| |
| |||||||
Log-Analyse und Auswertung: Computer mit TR/Ransom.EJ.3 infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.04.2012, 13:29
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Computer mit TR/Ransom.EJ.3 infiziertZitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2954311596-1565164629-2574654167-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-2954311596-1565164629-2574654167-1001\..\Toolbar\WebBrowser: (SearchElf 1.2 Toolbar) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - C:\Program Files\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\Shell - "" = AutoRun
O33 - MountPoints2\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.04.2012, 17:02
| #17 |
 | Computer mit TR/Ransom.EJ.3 infiziertCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ deleted successfully.
C:\Program Files\SearchElf_1.2\prxtbSea0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f4e6547e-325b-403c-a3bb-ad29ed37a92f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
File C:\Program Files\SearchElf_1.2\prxtbSea0.dll not found.
Registry value HKEY_USERS\S-1-5-21-2954311596-1565164629-2574654167-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2954311596-1565164629-2574654167-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4E6547E-325B-403C-A3BB-AD29ED37A92F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}\ not found.
File C:\Program Files\SearchElf_1.2\prxtbSea0.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c2dfa00-fb52-11dc-9606-00140b4345ce}\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 2793470 bytes
->Temporary Internet Files folder emptied: 133223120 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 759 bytes
User: ***
->Temp folder emptied: 8496530 bytes
->Temporary Internet Files folder emptied: 2482603 bytes
->Java cache emptied: 709206 bytes
->Flash cache emptied: 487 bytes
User: Future Pinball
User: ***
->Temp folder emptied: 864208545 bytes
->Temporary Internet Files folder emptied: 1671168 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1242976 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 968,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 0 bytes
User: ***
->Flash cache emptied: 0 bytes
User: Future Pinball
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_174642
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
05.04.2012, 18:12
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
06.04.2012, 11:46
| #19 |
| | Computer mit TR/Ransom.EJ.3 infiziertCode:
ATTFilter 12:30:22.0845 4808 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:30:23.0562 4808 ============================================================
12:30:23.0562 4808 Current date / time: 2012/04/06 12:30:23.0562
12:30:23.0562 4808 SystemInfo:
12:30:23.0562 4808
12:30:23.0562 4808 OS Version: 6.0.6002 ServicePack: 2.0
12:30:23.0562 4808 Product type: Workstation
12:30:23.0562 4808 ComputerName: ALLE-PC
12:30:23.0562 4808 UserName: ***
12:30:23.0562 4808 Windows directory: C:\Windows
12:30:23.0562 4808 System windows directory: C:\Windows
12:30:23.0562 4808 Processor architecture: Intel x86
12:30:23.0562 4808 Number of processors: 2
12:30:23.0562 4808 Page size: 0x1000
12:30:23.0562 4808 Boot type: Normal boot
12:30:23.0562 4808 ============================================================
12:30:24.0514 4808 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:30:24.0514 4808 \Device\Harddisk0\DR0:
12:30:24.0514 4808 MBR used
12:30:24.0514 4808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x12831000
12:30:24.0514 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13FA1800, BlocksNum 0x9223800
12:30:24.0685 4808 Initialize success
12:30:24.0685 4808 ============================================================
12:30:54.0856 5064 ============================================================
12:30:54.0856 5064 Scan started
12:30:54.0856 5064 Mode: Manual; SigCheck; TDLFS;
12:30:54.0856 5064 ============================================================
12:30:55.0417 5064 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:30:55.0620 5064 ACPI - ok
12:30:55.0776 5064 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:30:55.0823 5064 AdobeARMservice - ok
12:30:55.0995 5064 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:56.0026 5064 AdobeFlashPlayerUpdateSvc - ok
12:30:56.0416 5064 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:30:56.0494 5064 adp94xx - ok
12:30:56.0665 5064 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:30:56.0743 5064 adpahci - ok
12:30:56.0899 5064 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:30:56.0931 5064 adpu160m - ok
12:30:57.0133 5064 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:30:57.0165 5064 adpu320 - ok
12:30:57.0289 5064 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:30:57.0492 5064 AeLookupSvc - ok
12:30:57.0648 5064 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:30:57.0789 5064 AFD - ok
12:30:57.0945 5064 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
12:30:58.0007 5064 agp440 - ok
12:30:58.0163 5064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:30:58.0210 5064 aic78xx - ok
12:30:58.0335 5064 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:30:58.0444 5064 ALG - ok
12:30:58.0584 5064 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
12:30:58.0600 5064 aliide - ok
12:30:58.0647 5064 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
12:30:58.0693 5064 amdagp - ok
12:30:58.0803 5064 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
12:30:58.0834 5064 amdide - ok
12:30:58.0881 5064 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:30:58.0974 5064 AmdK7 - ok
12:30:59.0068 5064 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:30:59.0208 5064 AmdK8 - ok
12:30:59.0317 5064 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:30:59.0364 5064 AntiVirSchedulerService - ok
12:30:59.0395 5064 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:30:59.0427 5064 AntiVirService - ok
12:30:59.0614 5064 ApfiltrService (703ef49130f2466887a911be2bb87998) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:30:59.0692 5064 ApfiltrService - ok
12:30:59.0848 5064 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:30:59.0926 5064 Appinfo - ok
12:31:00.0051 5064 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:31:00.0066 5064 Apple Mobile Device - ok
12:31:00.0378 5064 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:31:00.0425 5064 arc - ok
12:31:00.0519 5064 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:31:00.0550 5064 arcsas - ok
12:31:00.0612 5064 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:00.0690 5064 AsyncMac - ok
12:31:00.0737 5064 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:31:00.0768 5064 atapi - ok
12:31:00.0877 5064 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
12:31:01.0049 5064 athr - ok
12:31:01.0111 5064 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:31:01.0205 5064 AudioEndpointBuilder - ok
12:31:01.0221 5064 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:31:01.0252 5064 Audiosrv - ok
12:31:01.0299 5064 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:31:01.0377 5064 avgntflt - ok
12:31:01.0439 5064 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
12:31:01.0470 5064 avipbb - ok
12:31:01.0501 5064 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:31:01.0517 5064 avkmgr - ok
12:31:01.0564 5064 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:31:01.0626 5064 Beep - ok
12:31:01.0720 5064 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:31:01.0813 5064 BFE - ok
12:31:01.0907 5064 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:31:02.0016 5064 BITS - ok
12:31:02.0047 5064 blbdrive - ok
12:31:02.0219 5064 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:31:02.0297 5064 Bonjour Service - ok
12:31:02.0375 5064 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:31:02.0500 5064 bowser - ok
12:31:02.0531 5064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:31:02.0578 5064 BrFiltLo - ok
12:31:02.0609 5064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:31:02.0687 5064 BrFiltUp - ok
