20:23:54.0464 5532  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:23:54.0495 5532  iaStor - ok
20:23:54.0589 5532  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:23:54.0605 5532  IAStorDataMgrSvc - ok
20:23:54.0651 5532  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
20:23:54.0683 5532  iaStorV - ok
20:23:54.0729 5532  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:54.0761 5532  idsvc - ok
20:23:55.0041 5532  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:23:55.0447 5532  igfx - ok
20:23:55.0494 5532  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
20:23:55.0525 5532  iirsp - ok
20:23:55.0603 5532  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:23:55.0681 5532  IKEEXT - ok
20:23:55.0743 5532  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
20:23:55.0775 5532  Impcd - ok
20:23:55.0868 5532  [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:23:55.0931 5532  IntcAzAudAddService - ok
20:23:55.0962 5532  [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:23:55.0993 5532  IntcDAud - ok
20:23:56.0009 5532  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:23:56.0024 5532  intelide - ok
20:23:56.0071 5532  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:23:56.0087 5532  intelppm - ok
20:23:56.0118 5532  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:23:56.0180 5532  IPBusEnum - ok
20:23:56.0211 5532  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:56.0258 5532  IpFilterDriver - ok
20:23:56.0336 5532  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:23:56.0399 5532  iphlpsvc - ok
20:23:56.0414 5532  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
20:23:56.0430 5532  IPMIDRV - ok
20:23:56.0445 5532  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:23:56.0492 5532  IPNAT - ok
20:23:56.0523 5532  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:23:56.0539 5532  IRENUM - ok
20:23:56.0555 5532  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:23:56.0570 5532  isapnp - ok
20:23:56.0586 5532  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:23:56.0601 5532  iScsiPrt - ok
20:23:56.0617 5532  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:23:56.0633 5532  kbdclass - ok
20:23:56.0648 5532  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:23:56.0679 5532  kbdhid - ok
20:23:56.0711 5532  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:23:56.0726 5532  KeyIso - ok
20:23:56.0757 5532  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:23:56.0757 5532  KSecDD - ok
20:23:56.0789 5532  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:23:56.0804 5532  KSecPkg - ok
20:23:56.0835 5532  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
20:23:56.0882 5532  ksthunk - ok
20:23:56.0913 5532  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:23:56.0976 5532  KtmRm - ok
20:23:57.0007 5532  [ 48686C29856F46443952A831424F8D6F ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
20:23:57.0007 5532  L1C - ok
20:23:57.0038 5532  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:23:57.0101 5532  LanmanServer - ok
20:23:57.0132 5532  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:57.0225 5532  LanmanWorkstation - ok
20:23:57.0257 5532  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:23:57.0335 5532  lltdio - ok
20:23:57.0366 5532  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:23:57.0444 5532  lltdsvc - ok
20:23:57.0459 5532  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:23:57.0506 5532  lmhosts - ok
20:23:57.0584 5532  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:23:57.0600 5532  LMS - ok
20:23:57.0631 5532  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:57.0647 5532  LSI_FC - ok
20:23:57.0678 5532  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:57.0693 5532  LSI_SAS - ok
20:23:57.0709 5532  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:57.0709 5532  LSI_SAS2 - ok
20:23:57.0740 5532  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:57.0740 5532  LSI_SCSI - ok
20:23:57.0803 5532  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
20:23:57.0865 5532  luafv - ok
20:23:57.0896 5532  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:23:57.0912 5532  Mcx2Svc - ok
20:23:57.0927 5532  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
20:23:57.0943 5532  megasas - ok
20:23:57.0943 5532  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:57.0974 5532  MegaSR - ok
20:23:58.0005 5532  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
20:23:58.0068 5532  MMCSS - ok
20:23:58.0099 5532  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
20:23:58.0130 5532  Modem - ok
20:23:58.0161 5532  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:23:58.0177 5532  monitor - ok
20:23:58.0208 5532  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:23:58.0224 5532  mouclass - ok
20:23:58.0239 5532  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:23:58.0255 5532  mouhid - ok
20:23:58.0286 5532  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:23:58.0302 5532  mountmgr - ok
20:23:58.0364 5532  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:23:58.0380 5532  MozillaMaintenance - ok
20:23:58.0411 5532  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:23:58.0427 5532  mpio - ok
20:23:58.0458 5532  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:23:58.0505 5532  mpsdrv - ok
20:23:58.0536 5532  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:23:58.0598 5532  MpsSvc - ok
20:23:58.0614 5532  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:23:58.0629 5532  MRxDAV - ok
20:23:58.0661 5532  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:58.0707 5532  mrxsmb - ok
20:23:58.0723 5532  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:58.0739 5532  mrxsmb10 - ok
20:23:58.0739 5532  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:58.0770 5532  mrxsmb20 - ok
20:23:58.0785 5532  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:23:58.0801 5532  msahci - ok
20:23:58.0817 5532  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
20:23:58.0832 5532  msdsm - ok
20:23:58.0848 5532  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
20:23:58.0879 5532  MSDTC - ok
20:23:58.0926 5532  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:23:59.0004 5532  Msfs - ok
