| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schwarzer Desktop - Backdoor.Agent.RCGenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2012, 13:45
| #1 |
 |  Schwarzer Desktop - Backdoor.Agent.RCGen Hallo, wir sind hier leider mit einem wohl bekannten Virus befallen. Backdoor.Agent. Die Symptome sind Schwarzer Desktop, keine Icons auf dem Desktop und leergefegtes Startmenü. Sonstige Funktionen des PC's funktionieren rudimentär, auf die eigenen Daten kann aber nicht zugegriffen werden. Bitte um Hilfe bei der Entfernung. Ich habe die in anderen Beiträgen beschriebenen Scans schon durchgeführt. Beim ersten Schnellscan mit MalwareBytes wurde Backdoor.Agent.RCGen gefunden, diesen habe ich in die Quarantäne entfernt. Ein weitererer Voll-Scan erbrachte keine Ergebnisse mehr. Einen Scan mit OTL habe ich durchgeführt. Danach noch einen Scan mit Eset Die drei Scanlogs nun gepostet. Kann ich nun auch mit Unhide die Dateien und Icons wiederherstellen? Danke und Gruß ...habe nun mit einer Systemwiederherstellung auf einen früheren Zeitpunkt und der Hilfe von Unhide das System (anscheinend) wieder am Laufen. Kann ich davon ausgehen, dass ich den Virus loshabe, wenn ein malwarebyte scan nichts mehr meldet? Thanx for info! Gruß |
|
15.04.2012, 17:06
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schwarzer Desktop - Backdoor.Agent.RCGenZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
16.04.2012, 08:18
| #3 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen ah, code posten, wird gemacht!
__________________hmm, sorry, das erste Logfile habe ich leider nicht mehr, nur die folgenden, die keine Ergebnisse mehr angezeigt haben. In der Loghistorie von Malwarebytes kann ich leider auch nicht weiter zurückblicken. Ich habe noch nach der System-Rücksetzung auf einen früheren Zeitpunkt die kryptisch benannten Files am Ort der Desktop-Verknüpfung SMART-HDD und die Verknüpfung selbst gelöscht. Sind nun noch weitere Virus-Fragmente zu vermuten? Gruß |
|
16.04.2012, 19:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2012, 10:27
| #5 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen 1.) Der normale Modus geht uneingeschränkt 2.) Alle Einträge im Startmenü sind wieder vorhanden, unter "Eigene Dateien" und im Verzeichnisbaum ebenso. Gruß |
|
18.04.2012, 12:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Schwarzer Desktop - Backdoor.Agent.RCGen |
|
19.04.2012, 17:17
| #7 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen o.k. hier kommt das OT-Log: Code:
ATTFilter OTL logfile created on: 19.04.2012 18:07:19 - Run 2 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\XXX\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,24 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,14% Memory free 6,48 Gb Paging File | 5,35 Gb Available in Paging File | 82,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 245,32 Gb Free Space | 82,33% Space Free | Partition Type: NTFS Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.19 17:56:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2003.10.24 06:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2003.05.19 22:16:04 | 000,120,320 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.18 08:18:38 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.09 17:31:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.16 09:06:17 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA E9 8A 04 AB 97 CC 01 [binary data] IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 09:03:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 09:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.04.16 09:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lcqtfjpk.default\extensions [2012.04.16 09:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.16 09:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.04.16 09:03:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-523204056-1343013814-1425782334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286E6456-3757-41B7-ACEF-3C6EC4235FB3}: NameServer = 193.102.149.40,193.102.149.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.19 17:56:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.04.18 12:59:06 | 000,000,000 | R--D | C] -- C:\Users\XXX\Videos [2012.04.18 12:59:06 | 000,000,000 | R--D | C] -- C:\Users\XXX\Music [2012.04.16 09:03:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla [2012.04.16 09:03:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Mozilla [2012.04.16 09:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.04.13 17:42:10 | 000,000,000 | R--D | C] -- C:\Users\XXX\Saved Games [2012.04.13 17:30:00 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2012.04.13 17:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.13 17:29:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.13 13:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.04.13 12:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.13 12:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.13 09:37:43 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ElevatedDiagnostics [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.19 17:56:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.04.19 17:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.19 17:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.19 13:17:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.19 08:24:38 | 000,022,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.19 08:24:38 | 000,022,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.19 08:22:30 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.19 08:22:30 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.19 08:22:30 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.19 08:22:30 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.19 08:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.19 08:17:15 | 2609,569,792 | -HS- | M] () -- C:\hiberfil.sys [2012.04.16 09:18:51 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.04.16 09:03:52 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.04.13 07:41:32 | 000,521,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.16 09:03:52 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.04.16 09:03:52 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.04.11 07:30:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.11.14 11:53:10 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini [2011.11.04 18:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.11.04 18:24:53 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== LOP Check ========== [2012.04.17 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla [2009.07.14 06:53:46 | 000,031,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.13 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe [2011.11.04 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AdobeUM [2011.10.31 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira [2012.04.13 18:09:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Corel [2012.04.17 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla [2011.11.14 15:47:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google [2011.10.31 10:50:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities [2011.11.14 13:55:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia [2012.04.13 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2012.04.13 18:11:07 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft [2012.04.16 09:04:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
