|
Log-Analyse und Auswertung: Avira findet Trojaner der nicht existiert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.05.2012, 12:30 | #1 |
| Avira findet Trojaner der nicht existiert? Ich wunder mich gerade über mein Avira. Seit etwa einer Woche findet es immerzu diese zwei Viren im gleichen Ordner (C:\WINDOWS\assembly), kann aber die Quelldatei nicht finden und ich auch nicht (hab alle Ordner sichtbar gemacht, versteckte und geschützte, habs sogar mit der Konsole probiert, diese Desktop.ini's sind wirklich nicht da!). Ich frage mich jetzt ob ich mir Sorgen machen soll oder nicht? Sonst heißt es immerzu das es nichts weiteres gibt. Nur diese 2 unfindbare Dateien und der Rechner läuft im Grunde einwandfrei ohne irgendwelche Probleme. Muss ich mir jetzt Gedanken machen oder ist das vielleicht ein Fehler von Avira selbst? Hier einmal das Logfile von Avira wenn ich nur diesen Ordner scanne: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 26. Mai 2012 12:49 Es wird nach 3750486 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : John Computername : JOHN-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 16:29:27 AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 16:29:27 LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 16:29:28 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 16:29:28 AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 16:28:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:48:04 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:10:00 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 16:59:13 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 16:28:40 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 16:28:41 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 16:28:41 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 16:28:41 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 16:28:41 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 16:28:41 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 16:28:41 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 16:28:41 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 16:28:42 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 16:28:55 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 16:29:47 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 16:41:06 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 16:40:20 VBASE018.VDF : 7.11.30.208 2048 Bytes 23.05.2012 16:40:20 VBASE019.VDF : 7.11.30.209 2048 Bytes 23.05.2012 16:40:20 VBASE020.VDF : 7.11.30.210 2048 Bytes 23.05.2012 16:40:20 VBASE021.VDF : 7.11.30.211 2048 Bytes 23.05.2012 16:40:20 VBASE022.VDF : 7.11.30.212 2048 Bytes 23.05.2012 16:40:20 VBASE023.VDF : 7.11.30.213 2048 Bytes 23.05.2012 16:40:20 VBASE024.VDF : 7.11.30.214 2048 Bytes 23.05.2012 16:40:21 VBASE025.VDF : 7.11.30.215 2048 Bytes 23.05.2012 16:40:21 VBASE026.VDF : 7.11.30.216 2048 Bytes 23.05.2012 16:40:21 VBASE027.VDF : 7.11.30.217 2048 Bytes 23.05.2012 16:40:21 VBASE028.VDF : 7.11.30.218 2048 Bytes 23.05.2012 16:40:21 VBASE029.VDF : 7.11.30.219 2048 Bytes 23.05.2012 16:40:21 VBASE030.VDF : 7.11.30.220 2048 Bytes 23.05.2012 16:40:21 VBASE031.VDF : 7.11.31.32 118272 Bytes 26.05.2012 10:40:31 Engineversion : 8.2.10.68 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:10:45 AESCRIPT.DLL : 8.1.4.19 455034 Bytes 11.05.2012 16:28:47 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 18:14:02 AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 15:57:58 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.13 807287 Bytes 11.05.2012 16:28:46 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27.04.2012 14:27:59 AEHEUR.DLL : 8.1.4.28 4800886 Bytes 17.05.2012 16:30:56 AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 16:28:43 AEGEN.DLL : 8.1.5.28 422260 Bytes 27.04.2012 14:26:56 AEEXP.DLL : 8.1.0.40 82292 Bytes 17.05.2012 16:31:28 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 15:54:32 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 16:29:27 AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 16:29:27 AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 16:29:28 AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 16:29:27 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 16:29:27 SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 16:29:28 AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 16:29:27 NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 16:29:28 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 16:29:27 RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 16:29:27 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\John\AppData\Local\Temp\ba0e5872.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: löschen Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: aus Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Samstag, 26. Mai 2012 12:49 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\assembly' C:\Windows\assembly\GAC_32\Desktop.ini [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden. [WARNUNG] Die Quelldatei konnte nicht gefunden werden. [HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden. [WARNUNG] Systemfehler [0]: Der Vorgang wurde erfolgreich beendet. [WARNUNG] Die Datei wurde ignoriert. C:\Windows\assembly\GAC_64\Desktop.ini [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden. [WARNUNG] Die Quelldatei konnte nicht gefunden werden. [HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden. [WARNUNG] Systemfehler [0]: Der Vorgang wurde erfolgreich beendet. [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Samstag, 26. Mai 2012 12:54 Benötigte Zeit: 04:41 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 3218 Verzeichnisse wurden überprüft 2146 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2144 Dateien ohne Befall 0 Archive wurden durchsucht 2 Warnungen 2 Hinweise Siehe Kommandozeile: Code:
ATTFilter Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\John>if exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA JA C:\Users\John>if NOT exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA C:\Users\John>attrib -r -s -h "C:\Windows\assembly\GAC_64\Desktop.ini" Zugriff verweigert - C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\John>del /S /F /Q "C:\Windows\assembly\GAC_64\Desktop.ini" C:\Windows\assembly\GAC_64\Desktop.ini konnte nicht gefunden werden C:\Users\John> Problem gelöst dank einem Freund der sich bei sowas gut auskennt. Danke trotzdem Thread kann geschlossen werden - Cheers |
27.05.2012, 11:25 | #2 | |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Hallo jojo95,
__________________Zitat:
__________________ |
27.05.2012, 11:31 | #3 |
| Avira findet Trojaner der nicht existiert? Jedenfalls gab es bei einer Vollständigen Systemprüfung mit Avira und Malwarebytes keine Funde mehr. Diese Dateien gibt es jetzt auch nach der Konsole nicht mehr und werden auch nicht mehr von Avira gefunden. Soll ich Logfiles mit HijackThis oder anderen Programmen machen? Wenn du sagst es ist ein Rootkit soll ich mir GMER holen oder was soll ich deiner Meinung nach zur Sicherheit nochmal machen?
