| |
| |||||||
Log-Analyse und Auswertung: E-Mail Account verschickt (SPAM) MailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.06.2012, 12:35
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  E-Mail Account verschickt (SPAM) Mails Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2012, 14:28
| #17 |
 | E-Mail Account verschickt (SPAM) Mails Im Abgesicherten Modus (mit Netzwerktreibern) bekomme ich ebenfalls einen Bluescreen, sobald ich auf "Fix" klicke.
__________________ |
|
19.06.2012, 21:46
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) Mails Hm, das ist merkwürdig. Ok, dann versuch ich die nachher anders zu fixen
__________________Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
20.06.2012, 18:57
| #19 |
| | E-Mail Account verschickt (SPAM) Mails Das ist der Report vom TDSSKiller; habe bei allen Funden (wie auch als Standard angewählt war) "Skip" gemacht. Code:
ATTFilter 19:13:15.0794 1456 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
19:13:16.0478 1456 ============================================================
19:13:16.0478 1456 Current date / time: 2012/06/20 19:13:16.0478
19:13:16.0478 1456 SystemInfo:
19:13:16.0478 1456
19:13:16.0478 1456 OS Version: 6.0.6002 ServicePack: 2.0
19:13:16.0478 1456 Product type: Workstation
19:13:16.0478 1456 ComputerName: ***LAPTOP
19:13:16.0506 1456 UserName: ***
19:13:16.0506 1456 Windows directory: C:\Windows
19:13:16.0506 1456 System windows directory: C:\Windows
19:13:16.0506 1456 Processor architecture: Intel x86
19:13:16.0506 1456 Number of processors: 2
19:13:16.0506 1456 Page size: 0x1000
19:13:16.0506 1456 Boot type: Normal boot
19:13:16.0506 1456 ============================================================
19:13:30.0199 1456 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:13:30.0454 1456 ============================================================
19:13:30.0454 1456 \Device\Harddisk0\DR0:
19:13:30.0499 1456 MBR partitions:
19:13:30.0499 1456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0xC80343F
19:13:30.0524 1456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDB8BFBA, BlocksNum 0x2C7F8C87
19:13:30.0537 1456 ============================================================
19:13:30.0825 1456 C: <-> \Device\Harddisk0\DR0\Partition0
19:13:32.0737 1456 D: <-> \Device\Harddisk0\DR0\Partition1
19:13:33.0037 1456 ============================================================
19:13:33.0037 1456 Initialize success
19:13:33.0037 1456 ============================================================
19:15:49.0006 3496 ============================================================
19:15:49.0006 3496 Scan started
19:15:49.0006 3496 Mode: Manual; SigCheck; TDLFS;
19:15:49.0006 3496 ============================================================
19:15:57.0022 3496 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:15:57.0615 3496 ACPI - ok
19:15:59.0347 3496 AcronisOSSReinstallSvc (e2769e2699af88ca3c57289a8a32ed19) C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
19:16:00.0127 3496 AcronisOSSReinstallSvc - ok
19:16:00.0548 3496 AcrSch2Svc (46a5cbb09b8f0c46f8cbe9210e5e3be2) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:16:00.0642 3496 AcrSch2Svc - ok
19:16:01.0281 3496 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:16:01.0375 3496 adp94xx - ok
19:16:01.0515 3496 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:16:01.0578 3496 adpahci - ok
19:16:01.0609 3496 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:16:01.0656 3496 adpu160m - ok
19:16:01.0780 3496 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:16:01.0827 3496 adpu320 - ok
19:16:02.0014 3496 ADSMService (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:16:02.0217 3496 ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:16:02.0217 3496 ADSMService - detected UnsignedFile.Multi.Generic (1)
19:16:02.0280 3496 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:16:03.0138 3496 AeLookupSvc - ok
19:16:03.0278 3496 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:16:03.0418 3496 AFD - ok
19:16:03.0528 3496 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:16:03.0543 3496 agp440 - ok
19:16:03.0652 3496 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:16:04.0417 3496 aic78xx - ok
19:16:04.0464 3496 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:16:04.0854 3496 ALG - ok
19:16:04.0885 3496 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
19:16:04.0916 3496 Alidevice ( UnsignedFile.Multi.Generic ) - warning
19:16:04.0916 3496 Alidevice - detected UnsignedFile.Multi.Generic (1)
19:16:04.0916 3496 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:16:04.0932 3496 aliide - ok
19:16:04.0963 3496 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:16:04.0963 3496 amdagp - ok
19:16:04.0978 3496 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:16:04.0978 3496 amdide - ok
19:16:04.0994 3496 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:16:05.0025 3496 AmdK7 - ok