12:31:02.0734 5064 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:31:02.0843 5064 Browser - ok
12:31:02.0905 5064 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:31:03.0015 5064 Brserid - ok
12:31:03.0061 5064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:31:03.0155 5064 BrSerWdm - ok
12:31:03.0202 5064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:31:03.0280 5064 BrUsbMdm - ok
12:31:03.0358 5064 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:31:03.0451 5064 BrUsbSer - ok
12:31:03.0561 5064 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:31:03.0623 5064 BthEnum - ok
12:31:03.0670 5064 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:31:03.0779 5064 BTHMODEM - ok
12:31:03.0841 5064 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:31:03.0919 5064 BthPan - ok
12:31:04.0044 5064 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
12:31:04.0091 5064 BTHPORT - ok
12:31:04.0153 5064 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
12:31:04.0341 5064 BthServ - ok
12:31:04.0465 5064 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
12:31:04.0543 5064 BTHUSB - ok
12:31:04.0668 5064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
12:31:04.0715 5064 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:31:04.0715 5064 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:31:04.0809 5064 Cam5603D (eb5121a90c1e6859ed0ba2f60b8993bb) C:\Windows\system32\Drivers\BisonCam.sys
12:31:04.0871 5064 Cam5603D - ok
12:31:04.0918 5064 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:04.0980 5064 cdfs - ok
12:31:05.0027 5064 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:05.0105 5064 cdrom - ok
12:31:05.0152 5064 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:31:05.0245 5064 CertPropSvc - ok
12:31:05.0308 5064 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
12:31:05.0370 5064 circlass - ok
12:31:05.0433 5064 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:31:05.0448 5064 CLFS - ok
12:31:05.0511 5064 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:05.0557 5064 clr_optimization_v2.0.50727_32 - ok
12:31:05.0667 5064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:05.0682 5064 clr_optimization_v4.0.30319_32 - ok
12:31:05.0745 5064 CLTNetCnService - ok
12:31:06.0088 5064 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:06.0150 5064 CmBatt - ok
12:31:06.0213 5064 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
12:31:06.0244 5064 cmdide - ok
12:31:06.0322 5064 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:31:06.0337 5064 Compbatt - ok
12:31:06.0337 5064 COMSysApp - ok
12:31:06.0400 5064 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:31:06.0431 5064 crcdisk - ok
12:31:06.0493 5064 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:31:06.0603 5064 Crusoe - ok
12:31:06.0774 5064 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
12:31:06.0821 5064 CryptSvc - ok
12:31:06.0852 5064 DCamUSBSTK02H - ok
12:31:06.0930 5064 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:31:07.0008 5064 DcomLaunch - ok
12:31:07.0039 5064 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:31:07.0102 5064 DfsC - ok
12:31:07.0336 5064 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:31:07.0570 5064 DFSR - ok
12:31:07.0788 5064 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:31:07.0897 5064 Dhcp - ok
12:31:07.0944 5064 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:31:07.0960 5064 disk - ok
12:31:07.0991 5064 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:31:08.0053 5064 Dnscache - ok
12:31:08.0116 5064 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:31:08.0178 5064 dot3svc - ok
12:31:08.0225 5064 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:31:08.0287 5064 DPS - ok
12:31:08.0365 5064 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:31:08.0490 5064 drmkaud - ok
12:31:08.0568 5064 DslMNLwf (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys
12:31:08.0584 5064 DslMNLwf - ok
12:31:08.0615 5064 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
12:31:08.0646 5064 dsltestSp5 - ok
12:31:08.0693 5064 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:08.0787 5064 DXGKrnl - ok
12:31:08.0833 5064 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:31:08.0927 5064 E1G60 - ok
12:31:09.0021 5064 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:31:09.0099 5064 EapHost - ok
12:31:09.0161 5064 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:31:09.0192 5064 Ecache - ok
12:31:09.0270 5064 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:31:09.0317 5064 ehRecvr - ok
12:31:09.0348 5064 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:31:09.0457 5064 ehSched - ok
12:31:09.0489 5064 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:31:09.0520 5064 ehstart - ok
12:31:09.0629 5064 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:31:09.0723 5064 elxstor - ok
12:31:09.0785 5064 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:31:09.0910 5064 EMDMgmt - ok
12:31:09.0988 5064 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:31:10.0035 5064 EventSystem - ok
12:31:10.0066 5064 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:31:10.0159 5064 exfat - ok
12:31:10.0191 5064 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:31:10.0237 5064 fastfat - ok
12:31:10.0315 5064 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:31:10.0409 5064 fdc - ok
12:31:10.0456 5064 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:31:10.0487 5064 fdPHost - ok
12:31:10.0518 5064 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:31:10.0627 5064 FDResPub - ok
12:31:10.0877 5064 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:31:10.0924 5064 FileInfo - ok
12:31:11.0345 5064 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:31:11.0407 5064 Filetrace - ok
12:31:11.0501 5064 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:11.0595 5064 flpydisk - ok
12:31:11.0641 5064 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:31:11.0673 5064 FltMgr - ok
12:31:11.0735 5064 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:31:11.0860 5064 FontCache - ok
12:31:12.0031 5064 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:31:12.0094 5064 FontCache3.0.0.0 - ok
12:31:12.0187 5064 FSCLBaseUpdaterService (6a4125edbe6d5907d4b1e4514f1f5675) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
12:31:12.0234 5064 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
12:31:12.0234 5064 FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
12:31:12.0453 5064 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:12.0499 5064 Fs_Rec - ok
12:31:12.0546 5064 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:31:12.0562 5064 gagp30kx - ok
12:31:12.0687 5064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:31:12.0765 5064 GEARAspiWDM - ok
12:31:12.0827 5064 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:31:12.0921 5064 gpsvc - ok
12:31:12.0999 5064 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:31:13.0123 5064 HdAudAddService - ok
12:31:13.0295 5064 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:13.0451 5064 HDAudBus - ok
12:31:13.0513 5064 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:31:13.0669 5064 HidBth - ok
12:31:13.0732 5064 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
12:31:13.0794 5064 HidIr - ok
12:31:13.0841 5064 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:31:13.0872 5064 hidserv - ok
12:31:13.0935 5064 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:13.0981 5064 HidUsb - ok
12:31:14.0059 5064 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:31:14.0137 5064 hkmsvc - ok
12:31:14.0200 5064 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:31:14.0215 5064 HpCISSs - ok
12:31:14.0309 5064 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:31:14.0356 5064 HSFHWAZL - ok
12:31:14.0434 5064 HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
12:31:14.0496 5064 HsfXAudioService - ok
12:31:14.0590 5064 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:31:14.0683 5064 HSF_DPV - ok
12:31:14.0699 5064 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:31:14.0746 5064 HSXHWAZL - ok