__________________ |
27.05.2012, 11:34 | #4 |
/// Malwareteam | Avira findet Trojaner der nicht existiert?Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: DDS Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.05.2012, 11:43 | #5 |
| Avira findet Trojaner der nicht existiert? DDS.txt [CODE].DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by John at 12:37:22 on 2012-05-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4094.2329 [GMT 2:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\Dwm.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\3DataManager\WTGService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe D:\John\worker\worker.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://www.msn.com uInternet Settings,ProxyServer = 127.0.0.1:8118 uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; BHO: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [AUTOWorker] "D:\John\worker\worker.exe" /auto mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: An OneNote s&enden - C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC} : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC}\75C414E413 : DhcpNameServer = 192.168.100.251 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL BHO-X64: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {326E768D-4182-46FD-9C16-1449A49795F4} {53707962-6F74-2D53-2644-206D7942484F} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [AUTOWorker] "D:\John\worker\worker.exe" /auto mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\ FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\John\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-23 913752] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-16 86224] R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-16 110032] R2 AntiVirWebService;Avira Browser Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-10-16 465360] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-13 821592] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 654408] R2 WTGService;WTGService;C:\Program Files (x86)\3DataManager\WTGService.exe [2011-8-4 333264] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-5-14 21384] R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-5-14 33184] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-5-14 21872] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 e2eVAWdm;e2eSoft VAudio;C:\Windows\system32\DRIVERS\VAud_WDM.sys --> C:\Windows\system32\DRIVERS\VAud_WDM.sys [?] S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-16 155344] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-27 10:36:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll 2012-05-26 20:04:06 43 ----a-w- C:\analyse.bat 2012-05-26 19:42:34 -------- d-----w- C:\Windows\NitroX 2012-05-26 12:22:35 -------- d-sh--w- C:\$RECYCLE.BIN 2012-05-26 12:05:30 98816 ----a-w- C:\Windows\sed.exe 2012-05-26 12:05:30 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-26 12:05:30 256000 ----a-w- C:\Windows\PEV.exe 2012-05-26 12:05:30 208896 ----a-w- C:\Windows\MBR.exe 2012-05-26 12:00:00 61440 ----a-w- C:\Windows\SysWow64\drivers\ukmzyzk.sys 2012-05-26 11:48:12 61440 ----a-w- C:\Windows\SysWow64\drivers\aaxblh.sys 2012-05-25 15:34:32 -------- d-----w- C:\Users\John\AppData\Local\MooExt 2012-05-25 14:15:43 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-05-25 11:44:53 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll 2012-05-22 14:33:45 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-05-20 17:37:23 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-18 16:41:07 -------- d-----w- C:\Users\John\.yawcam 2012-05-11 18:31:34 -------- d-----w- C:\Users\John\AppData\Local\SplitMediaLabs 2012-05-10 18:54:04 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-05-10 16:33:20 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 16:33:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-10 16:33:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-10 16:33:13 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-10 16:33:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-10 16:33:12 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-10 16:32:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 16:32:11 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 16:32:04 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-10 16:32:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 16:32:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-10 16:32:03 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-10 16:32:03 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-02 17:05:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-02 17:05:37 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 17:05:37 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-09 16:29:28 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2012-05-05 17:04:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 17:04:17 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 17:04:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 14:29:35 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-21 12:30:58 525544 ----a-w- C:\Windows\System32\deployJava1.dll 2012-03-13 17:51:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-13 17:51:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-13 17:51:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-13 17:50:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-13 17:50:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-13 17:50:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-13 17:50:52 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 12:38:55,63 =============== attach.txt Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 29.03.2011 22:10:00 System Uptime: 27.05.2012 11:41:07 (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K52Dr Processor: AMD Phenom(tm) II P920 Quad-Core Processor | CPU 1 | 1600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 71,678 GiB free. D: is FIXED (NTFS) - 428 GiB total, 180,384 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: sptd Device ID: ROOT\LEGACY_SPTD\0000 Manufacturer: Name: sptd PNP Device ID: ROOT\LEGACY_SPTD\0000 Service: sptd . ==== System Restore Points =================== . RP233: 22.05.2012 16:32:52 - Windows Update RP234: 23.05.2012 17:34:35 - Configured Microsoft Office Professional Plus 2010 RP235: 26.05.2012 14:05:35 - ComboFix created restore point RP236: 26.05.2012 21:33:52 - NitroX Cleaner Backup RP237: 26.05.2012 21:51:44 - NitroX Cleaner Backup . ==== Installed Programs ====================== . 3DataManager Acoustica MP3 Audio Mixer Adobe After Effects CS5.5 Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Community Help Adobe Default Language CS3 Adobe Device Central CS3 Adobe Download Assistant Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Media Live Encoder 3.2 Adobe Help Viewer CS3 Adobe Media Player Adobe PDF Library Files Adobe Photoshop CS5 Adobe Reader X (10.1.3) - Deutsch Adobe Setup Adobe Shockwave Player 11.6 Adobe Story Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Advanced SystemCare 5 Akamai NetSession Interface Akamai NetSession Interface Service Amnesia - The Dark Descent Apple Application Support Apple Software Update Ask Toolbar µTorrent Audacity 1.3.13 (Unicode) Avira Free Antivirus Battlecraft 1942 Battlefield 1942 Battlefield 1942 Multiplayer Demo Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome Battlefield Mod Development Toolkit 2.0 Beta Bot's Factory 2.3 MP Brother MFL-Pro Suite DCP-165C Call of Duty Call of Duty - United Offensive Camtasia Studio 7 Command & Conquer™ Alarmstufe Rot 3 Der Aufstand Compatibility Pack für 2007 Office System Crysis(R) Crysis® 2 D3DX10 DAEMON Tools Lite Dead Space™ Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX-Setup Download Updater (AOL LLC) ESN Sonar Facebook Messenger 2.1.4520.0 Facebook Video Calling 1.2.0.159 FileZilla Client 3.5.3 Fraps Free PDF to Word Doc Converter v1.1 GeoGebra GPL Ghostscript 9.01 Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2565057) Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) HyperCam 2 IObit Malware Fighter Java Auto Updater Java(TM) 6 Update 22 Java(TM) 6 Update 26 JMicron Ethernet Adapter NDIS Driver JMicron Flash Media Controller Driver LAME v3.98.3 for Audacity Macromedia Dreamweaver 8 Macromedia Extension Manager MAGIX Screenshare MAGIX Speed burnR (MSI) Malwarebytes Anti-Malware Version 1.61.0.1400 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Speech Recognition Engine 4.0 (English) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft SQL Server System CLR Types Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual Basic 2010 Express - DEU Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual C++ 2010 Express - DEU Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 12.0 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird (3.1.9) MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) NVIDIA PhysX OJOsoft Total Video Converter OpenOffice.org 3.3 PDF Settings CS5 PHPTriad Module: Phorum Polipo 1.0.4.1 PunkBuster für Battlefield 1942 PunkBuster Services PxMergeModule QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Click to Call Skype™ 5.9 Smart Defrag 2 SmartSound Common Data SmartSound Quicktracks 5 Sony Ericsson PC Companion 2.02.002 SplitCam Spybot - Search & Destroy TeamViewer 7 Tor 0.2.1.30 Trillian UPC Konfigurator Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Vidalia 0.2.10 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU VLC media player 2.0.1 Windows 7 Codec Pack 3.3.0 Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Encoder 9 Series Windows Movie Maker 2.6 WinFlash XSplit Yahoo! Messenger . ==== End Of File =========================== |