19:16:05.0056 3496 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:16:05.0103 3496 AmdK8 - ok
19:16:05.0212 3496 AmplusnetPrivacyTools (d1c3e4a79a819d3776d9ef56fc8c0cb9) C:\Windows\system32\AmplusnetPrivacyTools.exe
19:16:05.0337 3496 AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - warning
19:16:05.0337 3496 AmplusnetPrivacyTools - detected UnsignedFile.Multi.Generic (1)
19:16:05.0540 3496 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:16:05.0618 3496 AntiVirSchedulerService - ok
19:16:05.0665 3496 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:16:05.0680 3496 AntiVirService - ok
19:16:05.0712 3496 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:16:05.0805 3496 Appinfo - ok
19:16:05.0883 3496 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:16:05.0899 3496 arc - ok
19:16:05.0899 3496 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:16:05.0914 3496 arcsas - ok
19:16:05.0946 3496 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
19:16:06.0102 3496 AsDsm - ok
19:16:06.0180 3496 ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
19:16:06.0211 3496 ASLDRService - ok
19:16:06.0242 3496 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
19:16:06.0242 3496 ASMMAP - ok
19:16:06.0336 3496 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:16:06.0585 3496 aspnet_state - ok
19:16:06.0601 3496 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:06.0663 3496 AsyncMac - ok
19:16:06.0694 3496 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:16:06.0710 3496 atapi - ok
19:16:06.0726 3496 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:16:06.0757 3496 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:16:06.0757 3496 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:16:06.0819 3496 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
19:16:06.0835 3496 atksgt - ok
19:16:06.0866 3496 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:16:06.0913 3496 AudioEndpointBuilder - ok
19:16:06.0913 3496 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:16:06.0944 3496 Audiosrv - ok
19:16:07.0006 3496 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:16:07.0022 3496 avgntflt - ok
19:16:07.0084 3496 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:16:07.0100 3496 avipbb - ok
19:16:07.0116 3496 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:16:07.0116 3496 avkmgr - ok
19:16:07.0147 3496 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:16:07.0178 3496 Beep - ok
19:16:07.0209 3496 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:16:07.0256 3496 BFE - ok
19:16:07.0318 3496 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:16:07.0490 3496 BITS - ok
19:16:07.0506 3496 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:16:07.0537 3496 blbdrive - ok
19:16:07.0646 3496 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
19:16:07.0662 3496 Bonjour Service - ok
19:16:07.0693 3496 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:16:07.0755 3496 bowser - ok
19:16:07.0786 3496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:16:07.0802 3496 BrFiltLo - ok
19:16:07.0802 3496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:16:07.0833 3496 BrFiltUp - ok
19:16:07.0864 3496 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:16:07.0896 3496 Bridge - ok
19:16:07.0896 3496 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:16:07.0927 3496 BridgeMP - ok
19:16:07.0958 3496 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:16:08.0005 3496 Browser - ok
19:16:08.0036 3496 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:16:08.0192 3496 Brserid - ok
19:16:08.0223 3496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:16:08.0286 3496 BrSerWdm - ok
19:16:08.0286 3496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:16:08.0348 3496 BrUsbMdm - ok
19:16:08.0348 3496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:16:08.0395 3496 BrUsbSer - ok
19:16:08.0426 3496 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:16:08.0504 3496 BthEnum - ok
19:16:08.0535 3496 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:16:08.0566 3496 BTHMODEM - ok
19:16:08.0598 3496 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:16:08.0629 3496 BthPan - ok
19:16:08.0691 3496 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:16:08.0800 3496 BTHPORT - ok
19:16:08.0832 3496 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:16:08.0894 3496 BthServ - ok
19:16:08.0925 3496 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:16:08.0941 3496 BTHUSB - ok
19:16:08.0972 3496 btwaudio (463483285b2d2d345443aaee7b9391e7) C:\Windows\system32\drivers\btwaudio.sys
19:16:08.0988 3496 btwaudio - ok
19:16:09.0019 3496 btwavdt (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
19:16:09.0019 3496 btwavdt - ok
19:16:09.0112 3496 btwdins (b78d1aca1bbd0077848d9f87c8207ab1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:16:09.0175 3496 btwdins - ok