19.04.2012, 18:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012.04.16 09:03:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2012, 15:00
| #9 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen o.k. hier das Log vom Fix: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: XXX
->Temp folder emptied: 922721962 bytes
->Temporary Internet Files folder emptied: 136475756 bytes
->Java cache emptied: 3470480 bytes
->FireFox cache emptied: 49028555 bytes
->Flash cache emptied: 470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 309760 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97180094 bytes
RecycleBin emptied: 38393844 bytes
Total Files Cleaned = 1.190,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: XXX
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.40.0 log created on 04202012_155527
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
20.04.2012, 18:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2012, 09:18
| #11 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen Sorry, etwas Verzögerung wir sind mit anderem verschüttet worden. Ich hoffe das paßt soweit und die gefundenen Objekte gehören zu einem Druckertreiber ?!? Danke + Gruß Zipfel Unten nun das Log: Code:
ATTFilter 10:06:00.0180 3996 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
10:06:00.0726 3996 ============================================================
10:06:00.0726 3996 Current date / time: 2012/06/05 10:06:00.0726
10:06:00.0726 3996 SystemInfo:
10:06:00.0726 3996
10:06:00.0726 3996 OS Version: 6.1.7601 ServicePack: 1.0
10:06:00.0726 3996 Product type: Workstation
10:06:00.0726 3996 ComputerName: HOPFFT-PC
10:06:00.0726 3996 UserName: HopffT
10:06:00.0726 3996 Windows directory: C:\Windows
10:06:00.0726 3996 System windows directory: C:\Windows
10:06:00.0726 3996 Processor architecture: Intel x86
10:06:00.0726 3996 Number of processors: 2
10:06:00.0726 3996 Page size: 0x1000
10:06:00.0726 3996 Boot type: Normal boot
10:06:00.0726 3996 ============================================================
10:06:02.0879 3996 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:06:02.0895 3996 ============================================================
10:06:02.0895 3996 \Device\Harddisk0\DR0:
10:06:02.0910 3996 MBR partitions:
10:06:02.0910 3996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:06:02.0910 3996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
10:06:02.0910 3996 ============================================================
10:06:02.0973 3996 C: <-> \Device\Harddisk0\DR0\Partition1
10:06:02.0973 3996 ============================================================
10:06:02.0973 3996 Initialize success
10:06:02.0973 3996 ============================================================
10:06:11.0256 3488 ============================================================
10:06:11.0256 3488 Scan started
10:06:11.0256 3488 Mode: Manual; SigCheck; TDLFS;
10:06:11.0256 3488 ============================================================
10:06:12.0894 3488 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:06:13.0035 3488 1394ohci - ok
10:06:13.0050 3488 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:06:13.0066 3488 ACPI - ok
10:06:13.0082 3488 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:06:13.0144 3488 AcpiPmi - ok
10:06:13.0253 3488 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:06:13.0269 3488 AdobeARMservice - ok
10:06:13.0300 3488 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
10:06:13.0331 3488 adp94xx - ok
10:06:13.0347 3488 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
10:06:13.0362 3488 adpahci - ok
10:06:13.0378 3488 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
10:06:13.0394 3488 adpu320 - ok
10:06:13.0425 3488 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:06:13.0518 3488 AeLookupSvc - ok
10:06:13.0565 3488 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:06:13.0612 3488 AFD - ok
10:06:13.0628 3488 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:06:13.0643 3488 agp440 - ok
10:06:13.0674 3488 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
10:06:13.0674 3488 aic78xx - ok
10:06:13.0737 3488 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:06:13.0799 3488 ALG - ok
10:06:13.0815 3488 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:06:13.0830 3488 aliide - ok
10:06:13.0862 3488 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:06:13.0862 3488 amdagp - ok
10:06:13.0877 3488 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:06:13.0893 3488 amdide - ok
10:06:13.0908 3488 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
10:06:13.0924 3488 AmdK8 - ok
10:06:13.0940 3488 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
10:06:13.0971 3488 AmdPPM - ok
10:06:14.0033 3488 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:06:14.0049 3488 amdsata - ok
10:06:14.0064 3488 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
10:06:14.0096 3488 amdsbs - ok
10:06:14.0111 3488 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:06:14.0127 3488 amdxata - ok
10:06:14.0205 3488 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:06:14.0236 3488 AntiVirSchedulerService - ok
10:06:14.0252 3488 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:06:14.0267 3488 AntiVirService - ok
10:06:14.0298 3488 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:06:14.0361 3488 AppID - ok
10:06:14.0392 3488 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:06:14.0439 3488 AppIDSvc - ok
10:06:14.0454 3488 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:06:14.0486 3488 Appinfo - ok
10:06:14.0532 3488 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:06:14.0548 3488 AppMgmt - ok
10:06:14.0579 3488 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
10:06:14.0595 3488 arc - ok
10:06:14.0595 3488 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
10:06:14.0610 3488 arcsas - ok
10:06:14.0626 3488 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:06:14.0735 3488 AsyncMac - ok
10:06:14.0751 3488 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:06:14.0751 3488 atapi - ok
10:06:15.0749 3488 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:06:15.0827 3488 AudioEndpointBuilder - ok
10:06:15.0843 3488 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:06:15.0858 3488 Audiosrv - ok
10:06:15.0905 3488 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:06:16.0358 3488 avgntflt - ok
10:06:16.0389 3488 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:06:16.0404 3488 avipbb - ok