27.05.2012, 11:45 | #6 |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Ckscan Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________ --> Avira findet Trojaner der nicht existiert? |
27.05.2012, 11:49 | #7 |
| Avira findet Trojaner der nicht existiert? CKFiles.txt (habe ich was falsch gemacht??) Code:
ATTFilter CKScanner - Additional Security Risks - These are not necessarily bad scanner sequence 3.RP.11.PMNAXT ----- EOF ----- |
27.05.2012, 11:52 | #8 |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.05.2012, 12:12 | #9 |
| Avira findet Trojaner der nicht existiert? TDSS-Killer: Code:
ATTFilter 13:07:30.0622 2432 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 13:07:30.0991 2432 ============================================================ 13:07:30.0991 2432 Current date / time: 2012/05/27 13:07:30.0991 13:07:30.0991 2432 SystemInfo: 13:07:30.0991 2432 13:07:30.0991 2432 OS Version: 6.1.7601 ServicePack: 1.0 13:07:30.0991 2432 Product type: Workstation 13:07:30.0991 2432 ComputerName: JOHN-PC 13:07:30.0991 2432 UserName: John 13:07:30.0991 2432 Windows directory: C:\Windows 13:07:30.0991 2432 System windows directory: C:\Windows 13:07:30.0991 2432 Running under WOW64 13:07:30.0991 2432 Processor architecture: Intel x64 13:07:30.0991 2432 Number of processors: 4 13:07:30.0991 2432 Page size: 0x1000 13:07:30.0991 2432 Boot type: Normal boot 13:07:30.0991 2432 ============================================================ 13:07:33.0459 2432 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:07:33.0470 2432 ============================================================ 13:07:33.0471 2432 \Device\Harddisk0\DR0: 13:07:33.0471 2432 MBR partitions: 13:07:33.0471 2432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08 13:07:33.0486 2432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800 13:07:33.0486 2432 ============================================================ 13:07:33.0556 2432 C: <-> \Device\Harddisk0\DR0\Partition0 13:07:33.0597 2432 D: <-> \Device\Harddisk0\DR0\Partition1 13:07:33.0597 2432 ============================================================ 13:07:33.0597 2432 Initialize success 13:07:33.0597 2432 ============================================================ 13:07:48.0396 3596 ============================================================ 13:07:48.0396 3596 Scan started 13:07:48.0396 3596 Mode: Manual; TDLFS; 13:07:48.0396 3596 ============================================================ 13:07:49.0559 3596 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:07:49.0565 3596 1394ohci - ok 13:07:49.0611 3596 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:07:49.0615 3596 ACPI - ok 13:07:49.0635 3596 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:07:49.0636 3596 AcpiPmi - ok 13:07:49.0801 3596 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:07:49.0810 3596 AdobeARMservice - ok 13:07:49.0995 3596 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:07:49.0997 3596 AdobeFlashPlayerUpdateSvc - ok 13:07:50.0062 3596 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:07:50.0076 3596 adp94xx - ok 13:07:50.0132 3596 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:07:50.0143 3596 adpahci - ok 13:07:50.0180 3596 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:07:50.0188 3596 adpu320 - ok 13:07:50.0396 3596 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe 13:07:50.0423 3596 AdvancedSystemCareService5 - ok 13:07:50.0466 3596 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 13:07:50.0467 3596 AeLookupSvc - ok 13:07:50.0533 3596 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 13:07:50.0538 3596 AFD - ok 13:07:50.0571 3596 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:07:50.0573 3596 agp440 - ok 13:07:50.0920 3596 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll 13:07:50.0920 3596 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 13:07:50.0928 3596 Akamai ( HiddenFile.Multi.Generic ) - warning 13:07:50.0928 3596 Akamai - detected HiddenFile.Multi.Generic (1) 13:07:51.0060 3596 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 13:07:51.0061 3596 ALG - ok 13:07:51.0126 3596 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:07:51.0127 3596 aliide - ok 13:07:51.0178 3596 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe 13:07:51.0180 3596 AMD External Events Utility - ok 13:07:51.0247 3596 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:07:51.0268 3596 amdide - ok 13:07:51.0306 3596 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:07:51.0307 3596 AmdK8 - ok 13:07:51.0847 3596 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 13:07:51.0971 3596 amdkmdag - ok 13:07:52.0159 3596 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 13:07:52.0169 3596 amdkmdap - ok 13:07:52.0225 3596 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:07:52.0226 3596 AmdPPM - ok 13:07:52.0257 3596 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:07:52.0259 3596 amdsata - ok 13:07:52.0294 3596 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:07:52.0303 3596 amdsbs - ok 13:07:52.0315 3596 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:07:52.0317 3596 amdxata - ok 13:07:52.0444 3596 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 13:07:52.0455 3596 AntiVirSchedulerService - ok 13:07:52.0488 3596 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 13:07:52.0501 3596 AntiVirService - ok 13:07:52.0575 3596 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 13:07:52.0604 3596 AntiVirWebService - ok 13:07:52.0632 3596 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:07:52.0634 3596 AppID - ok 13:07:52.0701 3596 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 13:07:52.0703 3596 AppIDSvc - ok 13:07:52.0742 3596 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 13:07:52.0743 3596 Appinfo - ok 13:07:52.0802 3596 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:07:52.0803 3596 arc - ok 13:07:52.0822 3596 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:07:52.0823 3596 arcsas - ok 13:07:52.0946 3596 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:07:52.0954 3596 aspnet_state - ok 13:07:52.0974 3596 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:07:52.0976 3596 AsyncMac - ok 13:07:53.0009 3596 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:07:53.0010 3596 atapi - ok 13:07:53.0272 3596 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys 13:07:53.0335 3596 athr - ok 13:07:53.0505 3596 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys 13:07:53.0507 3596 AtiHDAudioService - ok 13:07:53.0550 3596 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 13:07:53.0551 3596 AtiHdmiService - ok 13:07:53.0632 3596 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:07:53.0639 3596 AudioEndpointBuilder - ok 13:07:53.0648 3596 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:07:53.0654 3596 AudioSrv - ok 13:07:53.0698 3596 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 13:07:53.0699 3596 avgntflt - ok 13:07:53.0747 3596 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 13:07:53.0748 3596 avipbb - ok 13:07:53.0772 3596 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 13:07:53.0773 3596 avkmgr - ok 13:07:53.0813 3596 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 13:07:53.0815 3596 AxInstSV - ok 13:07:53.0902 3596 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:07:53.0916 3596 b06bdrv - ok 13:07:53.0965 3596 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:07:53.0980 3596 b57nd60a - ok 13:07:54.0015 3596 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 13:07:54.0017 3596 BDESVC - ok 13:07:54.0035 3596 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:07:54.0036 3596 Beep - ok 13:07:54.0163 3596 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 13:07:54.0171 3596 BFE - ok 13:07:54.0265 3596 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 13:07:54.0277 3596 BITS - ok 13:07:54.0448 3596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:07:54.0449 3596 blbdrive - ok 13:07:54.0511 3596 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 13:07:54.0531 3596 Bonjour Service - ok 13:07:54.0565 3596 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:07:54.0566 3596 bowser - ok 13:07:54.0585 3596 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:07:54.0587 3596 BrFiltLo - ok 13:07:54.0605 3596 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:07:54.0607 3596 BrFiltUp - ok 13:07:54.0651 3596 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 13:07:54.0653 3596 BridgeMP - ok 13:07:54.0695 3596 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 13:07:54.0697 3596 Browser - ok 13:07:54.0733 3596 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:07:54.0746 3596 Brserid - ok 13:07:54.0762 3596 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:07:54.0764 3596 BrSerWdm - ok 13:07:54.0782 3596 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:07:54.0784 3596 BrUsbMdm - ok 13:07:54.0789 3596 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:07:54.0790 3596 BrUsbSer - ok 13:07:54.0808 3596 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:07:54.0810 3596 BTHMODEM - ok 13:07:54.0850 3596 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 13:07:54.0851 3596 bthserv - ok 13:07:54.0864 3596 catchme - ok 13:07:54.0904 3596 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:07:54.0906 3596 cdfs - ok 13:07:54.0948 3596 