20:23:59.0019 5532  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:23:59.0051 5532  mshidkmdf - ok
20:23:59.0066 5532  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:23:59.0082 5532  msisadrv - ok
20:23:59.0129 5532  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:23:59.0175 5532  MSiSCSI - ok
20:23:59.0191 5532  msiserver - ok
20:23:59.0222 5532  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:23:59.0285 5532  MSKSSRV - ok
20:23:59.0300 5532  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:59.0331 5532  MSPCLOCK - ok
20:23:59.0394 5532  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:23:59.0456 5532  MSPQM - ok
20:23:59.0487 5532  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:23:59.0503 5532  MsRPC - ok
20:23:59.0519 5532  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:23:59.0534 5532  mssmbios - ok
20:23:59.0565 5532  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:23:59.0597 5532  MSTEE - ok
20:23:59.0597 5532  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:59.0628 5532  MTConfig - ok
20:23:59.0643 5532  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
20:23:59.0659 5532  Mup - ok
20:23:59.0690 5532  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:23:59.0737 5532  napagent - ok
20:23:59.0768 5532  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:23:59.0846 5532  NativeWifiP - ok
20:23:59.0893 5532  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:23:59.0940 5532  NDIS - ok
20:23:59.0955 5532  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:00.0002 5532  NdisCap - ok
20:24:00.0033 5532  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:00.0111 5532  NdisTapi - ok
20:24:00.0143 5532  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:00.0174 5532  Ndisuio - ok
20:24:00.0205 5532  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:00.0252 5532  NdisWan - ok
20:24:00.0267 5532  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:24:00.0314 5532  NDProxy - ok
20:24:00.0330 5532  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:24:00.0377 5532  NetBIOS - ok
20:24:00.0392 5532  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:24:00.0439 5532  NetBT - ok
20:24:00.0455 5532  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:24:00.0470 5532  Netlogon - ok
20:24:00.0501 5532  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:24:00.0564 5532  Netman - ok
20:24:00.0579 5532  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:24:00.0642 5532  netprofm - ok
20:24:00.0657 5532  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:00.0673 5532  NetTcpPortSharing - ok
20:24:00.0720 5532  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:00.0735 5532  nfrd960 - ok
20:24:00.0767 5532  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:24:00.0829 5532  NlaSvc - ok
20:24:00.0860 5532  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:24:00.0891 5532  Npfs - ok
20:24:00.0923 5532  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
20:24:00.0969 5532  nsi - ok
20:24:00.0985 5532  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:24:01.0016 5532  nsiproxy - ok
20:24:01.0079 5532  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:24:01.0125 5532  Ntfs - ok
20:24:01.0157 5532  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:24:01.0203 5532  Null - ok
20:24:01.0235 5532  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:24:01.0266 5532  nusb3hub - ok
20:24:01.0297 5532  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:24:01.0406 5532  nusb3xhc - ok
20:24:01.0687 5532  [ D5DEA2C1865CAB9EE6AA29CF9E79A2CE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:24:02.0077 5532  nvlddmkm - ok
20:24:02.0093 5532  [ 5EF70F7714C664BCF50EDFC141DEA9B8 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
20:24:02.0093 5532  nvpciflt - ok
20:24:02.0139 5532  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:24:02.0155 5532  nvraid - ok
20:24:02.0155 5532  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:24:02.0171 5532  nvstor - ok
20:24:02.0217 5532  [ 5A4AF8EA634B4FEEAF6F16BB1845715A ] NVSvc          C:\Windows\system32\nvvsvc.exe
20:24:02.0249 5532  NVSvc - ok
20:24:02.0358 5532  [ 4B7636C52A359AB0783B350A5FBDBB49 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:24:02.0405 5532  nvUpdatusService - ok
20:24:02.0436 5532  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:24:02.0436 5532  nv_agp - ok
20:24:02.0545 5532  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:02.0576 5532  odserv - ok
20:24:02.0592 5532  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:24:02.0607 5532  ohci1394 - ok
20:24:02.0639 5532  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:02.0670 5532  ose - ok
20:24:02.0701 5532  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:24:02.0748 5532  p2pimsvc - ok
20:24:02.0763 5532  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:24:02.0795 5532  p2psvc - ok
20:24:02.0873 5532  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
20:24:02.0904 5532  Parport - ok
20:24:02.0919 5532  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:24:02.0935 5532  partmgr - ok
20:24:02.0951 5532  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:24:02.0982 5532  PcaSvc - ok
20:24:03.0029 5532  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
20:24:03.0060 5532  pci - ok
20:24:03.0075 5532  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:24:03.0091 5532  pciide - ok
20:24:03.0107 5532  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:03.0122 5532  pcmcia - ok
20:24:03.0138 5532  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:24:03.0138 5532  pcw - ok
20:24:03.0169 5532  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:24:03.0216 5532  PEAUTH - ok
20:24:03.0278 5532  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:24:03.0309 5532  PerfHost - ok
20:24:03.0356 5532  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
20:24:03.0419 5532  pla - ok
20:24:03.0465 5532  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:24:03.0481 5532  PlugPlay - ok
20:24:03.0497 5532  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:24:03.0512 5532  PNRPAutoReg - ok
20:24:03.0528 5532  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:24:03.0559 5532  PNRPsvc - ok