10:06:16.0420 3488 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:06:16.0420 3488 avkmgr - ok
10:06:16.0623 3488 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:06:16.0670 3488 AxInstSV - ok
10:06:16.0701 3488 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
10:06:16.0748 3488 b06bdrv - ok
10:06:16.0779 3488 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:06:16.0826 3488 b57nd60x - ok
10:06:16.0857 3488 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:06:16.0919 3488 BDESVC - ok
10:06:16.0935 3488 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:06:16.0966 3488 Beep - ok
10:06:16.0997 3488 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:06:17.0028 3488 BFE - ok
10:06:17.0075 3488 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:06:17.0106 3488 BITS - ok
10:06:17.0122 3488 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:06:17.0138 3488 blbdrive - ok
10:06:17.0169 3488 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:06:17.0216 3488 bowser - ok
10:06:17.0231 3488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
10:06:17.0247 3488 BrFiltLo - ok
10:06:17.0262 3488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
10:06:17.0309 3488 BrFiltUp - ok
10:06:17.0340 3488 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:06:17.0372 3488 Browser - ok
10:06:17.0387 3488 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:06:17.0418 3488 Brserid - ok
10:06:17.0434 3488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:06:17.0465 3488 BrSerWdm - ok
10:06:17.0496 3488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:06:17.0528 3488 BrUsbMdm - ok
10:06:17.0528 3488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:06:17.0559 3488 BrUsbSer - ok
10:06:17.0574 3488 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
10:06:17.0621 3488 BTHMODEM - ok
10:06:17.0652 3488 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:06:17.0684 3488 bthserv - ok
10:06:17.0699 3488 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:06:17.0730 3488 cdfs - ok
10:06:17.0762 3488 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:06:17.0793 3488 cdrom - ok
10:06:17.0840 3488 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:06:17.0886 3488 CertPropSvc - ok
10:06:17.0886 3488 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
10:06:17.0902 3488 circlass - ok
10:06:17.0933 3488 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:06:17.0949 3488 CLFS - ok
10:06:18.0042 3488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:06:18.0058 3488 clr_optimization_v2.0.50727_32 - ok
10:06:18.0105 3488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:06:18.0152 3488 clr_optimization_v4.0.30319_32 - ok
10:06:18.0167 3488 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
10:06:18.0198 3488 CmBatt - ok
10:06:18.0230 3488 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:06:18.0230 3488 cmdide - ok
10:06:18.0276 3488 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:06:18.0292 3488 CNG - ok
10:06:18.0323 3488 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
10:06:18.0339 3488 Compbatt - ok
10:06:18.0354 3488 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:06:18.0386 3488 CompositeBus - ok
10:06:18.0401 3488 COMSysApp - ok
10:06:18.0417 3488 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
10:06:18.0432 3488 crcdisk - ok
10:06:18.0464 3488 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
10:06:18.0479 3488 CryptSvc - ok
10:06:18.0510 3488 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:06:18.0557 3488 CSC - ok
10:06:18.0588 3488 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:06:18.0620 3488 CscService - ok
10:06:18.0651 3488 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:06:18.0682 3488 DcomLaunch - ok
10:06:18.0713 3488 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:06:18.0760 3488 defragsvc - ok
10:06:18.0885 3488 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:06:18.0947 3488 DfsC - ok
10:06:19.0010 3488 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:06:19.0072 3488 Dhcp - ok
10:06:19.0088 3488 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:06:19.0119 3488 discache - ok
10:06:19.0150 3488 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
10:06:19.0166 3488 Disk - ok
10:06:19.0181 3488 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
10:06:19.0212 3488 dmvsc - ok
10:06:19.0228 3488 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:06:19.0290 3488 Dnscache - ok
10:06:19.0306 3488 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:06:19.0353 3488 dot3svc - ok
10:06:19.0368 3488 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:06:19.0415 3488 DPS - ok
10:06:19.0462 3488 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:06:19.0493 3488 drmkaud - ok
10:06:19.0556 3488 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:06:19.0571 3488 DXGKrnl - ok
10:06:19.0587 3488 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:06:19.0618 3488 EapHost - ok
10:06:19.0727 3488 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
10:06:19.0852 3488 ebdrv - ok
10:06:19.0977 3488 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:06:20.0039 3488 EFS - ok
10:06:20.0086 3488 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:06:20.0117 3488 ehRecvr - ok
10:06:20.0133 3488 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:06:20.0164 3488 ehSched - ok
10:06:20.0242 3488 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
10:06:20.0289 3488 elxstor - ok
10:06:20.0304 3488 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:06:20.0336 3488 ErrDev - ok
10:06:20.0367 3488 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:06:20.0414 3488 EventSystem - ok
10:06:20.0445 3488 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:06:20.0460 3488 exfat - ok
10:06:20.0492 3488 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:06:20.0507 3488 fastfat - ok
10:06:20.0554 3488 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:06:20.0601 3488 Fax - ok
10:06:20.0616 3488 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
10:06:20.0648 3488 fdc - ok
10:06:20.0663 3488 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:06:20.0710 3488 fdPHost - ok
10:06:20.0726 3488 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:06:20.0757 3488 FDResPub - ok
10:06:20.0772 3488 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:06:20.0788 3488 FileInfo - ok
10:06:20.0804 3488 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:06:20.0835 3488 Filetrace - ok
10:06:20.0850 3488 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
10:06:20.0866 3488 flpydisk - ok
10:06:20.0897 3488 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:06:20.0913 3488 FltMgr - ok
10:06:20.0960 3488 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
10:06:21.0006 3488 FontCache - ok
10:06:21.0069 3488 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:06:21.0100 3488 FontCache3.0.0.0 - ok