12:31:14.0793 5064 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:31:14.0902 5064 HTTP - ok
12:31:14.0980 5064 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:31:15.0011 5064 i2omp - ok
12:31:15.0073 5064 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:15.0136 5064 i8042prt - ok
12:31:15.0183 5064 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
12:31:15.0229 5064 iaStor - ok
12:31:15.0276 5064 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:31:15.0307 5064 iaStorV - ok
12:31:15.0495 5064 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:31:15.0557 5064 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:31:15.0557 5064 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:31:15.0635 5064 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:31:15.0760 5064 idsvc - ok
12:31:15.0885 5064 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:31:15.0900 5064 iirsp - ok
12:31:15.0963 5064 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:31:16.0025 5064 IKEEXT - ok
12:31:16.0197 5064 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys
12:31:16.0337 5064 IntcAzAudAddService - ok
12:31:16.0399 5064 intelide (4a6b4c4fab7716c869fa9d19ac8ca5a5) C:\Windows\system32\drivers\intelide.sys
12:31:16.0415 5064 intelide - ok
12:31:16.0462 5064 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:16.0540 5064 intelppm - ok
12:31:16.0602 5064 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:31:16.0649 5064 IPBusEnum - ok
12:31:16.0680 5064 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:16.0743 5064 IpFilterDriver - ok
12:31:16.0836 5064 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:31:16.0899 5064 iphlpsvc - ok
12:31:16.0914 5064 IpInIp - ok
12:31:16.0961 5064 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:31:17.0039 5064 IPMIDRV - ok
12:31:17.0086 5064 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:31:17.0164 5064 IPNAT - ok
12:31:17.0242 5064 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:31:17.0335 5064 iPod Service - ok
12:31:17.0585 5064 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:31:17.0710 5064 IRENUM - ok
12:31:17.0788 5064 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
12:31:17.0850 5064 isapnp - ok
12:31:17.0928 5064 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:31:17.0991 5064 iScsiPrt - ok
12:31:18.0069 5064 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:31:18.0100 5064 iteatapi - ok
12:31:18.0131 5064 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:31:18.0147 5064 iteraid - ok
12:31:18.0271 5064 IviRegMgr (213822072085b5bbad9af30ab577d817) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:31:18.0303 5064 IviRegMgr - ok
12:31:18.0334 5064 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
12:31:18.0396 5064 JRAID - ok
12:31:18.0443 5064 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:18.0459 5064 kbdclass - ok
12:31:18.0505 5064 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:18.0568 5064 kbdhid - ok
12:31:18.0615 5064 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:18.0677 5064 KeyIso - ok
12:31:18.0755 5064 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:31:18.0786 5064 KMWDFILTER ( UnsignedFile.Multi.Generic ) - warning
12:31:18.0786 5064 KMWDFILTER - detected UnsignedFile.Multi.Generic (1)
12:31:18.0849 5064 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:31:18.0973 5064 KSecDD - ok
12:31:19.0036 5064 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:31:19.0114 5064 KtmRm - ok
12:31:19.0161 5064 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:31:19.0192 5064 LanmanServer - ok
12:31:19.0239 5064 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:31:19.0301 5064 LanmanWorkstation - ok
12:31:19.0379 5064 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:19.0441 5064 lltdio - ok
12:31:19.0488 5064 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:31:19.0551 5064 lltdsvc - ok
12:31:19.0582 5064 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:31:19.0675 5064 lmhosts - ok
12:31:19.0738 5064 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:31:19.0753 5064 LSI_FC - ok
12:31:19.0785 5064 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:31:19.0800 5064 LSI_SAS - ok
12:31:19.0831 5064 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:19.0863 5064 LSI_SCSI - ok
12:31:19.0894 5064 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:31:19.0987 5064 luafv - ok
12:31:19.0987 5064 lxbs_device - ok
12:31:20.0034 5064 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:31:20.0097 5064 Mcx2Svc - ok
12:31:20.0268 5064 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
12:31:20.0331 5064 MDM - ok
12:31:20.0377 5064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:31:20.0424 5064 mdmxsdk - ok
12:31:20.0487 5064 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:31:20.0502 5064 megasas - ok
12:31:20.0549 5064 MEMSWEEP2 - ok
12:31:20.0580 5064 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:31:20.0627 5064 MMCSS - ok
12:31:20.0658 5064 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:31:20.0721 5064 Modem - ok
12:31:20.0767 5064 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:31:20.0799 5064 monitor - ok
12:31:20.0845 5064 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:20.0861 5064 mouclass - ok
12:31:20.0908 5064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:20.0939 5064 mouhid - ok
12:31:20.0986 5064 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:31:21.0001 5064 MountMgr - ok
12:31:21.0048 5064 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:31:21.0079 5064 mpio - ok
12:31:21.0126 5064 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:31:21.0157 5064 mpsdrv - ok
12:31:21.0251 5064 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:31:21.0329 5064 MpsSvc - ok
12:31:21.0391 5064 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:31:21.0407 5064 Mraid35x - ok
12:31:21.0454 5064 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:31:21.0516 5064 MRxDAV - ok
12:31:21.0547 5064 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:21.0563 5064 mrxsmb - ok
12:31:21.0625 5064 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:21.0672 5064 mrxsmb10 - ok
12:31:21.0719 5064 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:21.0781 5064 mrxsmb20 - ok
12:31:21.0859 5064 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
12:31:21.0922 5064 msahci - ok
12:31:22.0000 5064 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:31:22.0015 5064 msdsm - ok
12:31:22.0109 5064 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:31:22.0171 5064 MSDTC - ok
12:31:22.0218 5064 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:31:22.0281 5064 Msfs - ok
12:31:22.0343 5064 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:31:22.0359 5064 msisadrv - ok
12:31:22.0390 5064 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:31:22.0468 5064 MSiSCSI - ok
12:31:22.0468 5064 msiserver - ok
12:31:22.0515 5064 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:22.0561 5064 MSKSSRV - ok
12:31:22.0608 5064 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:22.0655 5064 MSPCLOCK - ok
12:31:22.0702 5064 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:31:22.0733 5064 MSPQM - ok
12:31:22.0780 5064 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:31:22.0795 5064 MsRPC - ok
12:31:22.0858 5064 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:22.0873 5064 mssmbios - ok
12:31:22.0936 5064 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:31:22.0967 5064 MSTEE - ok
12:31:23.0014 5064 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:31:23.0029 5064 Mup - ok
12:31:23.0092 5064 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:31:23.0139 5064 napagent - ok
12:31:23.0185 5064 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:23.0217 5064 NativeWifiP - ok
12:31:23.0326 5064 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:31:23.0404 5064 NBService - ok
12:31:23.0513 5064 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:31:23.0653 5064 NDIS - ok
12:31:23.0747 5064 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:23.0809 5064 NdisTapi - ok