19:16:09.0190 3496 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:16:09.0206 3496 btwl2cap - ok
19:16:09.0206 3496 btwrchid (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
19:16:09.0222 3496 btwrchid - ok
19:16:09.0253 3496 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:09.0315 3496 cdfs - ok
19:16:09.0346 3496 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:09.0378 3496 cdrom - ok
19:16:09.0409 3496 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:16:09.0456 3496 CertPropSvc - ok
19:16:09.0471 3496 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:16:09.0518 3496 circlass - ok
19:16:09.0565 3496 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:16:09.0580 3496 CLFS - ok
19:16:09.0643 3496 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:10.0376 3496 clr_optimization_v2.0.50727_32 - ok
19:16:10.0501 3496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:10.0782 3496 clr_optimization_v4.0.30319_32 - ok
19:16:10.0797 3496 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:10.0828 3496 CmBatt - ok
19:16:10.0860 3496 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:16:10.0875 3496 cmdide - ok
19:16:10.0875 3496 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:10.0891 3496 Compbatt - ok
19:16:10.0891 3496 COMSysApp - ok
19:16:10.0891 3496 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:16:10.0906 3496 crcdisk - ok
19:16:10.0906 3496 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:16:10.0953 3496 Crusoe - ok
19:16:10.0984 3496 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:16:11.0016 3496 CryptSvc - ok
19:16:11.0031 3496 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
19:16:11.0094 3496 CVirtA - ok
19:16:11.0265 3496 CVPND (5ce32922f8f74a0d2d6ecc30cdad01e0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:16:11.0484 3496 CVPND - ok
19:16:11.0655 3496 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\Windows\system32\Drivers\CVPNDRVA.sys
19:16:11.0686 3496 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
19:16:11.0686 3496 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
19:16:11.0733 3496 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:16:11.0842 3496 DcomLaunch - ok
19:16:11.0874 3496 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:16:11.0920 3496 DfsC - ok
19:16:12.0076 3496 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:16:12.0248 3496 DFSR - ok
19:16:12.0404 3496 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:16:12.0435 3496 Dhcp - ok
19:16:12.0482 3496 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:16:12.0498 3496 disk - ok
19:16:12.0544 3496 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
19:16:12.0544 3496 DNE - ok
19:16:12.0576 3496 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:16:12.0654 3496 Dnscache - ok
19:16:12.0685 3496 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:16:12.0732 3496 dot3svc - ok
19:16:12.0763 3496 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:16:12.0794 3496 DPS - ok
19:16:12.0825 3496 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:16:12.0841 3496 drmkaud - ok
19:16:12.0919 3496 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:12.0997 3496 DXGKrnl - ok
19:16:13.0044 3496 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:16:13.0106 3496 E1G60 - ok
19:16:13.0137 3496 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:16:13.0184 3496 EapHost - ok
19:16:13.0231 3496 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:16:13.0246 3496 Ecache - ok
19:16:13.0324 3496 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:16:13.0558 3496 ehRecvr - ok
19:16:13.0590 3496 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:16:13.0668 3496 ehSched - ok
19:16:13.0683 3496 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:16:13.0714 3496 ehstart - ok
19:16:13.0761 3496 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:16:13.0808 3496 elxstor - ok
19:16:13.0886 3496 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:16:14.0026 3496 EMDMgmt - ok
19:16:14.0042 3496 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
19:16:14.0073 3496 enodpl ( UnsignedFile.Multi.Generic ) - warning
19:16:14.0073 3496 enodpl - detected UnsignedFile.Multi.Generic (1)
19:16:14.0104 3496 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:16:14.0136 3496 ErrDev - ok
19:16:14.0167 3496 EterlogicVirtualSerialDriver (320cf3c874e0a37cffd5649d61906154) C:\Windows\system32\drivers\VSPE.sys
19:16:14.0822 3496 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - warning
19:16:14.0822 3496 EterlogicVirtualSerialDriver - detected UnsignedFile.Multi.Generic (1)
19:16:14.0869 3496 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:16:14.0931 3496 EventSystem - ok
19:16:14.0994 3496 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:16:15.0056 3496 exfat - ok