10:06:21.0116 3488 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:06:21.0116 3488 FsDepends - ok
10:06:21.0147 3488 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:06:21.0162 3488 Fs_Rec - ok
10:06:21.0256 3488 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:06:21.0272 3488 fvevol - ok
10:06:21.0303 3488 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
10:06:21.0318 3488 gagp30kx - ok
10:06:21.0428 3488 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:06:21.0490 3488 gpsvc - ok
10:06:21.0630 3488 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:06:21.0630 3488 gupdate - ok
10:06:21.0646 3488 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:06:21.0646 3488 gupdatem - ok
10:06:21.0693 3488 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:06:21.0708 3488 gusvc - ok
10:06:21.0771 3488 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:06:21.0849 3488 hcw85cir - ok
10:06:21.0911 3488 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:06:21.0958 3488 HdAudAddService - ok
10:06:22.0067 3488 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:06:22.0083 3488 HDAudBus - ok
10:06:22.0130 3488 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
10:06:22.0145 3488 HidBatt - ok
10:06:22.0192 3488 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
10:06:22.0223 3488 HidBth - ok
10:06:22.0254 3488 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
10:06:22.0286 3488 HidIr - ok
10:06:22.0364 3488 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:06:22.0426 3488 hidserv - ok
10:06:22.0520 3488 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:06:22.0535 3488 HidUsb - ok
10:06:22.0582 3488 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:06:22.0613 3488 hkmsvc - ok
10:06:22.0722 3488 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:06:22.0800 3488 HomeGroupListener - ok
10:06:22.0878 3488 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:06:22.0988 3488 HomeGroupProvider - ok
10:06:23.0034 3488 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:06:23.0081 3488 HpSAMD - ok
10:06:23.0674 3488 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:06:23.0721 3488 HTTP - ok
10:06:23.0861 3488 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:06:23.0877 3488 hwpolicy - ok
10:06:23.0970 3488 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:06:24.0017 3488 i8042prt - ok
10:06:24.0251 3488 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:06:24.0282 3488 iaStorV - ok
10:06:24.0860 3488 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:06:24.0906 3488 idsvc - ok
10:06:32.0067 3488 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:06:32.0348 3488 igfx - ok
10:06:33.0611 3488 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
10:06:33.0642 3488 iirsp - ok
10:06:34.0688 3488 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:06:34.0797 3488 IKEEXT - ok
10:06:34.0922 3488 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:06:34.0953 3488 intelide - ok
10:06:35.0343 3488 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:06:35.0374 3488 intelppm - ok
10:06:35.0421 3488 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:06:35.0452 3488 IPBusEnum - ok
10:06:35.0561 3488 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:06:35.0639 3488 IpFilterDriver - ok
10:06:35.0951 3488 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:06:35.0998 3488 iphlpsvc - ok
10:06:36.0045 3488 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:06:36.0060 3488 IPMIDRV - ok
10:06:36.0107 3488 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:06:36.0154 3488 IPNAT - ok
10:06:36.0185 3488 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:06:36.0216 3488 IRENUM - ok
10:06:36.0263 3488 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:06:36.0279 3488 isapnp - ok
10:06:36.0653 3488 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:06:36.0700 3488 iScsiPrt - ok
10:06:36.0762 3488 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:06:36.0778 3488 kbdclass - ok
10:06:36.0840 3488 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:06:36.0887 3488 kbdhid - ok
10:06:36.0918 3488 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:06:36.0934 3488 KeyIso - ok
10:06:37.0028 3488 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:06:37.0043 3488 KSecDD - ok
10:06:37.0277 3488 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:06:37.0308 3488 KSecPkg - ok
10:06:37.0558 3488 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:06:37.0636 3488 KtmRm - ok
10:06:37.0745 3488 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:06:37.0823 3488 LanmanServer - ok
10:06:37.0964 3488 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:06:38.0010 3488 LanmanWorkstation - ok
10:06:38.0135 3488 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:06:38.0198 3488 lltdio - ok
10:06:38.0478 3488 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:06:38.0541 3488 lltdsvc - ok
10:06:38.0572 3488 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:06:38.0650 3488 lmhosts - ok
10:06:38.0728 3488 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
10:06:38.0759 3488 LSI_FC - ok
10:06:38.0837 3488 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
10:06:38.0853 3488 LSI_SAS - ok
10:06:38.0884 3488 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
10:06:38.0900 3488 LSI_SAS2 - ok
10:06:38.0915 3488 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
10:06:38.0931 3488 LSI_SCSI - ok
10:06:39.0024 3488 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:06:39.0102 3488 luafv - ok
10:06:39.0165 3488 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:06:39.0180 3488 MBAMProtector - ok
10:06:39.0820 3488 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:06:39.0851 3488 MBAMService - ok
10:06:39.0929 3488 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:06:39.0960 3488 Mcx2Svc - ok
10:06:39.0992 3488 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
10:06:40.0007 3488 megasas - ok
10:06:40.0163 3488 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
10:06:40.0194 3488 MegaSR - ok
10:06:40.0226 3488 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:06:40.0257 3488 MMCSS - ok
10:06:40.0335 3488 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:06:40.0397 3488 Modem - ok
10:06:40.0444 3488 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:06:40.0491 3488 monitor - ok
10:06:40.0600 3488 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:06:40.0631 3488 mouclass - ok
10:06:40.0694 3488 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:06:40.0740 3488 mouhid - ok
10:06:40.0803 3488 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:06:40.0818 3488 mountmgr - ok
10:06:40.0881 3488 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:06:40.0912 3488 mpio - ok
10:06:40.0928 3488 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:06:40.0959 3488 mpsdrv - ok
10:06:40.0990 3488 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:06:41.0037 3488 MpsSvc - ok