12:31:23.0841 5064 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:23.0887 5064 Ndisuio - ok
12:31:23.0934 5064 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:23.0997 5064 NdisWan - ok
12:31:24.0028 5064 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:31:24.0090 5064 NDProxy - ok
12:31:24.0137 5064 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:31:24.0184 5064 NetBIOS - ok
12:31:24.0246 5064 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:31:24.0309 5064 netbt - ok
12:31:24.0355 5064 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:24.0371 5064 Netlogon - ok
12:31:24.0433 5064 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:31:24.0558 5064 Netman - ok
12:31:24.0605 5064 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:31:24.0667 5064 netprofm - ok
12:31:24.0714 5064 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:24.0745 5064 NetTcpPortSharing - ok
12:31:24.0792 5064 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:31:24.0808 5064 nfrd960 - ok
12:31:24.0870 5064 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:31:24.0917 5064 NlaSvc - ok
12:31:25.0042 5064 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:31:25.0073 5064 NMIndexingService - ok
12:31:25.0167 5064 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:31:25.0213 5064 Npfs - ok
12:31:25.0276 5064 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:31:25.0338 5064 nsi - ok
12:31:25.0385 5064 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:31:25.0416 5064 nsiproxy - ok
12:31:25.0479 5064 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:31:25.0619 5064 Ntfs - ok
12:31:25.0697 5064 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:31:25.0759 5064 ntrigdigi - ok
12:31:25.0806 5064 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:31:25.0869 5064 Null - ok
12:31:25.0947 5064 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
12:31:26.0071 5064 NVENETFD - ok
12:31:26.0493 5064 nvlddmkm (118a7a2231c33a2c92758ba324a711cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:31:27.0288 5064 nvlddmkm - ok
12:31:27.0398 5064 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:31:27.0430 5064 nvraid - ok
12:31:27.0523 5064 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
12:31:27.0539 5064 nvrd32 - ok
12:31:27.0586 5064 nvsmu (adfdd343b1d3a9e061f17c730f1e83dc) C:\Windows\system32\DRIVERS\nvsmu.sys
12:31:27.0632 5064 nvsmu - ok
12:31:27.0679 5064 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:31:27.0695 5064 nvstor - ok
12:31:27.0742 5064 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
12:31:27.0757 5064 nvstor32 - ok
12:31:27.0882 5064 nvsvc (33526b0de74fa58621d4dfefb63b50b6) C:\Windows\system32\nvvsvc.exe
12:31:27.0898 5064 nvsvc - ok
12:31:27.0976 5064 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
12:31:28.0007 5064 nv_agp - ok
12:31:28.0022 5064 NwlnkFlt - ok
12:31:28.0038 5064 NwlnkFwd - ok
12:31:28.0100 5064 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:31:28.0163 5064 ohci1394 - ok
12:31:28.0225 5064 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:28.0319 5064 p2pimsvc - ok
12:31:28.0350 5064 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:28.0412 5064 p2psvc - ok
12:31:28.0476 5064 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:31:28.0569 5064 Parport - ok
12:31:28.0616 5064 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:31:28.0632 5064 partmgr - ok
12:31:28.0663 5064 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:31:28.0741 5064 Parvdm - ok
12:31:28.0788 5064 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:31:28.0835 5064 PcaSvc - ok
12:31:28.0897 5064 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:31:28.0913 5064 pci - ok
12:31:28.0975 5064 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:31:28.0991 5064 pciide - ok
12:31:29.0037 5064 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:31:29.0069 5064 pcmcia - ok
12:31:29.0115 5064 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:31:29.0303 5064 PEAUTH - ok
12:31:29.0412 5064 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:31:29.0600 5064 pla - ok
12:31:29.0647 5064 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
12:31:29.0662 5064 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:31:29.0662 5064 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:31:29.0725 5064 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:31:29.0803 5064 PlugPlay - ok
12:31:29.0865 5064 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:29.0912 5064 PNRPAutoReg - ok
12:31:29.0959 5064 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:30.0037 5064 PNRPsvc - ok
12:31:30.0084 5064 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:31:30.0177 5064 PolicyAgent - ok
12:31:30.0208 5064 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:30.0271 5064 PptpMiniport - ok
12:31:30.0318 5064 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:31:30.0380 5064 Processor - ok
12:31:30.0474 5064 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:31:30.0520 5064 ProfSvc - ok
12:31:30.0567 5064 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:30.0598 5064 ProtectedStorage - ok
12:31:30.0661 5064 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:31:30.0754 5064 PSched - ok
12:31:30.0848 5064 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:31:30.0957 5064 ql2300 - ok
12:31:30.0988 5064 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:31:31.0020 5064 ql40xx - ok
12:31:31.0082 5064 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:31:31.0129 5064 QWAVE - ok
12:31:31.0160 5064 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:31:31.0191 5064 QWAVEdrv - ok
12:31:31.0238 5064 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:31.0300 5064 RasAcd - ok
12:31:31.0332 5064 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:31:31.0410 5064 RasAuto - ok
12:31:31.0472 5064 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:31.0519 5064 Rasl2tp - ok
12:31:31.0566 5064 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:31:31.0612 5064 RasMan - ok
12:31:31.0644 5064 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:31.0675 5064 RasPppoe - ok
12:31:31.0706 5064 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:31.0737 5064 RasSstp - ok
12:31:31.0784 5064 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:31.0831 5064 rdbss - ok
12:31:31.0878 5064 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:31.0924 5064 RDPCDD - ok
12:31:31.0987 5064 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
12:31:32.0018 5064 rdpdr - ok
12:31:32.0034 5064 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:31:32.0080 5064 RDPENCDD - ok
12:31:32.0127 5064 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
12:31:32.0190 5064 RDPWD - ok
12:31:32.0236 5064 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:31:32.0268 5064 RemoteAccess - ok
12:31:32.0330 5064 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:31:32.0361 5064 RemoteRegistry - ok
12:31:32.0424 5064 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:31:32.0502 5064 RFCOMM - ok
12:31:32.0595 5064 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:31:32.0673 5064 RichVideo - ok
12:31:32.0751 5064 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:31:32.0782 5064 RpcLocator - ok
12:31:32.0892 5064 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:31:32.0954 5064 RpcSs - ok
12:31:33.0001 5064 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:33.0063 5064 rspndr - ok
12:31:33.0094 5064 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:33.0110 5064 SamSs - ok
12:31:33.0188 5064 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:31:33.0219 5064 sbp2port - ok
12:31:33.0266 5064 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:31:33.0297 5064 SCardSvr - ok
12:31:33.0360 5064 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:31:33.0531 5064 Schedule - ok
12:31:33.0562 5064 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:31:33.0578 5064 SCPolicySvc - ok
12:31:33.0625 5064 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:31:33.0703 5064 SDRSVC - ok