19:16:15.0087 3496 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:16:15.0118 3496 fastfat - ok
19:16:15.0150 3496 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:16:15.0181 3496 fdc - ok
19:16:15.0212 3496 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:16:15.0243 3496 fdPHost - ok
19:16:15.0259 3496 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:16:15.0321 3496 FDResPub - ok
19:16:15.0321 3496 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:16:15.0337 3496 FileInfo - ok
19:16:15.0352 3496 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:16:15.0368 3496 Filetrace - ok
19:16:15.0508 3496 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:16:15.0571 3496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:16:15.0571 3496 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:16:15.0602 3496 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:15.0633 3496 flpydisk - ok
19:16:15.0680 3496 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:16:15.0696 3496 FltMgr - ok
19:16:15.0789 3496 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
19:16:15.0898 3496 FontCache - ok
19:16:15.0961 3496 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:16:16.0039 3496 FontCache3.0.0.0 - ok
19:16:16.0070 3496 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:16.0132 3496 Fs_Rec - ok
19:16:16.0179 3496 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:16:16.0195 3496 gagp30kx - ok
19:16:16.0288 3496 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
19:16:16.0304 3496 ghaio - ok
19:16:16.0366 3496 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:16:16.0444 3496 gpsvc - ok
19:16:16.0507 3496 gupdate1ca1514d26808b8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:16.0522 3496 gupdate1ca1514d26808b8 - ok
19:16:16.0522 3496 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:16.0538 3496 gupdatem - ok
19:16:16.0569 3496 gusvc (3fd5f79aa40b1c244c59de984e98dc37) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:16:16.0585 3496 gusvc - ok
19:16:16.0616 3496 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
19:16:16.0616 3496 hamachi - ok
19:16:16.0647 3496 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys
19:16:16.0663 3496 hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
19:16:16.0663 3496 hamachi_oem - detected UnsignedFile.Multi.Generic (1)
19:16:16.0694 3496 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:16:16.0756 3496 HdAudAddService - ok
19:16:16.0803 3496 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:16.0912 3496 HDAudBus - ok
19:16:16.0944 3496 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
19:16:16.0975 3496 HidBth - ok
19:16:17.0022 3496 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:16:17.0053 3496 HidIr - ok
19:16:17.0100 3496 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:16:17.0146 3496 hidserv - ok
19:16:17.0162 3496 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:17.0193 3496 HidUsb - ok
19:16:17.0224 3496 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:16:17.0287 3496 hkmsvc - ok
19:16:17.0334 3496 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:16:17.0334 3496 HpCISSs - ok
19:16:17.0396 3496 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:16:17.0458 3496 HTTP - ok
19:16:17.0490 3496 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:16:17.0505 3496 i2omp - ok
19:16:17.0521 3496 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:16:17.0568 3496 i8042prt - ok
19:16:17.0599 3496 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys
19:16:17.0614 3496 iaStor - ok
19:16:17.0646 3496 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:16:17.0661 3496 iaStorV - ok
19:16:17.0770 3496 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:16:17.0770 3496 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:16:17.0770 3496 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:16:17.0895 3496 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:16:18.0036 3496 idsvc - ok
19:16:18.0145 3496 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:16:18.0160 3496 iirsp - ok
19:16:18.0207 3496 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:16:18.0285 3496 IKEEXT - ok
19:16:18.0441 3496 IntcAzAudAddService (0557aaee4c86e2c333acd2baf42a7619) C:\Windows\system32\drivers\RTKVHDA.sys
19:16:18.0566 3496 IntcAzAudAddService - ok
19:16:18.0706 3496 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:16:18.0738 3496 intelide - ok
19:16:18.0738 3496 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:18.0784 3496 intelppm - ok
19:16:18.0816 3496 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:16:18.0862 3496 IPBusEnum - ok
19:16:18.0862 3496 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:18.0894 3496 IpFilterDriver - ok
19:16:18.0940 3496 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:16:19.0018 3496 iphlpsvc - ok
19:16:19.0034 3496 IpInIp - ok