20:24:03.0575 5532  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:24:03.0621 5532  PolicyAgent - ok
20:24:03.0668 5532  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
20:24:03.0715 5532  Power - ok
20:24:03.0762 5532  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:24:03.0793 5532  PptpMiniport - ok
20:24:03.0809 5532  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
20:24:03.0824 5532  Processor - ok
20:24:03.0855 5532  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
20:24:03.0871 5532  ProfSvc - ok
20:24:03.0887 5532  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:03.0902 5532  ProtectedStorage - ok
20:24:03.0918 5532  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:24:03.0965 5532  Psched - ok
20:24:04.0027 5532  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:24:04.0074 5532  ql2300 - ok
20:24:04.0089 5532  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:04.0105 5532  ql40xx - ok
20:24:04.0152 5532  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
20:24:04.0167 5532  QWAVE - ok
20:24:04.0183 5532  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:24:04.0214 5532  QWAVEdrv - ok
20:24:04.0245 5532  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:24:04.0292 5532  RasAcd - ok
20:24:04.0323 5532  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:04.0386 5532  RasAgileVpn - ok
20:24:04.0401 5532  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
20:24:04.0448 5532  RasAuto - ok
20:24:04.0464 5532  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:04.0511 5532  Rasl2tp - ok
20:24:04.0542 5532  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:24:04.0620 5532  RasMan - ok
20:24:04.0635 5532  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:04.0667 5532  RasPppoe - ok
20:24:04.0682 5532  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:24:04.0729 5532  RasSstp - ok
20:24:04.0745 5532  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:24:04.0776 5532  rdbss - ok
20:24:04.0807 5532  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:04.0854 5532  rdpbus - ok
20:24:04.0869 5532  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:04.0932 5532  RDPCDD - ok
20:24:04.0963 5532  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:24:05.0025 5532  RDPENCDD - ok
20:24:05.0025 5532  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:24:05.0057 5532  RDPREFMP - ok
20:24:05.0103 5532  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:24:05.0119 5532  RDPWD - ok
20:24:05.0150 5532  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:24:05.0166 5532  rdyboost - ok
20:24:05.0197 5532  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:24:05.0244 5532  RemoteAccess - ok
20:24:05.0275 5532  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:24:05.0322 5532  RemoteRegistry - ok
20:24:05.0337 5532  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:24:05.0431 5532  RpcEptMapper - ok
20:24:05.0447 5532  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:24:05.0478 5532  RpcLocator - ok
20:24:05.0493 5532  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
20:24:05.0540 5532  RpcSs - ok
20:24:05.0571 5532  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:24:05.0603 5532  rspndr - ok
20:24:05.0649 5532  [ 44ED82612403021E36998E1ECB1198F1 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
20:24:05.0665 5532  RSUSBSTOR - ok
20:24:05.0727 5532  [ 8E843C0340C30994161C10FBA87EEA18 ] rtl8192se      C:\Windows\system32\DRIVERS\rtl8192se.sys
20:24:05.0774 5532  rtl8192se - ok
20:24:05.0774 5532  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
20:24:05.0790 5532  SamSs - ok
20:24:05.0821 5532  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:24:05.0837 5532  sbp2port - ok
20:24:06.0008 5532  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:24:06.0055 5532  SBSDWSCService - ok
20:24:06.0071 5532  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:24:06.0117 5532  SCardSvr - ok
20:24:06.0133 5532  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:24:06.0180 5532  scfilter - ok
20:24:06.0336 5532  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:24:06.0414 5532  Schedule - ok
20:24:06.0476 5532  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:24:06.0507 5532  SCPolicySvc - ok
20:24:06.0539 5532  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:24:06.0570 5532  SDRSVC - ok
20:24:06.0601 5532  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:24:06.0648 5532  secdrv - ok
20:24:06.0663 5532  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:24:06.0695 5532  seclogon - ok
20:24:06.0726 5532  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:24:06.0773 5532  SENS - ok
20:24:06.0788 5532  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:24:06.0804 5532  SensrSvc - ok
20:24:06.0835 5532  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
20:24:06.0851 5532  Serenum - ok
20:24:06.0866 5532  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:24:06.0882 5532  Serial - ok
20:24:06.0929 5532  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:24:06.0944 5532  sermouse - ok
20:24:06.0975 5532  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:24:07.0022 5532  SessionEnv - ok
20:24:07.0053 5532  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
20:24:07.0069 5532  sffdisk - ok
20:24:07.0085 5532  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:24:07.0116 5532  sffp_mmc - ok
20:24:07.0131 5532  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
20:24:07.0163 5532  sffp_sd - ok
20:24:07.0163 5532  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:07.0178 5532  sfloppy - ok
20:24:07.0209 5532  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:24:07.0272 5532  SharedAccess - ok
20:24:07.0303 5532  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:07.0365 5532  ShellHWDetection - ok
20:24:07.0397 5532  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:07.0412 5532  SiSRaid2 - ok
20:24:07.0428 5532  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:07.0443 5532  SiSRaid4 - ok
20:24:07.0553 5532  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:24:07.0631 5532  Skype C2C Service - ok
20:24:07.0677 5532  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:07.0693 5532  SkypeUpdate - ok
20:24:07.0740 5532  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