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 13:07:54.0950 3596 cdrom - ok 13:07:54.0984 3596 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:07:54.0986 3596 CertPropSvc - ok 13:07:55.0012 3596 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:07:55.0013 3596 circlass - ok 13:07:55.0073 3596 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:07:55.0077 3596 CLFS - ok 13:07:55.0199 3596 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:07:55.0209 3596 clr_optimization_v2.0.50727_32 - ok 13:07:55.0283 3596 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:07:55.0292 3596 clr_optimization_v2.0.50727_64 - ok 13:07:55.0368 3596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:07:55.0379 3596 clr_optimization_v4.0.30319_32 - ok 13:07:55.0471 3596 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:07:55.0482 3596 clr_optimization_v4.0.30319_64 - ok 13:07:55.0556 3596 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:07:55.0557 3596 CmBatt - ok 13:07:55.0576 3596 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:07:55.0578 3596 cmdide - ok 13:07:55.0643 3596 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:07:55.0656 3596 CNG - ok 13:07:55.0691 3596 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:07:55.0692 3596 Compbatt - ok 13:07:55.0726 3596 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:07:55.0727 3596 CompositeBus - ok 13:07:55.0731 3596 COMSysApp - ok 13:07:55.0745 3596 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:07:55.0747 3596 crcdisk - ok 13:07:55.0787 3596 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 13:07:55.0789 3596 CryptSvc - ok 13:07:55.0865 3596 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:07:55.0873 3596 DcomLaunch - ok 13:07:55.0931 3596 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 13:07:55.0945 3596 defragsvc - ok 13:07:55.0977 3596 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:07:55.0979 3596 DfsC - ok 13:07:56.0014 3596 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 13:07:56.0028 3596 Dhcp - ok 13:07:56.0057 3596 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:07:56.0058 3596 discache - ok 13:07:56.0079 3596 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:07:56.0080 3596 Disk - ok 13:07:56.0132 3596 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 13:07:56.0140 3596 Dnscache - ok 13:07:56.0190 3596 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 13:07:56.0206 3596 dot3svc - ok 13:07:56.0268 3596 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 13:07:56.0278 3596 DPS - ok 13:07:56.0331 3596 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:07:56.0334 3596 drmkaud - ok 13:07:56.0386 3596 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 13:07:56.0401 3596 dtsoftbus01 - ok 13:07:56.0525 3596 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:07:56.0545 3596 DXGKrnl - ok 13:07:56.0585 3596 e2eVAWdm (fec2c525df6838f3589529b549ab0a8e) C:\Windows\system32\DRIVERS\VAud_WDM.sys 13:07:56.0587 3596 e2eVAWdm - ok 13:07:56.0627 3596 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 13:07:56.0630 3596 EapHost - ok 13:07:56.0880 3596 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:07:56.0947 3596 ebdrv - ok 13:07:57.0080 3596 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 13:07:57.0082 3596 EFS - ok 13:07:57.0198 3596 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 13:07:57.0233 3596 ehRecvr - ok 13:07:57.0277 3596 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 13:07:57.0287 3596 ehSched - ok 13:07:57.0401 3596 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:07:57.0410 3596 elxstor - ok 13:07:57.0437 3596 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:07:57.0438 3596 ErrDev - ok 13:07:57.0526 3596 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 13:07:57.0531 3596 EventSystem - ok 13:07:57.0558 3596 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:07:57.0566 3596 exfat - ok 13:07:57.0594 3596 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:07:57.0602 3596 fastfat - ok 13:07:57.0694 3596 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 13:07:57.0714 3596 Fax - ok 13:07:57.0749 3596 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:07:57.0750 3596 fdc - ok 13:07:57.0771 3596 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 13:07:57.0773 3596 fdPHost - ok 13:07:57.0788 3596 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 13:07:57.0790 3596 FDResPub - ok 13:07:57.0814 3596 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:07:57.0816 3596 FileInfo - ok 13:07:58.0073 3596 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys 13:07:58.0079 3596 FileMonitor - ok 13:07:58.0098 3596 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:07:58.0099 3596 Filetrace - ok 13:07:58.0217 3596 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:07:58.0237 3596 FLEXnet Licensing Service - ok 13:07:58.0285 3596 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:07:58.0286 3596 flpydisk - ok 13:07:58.0338 3596 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:07:58.0350 3596 FltMgr - ok 13:07:58.0462 3596 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 13:07:58.0477 3596 FontCache - ok 13:07:58.0605 3596 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:07:58.0613 3596 FontCache3.0.0.0 - ok 13:07:58.0660 3596 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:07:58.0661 3596 FsDepends - ok 13:07:58.0682 3596 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 13:07:58.0682 3596 Fs_Rec - ok 13:07:58.0730 3596 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:07:58.0733 3596 fvevol - ok 13:07:58.0750 3596 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:07:58.0751 3596 gagp30kx - ok 13:07:58.0844 3596 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 13:07:58.0864 3596 gpsvc - ok 13:07:58.0898 3596 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 13:07:58.0899 3596 hamachi - ok 13:07:58.0939 3596 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:07:58.0940 3596 hcw85cir - ok 13:07:58.0999 3596 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 13:07:59.0034 3596 HdAudAddService - ok 13:07:59.0081 3596 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:07:59.0083 3596 HDAudBus - ok 13:07:59.0088 3596 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:07:59.0090 3596 HidBatt - ok 13:07:59.0101 3596 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:07:59.0102 3596 HidBth - ok 13:07:59.0126 3596 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:07:59.0128 3596 HidIr - ok 13:07:59.0156 3596 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 13:07:59.0158 3596 hidserv - ok 13:07:59.0195 3596 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 13:07:59.0196 3596 HidUsb - ok 13:07:59.0274 3596 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 13:07:59.0277 3596 hkmsvc - ok 13:07:59.0331 3596 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 13:07:59.0370 3596 HomeGroupListener - ok 13:07:59.0431 3596 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 13:07:59.0439 3596 HomeGroupProvider - ok 13:07:59.0472 3596 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:07:59.0474 3596 HpSAMD - ok 13:07:59.0553 3596 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:07:59.0562 3596 HTTP - ok 13:07:59.0581 3596 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:07:59.0582 3596 hwpolicy - ok 13:07:59.0615 3596 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:07:59.0617 3596 i8042prt - ok 13:07:59.0674 3596 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:07:59.0692 3596 iaStorV - ok 13:07:59.0930 3596 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:07:59.0969 3596 idsvc - ok 13:08:00.0006 3596 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:08:00.0007 3596 iirsp - ok 13:08:00.0094 3596 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 13:08:00.0116 3596 IKEEXT - ok 13:08:00.0305 3596 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe 13:08:00.0328 3596 IMFservice - ok 13:08:00.0689 3596 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys 13:08:00.0777 3596 IntcAzAudAddService - ok 13:08:00.0914 3596 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:08:00.0915 3596 intelide - ok 13:08:00.0953 3596 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:08:00.0955 3596 intelppm - ok 13:08:01.0008 3596 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 13:08:01.0010 3596 IPBusEnum - ok 13:08:01.0044 3596 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:08:01.0045 3596 IpFilterDriver - ok 13:08:01.0151 3596 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 13:08:01.0194 3596 iphlpsvc - ok 13:08:01.0234 3596 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:08:01.0235 3596 IPMIDRV - ok 13:08:01.0273 3596 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:08:01.0285 3596 IPNAT - ok 13:08:01.0326 3596 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:08:01.0327 3596 IRENUM - ok 13:08:01.0371 3596 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:08:01.0372 3596 isapnp - ok 13:08:01.0426 3596 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:08:01.0440 3596 iScsiPrt - ok 13:08:01.0514 3596 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys 13:08:01.0516 3596 JMCR - ok 13:08:01.0557 3596 JME (8adaafcd2b8c259debf6c8dfd9727889) C:\Windows\system32\DRIVERS\JME.sys 13:08:01.0559 3596 JME - ok 13:08:01.0611 3596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:08:01.0612 3596 kbdclass - ok 13:08:01.0646 3596 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:08:01.0647 3596 kbdhid - ok 13:08:01.0679 