10:06:41.0068 3488 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:06:41.0084 3488 MRxDAV - ok
10:06:41.0115 3488 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:06:41.0146 3488 mrxsmb - ok
10:06:41.0177 3488 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:06:41.0208 3488 mrxsmb10 - ok
10:06:41.0240 3488 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:06:41.0255 3488 mrxsmb20 - ok
10:06:41.0286 3488 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:06:41.0302 3488 msahci - ok
10:06:41.0318 3488 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:06:41.0333 3488 msdsm - ok
10:06:41.0349 3488 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:06:41.0380 3488 MSDTC - ok
10:06:41.0411 3488 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:06:41.0427 3488 Msfs - ok
10:06:41.0458 3488 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:06:41.0489 3488 mshidkmdf - ok
10:06:41.0505 3488 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:06:41.0520 3488 msisadrv - ok
10:06:41.0552 3488 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:06:41.0583 3488 MSiSCSI - ok
10:06:41.0598 3488 msiserver - ok
10:06:41.0630 3488 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:06:41.0645 3488 MSKSSRV - ok
10:06:41.0708 3488 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:06:41.0786 3488 MSPCLOCK - ok
10:06:41.0832 3488 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:06:41.0910 3488 MSPQM - ok
10:06:42.0113 3488 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:06:42.0160 3488 MsRPC - ok
10:06:42.0191 3488 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:06:42.0207 3488 mssmbios - ok
10:06:42.0254 3488 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:06:42.0285 3488 MSTEE - ok
10:06:42.0347 3488 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
10:06:42.0410 3488 MTConfig - ok
10:06:42.0503 3488 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:06:42.0503 3488 Mup - ok
10:06:42.0800 3488 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:06:42.0862 3488 napagent - ok
10:06:42.0924 3488 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:06:42.0971 3488 NativeWifiP - ok
10:06:43.0143 3488 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:06:43.0174 3488 NDIS - ok
10:06:43.0221 3488 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:06:43.0268 3488 NdisCap - ok
10:06:43.0424 3488 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:06:43.0455 3488 NdisTapi - ok
10:06:43.0502 3488 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:06:43.0548 3488 Ndisuio - ok
10:06:43.0595 3488 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:06:43.0642 3488 NdisWan - ok
10:06:43.0658 3488 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:06:43.0689 3488 NDProxy - ok
10:06:43.0736 3488 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
10:06:43.0751 3488 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:06:43.0751 3488 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:06:43.0814 3488 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:06:43.0845 3488 NetBIOS - ok
10:06:43.0892 3488 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:06:43.0954 3488 NetBT - ok
10:06:43.0985 3488 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:06:43.0985 3488 Netlogon - ok
10:06:44.0063 3488 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:06:44.0079 3488 Netman - ok
10:06:44.0313 3488 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:06:44.0360 3488 netprofm - ok
10:06:44.0625 3488 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:06:44.0672 3488 NetTcpPortSharing - ok
10:06:44.0812 3488 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
10:06:44.0828 3488 nfrd960 - ok
10:06:45.0140 3488 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:06:45.0218 3488 NlaSvc - ok
10:06:45.0249 3488 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:06:45.0280 3488 Npfs - ok
10:06:45.0327 3488 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:06:45.0374 3488 nsi - ok
10:06:45.0405 3488 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:06:45.0436 3488 nsiproxy - ok
10:06:45.0483 3488 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:06:45.0530 3488 Ntfs - ok
10:06:45.0545 3488 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:06:45.0576 3488 Null - ok
10:06:45.0623 3488 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:06:45.0639 3488 nvraid - ok
10:06:45.0686 3488 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:06:45.0701 3488 nvstor - ok
10:06:45.0795 3488 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:06:45.0826 3488 nv_agp - ok
10:06:45.0998 3488 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:06:46.0013 3488 odserv - ok
10:06:46.0060 3488 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:06:46.0076 3488 ohci1394 - ok
10:06:46.0122 3488 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:06:46.0138 3488 ose - ok
10:06:46.0200 3488 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:06:46.0247 3488 p2pimsvc - ok
10:06:46.0856 3488 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:06:46.0887 3488 p2psvc - ok
10:06:46.0934 3488 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:06:46.0949 3488 Parport - ok
10:06:46.0980 3488 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:06:46.0980 3488 partmgr - ok
10:06:46.0996 3488 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:06:47.0012 3488 Parvdm - ok
10:06:47.0043 3488 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:06:47.0058 3488 PcaSvc - ok
10:06:47.0074 3488 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:06:47.0090 3488 pci - ok
10:06:47.0090 3488 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:06:47.0105 3488 pciide - ok
10:06:47.0121 3488 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
10:06:47.0136 3488 pcmcia - ok
10:06:47.0152 3488 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:06:47.0168 3488 pcw - ok
10:06:47.0246 3488 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:06:47.0308 3488 PEAUTH - ok
10:06:47.0355 3488 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:06:47.0402 3488 PeerDistSvc - ok
10:06:47.0480 3488 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:06:47.0558 3488 pla - ok
10:06:47.0698 3488 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:06:47.0760 3488 PlugPlay - ok
10:06:47.0776 3488 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
10:06:47.0807 3488 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:06:47.0807 3488 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:06:47.0838 3488 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:06:47.0870 3488 PNRPAutoReg - ok
10:06:47.0885 3488 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:06:47.0901 3488 PNRPsvc - ok
10:06:47.0932 3488 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:06:47.0979 3488 PolicyAgent - ok
10:06:48.0010 3488 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:06:48.0057 3488 Power - ok