19:16:19.0050 3496 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:16:19.0096 3496 IPMIDRV - ok
19:16:19.0096 3496 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:16:19.0143 3496 IPNAT - ok
19:16:19.0159 3496 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:16:19.0190 3496 IRENUM - ok
19:16:19.0206 3496 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:16:19.0221 3496 isapnp - ok
19:16:19.0268 3496 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:19.0284 3496 iScsiPrt - ok
19:16:19.0284 3496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:16:19.0299 3496 iteatapi - ok
19:16:19.0330 3496 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
19:16:19.0346 3496 itecir - ok
19:16:19.0362 3496 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:16:19.0377 3496 iteraid - ok
19:16:19.0393 3496 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:19.0424 3496 kbdclass - ok
19:16:19.0440 3496 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:19.0471 3496 kbdhid - ok
19:16:19.0486 3496 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:16:19.0502 3496 kbfiltr - ok
19:16:19.0533 3496 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:19.0611 3496 KeyIso - ok
19:16:19.0674 3496 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:16:19.0736 3496 KSecDD - ok
19:16:19.0798 3496 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:16:19.0892 3496 KtmRm - ok
19:16:19.0923 3496 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:16:20.0048 3496 LanmanServer - ok
19:16:20.0079 3496 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:16:20.0188 3496 LanmanWorkstation - ok
19:16:20.0220 3496 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:16:20.0235 3496 LHidFilt - ok
19:16:20.0313 3496 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:16:20.0360 3496 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:16:20.0360 3496 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:16:20.0376 3496 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
19:16:20.0391 3496 lirsgt - ok
19:16:20.0422 3496 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:16:20.0469 3496 lltdio - ok
19:16:20.0516 3496 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:16:20.0578 3496 lltdsvc - ok
19:16:20.0578 3496 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:16:20.0656 3496 lmhosts - ok
19:16:20.0688 3496 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:16:20.0688 3496 LMouFilt - ok
19:16:20.0734 3496 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:16:20.0750 3496 LSI_FC - ok
19:16:20.0750 3496 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:16:20.0766 3496 LSI_SAS - ok
19:16:20.0781 3496 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:16:20.0797 3496 LSI_SCSI - ok
19:16:20.0797 3496 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:16:20.0844 3496 luafv - ok
19:16:20.0859 3496 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
19:16:20.0875 3496 lullaby - ok
19:16:20.0890 3496 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:16:20.0906 3496 LUsbFilt - ok
19:16:20.0953 3496 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:16:20.0968 3496 MBAMProtector - ok
19:16:21.0062 3496 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:16:21.0140 3496 MBAMService - ok
19:16:21.0187 3496 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:16:21.0234 3496 Mcx2Svc - ok
19:16:21.0265 3496 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:16:21.0280 3496 megasas - ok
19:16:21.0312 3496 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:16:21.0327 3496 MegaSR - ok
19:16:21.0358 3496 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:16:21.0421 3496 MMCSS - ok
19:16:21.0421 3496 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:16:21.0452 3496 Modem - ok
19:16:21.0483 3496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:16:21.0530 3496 monitor - ok
19:16:21.0530 3496 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:16:21.0546 3496 mouclass - ok
19:16:21.0561 3496 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:16:21.0592 3496 mouhid - ok
19:16:21.0608 3496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:16:21.0624 3496 MountMgr - ok
19:16:21.0717 3496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:16:21.0733 3496 MozillaMaintenance - ok
19:16:21.0764 3496 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:16:21.0780 3496 mpio - ok
19:16:21.0780 3496 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:16:21.0811 3496 mpsdrv - ok
19:16:21.0873 3496 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:16:21.0936 3496 MpsSvc - ok
19:16:21.0967 3496 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:16:21.0967 3496 Mraid35x - ok
19:16:22.0014 3496 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:16:22.0045 3496 MRxDAV - ok
19:16:22.0092 3496 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:22.0123 3496 mrxsmb - ok