12:31:33.0750 5064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:31:33.0843 5064 secdrv - ok
12:31:33.0874 5064 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:31:33.0952 5064 seclogon - ok
12:31:33.0999 5064 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:31:34.0077 5064 SENS - ok
12:31:34.0140 5064 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:31:34.0218 5064 Serenum - ok
12:31:34.0249 5064 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:31:34.0358 5064 Serial - ok
12:31:34.0389 5064 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:31:34.0420 5064 sermouse - ok
12:31:34.0483 5064 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:31:34.0530 5064 SessionEnv - ok
12:31:34.0576 5064 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
12:31:34.0639 5064 sffdisk - ok
12:31:34.0686 5064 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
12:31:34.0717 5064 sffp_mmc - ok
12:31:34.0764 5064 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
12:31:34.0826 5064 sffp_sd - ok
12:31:34.0904 5064 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:31:34.0998 5064 sfloppy - ok
12:31:36.0121 5064 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:31:36.0214 5064 SharedAccess - ok
12:31:36.0292 5064 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:31:36.0370 5064 ShellHWDetection - ok
12:31:36.0402 5064 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
12:31:36.0433 5064 sisagp - ok
12:31:36.0495 5064 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:31:36.0511 5064 SiSRaid2 - ok
12:31:36.0558 5064 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:31:36.0573 5064 SiSRaid4 - ok
12:31:36.0620 5064 slabbus (00746035c28e913fb14bc0c94205c863) C:\Windows\system32\DRIVERS\slabbus.sys
12:31:36.0682 5064 slabbus - ok
12:31:36.0729 5064 slabser (c471a21df9a26deb2ff5e8eccb4db622) C:\Windows\system32\DRIVERS\slabser.sys
12:31:36.0807 5064 slabser - ok
12:31:36.0963 5064 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:31:37.0228 5064 slsvc - ok
12:31:37.0260 5064 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:31:37.0322 5064 SLUINotify - ok
12:31:37.0369 5064 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:31:37.0400 5064 Smb - ok
12:31:37.0462 5064 smscirrx (ebff8386c79c33c64cc560c8c03fb707) C:\Windows\system32\DRIVERS\smscirrx.sys
12:31:37.0509 5064 smscirrx - ok
12:31:37.0572 5064 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:31:37.0618 5064 SNMPTRAP - ok
12:31:37.0665 5064 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:31:37.0681 5064 spldr - ok
12:31:37.0743 5064 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:31:37.0821 5064 Spooler - ok
12:31:37.0915 5064 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
12:31:38.0118 5064 sptd - ok
12:31:38.0289 5064 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:31:38.0383 5064 srv - ok
12:31:38.0445 5064 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:31:38.0554 5064 srv2 - ok
12:31:38.0757 5064 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:38.0820 5064 srvnet - ok
12:31:39.0100 5064 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:31:39.0210 5064 SSDPSRV - ok
12:31:39.0303 5064 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:31:39.0319 5064 ssmdrv - ok
12:31:39.0366 5064 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:31:39.0397 5064 SstpSvc - ok
12:31:39.0568 5064 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:31:39.0646 5064 stisvc - ok
12:31:39.0787 5064 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:31:39.0834 5064 swenum - ok
12:31:40.0005 5064 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:31:40.0114 5064 swprv - ok
12:31:40.0161 5064 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:31:40.0177 5064 Symc8xx - ok
12:31:40.0224 5064 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:31:40.0239 5064 Sym_hi - ok
12:31:40.0364 5064 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:31:40.0380 5064 Sym_u3 - ok
12:31:40.0582 5064 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:31:40.0707 5064 SysMain - ok
12:31:40.0770 5064 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:31:40.0801 5064 TabletInputService - ok
12:31:40.0926 5064 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:31:40.0972 5064 TapiSrv - ok
12:31:41.0019 5064 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:31:41.0082 5064 TBS - ok
12:31:41.0160 5064 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:31:41.0316 5064 Tcpip - ok
12:31:41.0425 5064 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:41.0487 5064 Tcpip6 - ok
12:31:41.0565 5064 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:31:41.0612 5064 tcpipreg - ok
12:31:41.0659 5064 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:31:41.0721 5064 TDPIPE - ok
12:31:41.0799 5064 TDslMgrService (1226a953d4fdbdfd570da5cee66eaa55) C:\Program Files\DSL-Manager\DslMgrSvc.exe
12:31:41.0862 5064 TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
12:31:41.0862 5064 TDslMgrService - detected UnsignedFile.Multi.Generic (1)
12:31:41.0940 5064 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:31:41.0986 5064 TDTCP - ok
12:31:42.0174 5064 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:31:42.0267 5064 tdx - ok
12:31:42.0314 5064 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:31:42.0345 5064 TermDD - ok
12:31:42.0486 5064 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:31:42.0564 5064 TermService - ok
12:31:42.0798 5064 TestHandler (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
12:31:42.0860 5064 TestHandler ( UnsignedFile.Multi.Generic ) - warning
12:31:42.0860 5064 TestHandler - detected UnsignedFile.Multi.Generic (1)
12:31:43.0359 5064 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:31:43.0406 5064 Themes - ok
12:31:43.0562 5064 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:31:43.0640 5064 THREADORDER - ok
12:31:43.0718 5064 TridVid (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys
12:31:43.0765 5064 TridVid ( UnsignedFile.Multi.Generic ) - warning
12:31:43.0765 5064 TridVid - detected UnsignedFile.Multi.Generic (1)
12:31:43.0812 5064 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:31:43.0905 5064 TrkWks - ok
12:31:43.0968 5064 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:31:44.0030 5064 TrustedInstaller - ok
12:31:44.0420 5064 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:44.0514 5064 tssecsrv - ok
12:31:44.0732 5064 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:31:44.0779 5064 tunmp - ok
12:31:44.0857 5064 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:44.0904 5064 tunnel - ok
12:31:44.0950 5064 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:31:44.0982 5064 uagp35 - ok
12:31:45.0044 5064 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:31:45.0106 5064 udfs - ok
12:31:45.0169 5064 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:31:45.0216 5064 UI0Detect - ok
12:31:45.0262 5064 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
12:31:45.0278 5064 uliagpkx - ok
12:31:45.0340 5064 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:31:45.0372 5064 uliahci - ok
12:31:45.0403 5064 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:31:45.0434 5064 UlSata - ok
12:31:45.0465 5064 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:31:45.0512 5064 ulsata2 - ok
12:31:45.0559 5064 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:31:45.0590 5064 umbus - ok
12:31:45.0715 5064 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:31:45.0762 5064 upnphost - ok
12:31:45.0855 5064 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:31:45.0933 5064 usbaudio - ok
12:31:45.0996 5064 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:46.0042 5064 usbccgp - ok
12:31:46.0105 5064 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:31:46.0183 5064 usbcir - ok
12:31:46.0276 5064 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:46.0308 5064 usbehci - ok
12:31:46.0370 5064 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:46.0401 5064 usbhub - ok
12:31:46.0479 5064 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:31:46.0542 5064 usbohci - ok