10:06:48.0135 3488 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:06:48.0182 3488 PptpMiniport - ok
10:06:48.0213 3488 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
10:06:48.0244 3488 Processor - ok
10:06:48.0275 3488 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
10:06:48.0306 3488 ProfSvc - ok
10:06:48.0338 3488 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:06:48.0353 3488 ProtectedStorage - ok
10:06:48.0478 3488 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:06:48.0509 3488 Psched - ok
10:06:48.0946 3488 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
10:06:49.0008 3488 ql2300 - ok
10:06:49.0398 3488 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
10:06:49.0430 3488 ql40xx - ok
10:06:49.0570 3488 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:06:49.0617 3488 QWAVE - ok
10:06:49.0664 3488 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:06:53.0501 3488 QWAVEdrv - ok
10:06:53.0564 3488 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:06:53.0610 3488 RasAcd - ok
10:06:53.0938 3488 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:06:53.0985 3488 RasAgileVpn - ok
10:06:54.0172 3488 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:06:54.0234 3488 RasAuto - ok
10:06:54.0281 3488 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:06:54.0359 3488 Rasl2tp - ok
10:06:54.0734 3488 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:06:54.0858 3488 RasMan - ok
10:06:54.0968 3488 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:06:55.0030 3488 RasPppoe - ok
10:06:55.0732 3488 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:06:55.0904 3488 RasSstp - ok
10:06:56.0777 3488 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:06:56.0855 3488 rdbss - ok
10:06:56.0886 3488 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:06:56.0918 3488 rdpbus - ok
10:06:56.0918 3488 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:06:56.0949 3488 RDPCDD - ok
10:06:57.0027 3488 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:06:57.0183 3488 RDPDR - ok
10:06:57.0292 3488 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:06:57.0339 3488 RDPENCDD - ok
10:06:57.0401 3488 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:06:57.0432 3488 RDPREFMP - ok
10:06:57.0822 3488 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
10:06:57.0885 3488 RDPWD - ok
10:06:58.0134 3488 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:06:58.0166 3488 rdyboost - ok
10:06:58.0634 3488 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:06:58.0665 3488 RemoteAccess - ok
10:06:59.0148 3488 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:06:59.0195 3488 RemoteRegistry - ok
10:06:59.0429 3488 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:06:59.0523 3488 RpcEptMapper - ok
10:06:59.0679 3488 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:06:59.0741 3488 RpcLocator - ok
10:07:00.0771 3488 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:07:00.0833 3488 RpcSs - ok
10:07:00.0911 3488 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:07:00.0974 3488 rspndr - ok
10:07:00.0989 3488 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:07:01.0036 3488 s3cap - ok
10:07:01.0083 3488 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:07:01.0083 3488 SamSs - ok
10:07:01.0176 3488 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:07:01.0208 3488 sbp2port - ok
10:07:01.0317 3488 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:07:01.0379 3488 SCardSvr - ok
10:07:01.0395 3488 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:07:01.0457 3488 scfilter - ok
10:07:01.0956 3488 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:07:02.0019 3488 Schedule - ok
10:07:02.0066 3488 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:07:02.0097 3488 SCPolicySvc - ok
10:07:02.0159 3488 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:07:02.0222 3488 SDRSVC - ok
10:07:02.0253 3488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:07:02.0284 3488 secdrv - ok
10:07:02.0471 3488 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:07:02.0534 3488 seclogon - ok
10:07:02.0783 3488 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:07:02.0830 3488 SENS - ok
10:07:02.0877 3488 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:07:02.0924 3488 SensrSvc - ok
10:07:02.0955 3488 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:07:02.0986 3488 Serenum - ok
10:07:03.0002 3488 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:07:03.0033 3488 Serial - ok
10:07:03.0048 3488 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
10:07:03.0064 3488 sermouse - ok
10:07:03.0158 3488 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:07:03.0204 3488 SessionEnv - ok
10:07:03.0236 3488 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:07:03.0267 3488 sffdisk - ok
10:07:03.0267 3488 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:07:03.0282 3488 sffp_mmc - ok
10:07:03.0314 3488 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:07:03.0345 3488 sffp_sd - ok
10:07:03.0360 3488 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
10:07:03.0376 3488 sfloppy - ok
10:07:03.0516 3488 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:07:03.0579 3488 SharedAccess - ok
10:07:03.0719 3488 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:07:03.0782 3488 ShellHWDetection - ok
10:07:03.0813 3488 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:07:03.0813 3488 sisagp - ok
10:07:03.0875 3488 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
10:07:03.0891 3488 SiSRaid2 - ok
10:07:03.0969 3488 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
10:07:03.0969 3488 SiSRaid4 - ok
10:07:04.0125 3488 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:07:04.0218 3488 Smb - ok
10:07:04.0421 3488 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:07:04.0702 3488 SNMPTRAP - ok
10:07:04.0998 3488 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:07:05.0030 3488 spldr - ok
10:07:05.0170 3488 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:07:05.0201 3488 Spooler - ok
10:07:07.0338 3488 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:07:07.0666 3488 sppsvc - ok
10:07:08.0352 3488 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:07:08.0384 3488 sppuinotify - ok
10:07:08.0462 3488 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:07:08.0508 3488 srv - ok
10:07:08.0540 3488 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:07:08.0571 3488 srv2 - ok
10:07:08.0711 3488 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:07:08.0774 3488 srvnet - ok
10:07:08.0805 3488 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:07:08.0836 3488 SSDPSRV - ok
10:07:08.0883 3488 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:07:08.0898 3488 ssmdrv - ok
10:07:08.0961 3488 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:07:09.0023 3488 SstpSvc - ok
10:07:09.0086 3488 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
10:07:09.0117 3488 stexstor - ok