3596 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:08:01.0681 3596 KeyIso - ok 13:08:01.0702 3596 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:08:01.0704 3596 KSecDD - ok 13:08:01.0729 3596 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:08:01.0739 3596 KSecPkg - ok 13:08:01.0766 3596 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:08:01.0767 3596 ksthunk - ok 13:08:01.0827 3596 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 13:08:01.0833 3596 KtmRm - ok 13:08:01.0895 3596 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 13:08:01.0911 3596 LanmanServer - ok 13:08:01.0958 3596 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 13:08:01.0962 3596 LanmanWorkstation - ok 13:08:01.0990 3596 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:08:01.0992 3596 lltdio - ok 13:08:02.0054 3596 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 13:08:02.0068 3596 lltdsvc - ok 13:08:02.0084 3596 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 13:08:02.0086 3596 lmhosts - ok 13:08:02.0109 3596 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:08:02.0111 3596 LSI_FC - ok 13:08:02.0140 3596 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:08:02.0141 3596 LSI_SAS - ok 13:08:02.0150 3596 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:08:02.0152 3596 LSI_SAS2 - ok 13:08:02.0165 3596 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:08:02.0167 3596 LSI_SCSI - ok 13:08:02.0192 3596 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:08:02.0194 3596 luafv - ok 13:08:02.0222 3596 massfilter (1b4dbcaa0321bbb76255983148051f09) C:\Windows\system32\drivers\massfilter.sys 13:08:02.0223 3596 massfilter - ok 13:08:02.0270 3596 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 13:08:02.0271 3596 MBAMProtector - ok 13:08:02.0419 3596 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:08:02.0448 3596 MBAMService - ok 13:08:02.0499 3596 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 13:08:02.0502 3596 Mcx2Svc - ok 13:08:02.0607 3596 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 13:08:02.0621 3596 MDM - ok 13:08:02.0658 3596 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:08:02.0660 3596 megasas - ok 13:08:02.0685 3596 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:08:02.0689 3596 MegaSR - ok 13:08:02.0742 3596 Microsoft SharePoint Workspace Audit Service - ok 13:08:02.0776 3596 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:08:02.0778 3596 MMCSS - ok 13:08:02.0797 3596 mmfo - ok 13:08:02.0833 3596 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:08:02.0834 3596 Modem - ok 13:08:02.0855 3596 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:08:02.0856 3596 monitor - ok 13:08:02.0943 3596 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 13:08:02.0944 3596 mouclass - ok 13:08:02.0975 3596 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:08:02.0976 3596 mouhid - ok 13:08:03.0008 3596 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:08:03.0010 3596 mountmgr - ok 13:08:03.0078 3596 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:08:03.0090 3596 MozillaMaintenance - ok 13:08:03.0132 3596 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:08:03.0142 3596 mpio - ok 13:08:03.0176 3596 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:08:03.0179 3596 mpsdrv - ok 13:08:03.0334 3596 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 13:08:03.0387 3596 MpsSvc - ok 13:08:03.0431 3596 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:08:03.0433 3596 MRxDAV - ok 13:08:03.0484 3596 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:08:03.0493 3596 mrxsmb - ok 13:08:03.0538 3596 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:08:03.0550 3596 mrxsmb10 - ok 13:08:03.0579 3596 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:08:03.0581 3596 mrxsmb20 - ok 13:08:03.0611 3596 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:08:03.0613 3596 msahci - ok 13:08:03.0658 3596 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:08:03.0660 3596 msdsm - ok 13:08:03.0737 3596 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 13:08:03.0740 3596 MSDTC - ok 13:08:03.0783 3596 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:08:03.0784 3596 Msfs - ok 13:08:03.0804 3596 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:08:03.0805 3596 mshidkmdf - ok 13:08:03.0832 3596 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:08:03.0833 3596 msisadrv - ok 13:08:03.0876 3596 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 13:08:03.0886 3596 MSiSCSI - ok 13:08:03.0890 3596 msiserver - ok 13:08:03.0905 3596 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:08:03.0906 3596 MSKSSRV - ok 13:08:03.0911 3596 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:08:03.0912 3596 MSPCLOCK - ok 13:08:03.0917 3596 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:08:03.0918 3596 MSPQM - ok 13:08:03.0983 3596 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:08:03.0992 3596 MsRPC - ok 13:08:04.0020 3596 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:08:04.0022 3596 mssmbios - ok 13:08:04.0059 3596 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:08:04.0060 3596 MSTEE - ok 13:08:04.0065 3596 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:08:04.0067 3596 MTConfig - ok 13:08:04.0107 3596 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys 13:08:04.0108 3596 MTsensor - ok 13:08:04.0132 3596 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:08:04.0134 3596 Mup - ok 13:08:04.0241 3596 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 13:08:04.0251 3596 napagent - ok 13:08:04.0305 3596 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:08:04.0317 3596 NativeWifiP - ok 13:08:04.0417 3596 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:08:04.0428 3596 NDIS - ok 13:08:04.0458 3596 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:08:04.0460 3596 NdisCap - ok 13:08:04.0470 3596 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:08:04.0471 3596 NdisTapi - ok 13:08:04.0494 3596 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:08:04.0495 3596 Ndisuio - ok 13:08:04.0529 3596 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:08:04.0538 3596 NdisWan - ok 13:08:04.0565 3596 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:08:04.0566 3596 NDProxy - ok 13:08:04.0587 3596 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:08:04.0588 3596 NetBIOS - ok 13:08:04.0657 3596 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:08:04.0661 3596 NetBT - ok 13:08:04.0690 3596 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:08:04.0692 3596 Netlogon - ok 13:08:04.0746 3596 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 13:08:04.0752 3596 Netman - ok 13:08:04.0862 3596 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:08:04.0875 3596 NetMsmqActivator - ok 13:08:04.0879 3596 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:08:04.0881 3596 NetPipeActivator - ok 13:08:04.0956 3596 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 13:08:04.0970 3596 netprofm - ok 13:08:04.0987 3596 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:08:04.0989 3596 NetTcpActivator - ok 13:08:04.0994 3596 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:08:04.0995 3596 NetTcpPortSharing - ok 13:08:05.0044 3596 nfccu - ok 13:08:05.0088 3596 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:08:05.0089 3596 nfrd960 - ok 13:08:05.0162 3596 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 13:08:05.0198 3596 NlaSvc - ok 13:08:05.0282 3596 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:08:05.0284 3596 Npfs - ok 13:08:05.0321 3596 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 13:08:05.0324 3596 nsi - ok 13:08:05.0357 3596 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:08:05.0357 3596 nsiproxy - ok 13:08:05.0555 3596 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:08:05.0598 3596 Ntfs - ok 13:08:05.0767 3596 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:08:05.0769 3596 Null - ok 13:08:05.0812 3596 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:08:05.0814 3596 nvraid - ok 13:08:05.0862 3596 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:08:05.0871 3596 nvstor - ok 13:08:05.0935 3596 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:08:05.0937 3596 nv_agp - ok 13:08:05.0973 3596 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:08:05.0974 3596 ohci1394 - ok 13:08:06.0076 3596 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:08:06.0086 3596 ose - ok 13:08:06.0565 3596 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:08:06.0831 3596 osppsvc - ok 13:08:06.0982 3596 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:08:06.0994 3596 p2pimsvc - ok 13:08:07.0042 3596 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 13:08:07.0056 3596 p2psvc - ok 13:08:07.0148 3596 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:08:07.0150 3596 Parport - ok 13:08:07.0183 3596 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 13:08:07.0184 3596 partmgr - ok 13:08:07.0223 3596 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 13:08:07.0227 3596 PcaSvc - ok 13:08:07.0275 3596 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:08:07.0277 3596 pci - ok 13:08:07.0318 3596 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:08:07.0319 3596 pciide - ok 13:08:07.0390 3596 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:08:07.0429 3596 pcmcia - ok 13:08:07.0467 3596 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:08:07.0469 3596 pcw - ok 13:08:07.0534 3596 