12:31:46.0588 5064 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:31:46.0682 5064 usbprint - ok
12:31:46.0744 5064 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:31:46.0822 5064 usbscan - ok
12:31:46.0854 5064 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:46.0885 5064 USBSTOR - ok
12:31:46.0932 5064 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:31:47.0010 5064 usbuhci - ok
12:31:47.0056 5064 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:31:47.0088 5064 UxSms - ok
12:31:47.0134 5064 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:31:47.0212 5064 vds - ok
12:31:47.0275 5064 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:47.0353 5064 vga - ok
12:31:47.0431 5064 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:31:47.0478 5064 VgaSave - ok
12:31:47.0540 5064 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
12:31:47.0571 5064 viaagp - ok
12:31:47.0634 5064 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:31:47.0727 5064 ViaC7 - ok
12:31:47.0790 5064 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
12:31:47.0805 5064 viaide - ok
12:31:47.0883 5064 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
12:31:47.0930 5064 viamraid - ok
12:31:47.0977 5064 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:31:48.0008 5064 volmgr - ok
12:31:48.0055 5064 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:31:48.0086 5064 volmgrx - ok
12:31:48.0133 5064 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:31:48.0180 5064 volsnap - ok
12:31:48.0226 5064 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:31:48.0242 5064 vsmraid - ok
12:31:48.0414 5064 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:31:48.0601 5064 VSS - ok
12:31:48.0757 5064 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:31:48.0819 5064 W32Time - ok
12:31:48.0866 5064 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:31:48.0944 5064 WacomPen - ok
12:31:48.0991 5064 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:49.0053 5064 Wanarp - ok
12:31:49.0069 5064 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:49.0084 5064 Wanarpv6 - ok
12:31:49.0178 5064 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:31:49.0225 5064 wcncsvc - ok
12:31:49.0287 5064 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:31:49.0334 5064 WcsPlugInService - ok
12:31:49.0396 5064 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:31:49.0428 5064 Wd - ok
12:31:49.0568 5064 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:31:49.0630 5064 Wdf01000 - ok
12:31:49.0662 5064 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:31:49.0708 5064 WdiServiceHost - ok
12:31:49.0708 5064 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:31:49.0755 5064 WdiSystemHost - ok
12:31:49.0833 5064 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:31:49.0880 5064 WebClient - ok
12:31:49.0942 5064 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:31:50.0036 5064 Wecsvc - ok
12:31:50.0067 5064 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:31:50.0114 5064 wercplsupport - ok
12:31:50.0176 5064 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:31:50.0239 5064 WerSvc - ok
12:31:50.0332 5064 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:31:50.0410 5064 winachsf - ok
12:31:50.0566 5064 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:31:50.0644 5064 WinDefend - ok
12:31:50.0676 5064 WinHttpAutoProxySvc - ok
12:31:51.0190 5064 WINIO (819c68ff6c4c63886d636ffb2dabf5ef) C:\Windows\system32\WinIo.sys
12:31:51.0253 5064 WINIO ( UnsignedFile.Multi.Generic ) - warning
12:31:51.0253 5064 WINIO - detected UnsignedFile.Multi.Generic (1)
12:31:51.0346 5064 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:31:51.0424 5064 Winmgmt - ok
12:31:51.0518 5064 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:31:51.0705 5064 WinRM - ok
12:31:51.0814 5064 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:31:51.0924 5064 Wlansvc - ok
12:31:52.0017 5064 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
12:31:52.0048 5064 WmiAcpi - ok
12:31:52.0173 5064 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:31:52.0220 5064 wmiApSrv - ok
12:31:52.0407 5064 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:31:52.0579 5064 WMPNetworkSvc - ok
12:31:52.0828 5064 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:31:52.0938 5064 WPCSvc - ok
12:31:53.0016 5064 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:31:53.0078 5064 WPDBusEnum - ok
12:31:53.0203 5064 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:31:53.0265 5064 WPFFontCache_v0400 - ok
12:31:53.0343 5064 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:53.0406 5064 ws2ifsl - ok
12:31:53.0499 5064 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:31:53.0546 5064 wscsvc - ok
12:31:53.0640 5064 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:31:53.0702 5064 WSDPrintDevice - ok
12:31:53.0764 5064 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
12:31:53.0796 5064 WSDScan - ok
12:31:53.0811 5064 WSearch - ok
12:31:53.0936 5064 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
12:31:54.0154 5064 wuauserv - ok
12:31:54.0217 5064 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:54.0279 5064 WUDFRd - ok
12:31:54.0373 5064 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:31:54.0466 5064 wudfsvc - ok
12:31:54.0513 5064 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
12:31:54.0529 5064 XAudio - ok
12:31:54.0576 5064 XAudioService (ab0f15e3fb2b5920963789d77397776b) C:\Windows\system32\DRIVERS\xaudio.exe
12:31:54.0654 5064 XAudioService - ok
12:31:54.0685 5064 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:31:54.0903 5064 \Device\Harddisk0\DR0 - ok
12:31:54.0919 5064 Boot (0x1200) (ccc8f5dd6cdf0097e7612a8d142b1c38) \Device\Harddisk0\DR0\Partition0
12:31:54.0919 5064 \Device\Harddisk0\DR0\Partition0 - ok
12:31:54.0966 5064 Boot (0x1200) (f91ed479a06f947b5edee61ca6ed8286) \Device\Harddisk0\DR0\Partition1
12:31:54.0966 5064 \Device\Harddisk0\DR0\Partition1 - ok
12:31:54.0966 5064 ============================================================
12:31:54.0966 5064 Scan finished
12:31:54.0966 5064 ============================================================
12:31:55.0012 5056 Detected object count: 9
12:31:55.0012 5056 Actual detected object count: 9
12:34:17.0222 5056 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0222 5056 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0222 5056 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0222 5056 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0222 5056 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0222 5056 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0222 5056 KMWDFILTER ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0222 5056 KMWDFILTER ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0238 5056 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0238 5056 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0238 5056 TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0238 5056 TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0238 5056 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0238 5056 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0238 5056 TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0238 5056 TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:17.0238 5056 WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:17.0238 5056 WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.04.2012, 14:50
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 16:36
| #21 |
| | Computer mit TR/Ransom.EJ.3 infiziertCode:
ATTFilter ComboFix 12-04-06.02 - *** 06.04.2012 16:14:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1302 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\scan\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\driver\TOUCHPAD\ALPS\_desktop.ini
c:\driver\TOUCHPAD\ALPS\Eula\_desktop.ini
c:\users\Future Pinball\Newton.dll
c:\windows\IsUn0407.exe
c:\windows\system\BisonCam.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-06 bis 2012-04-06 ))))))))))))))))))))))))))))))
.
.