10:07:09.0195 3488 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:07:09.0242 3488 StiSvc - ok
10:07:09.0273 3488 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:07:09.0304 3488 storflt - ok
10:07:09.0320 3488 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:07:09.0335 3488 StorSvc - ok
10:07:09.0398 3488 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:07:09.0429 3488 storvsc - ok
10:07:09.0460 3488 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:07:09.0491 3488 swenum - ok
10:07:09.0522 3488 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:07:09.0585 3488 swprv - ok
10:07:09.0632 3488 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:07:09.0663 3488 SysMain - ok
10:07:09.0710 3488 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:07:09.0741 3488 TabletInputService - ok
10:07:09.0772 3488 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:07:09.0803 3488 TapiSrv - ok
10:07:09.0866 3488 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:07:09.0944 3488 TBS - ok
10:07:10.0178 3488 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:07:10.0209 3488 Tcpip - ok
10:07:10.0240 3488 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:07:10.0271 3488 TCPIP6 - ok
10:07:10.0349 3488 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:07:10.0412 3488 tcpipreg - ok
10:07:10.0490 3488 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:07:10.0505 3488 TDPIPE - ok
10:07:10.0536 3488 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:07:10.0552 3488 TDTCP - ok
10:07:10.0568 3488 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:07:10.0583 3488 tdx - ok
10:07:10.0646 3488 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
10:07:10.0661 3488 TermDD - ok
10:07:10.0708 3488 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:07:10.0739 3488 TermService - ok
10:07:10.0770 3488 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:07:10.0786 3488 Themes - ok
10:07:10.0817 3488 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:07:10.0848 3488 THREADORDER - ok
10:07:10.0864 3488 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:07:10.0911 3488 TrkWks - ok
10:07:11.0067 3488 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:07:11.0129 3488 TrustedInstaller - ok
10:07:11.0145 3488 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:07:11.0176 3488 tssecsrv - ok
10:07:11.0207 3488 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:07:11.0254 3488 TsUsbFlt - ok
10:07:11.0285 3488 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
10:07:11.0332 3488 TsUsbGD - ok
10:07:11.0348 3488 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:07:11.0379 3488 tunnel - ok
10:07:11.0457 3488 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
10:07:11.0488 3488 uagp35 - ok
10:07:11.0597 3488 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:07:11.0675 3488 udfs - ok
10:07:11.0722 3488 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:07:11.0753 3488 UI0Detect - ok
10:07:11.0784 3488 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:07:11.0800 3488 uliagpkx - ok
10:07:11.0831 3488 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:07:11.0847 3488 umbus - ok
10:07:11.0878 3488 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
10:07:11.0894 3488 UmPass - ok
10:07:11.0925 3488 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:07:11.0956 3488 UmRdpService - ok
10:07:11.0987 3488 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:07:12.0018 3488 upnphost - ok
10:07:12.0050 3488 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
10:07:12.0081 3488 usbccgp - ok
10:07:12.0096 3488 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:07:12.0112 3488 usbcir - ok
10:07:12.0112 3488 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:07:12.0143 3488 usbehci - ok
10:07:12.0174 3488 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:07:12.0190 3488 usbhub - ok
10:07:12.0206 3488 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:07:12.0221 3488 usbohci - ok
10:07:12.0221 3488 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
10:07:12.0252 3488 usbprint - ok
10:07:12.0533 3488 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:07:12.0627 3488 USBSTOR - ok
10:07:12.0783 3488 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:07:12.0814 3488 usbuhci - ok
10:07:12.0861 3488 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:07:12.0908 3488 UxSms - ok
10:07:12.0923 3488 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:07:12.0939 3488 VaultSvc - ok
10:07:12.0954 3488 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:07:12.0970 3488 vdrvroot - ok
10:07:13.0001 3488 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:07:13.0048 3488 vds - ok
10:07:13.0079 3488 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:07:13.0110 3488 vga - ok
10:07:13.0142 3488 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:07:13.0173 3488 VgaSave - ok
10:07:13.0204 3488 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:07:13.0220 3488 vhdmp - ok
10:07:13.0266 3488 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:07:13.0282 3488 viaagp - ok
10:07:13.0298 3488 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
10:07:13.0313 3488 ViaC7 - ok
10:07:13.0329 3488 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:07:13.0329 3488 viaide - ok
10:07:13.0360 3488 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:07:13.0376 3488 vmbus - ok
10:07:13.0391 3488 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:07:13.0422 3488 VMBusHID - ok
10:07:13.0438 3488 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:07:13.0454 3488 volmgr - ok
10:07:13.0469 3488 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:07:13.0485 3488 volmgrx - ok
10:07:13.0500 3488 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:07:13.0516 3488 volsnap - ok
10:07:13.0532 3488 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
10:07:13.0547 3488 vsmraid - ok
10:07:13.0610 3488 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:07:13.0656 3488 VSS - ok
10:07:13.0703 3488 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:07:13.0703 3488 vwifibus - ok
10:07:13.0734 3488 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:07:13.0766 3488 W32Time - ok
10:07:13.0828 3488 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
10:07:13.0859 3488 WacomPen - ok
10:07:13.0890 3488 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:07:13.0937 3488 WANARP - ok
10:07:13.0937 3488 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:07:13.0968 3488 Wanarpv6 - ok
10:07:14.0078 3488 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:07:14.0171 3488 WatAdminSvc - ok
10:07:14.0374 3488 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:07:14.0499 3488 wbengine - ok
10:07:14.0530 3488 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:07:14.0561 3488 WbioSrvc - ok
10:07:14.0608 3488 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:07:14.0624 3488 wcncsvc - ok