20:24:07.0802 5532  Smb - ok
20:24:07.0833 5532  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:24:07.0849 5532  SNMPTRAP - ok
20:24:07.0865 5532  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
20:24:07.0880 5532  spldr - ok
20:24:07.0911 5532  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
20:24:07.0927 5532  Spooler - ok
20:24:08.0021 5532  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:24:08.0161 5532  sppsvc - ok
20:24:08.0177 5532  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
20:24:08.0223 5532  sppuinotify - ok
20:24:08.0270 5532  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:24:08.0301 5532  srv - ok
20:24:08.0333 5532  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:24:08.0348 5532  srv2 - ok
20:24:08.0364 5532  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:24:08.0395 5532  srvnet - ok
20:24:08.0426 5532  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:24:08.0473 5532  SSDPSRV - ok
20:24:08.0520 5532  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
20:24:08.0551 5532  SSPORT - ok
20:24:08.0551 5532  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:24:08.0629 5532  SstpSvc - ok
20:24:08.0660 5532  [ 79969ACAEEBEDA7DC3673656AB9918FD ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:24:08.0691 5532  Stereo Service - ok
20:24:08.0707 5532  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:24:08.0723 5532  stexstor - ok
20:24:08.0754 5532  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:24:08.0785 5532  stisvc - ok
20:24:08.0816 5532  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:24:08.0832 5532  swenum - ok
20:24:08.0863 5532  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
20:24:08.0925 5532  swprv - ok
20:24:08.0972 5532  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
20:24:08.0988 5532  SynTP - ok
20:24:09.0035 5532  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
20:24:09.0081 5532  SysMain - ok
20:24:09.0113 5532  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:09.0144 5532  TabletInputService - ok
20:24:09.0159 5532  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:24:09.0206 5532  TapiSrv - ok
20:24:09.0222 5532  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
20:24:09.0269 5532  TBS - ok
20:24:09.0362 5532  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:24:09.0425 5532  Tcpip - ok
20:24:09.0471 5532  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:24:09.0503 5532  TCPIP6 - ok
20:24:09.0534 5532  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:24:09.0581 5532  tcpipreg - ok
20:24:09.0612 5532  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:24:09.0627 5532  TDPIPE - ok
20:24:09.0659 5532  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
20:24:09.0674 5532  TDTCP - ok
20:24:09.0721 5532  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:24:09.0752 5532  tdx - ok
20:24:09.0768 5532  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:24:09.0783 5532  TermDD - ok
20:24:09.0830 5532  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
20:24:09.0893 5532  TermService - ok
20:24:09.0924 5532  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:24:09.0939 5532  Themes - ok
20:24:09.0955 5532  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
20:24:09.0986 5532  THREADORDER - ok
20:24:10.0017 5532  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:24:10.0064 5532  TrkWks - ok
20:24:10.0111 5532  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:10.0173 5532  TrustedInstaller - ok
20:24:10.0205 5532  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:10.0251 5532  tssecsrv - ok
20:24:10.0283 5532  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:24:10.0314 5532  TsUsbFlt - ok
20:24:10.0361 5532  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:24:10.0423 5532  tunnel - ok
20:24:10.0439 5532  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:24:10.0454 5532  uagp35 - ok
20:24:10.0470 5532  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:24:10.0532 5532  udfs - ok
20:24:10.0563 5532  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:24:10.0595 5532  UI0Detect - ok
20:24:10.0626 5532  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:24:10.0641 5532  uliagpkx - ok
20:24:10.0673 5532  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
20:24:10.0704 5532  umbus - ok
20:24:10.0735 5532  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:24:10.0766 5532  UmPass - ok
20:24:10.0907 5532  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:24:10.0969 5532  UNS - ok
20:24:10.0985 5532  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:24:11.0031 5532  upnphost - ok
20:24:11.0047 5532  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:11.0063 5532  usbccgp - ok
20:24:11.0109 5532  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:24:11.0156 5532  usbcir - ok
20:24:11.0172 5532  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
20:24:11.0203 5532  usbehci - ok
20:24:11.0219 5532  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:24:11.0250 5532  usbhub - ok
20:24:11.0265 5532  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
20:24:11.0281 5532  usbohci - ok
20:24:11.0343 5532  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:24:11.0375 5532  usbprint - ok
20:24:11.0406 5532  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
20:24:11.0421 5532  usbscan - ok
20:24:11.0453 5532  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:11.0468 5532  USBSTOR - ok
20:24:11.0499 5532  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
20:24:11.0515 5532  usbuhci - ok
20:24:11.0562 5532  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:24:11.0593 5532  usbvideo - ok
20:24:11.0624 5532  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
20:24:11.0687 5532  UxSms - ok
20:24:11.0702 5532  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:24:11.0718 5532  VaultSvc - ok
20:24:11.0749 5532  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:24:11.0765 5532  vdrvroot - ok
20:24:11.0796 5532  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
20:24:11.0843 5532  vds - ok
20:24:11.0952 5532  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:11.0983 5532  vga - ok
20:24:11.0999 5532  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