2012-04-06 14:43 . 2012-04-06 14:43 -------- d-----w- c:\users\***\AppData\Local\temp
2012-04-05 15:46 . 2012-04-05 15:46 -------- d-----w- C:\_OTL
2012-04-05 06:45 . 2012-04-05 06:45 -------- d-----w- c:\users\***\AppData\Roaming\DivX
2012-04-03 10:44 . 2012-04-03 10:44 -------- d-----w- c:\program files\ESET
2012-04-02 16:18 . 2012-04-02 16:18 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2012-04-02 09:09 . 2012-04-02 09:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 08:23 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 07:23 . 2012-04-02 07:23 -------- d-----w- c:\program files\Microsoft WSE
2012-04-02 07:21 . 2012-04-02 07:21 -------- d-----w- c:\users\***\AppData\Local\PackageAware
2012-04-02 06:53 . 2012-04-02 06:53 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2012-04-02 06:50 . 2011-09-16 14:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-02 06:50 . 2012-01-31 06:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-02 06:50 . 2012-01-31 06:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-02 06:50 . 2012-04-02 06:50 -------- d-----w- c:\programdata\Avira
2012-04-02 06:50 . 2012-04-02 06:50 -------- d-----w- c:\program files\Avira
2012-04-01 19:21 . 2012-04-01 19:21 -------- d-----w- c:\program files\iPod
2012-04-01 19:21 . 2012-04-01 19:22 -------- d-----w- c:\program files\iTunes
2012-04-01 18:34 . 2012-04-01 18:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-01 18:10 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-01 18:10 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-01 18:10 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-01 18:10 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-01 18:10 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-01 18:10 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-01 18:10 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-01 18:10 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-01 18:10 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-01 14:44 . 2012-04-01 14:44 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-04-01 14:43 . 2012-04-01 14:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 14:43 . 2012-04-02 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 09:09 . 2011-11-12 21:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 11:57 . 2012-01-15 11:10 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-10 11:57 . 2010-07-09 16:06 567696 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2007-03-13 29696]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-7-17 1085440]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-7-17 1085440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-7-17 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 21:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-glasklar Komplettpaket DVD1 - c:\windows\IsUn0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-06 16:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\12C5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-06 16:46:53
ComboFix-quarantined-files.txt 2012-04-06 14:46
.
Vor Suchlauf: 22 Verzeichnis(se), 91.735.547.904 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 91.658.944.512 Bytes frei
.
- - End Of File - - 5D1C078D179A1D1800F2F974B4802C86
|
|
06.04.2012, 16:53
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2012, 17:18
| #23 |
| | Computer mit TR/Ransom.EJ.3 infiziert GMER: Code:
ATTFilter Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000064 WDC_WD25 rev.01.0
Running: 4w0iiydb.exe; Driver: C:\Users\***\AppData\Local\Temp\kwtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT 8D3185EE ZwCreateSection
SSDT 8D3185F8 ZwRequestWaitReplyPort
SSDT 8D3185F3 ZwSetContextThread
SSDT 8D3185FD ZwSetSecurityObject
SSDT 8D318602 ZwSystemDebugControl
SSDT 8D31858F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820E3998 4 Bytes [EE, 85, 31, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 820E3CBC 4 Bytes [F8, 85, 31, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 820E3CF0 4 Bytes [F3, 85, 31, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820E3D54 4 Bytes [FD, 85, 31, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 820E3D9C 4 Bytes [02, 86, 31, 8D]
.text ...
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\00000078 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d01269
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0161a
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0x7A 0xA4 0xC6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d01269 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d0161a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0x7A 0xA4 0xC6 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:48:49 on 07.04.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\dsltestSp5.sys "HIDUASDesc" (KMWDFILTER) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\KMWDFILTER.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwtdrpow" (kwtdrpow) - ? - C:\Users\***\AppData\Local\Temp\kwtdrpow.sys (Hidden registry entry, rootkit activity | File not found) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\12C5.tmp (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "STK02H Camera" (DCamUSBSTK02H) - ? - C:\Windows\System32\DRIVERS\STK02HW2.sys (File not found) "Video Grabber" (TridVid) - "10moons Technologies Co.,Ltd" - C:\Windows\System32\DRIVERS\TridVid.sys "WINIO" (WINIO) - "hxxp://www.internals.com" - C:\Windows\system32\WinIo.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\propertyhdl.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Eigene Dateien\Brief\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.3.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "DSL-Manager.lnk" - "T-Systems Enterprise Services GmbH" - C:\Program Files\DSL-Manager\DslMgr.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "PowerManager" - ? - C:\Program Files\Power Manager\PM.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Program Files\DSL-Manager\DslMgrSvc.exe "FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-07 18:00:46
-----------------------------
18:00:46.939 OS Version: Windows 6.0.6002 Service Pack 2
18:00:46.939 Number of processors: 2 586 0x4802
18:00:46.939 ComputerName: ALLE-PC UserName:
18:00:49.311 Initialize success
18:01:01.276 AVAST engine defs: 12040700
18:01:05.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
18:01:05.254 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 6
18:01:05.269 Disk 0 MBR read successfully
18:01:05.285 Disk 0 MBR scan
18:01:05.363 Disk 0 Windows VISTA default MBR code
18:01:05.394 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
18:01:05.425 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151650 MB offset 24578048
18:01:05.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74823 MB offset 335157248
18:01:05.488 Disk 0 scanning sectors +488394752
18:01:05.675 Disk 0 scanning C:\Windows\system32\drivers
18:01:17.656 Service scanning
18:01:42.834 Modules scanning
18:01:48.013 Disk 0 trace - called modules:
18:01:48.045 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
18:01:48.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85717620]
18:01:48.060 3 CLASSPNP.SYS[8273b8b3] -> nt!IofCallDriver -> [0x8447b4f0]
18:01:48.060 5 acpi.sys[8260d6bc] -> nt!IofCallDriver -> \Device\00000065[0x8447a030]
18:01:49.402 AVAST engine scan C:\Windows
18:01:54.706 AVAST engine scan C:\Windows\system32
18:06:10.049 AVAST engine scan C:\Windows\system32\drivers
18:06:24.182 AVAST engine scan C:\Users\***
18:06:56.708 AVAST engine scan C:\ProgramData
18:07:29.187 Scan finished successfully
18:11:38.438 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\scan\MBR.dat"
18:11:38.438 The log file has been saved successfully to "C:\Users\***\Desktop\scan\aswMBR.txt"
|
|
07.04.2012, 18:30
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 16:29
| #25 |
| | Computer mit TR/Ransom.EJ.3 infiziert MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.08.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ALLE-PC [Administrator] 08.04.2012 12:35:05 mbam-log-2012-04-08 (12-35-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 417715 Laufzeit: 1 Stunde(n), 12 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/08/2012 at 04:50 PM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 02:19:12