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:08:07.0580 3596 PEAUTH - ok 13:08:07.0758 3596 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 13:08:07.0765 3596 PerfHost - ok 13:08:08.0019 3596 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 13:08:08.0049 3596 pla - ok 13:08:08.0123 3596 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 13:08:08.0140 3596 PlugPlay - ok 13:08:08.0145 3596 PnkBstrA - ok 13:08:08.0182 3596 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 13:08:08.0185 3596 PNRPAutoReg - ok 13:08:08.0228 3596 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:08:08.0232 3596 PNRPsvc - ok 13:08:08.0301 3596 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 13:08:08.0324 3596 PolicyAgent - ok 13:08:08.0372 3596 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 13:08:08.0381 3596 Power - ok 13:08:08.0460 3596 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:08:08.0462 3596 PptpMiniport - ok 13:08:08.0492 3596 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:08:08.0493 3596 Processor - ok 13:08:08.0546 3596 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 13:08:08.0553 3596 ProfSvc - ok 13:08:08.0580 3596 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:08:08.0582 3596 ProtectedStorage - ok 13:08:08.0612 3596 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:08:08.0613 3596 Psched - ok 13:08:08.0638 3596 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 13:08:08.0640 3596 PxHlpa64 - ok 13:08:08.0775 3596 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:08:08.0813 3596 ql2300 - ok 13:08:09.0074 3596 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:08:09.0076 3596 ql40xx - ok 13:08:09.0133 3596 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 13:08:09.0173 3596 QWAVE - ok 13:08:09.0221 3596 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:08:09.0222 3596 QWAVEdrv - ok 13:08:09.0244 3596 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:08:09.0246 3596 RasAcd - ok 13:08:09.0284 3596 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:08:09.0285 3596 RasAgileVpn - ok 13:08:09.0315 3596 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 13:08:09.0319 3596 RasAuto - ok 13:08:09.0358 3596 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:08:09.0360 3596 Rasl2tp - ok 13:08:09.0405 3596 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 13:08:09.0416 3596 RasMan - ok 13:08:09.0467 3596 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:08:09.0469 3596 RasPppoe - ok 13:08:09.0505 3596 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:08:09.0507 3596 RasSstp - ok 13:08:09.0556 3596 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:08:09.0567 3596 rdbss - ok 13:08:09.0579 3596 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:08:09.0581 3596 rdpbus - ok 13:08:09.0594 3596 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:08:09.0596 3596 RDPCDD - ok 13:08:09.0618 3596 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:08:09.0619 3596 RDPENCDD - ok 13:08:09.0632 3596 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:08:09.0634 3596 RDPREFMP - ok 13:08:09.0683 3596 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 13:08:09.0686 3596 RDPWD - ok 13:08:09.0740 3596 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:08:09.0745 3596 rdyboost - ok 13:08:09.0897 3596 RegFilter (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 13:08:09.0898 3596 RegFilter - ok 13:08:09.0967 3596 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 13:08:09.0970 3596 RemoteAccess - ok 13:08:10.0011 3596 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 13:08:10.0015 3596 RemoteRegistry - ok 13:08:10.0042 3596 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 13:08:10.0045 3596 RpcEptMapper - ok 13:08:10.0076 3596 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 13:08:10.0078 3596 RpcLocator - ok 13:08:10.0151 3596 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:08:10.0157 3596 RpcSs - ok 13:08:10.0196 3596 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:08:10.0197 3596 rspndr - ok 13:08:10.0224 3596 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:08:10.0226 3596 SamSs - ok 13:08:10.0267 3596 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:08:10.0269 3596 sbp2port - ok 13:08:10.0321 3596 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 13:08:10.0328 3596 SCardSvr - ok 13:08:10.0370 3596 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:08:10.0372 3596 scfilter - ok 13:08:10.0494 3596 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 13:08:10.0507 3596 Schedule - ok 13:08:10.0529 3596 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:08:10.0530 3596 SCPolicySvc - ok 13:08:10.0567 3596 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 13:08:10.0569 3596 sdbus - ok 13:08:10.0610 3596 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 13:08:10.0620 3596 SDRSVC - ok 13:08:10.0671 3596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:08:10.0672 3596 secdrv - ok 13:08:10.0721 3596 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 13:08:10.0724 3596 seclogon - ok 13:08:10.0763 3596 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 13:08:10.0766 3596 SENS - ok 13:08:10.0790 3596 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 13:08:10.0793 3596 SensrSvc - ok 13:08:10.0812 3596 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:08:10.0814 3596 Serenum - ok 13:08:10.0851 3596 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:08:10.0853 3596 Serial - ok 13:08:10.0880 3596 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:08:10.0881 3596 sermouse - ok 13:08:10.0918 3596 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 13:08:10.0922 3596 SessionEnv - ok 13:08:10.0962 3596 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:08:10.0963 3596 sffdisk - ok 13:08:10.0996 3596 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:08:10.0997 3596 sffp_mmc - ok 13:08:11.0008 3596 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:08:11.0010 3596 sffp_sd - ok 13:08:11.0040 3596 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:08:11.0041 3596 sfloppy - ok 13:08:11.0147 3596 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 13:08:11.0188 3596 SharedAccess - ok 13:08:11.0284 3596 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 13:08:11.0289 3596 ShellHWDetection - ok 13:08:11.0325 3596 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:08:11.0326 3596 SiSRaid2 - ok 13:08:11.0346 3596 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:08:11.0348 3596 SiSRaid4 - ok 13:08:11.0448 3596 SkypeUpdate (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe 13:08:11.0521 3596 SkypeUpdate - ok 13:08:11.0588 3596 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys 13:08:11.0590 3596 SmartDefragDriver - ok 13:08:11.0628 3596 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:08:11.0630 3596 Smb - ok 13:08:11.0674 3596 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 13:08:11.0677 3596 SNMPTRAP - ok 13:08:11.0839 3596 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys 13:08:11.0877 3596 SNP2UVC - ok 13:08:12.0002 3596 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 13:08:12.0025 3596 Sony Ericsson PCCompanion - ok 13:08:12.0182 3596 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:08:12.0183 3596 spldr - ok 13:08:12.0269 3596 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 13:08:12.0277 3596 Spooler - ok 13:08:12.0558 3596 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 13:08:12.0637 3596 sppsvc - ok 13:08:12.0769 3596 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 13:08:12.0772 3596 sppuinotify - ok 13:08:12.0788 3596 sptd - ok 13:08:12.0869 3596 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:08:12.0881 3596 srv - ok 13:08:12.0935 3596 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:08:12.0940 3596 srv2 - ok 13:08:12.0965 3596 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:08:12.0974 3596 srvnet - ok 13:08:13.0033 3596 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 13:08:13.0038 3596 SSDPSRV - ok 13:08:13.0062 3596 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 13:08:13.0066 3596 SstpSvc - ok 13:08:13.0088 3596 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:08:13.0088 3596 stexstor - ok 13:08:13.0169 3596 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 13:08:13.0195 3596 stisvc - ok 13:08:13.0222 3596 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:08:13.0223 3596 swenum - ok 13:08:13.0382 3596 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 13:08:13.0401 3596 SwitchBoard - ok 13:08:13.0498 3596 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 13:08:13.0507 3596 swprv - ok 13:08:13.0678 3596 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 13:08:13.0711 3596 SysMain - ok 13:08:13.0842 3596 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 13:08:13.0845 3596 TabletInputService - ok 13:08:13.0921 3596 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 13:08:13.0926 3596 TapiSrv - ok 13:08:13.0969 3596 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 13:08:13.0972 3596 TBS - ok 13:08:14.0211 3596 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 13:08:14.0248 3596 Tcpip - ok 13:08:14.0530 3596 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 13:08:14.0545 3596 TCPIP6 - ok 13:08:14.0662 3596 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:08:14.0664 3596 tcpipreg - ok 13:08:14.0704 3596 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:08:14.0705 3596 TDPIPE - ok 13:08:14.0744 3596 