20:24:12.0030 5532  VgaSave - ok
20:24:12.0061 5532  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
20:24:12.0108 5532  vhdmp - ok
20:24:12.0139 5532  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:24:12.0155 5532  viaide - ok
20:24:12.0170 5532  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:24:12.0186 5532  volmgr - ok
20:24:12.0201 5532  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:24:12.0217 5532  volmgrx - ok
20:24:12.0233 5532  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
20:24:12.0264 5532  volsnap - ok
20:24:12.0295 5532  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:12.0311 5532  vsmraid - ok
20:24:12.0373 5532  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
20:24:12.0435 5532  VSS - ok
20:24:12.0451 5532  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:12.0467 5532  vwifibus - ok
20:24:12.0498 5532  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:12.0529 5532  vwififlt - ok
20:24:12.0560 5532  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
20:24:12.0607 5532  W32Time - ok
20:24:12.0623 5532  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:24:12.0654 5532  WacomPen - ok
20:24:12.0685 5532  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:24:12.0732 5532  WANARP - ok
20:24:12.0732 5532  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:24:12.0779 5532  Wanarpv6 - ok
20:24:12.0841 5532  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:12.0903 5532  WatAdminSvc - ok
20:24:12.0950 5532  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:24:13.0013 5532  wbengine - ok
20:24:13.0044 5532  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:24:13.0091 5532  WbioSrvc - ok
20:24:13.0122 5532  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:24:13.0169 5532  wcncsvc - ok
20:24:13.0184 5532  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:13.0215 5532  WcsPlugInService - ok
20:24:13.0247 5532  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:24:13.0262 5532  Wd - ok
20:24:13.0293 5532  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:24:13.0309 5532  Wdf01000 - ok
20:24:13.0340 5532  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:24:13.0403 5532  WdiServiceHost - ok
20:24:13.0418 5532  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:24:13.0434 5532  WdiSystemHost - ok
20:24:13.0465 5532  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
20:24:13.0481 5532  WebClient - ok
20:24:13.0496 5532  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:24:13.0543 5532  Wecsvc - ok
20:24:13.0559 5532  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:24:13.0605 5532  wercplsupport - ok
20:24:13.0621 5532  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:24:13.0668 5532  WerSvc - ok
20:24:13.0699 5532  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:13.0746 5532  WfpLwf - ok
20:24:13.0746 5532  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:24:13.0761 5532  WIMMount - ok
20:24:13.0793 5532  WinDefend - ok
20:24:13.0793 5532  WinHttpAutoProxySvc - ok
20:24:13.0902 5532  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:24:13.0949 5532  Winmgmt - ok
20:24:14.0027 5532  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
20:24:14.0198 5532  WinRM - ok
20:24:14.0261 5532  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:14.0307 5532  WinUsb - ok
20:24:14.0354 5532  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
20:24:14.0370 5532  WisLMSvc - ok
20:24:14.0448 5532  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
20:24:14.0495 5532  Wlansvc - ok
20:24:14.0526 5532  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
20:24:14.0557 5532  WmiAcpi - ok
20:24:14.0604 5532  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:24:14.0635 5532  wmiApSrv - ok
20:24:14.0666 5532  WMPNetworkSvc - ok
20:24:14.0697 5532  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:24:14.0729 5532  WPCSvc - ok
20:24:14.0760 5532  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:24:14.0791 5532  WPDBusEnum - ok
20:24:14.0807 5532  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:24:14.0838 5532  ws2ifsl - ok
20:24:14.0869 5532  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:24:14.0885 5532  wscsvc - ok
20:24:14.0885 5532  WSearch - ok
20:24:14.0963 5532  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:24:15.0025 5532  wuauserv - ok
20:24:15.0056 5532  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:24:15.0119 5532  WudfPf - ok
20:24:15.0150 5532  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:15.0212 5532  WUDFRd - ok
20:24:15.0228 5532  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:24:15.0275 5532  wudfsvc - ok
20:24:15.0306 5532  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:24:15.0321 5532  WwanSvc - ok
20:24:15.0321 5532  ================ Scan global ===============================
20:24:15.0353 5532  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:15.0384 5532  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:24:15.0399 5532  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:24:15.0431 5532  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:15.0477 5532  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:15.0477 5532  [Global] - ok
20:24:15.0477 5532  ================ Scan MBR ==================================
20:24:15.0509 5532  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:24:15.0743 5532  \Device\Harddisk0\DR0 - ok
20:24:15.0743 5532  ================ Scan VBR ==================================
20:24:15.0758 5532  [ 327279E86BD2F42217C80F527FEBD2A1 ] \Device\Harddisk0\DR0\Partition1
20:24:15.0758 5532  \Device\Harddisk0\DR0\Partition1 - ok
20:24:15.0774 5532  [ 2262E39E4C8982B02FF665F7527E446F ] \Device\Harddisk0\DR0\Partition2
20:24:15.0774 5532  \Device\Harddisk0\DR0\Partition2 - ok
20:24:15.0789 5532  [ 36070A4E8B96A8A28591FE58A739DFC9 ] \Device\Harddisk0\DR0\Partition3
20:24:15.0789 5532  \Device\Harddisk0\DR0\Partition3 - ok
20:24:15.0789 5532  ============================================================
20:24:15.0789 5532  Scan finished
20:24:15.0789 5532  ============================================================
20:24:15.0805 4624  Detected object count: 0
20:24:15.0805 4624  Actual detected object count: 0