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 665
Memory threats detected : 0
Registry items scanned : 36213
Registry threats detected : 0
File items scanned : 217996
File threats detected : 86
Adware.Tracking Cookie
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\5O10HVXA.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\AIBCALYO.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\MY1JCPXU.txt [ Cookie:***@eas.apm.emediate.eu/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\7UU21DND.txt [ Cookie:***@smartadserver.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\9YKZB31Z.txt [ Cookie:***@delivery.atkmedia.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\KN64WWH5.txt [ Cookie:***@www.etracker.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\LMGEMH59.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\70YVLQIK.txt [ Cookie:***@clickfuse.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\XWAU46CT.txt [ Cookie:***@de.sitestat.com/otto-de/ottode-testcl/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[1].txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt [ Cookie:***@apmebf.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\3N7UR4JO.txt [ Cookie:***@revsci.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\JAZ1D16N.txt [ Cookie:***@a.revenuemax.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\SOWN1E4W.txt [ Cookie:***@atdmt.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Z2R4V6S0.txt [ Cookie:***@tracking.mindshare.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\3809EQTX.txt [ Cookie:***@im.banner.t-online.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\***@specificclick[2].txt [ Cookie:***@specificclick.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\UR0OKU3V.txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\97OGLT1Y.txt [ Cookie:***@ww251.smartadserver.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\6Z6K9CCQ.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\PNDYTXUW.txt [ Cookie:***@advertising.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\UG8K2IZJ.txt [ Cookie:***@adtech.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\3YT4F19A.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\TGEIK70B.txt [ Cookie:***@serving-sys.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\8NGG1KRY.txt [ Cookie:***@tracking.mlsat02.de/tmobile/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\S648XKQ4.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1044648193/ ]
C:\USERS\***\Cookies\5O10HVXA.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\Cookies\AIBCALYO.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\MY1JCPXU.txt [ Cookie:***@eas.apm.emediate.eu/ ]
C:\USERS\***\Cookies\7UU21DND.txt [ Cookie:***@smartadserver.com/ ]
C:\USERS\***\Cookies\9YKZB31Z.txt [ Cookie:***@delivery.atkmedia.de/ ]
C:\USERS\***\Cookies\KN64WWH5.txt [ Cookie:***@www.etracker.de/ ]
C:\USERS\***\Cookies\LMGEMH59.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\Cookies\70YVLQIK.txt [ Cookie:***@clickfuse.com/ ]
C:\USERS\***\Cookies\XWAU46CT.txt [ Cookie:***@de.sitestat.com/otto-de/ottode-testcl/ ]
C:\USERS\***\Cookies\***@mediaplex[1].txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\Cookies\***@apmebf[1].txt [ Cookie:***@apmebf.com/ ]
C:\USERS\***\Cookies\3N7UR4JO.txt [ Cookie:***@revsci.net/ ]
C:\USERS\***\Cookies\JAZ1D16N.txt [ Cookie:***@a.revenuemax.de/ ]
C:\USERS\***\Cookies\SOWN1E4W.txt [ Cookie:***@atdmt.com/ ]
C:\USERS\***\Cookies\Z2R4V6S0.txt [ Cookie:***@tracking.mindshare.de/ ]
C:\USERS\***\Cookies\3809EQTX.txt [ Cookie:***@im.banner.t-online.de/ ]
C:\USERS\***\Cookies\***@specificclick[2].txt [ Cookie:***@specificclick.net/ ]
C:\USERS\***\Cookies\UR0OKU3V.txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\Cookies\97OGLT1Y.txt [ Cookie:***@ww251.smartadserver.com/ ]
C:\USERS\***\Cookies\6Z6K9CCQ.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\PNDYTXUW.txt [ Cookie:***@advertising.com/ ]
C:\USERS\***\Cookies\UG8K2IZJ.txt [ Cookie:***@adtech.de/ ]
C:\USERS\***\Cookies\3YT4F19A.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\TGEIK70B.txt [ Cookie:***@serving-sys.com/ ]
C:\USERS\***\Cookies\8NGG1KRY.txt [ Cookie:***@tracking.mlsat02.de/tmobile/ ]
C:\USERS\***\Cookies\S648XKQ4.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1044648193/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\KKGVPZFB.txt [ Cookie:***@revsci.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\G22PQDZ0.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\X8WSGDBG.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\5WV0MX4F.txt [ Cookie:***@im.banner.t-online.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\65PO2WZ0.txt [ Cookie:***@track.effiliation.com/servlet/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\0Q7Q3GWV.txt [ Cookie:***@xiti.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\PDXG85JH.txt [ Cookie:***@invitemedia.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\7XHD490J.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\6RY245GP.txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\083C0NAK.txt [ Cookie:***@track.effiliation.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\HY1WGTP8.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\XM30WDCK.txt [ Cookie:***@ww251.smartadserver.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\ELJPGJAG.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\WJCN866X.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\G4Z6U2PA.txt [ Cookie:***@webmasterplan.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\NJ8FVPJN.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\KKGVPZFB.txt [ Cookie:***@revsci.net/ ]
C:\USERS\***\Cookies\G22PQDZ0.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\Cookies\X8WSGDBG.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS\***\Cookies\5WV0MX4F.txt [ Cookie:***@im.banner.t-online.de/ ]
C:\USERS\***\Cookies\65PO2WZ0.txt [ Cookie:***@track.effiliation.com/servlet/ ]
C:\USERS\***\Cookies\0Q7Q3GWV.txt [ Cookie:***@xiti.com/ ]
C:\USERS\***\Cookies\PDXG85JH.txt [ Cookie:***@invitemedia.com/ ]
C:\USERS\***\Cookies\7XHD490J.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS\***\Cookies\6RY245GP.txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\Cookies\083C0NAK.txt [ Cookie:***@track.effiliation.com/ ]
C:\USERS\***\Cookies\HY1WGTP8.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\XM30WDCK.txt [ Cookie:***@ww251.smartadserver.com/ ]
C:\USERS\***\Cookies\ELJPGJAG.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\Cookies\WJCN866X.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\G4Z6U2PA.txt [ Cookie:***@webmasterplan.com/ ]
C:\USERS\***\Cookies\NJ8FVPJN.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]
C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\***@XITI[1].TXT [ /XITI ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALLE-PC$@XITI[1].TXT [ /XITI ]
|
|
08.04.2012, 17:10
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 17:20
| #27 |
| | Computer mit TR/Ransom.EJ.3 infiziert Ist alles wieder in Ordnung. VIELEN DANK! Was den Browser angeht: Es ist ja eigentlich der Computer meines Vaters, weshalb ich jetzt mal den IE benutzt habe. Aber: Ich habe ihn so eingestellt, dass bei jedem Beenden Cookies, Cache und weiteres gelöscht werden. Die Cookies stammen von den Konten meiner Eltern (ich werde mal mit ihnen reden müssen! ). Bei mir nutz ich Firefox und lasse nach jedem Beenden die Chronik löschen.Also: nochmals VIELEN DANK! |
|
08.04.2012, 17:56
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer mit TR/Ransom.EJ.3 infiziert Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer mit TR/Ransom.EJ.3 infiziert |
| 50 euro, acrobat update, adobe, antivir, avira, bka trojaner, bonjour, computer, conduit, converter, defender, desktop, deutschlandflagge, error, euro, explorer, flash player, fontcache, home, infiziert, pdf, plug-in, registry, required, scan, security, security update, software, svchost.exe, system, temp, tr/ransom.ej.3, usb, windows, zahlung, öffnet |
Linear-Darstellung