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 13:08:14.0745 3596 TDTCP - ok 13:08:14.0781 3596 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:08:14.0783 3596 tdx - ok 13:08:14.0817 3596 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys 13:08:14.0818 3596 teamviewervpn - ok 13:08:14.0869 3596 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:08:14.0870 3596 TermDD - ok 13:08:14.0958 3596 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 13:08:14.0967 3596 TermService - ok 13:08:15.0003 3596 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 13:08:15.0006 3596 Themes - ok 13:08:15.0042 3596 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:08:15.0045 3596 THREADORDER - ok 13:08:15.0069 3596 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 13:08:15.0072 3596 TrkWks - ok 13:08:15.0143 3596 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 13:08:15.0158 3596 TrustedInstaller - ok 13:08:15.0233 3596 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:08:15.0235 3596 tssecsrv - ok 13:08:15.0256 3596 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:08:15.0258 3596 TsUsbFlt - ok 13:08:15.0302 3596 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:08:15.0304 3596 tunnel - ok 13:08:15.0344 3596 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:08:15.0345 3596 uagp35 - ok 13:08:15.0387 3596 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:08:15.0396 3596 udfs - ok 13:08:15.0445 3596 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 13:08:15.0448 3596 UI0Detect - ok 13:08:15.0486 3596 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:08:15.0488 3596 uliagpkx - ok 13:08:15.0504 3596 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:08:15.0506 3596 umbus - ok 13:08:15.0536 3596 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:08:15.0538 3596 UmPass - ok 13:08:15.0584 3596 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 13:08:15.0593 3596 upnphost - ok 13:08:15.0706 3596 UrlFilter (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 13:08:15.0707 3596 UrlFilter - ok 13:08:15.0745 3596 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:08:15.0746 3596 usbccgp - ok 13:08:15.0802 3596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:08:15.0804 3596 usbcir - ok 13:08:15.0832 3596 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 13:08:15.0833 3596 usbehci - ok 13:08:15.0896 3596 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:08:15.0906 3596 usbhub - ok 13:08:15.0935 3596 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 13:08:15.0936 3596 usbohci - ok 13:08:15.0969 3596 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:08:15.0970 3596 usbprint - ok 13:08:15.0997 3596 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 13:08:15.0998 3596 usbscan - ok 13:08:16.0021 3596 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:08:16.0022 3596 USBSTOR - ok 13:08:16.0054 3596 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 13:08:16.0056 3596 usbuhci - ok 13:08:16.0100 3596 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 13:08:16.0103 3596 usbvideo - ok 13:08:16.0137 3596 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 13:08:16.0141 3596 UxSms - ok 13:08:16.0282 3596 VASDeviceDrm (27542d7e24442eb79e459771ce256045) C:\Windows\system32\drivers\vasdDev.sys 13:08:16.0323 3596 VASDeviceDrm - ok 13:08:16.0446 3596 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:08:16.0447 3596 VaultSvc - ok 13:08:16.0517 3596 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:08:16.0519 3596 vdrvroot - ok 13:08:16.0603 3596 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 13:08:16.0622 3596 vds - ok 13:08:16.0685 3596 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:08:16.0686 3596 vga - ok 13:08:16.0703 3596 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:08:16.0704 3596 VgaSave - ok 13:08:16.0751 3596 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:08:16.0757 3596 vhdmp - ok 13:08:16.0791 3596 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:08:16.0813 3596 viaide - ok 13:08:16.0837 3596 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:08:16.0838 3596 volmgr - ok 13:08:16.0894 3596 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:08:16.0898 3596 volmgrx - ok 13:08:16.0937 3596 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:08:16.0949 3596 volsnap - ok 13:08:16.0991 3596 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:08:16.0993 3596 vsmraid - ok 13:08:17.0134 3596 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 13:08:17.0210 3596 VSS - ok 13:08:17.0392 3596 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:08:17.0393 3596 vwifibus - ok 13:08:17.0420 3596 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:08:17.0422 3596 vwififlt - ok 13:08:17.0438 3596 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 13:08:17.0440 3596 vwifimp - ok 13:08:17.0503 3596 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:08:17.0521 3596 W32Time - ok 13:08:17.0538 3596 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:08:17.0539 3596 WacomPen - ok 13:08:17.0569 3596 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:08:17.0571 3596 WANARP - ok 13:08:17.0575 3596 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:08:17.0576 3596 Wanarpv6 - ok 13:08:17.0713 3596 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 13:08:17.0797 3596 WatAdminSvc - ok 13:08:17.0957 3596 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 13:08:17.0994 3596 wbengine - ok 13:08:18.0122 3596 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:08:18.0127 3596 WbioSrvc - ok 13:08:18.0183 3596 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 13:08:18.0191 3596 wcncsvc - ok 13:08:18.0211 3596 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 13:08:18.0214 3596 WcsPlugInService - ok 13:08:18.0287 3596 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:08:18.0288 3596 Wd - ok 13:08:18.0351 3596 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:08:18.0375 3596 Wdf01000 - ok 13:08:18.0413 3596 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:08:18.0417 3596 WdiServiceHost - ok 13:08:18.0421 3596 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:08:18.0424 3596 WdiSystemHost - ok 13:08:18.0480 3596 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 13:08:18.0495 3596 WebClient - ok 13:08:18.0550 3596 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:08:18.0567 3596 Wecsvc - ok 13:08:18.0595 3596 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:08:18.0599 3596 wercplsupport - ok 13:08:18.0625 3596 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:08:18.0628 3596 WerSvc - ok 13:08:18.0786 3596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:08:18.0787 3596 WfpLwf - ok 13:08:18.0803 3596 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:08:18.0804 3596 WIMMount - ok 13:08:18.0850 3596 WinDefend - ok 13:08:18.0862 3596 WinHttpAutoProxySvc - ok 13:08:18.0945 3596 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:08:18.0955 3596 Winmgmt - ok 13:08:19.0142 3596 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 13:08:19.0212 3596 WinRM - ok 13:08:19.0364 3596 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 13:08:19.0366 3596 WinUsb - ok 13:08:19.0464 3596 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:08:19.0482 3596 Wlansvc - ok 13:08:19.0861 3596 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:08:19.0938 3596 wlidsvc - ok 13:08:20.0087 3596 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:08:20.0088 3596 WmiAcpi - ok 13:08:20.0175 3596 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:08:20.0190 3596 wmiApSrv - ok 13:08:20.0224 3596 WMPNetworkSvc - ok 13:08:20.0289 3596 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:08:20.0292 3596 WPCSvc - ok 13:08:20.0327 3596 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 13:08:20.0331 3596 WPDBusEnum - ok 13:08:20.0355 3596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:08:20.0357 3596 ws2ifsl - ok 13:08:20.0409 3596 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 13:08:20.0413 3596 wscsvc - ok 13:08:20.0419 3596 WSearch - ok 13:08:20.0508 3596 WTGService (86293b6785260309606b0b0b46e42252) C:\Program Files (x86)\3DataManager\WTGService.exe 13:08:20.0544 3596 WTGService - ok 13:08:20.0742 3596 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 13:08:20.0795 3596 wuauserv - ok 13:08:20.0956 3596 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:08:20.0958 3596 WudfPf - ok 13:08:20.0991 3596 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:08:20.0999 3596 WUDFRd - ok 13:08:21.0018 3596 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 13:08:21.0022 3596 wudfsvc - ok 13:08:21.0086 3596 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 13:08:21.0104 3596 WwanSvc - ok 13:08:21.0147 3596 ZTEusbmdm6k (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 13:08:21.0149 3596 ZTEusbmdm6k - ok 13:08:21.0192 3596 ZTEusbnmea (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 13:08:21.0194 3596 ZTEusbnmea - ok 13:08:21.0244 3596 ZTEusbser6k (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 13:08:21.0246 3596 ZTEusbser6k - ok 13:08:21.0268 3596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:08:21.0739 3596 \Device\Harddisk0\DR0 - ok 13:08:21.0776 3596 Boot (0x1200) (44fec4c97a8c695271e41986e9ca1921) \Device\Harddisk0\DR0\Partition0 13:08:21.0778 3596 \Device\Harddisk0\DR0\Partition0 - ok 13:08:21.0799 3596 Boot (0x1200) (2b41c8864f2a7a3dd0b7076f1c6f3244) \Device\Harddisk0\DR0\Partition1 13:08:21.0801 3596 \Device\Harddisk0\DR0\Partition1 - ok 13:08:21.0802 3596 ============================================================ 13:08:21.0802 3596 Scan finished 13:08:21.0802 3596 ============================================================ 13:08:21.0814 3988 Detected object count: 1 13:08:21.0814 3988 Actual detected object count: 1 13:08:38.0139 3988 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 13:08:38.0139 3988 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip Jedenfalls aswMBR hat sich bei mir aufgehängt, hab es nochmals versucht und es hat sich wieder aufgehängt (während dem Scannen). Ich probiere es jetzt nochmal. |