cosinus 25.10.2012 21:43
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Flusenkopf 25.10.2012 21:59
Okay, auch erledigt. Das Programm hat aber anfangs nicht gefragt, ob ich die Avast-Definitionen benutzen möchte. Daher habe ich einmal nen Quickscan und einmal mit der Voreinstellung (none) gescannt.

Log Quickscan:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-25 22:45:51
-----------------------------
22:45:51.569    OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:51.569    Number of processors: 4 586 0x2505
22:45:51.569    ComputerName: ** Benutzer **-PC  UserName: ** Benutzer **
22:45:52.053    Initialize success
22:45:52.880    AVAST engine defs: 12102501
22:46:42.753    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:46:42.768    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:46:42.768    Disk 0 MBR read successfully
22:46:42.784    Disk 0 MBR scan
22:46:42.784    Disk 0 Windows 7 default MBR code
22:46:42.784    Disk 0 Partition 1 00    83        Linux            20473 MB offset 63
22:46:42.815    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      233587 MB offset 41945088
22:46:42.846    Disk 0 Partition - 00    0F Extended LBA            206414 MB offset 520331264
22:46:42.878    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      149996 MB offset 943067136
22:46:42.909    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      206413 MB offset 520333312
22:46:42.956    Disk 0 scanning C:\Windows\system32\drivers
22:46:55.342    Service scanning
22:47:14.624    Modules scanning
22:47:15.139    Disk 0 trace - called modules:
22:47:15.185    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:47:15.185    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048d5060]
22:47:15.201    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004619050]
22:47:15.763    AVAST engine scan C:\Windows
22:47:17.369    AVAST engine scan C:\Windows\system32
22:49:30.640    AVAST engine scan C:\Windows\system32\drivers
22:49:41.124    AVAST engine scan C:\Users\** Benutzer **
22:51:06.269    AVAST engine scan C:\ProgramData
22:51:17.875    Scan finished successfully
22:52:37.436    Disk 0 MBR has been saved successfully to "C:\Users\** Benutzer **\Desktop\MBR.dat"
22:52:37.436    The log file has been saved successfully to "C:\Users\** Benutzer **\Desktop\aswMBR.txt"