10:07:14.0639 3488 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:07:14.0670 3488 WcsPlugInService - ok
10:07:14.0748 3488 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
10:07:14.0764 3488 Wd - ok
10:07:14.0795 3488 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:07:14.0811 3488 Wdf01000 - ok
10:07:14.0826 3488 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:07:14.0889 3488 WdiServiceHost - ok
10:07:14.0889 3488 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:07:14.0920 3488 WdiSystemHost - ok
10:07:14.0951 3488 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:07:14.0982 3488 WebClient - ok
10:07:15.0029 3488 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:07:15.0060 3488 Wecsvc - ok
10:07:15.0076 3488 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:07:15.0092 3488 wercplsupport - ok
10:07:15.0138 3488 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:07:15.0170 3488 WerSvc - ok
10:07:15.0170 3488 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:07:15.0201 3488 WfpLwf - ok
10:07:15.0216 3488 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:07:15.0232 3488 WIMMount - ok
10:07:15.0684 3488 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:07:15.0747 3488 WinDefend - ok
10:07:15.0747 3488 WinHttpAutoProxySvc - ok
10:07:15.0903 3488 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:07:15.0950 3488 Winmgmt - ok
10:07:15.0996 3488 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:07:16.0090 3488 WinRM - ok
10:07:16.0277 3488 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:07:16.0371 3488 Wlansvc - ok
10:07:16.0558 3488 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:07:16.0589 3488 WmiAcpi - ok
10:07:16.0620 3488 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:07:16.0652 3488 wmiApSrv - ok
10:07:17.0369 3488 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:07:17.0447 3488 WMPNetworkSvc - ok
10:07:17.0463 3488 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:07:17.0510 3488 WPCSvc - ok
10:07:17.0525 3488 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:07:17.0556 3488 WPDBusEnum - ok
10:07:17.0634 3488 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:07:17.0681 3488 ws2ifsl - ok
10:07:17.0775 3488 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:07:17.0806 3488 wscsvc - ok
10:07:17.0806 3488 WSearch - ok
10:07:18.0524 3488 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:07:18.0570 3488 wuauserv - ok
10:07:19.0709 3488 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:07:19.0772 3488 WudfPf - ok
10:07:19.0819 3488 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:07:19.0881 3488 WUDFRd - ok
10:07:19.0912 3488 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:07:19.0943 3488 wudfsvc - ok
10:07:19.0959 3488 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:07:19.0990 3488 WwanSvc - ok
10:07:20.0068 3488 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
10:07:20.0084 3488 yukonw7 - ok
10:07:20.0099 3488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:07:20.0770 3488 \Device\Harddisk0\DR0 - ok
10:07:20.0801 3488 Boot (0x1200) (8e5d348e96038241f6423634850775ad) \Device\Harddisk0\DR0\Partition0
10:07:20.0817 3488 \Device\Harddisk0\DR0\Partition0 - ok
10:07:20.0833 3488 Boot (0x1200) (95442a69f4f0576f7ad19f7c6c7239df) \Device\Harddisk0\DR0\Partition1
10:07:20.0848 3488 \Device\Harddisk0\DR0\Partition1 - ok
10:07:20.0848 3488 ============================================================
10:07:20.0848 3488 Scan finished
10:07:20.0848 3488 ============================================================
10:07:20.0879 4060 Detected object count: 2
10:07:20.0879 4060 Actual detected object count: 2
10:07:38.0414 4060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:07:38.0414 4060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:07:38.0429 4060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:07:38.0429 4060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.06.2012, 10:38
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2012, 13:23
| #13 |
| | Schwarzer Desktop - Backdoor.Agent.RCGen Hallo die eifrigen Helfer! ComboFix ist gemacht, unten nun das Log: Gruß Zipfel Code:
ATTFilter ComboFix 12-06-05.01 - HopffT 05.06.2012 13:14:05.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3318.2613 [GMT 2:00]
ausgeführt von:: c:\users\HopffT\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-05 bis 2012-06-05 ))))))))))))))))))))))))))))))
.
.
2012-06-05 11:17 . 2012-06-05 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 08:36 . 2012-06-05 08:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{974C714A-C7B3-4A04-9058-8094A4B7C9F7}\offreg.dll
2012-06-05 08:06 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{974C714A-C7B3-4A04-9058-8094A4B7C9F7}\mpengine.dll
2012-05-10 05:56 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 05:56 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 05:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 05:56 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 05:56 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 05:56 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 05:56 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 05:56 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 05:56 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 05:56 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 05:49 . 2012-04-11 05:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 05:49 . 2011-11-14 11:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 05:55 . 2011-10-31 10:57 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 05:55 . 2011-10-31 10:57 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-04 13:56 . 2012-04-13 15:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 04:32 . 2012-04-16 07:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 88630069
*Deregistered* - 88630069
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 11:54]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 11:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{286E6456-3757-41B7-ACEF-3C6EC4235FB3}: NameServer = 193.102.149.40,193.102.149.1
FF - ProfilePath - c:\users\HopffT\AppData\Roaming\Mozilla\Firefox\Profiles\lcqtfjpk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-05 13:19:50
ComboFix-quarantined-files.txt 2012-06-05 11:19
.
Vor Suchlauf: 10 Verzeichnis(se), 264.625.524.736 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 264.381.378.560 Bytes frei
.
- - End Of File - - CE4D172DB2D0658F86CB799F812882E4
|
|
05.06.2012, 15:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop - Backdoor.Agent.RCGen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Schwarzer Desktop - Backdoor.Agent.RCGen |
| andere, anderen, backdoor.agent.rcgen, beiträge, bekannte, dateien, daten, desktop, ergebnisse, eset, funktionen, funktionieren, gefunde, icons, malwarebytes, quarantäne, scans, schwarzer, schwarzer desktop, sonstige, unhide, virus, wiederherstellen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