27.05.2012, 12:22 | #10 |
| Avira findet Trojaner der nicht existiert? Nein es hat sich wieder aufgehängt. Ich kann damit nicht fertig scannen, was jetzt? |
27.05.2012, 12:39 | #11 |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Verneine bei Programmstart den Scan mit avas!-Signaturen und scanne erneut
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.05.2012, 12:46 | #12 |
| Avira findet Trojaner der nicht existiert? Es wird gar nicht mehr danach gefragt. Es war nur beim ersten Start des Programms wo er gefragt hat ob ich mir die neuesten Avast-Signaturen herunterladen möchte und da hab ich akzeptiert. Jetzt aber egal wann ich es jetzt mehr aufmache, fragt er nicht mehr nach sondern schreibt sofort das die Signaturen geladen sind... // Habe jetzt mit Crap Cleaner gecleant und es nochmal versucht. Diesmal hat er gefragt und ich hab auf Nein gedrückt. Jetzt scannt er ... mal schauen ob er sich diesmal aufhängt. aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-27 13:47:28 ----------------------------- 13:47:28.987 OS Version: Windows x64 6.1.7601 Service Pack 1 13:47:28.987 Number of processors: 4 586 0x503 13:47:28.988 ComputerName: JOHN-PC UserName: John 13:47:34.836 Initialize success 13:48:38.764 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:48:38.766 Disk 0 Vendor: WDC_WD6400BEVT-80A0RT0 01.01A01 Size: 610480MB BusType: 11 13:48:38.848 Disk 0 MBR read successfully 13:48:38.849 Disk 0 MBR scan 13:48:38.852 Disk 0 Windows 7 default MBR code 13:48:38.855 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63 13:48:38.874 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 40965750 13:48:38.876 Disk 0 Partition - 00 0F Extended LBA 437858 MB offset 353527808 13:48:38.908 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 437857 MB offset 353529856 13:48:38.992 Disk 0 scanning C:\Windows\system32\drivers 13:48:50.812 Service scanning 13:49:27.659 Modules scanning 13:49:27.659 Disk 0 trace - called modules: 13:49:27.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 13:49:27.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fec060] 13:49:27.687 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004dad060] 13:49:27.688 Scan finished successfully 13:54:03.186 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat" 13:54:03.190 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt" |
27.05.2012, 13:54 | #13 | |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.05.2012, 14:29 | #14 |
| Avira findet Trojaner der nicht existiert? Lieber Marius, du hast meine Frage vorhin nicht beantwortet. Hat das mit CKScanner bereits gepasst? Jedenfalls ist hier mal das ComboFix-Log und ich würde gerne wissen wie es denn mit all diesen Logfiles ausschaut? Sind die alle clean oder konntest du noch irgendwas finden? Was ist mit diesem Akamai? Ist das unbedenklich oder soll ich das löschen? Bitte um ein paar Antworten ... wir könnten den ganzen Tag nur Logdateien erstellen und diverse Programme ausprobieren, aber wie sieht es denn jetzt aus?! Code:
ATTFilter ComboFix 12-05-27.01 - John 27.05.2012 15:14:38.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4094.2388 [GMT 2:00] ausgeführt von:: c:\users\John\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-27 bis 2012-05-27 )))))))))))))))))))))))))))))) . . 2012-05-27 13:22 . 2012-05-27 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-27 10:36 . 2012-05-27 10:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll 2012-05-26 12:00 . 2012-05-26 12:00 61440 ----a-w- c:\windows\SysWow64\drivers\ukmzyzk.sys 2012-05-26 11:48 . 2012-05-26 11:48 61440 ----a-w- c:\windows\SysWow64\drivers\aaxblh.sys 2012-05-25 11:44 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll 2012-05-20 17:37 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-19 19:36 . 2012-05-19 19:36 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-05-18 16:41 . 2012-05-18 16:47 -------- d-----w- c:\users\John\.yawcam 2012-05-11 18:31 . 2012-05-11 18:31 -------- d-----w- c:\users\John\AppData\Local\SplitMediaLabs 2012-05-10 18:54 . 2012-05-10 18:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-05-10 16:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 16:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 16:33 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-10 16:33 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-10 16:33 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-10 16:33 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-10 16:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 16:32 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-10 16:32 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-10 16:32 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-10 16:32 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 16:32 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-10 16:32 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-02 17:05 . 2012-05-02 17:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-02 17:05 . 2012-05-02 17:05 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 17:05 . 2012-05-02 17:05 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 16:29 . 2011-10-16 17:07 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-09 16:29 . 2011-10-16 17:07 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-05 17:04 . 2012-04-02 10:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 17:04 . 2011-05-29 11:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 17:04 . 2012-04-02 11:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-24 14:29 . 2011-07-17 12:51 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-04-04 13:56 . 2011-06-11 18:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-25 09:14 . 2012-03-25 09:13 937506065 ----a-w- C:\FTP-Backup_AllSites_15.03.2012.zip 2012-03-21 12:30 . 2012-03-21 12:31 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-13 17:51 . 2012-03-13 17:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 17:51 . 2012-03-13 17:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 17:51 . 2012-03-13 17:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 17:50 . 2012-03-13 17:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-13 17:50 . 2012-03-13 17:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 17:50 . 2012-03-13 17:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 17:50 . 2012-03-13 17:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-01 06:46 . 2012-04-12 17:11 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-12 17:11 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-12 17:11 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-12 17:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-12 17:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-12 17:11 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 17:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-12 17:20 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-12 17:20 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-12 17:20 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-12 17:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-12 17:20 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-12 17:20 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 17:20 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-12 17:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184] S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 80206027 *NewlyCreated* - 95898358 *NewlyCreated* - ASWMBR *Deregistered* - 80206027 *Deregistered* - 95898358 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04] . 2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42] . 2012-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 127.0.0.1:8118 uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\ . [HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45, 90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45, 90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-05-27 15:26:00 ComboFix-quarantined-files.txt 2012-05-27 13:25 ComboFix2.txt 2012-05-26 12:30 . Vor Suchlauf: 10 Verzeichnis(se), 76.922.966.016 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 76.845.314.048 Bytes frei . - - End Of File - - 0CEBC36C65C3E179E05DB09646937C4B |
27.05.2012, 18:24 | #15 | |
/// Malwareteam | Avira findet Trojaner der nicht existiert? Ckscan war in Ordnung. Und eines kann ich bisher mit Sicherheit sagen: In Ordnung ist das System nicht! Um genaues sagen zu können, müssen wir noch etwas weitermachen... Virustotal-Prüfung Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Code:
ATTFilter c:\windows\SysWow64\drivers\ukmzyzk.sys
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Themen zu Avira findet Trojaner der nicht existiert? |
.dll, appdata, avira, code, dateien, desktop.ini, eudora, fehler, frage, free, home, logfile, nt.dll, ordner, programm, quelldatei, rechner, scan, spiele, systemfehler, temp, tr/atraps.gen, trojaner, trojanische pferd, versteckte, viren, warnung, windows, windows 7 home |