Log (none):
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-25 22:52:49
-----------------------------
22:52:49.263    OS Version: Windows x64 6.1.7601 Service Pack 1
22:52:49.263    Number of processors: 4 586 0x2505
22:52:49.263    ComputerName: ** Benutzer **-PC  UserName: ** Benutzer **
22:52:49.824    Initialize success
22:52:49.871    AVAST engine defs: 12102501
22:52:53.459    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:52:53.459    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:52:53.475    Disk 0 MBR read successfully
22:52:53.475    Disk 0 MBR scan
22:52:53.490    Disk 0 Windows 7 default MBR code
22:52:53.490    Disk 0 Partition 1 00    83        Linux            20473 MB offset 63
22:52:53.506    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      233587 MB offset 41945088
22:52:53.506    Disk 0 Partition - 00    0F Extended LBA            206414 MB offset 520331264
22:52:53.537    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      149996 MB offset 943067136
22:52:53.584    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      206413 MB offset 520333312
22:52:53.584    Disk 0 scanning C:\Windows\system32\drivers
22:53:03.303    Service scanning
22:53:20.977    Modules scanning
22:53:21.492    Disk 0 trace - called modules:
22:53:21.523    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:53:21.523    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048d5060]
22:53:21.539    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004619050]
22:53:21.555    Scan finished successfully
22:57:37.083    Disk 0 MBR has been saved successfully to "C:\Users\** Benutzer **\Desktop\MBR.dat"
22:57:37.099    The log file has been saved successfully to "C:\Users\** Benutzer **\Desktop\aswMBR - none.txt"

cosinus 26.10.2012 11:18
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Flusenkopf 26.10.2012 14:04
Malwarebytes findet nichts.

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
** Benutzer ** :: ** Benutzer **-PC [Administrator]

26.10.2012 14:15:40
mbam-log-2012-10-26 (14-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325613
Laufzeit: 47 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 26.10.2012 14:20
Ok, warten wir noch auf das andere Tool. Erschreck dich nicht, denn sasw findet immer eine Menge tracking cookies;)

Flusenkopf 26.10.2012 14:23
Und Superantispyware auch nicht!

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/26/2012 at 03:17 PM

Application Version : 5.6.1012

Core Rules Database Version : 9476
Trace Rules Database Version: 7288

Scan type      : Complete Scan
Total Scan Time : 00:08:18

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 554
Memory threats detected  : 0
Registry items scanned    : 76325
Registry threats detected : 0
File items scanned        : 8886
File threats detected    : 0

cosinus 26.10.2012 14:36
Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

Bitte so wie es in der Anleitung steht auch ausführen!

Zitat:
Zitat von cosinus (Beitrag 324870)
Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

Flusenkopf 26.10.2012 14:48
So, jetzt hat ers mitbekommen.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/26/2012 at 04:00 PM

Application Version : 5.6.1012

Core Rules Database Version : 9476
Trace Rules Database Version: 7288

Scan type      : Quick Scan
Total Scan Time : 00:02:43

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 624
Memory threats detected  : 0
Registry items scanned    : 63960
Registry threats detected : 0
File items scanned        : 10502
File threats detected    : 0

cosinus 26.10.2012 15:03
:daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Flusenkopf 26.10.2012 15:04
Super! Vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen, vielen Dank! :dankeschoen:

cosinus 26.10.2012 15:16
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Scan machen, aber immer vorher ans Update denken.

Es empfiehlt sich auf jeden Fall nach der beseitigten Infektion auch möglichst alle Passwörter zu ändern.

Abschließend ein ganz wichtiger Punkt: Absicherung des Rechners, aktualisieren der Programme siehe http://www.trojaner-board.de/96344-a...tml#post627442


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:49 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130