19:16:22.0138 3496 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:22.0170 3496 mrxsmb10 - ok
19:16:22.0201 3496 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:22.0232 3496 mrxsmb20 - ok
19:16:22.0263 3496 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:16:22.0279 3496 msahci - ok
19:16:22.0279 3496 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:16:22.0310 3496 msdsm - ok
19:16:22.0341 3496 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:16:22.0419 3496 MSDTC - ok
19:16:22.0419 3496 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:16:22.0450 3496 Msfs - ok
19:16:22.0466 3496 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:16:22.0482 3496 msisadrv - ok
19:16:22.0513 3496 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:16:22.0575 3496 MSiSCSI - ok
19:16:22.0575 3496 msiserver - ok
19:16:22.0591 3496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:16:22.0622 3496 MSKSSRV - ok
19:16:22.0638 3496 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:22.0653 3496 MSPCLOCK - ok
19:16:22.0669 3496 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:16:22.0700 3496 MSPQM - ok
19:16:22.0731 3496 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:16:22.0747 3496 MsRPC - ok
19:16:22.0747 3496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:22.0762 3496 mssmbios - ok
19:16:22.0762 3496 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:16:22.0809 3496 MSTEE - ok
19:16:22.0825 3496 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
19:16:22.0856 3496 MTsensor - ok
19:16:22.0872 3496 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:16:22.0887 3496 Mup - ok
19:16:22.0918 3496 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:16:23.0012 3496 napagent - ok
19:16:23.0043 3496 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:16:23.0090 3496 NativeWifiP - ok
19:16:23.0137 3496 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:16:23.0168 3496 NDIS - ok
19:16:23.0184 3496 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:23.0230 3496 NdisTapi - ok
19:16:23.0230 3496 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:23.0262 3496 Ndisuio - ok
19:16:23.0293 3496 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:23.0324 3496 NdisWan - ok
19:16:23.0324 3496 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:16:23.0355 3496 NDProxy - ok
19:16:23.0511 3496 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:16:23.0823 3496 Nero BackItUp Scheduler 3 - ok
19:16:23.0839 3496 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:16:23.0886 3496 NetBIOS - ok
19:16:23.0917 3496 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:16:23.0948 3496 netbt - ok
19:16:23.0979 3496 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:24.0026 3496 Netlogon - ok
19:16:24.0057 3496 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:16:24.0135 3496 Netman - ok
19:16:24.0260 3496 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0354 3496 NetMsmqActivator - ok
19:16:24.0369 3496 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0385 3496 NetPipeActivator - ok
19:16:24.0416 3496 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:16:24.0510 3496 netprofm - ok
19:16:24.0510 3496 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0525 3496 NetTcpActivator - ok
19:16:24.0525 3496 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:16:24.0541 3496 NetTcpPortSharing - ok
19:16:24.0775 3496 NETw5v32 (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:16:24.0946 3496 NETw5v32 - ok
19:16:25.0071 3496 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:16:25.0071 3496 nfrd960 - ok
19:16:25.0118 3496 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:16:25.0196 3496 NlaSvc - ok
19:16:25.0321 3496 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:16:25.0368 3496 NMIndexingService - ok
19:16:25.0414 3496 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:16:25.0446 3496 Npfs - ok
19:16:25.0477 3496 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:16:25.0539 3496 nsi - ok
19:16:25.0555 3496 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:16:25.0570 3496 nsiproxy - ok
19:16:25.0664 3496 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:16:25.0711 3496 Ntfs - ok
19:16:25.0726 3496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:16:25.0789 3496 ntrigdigi - ok
19:16:25.0789 3496 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:16:25.0820 3496 Null - ok
19:16:25.0851 3496 NVHDA (8be8be53f3a8151e04379db2d07c53a7) C:\Windows\system32\drivers\nvhda32v.sys
19:16:25.0882 3496 NVHDA - ok
19:16:26.0522 3496 nvlddmkm (eee630ffc85b7f3f0dfad33c59967dd4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:27.0021 3496 nvlddmkm - ok
19:16:27.0162 3496 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:16:27.0177 3496 nvraid - ok
19:16:27.0177 3496 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:16:27.0193 3496 nvstor - ok
19:16:27.0255 3496 nvsvc (caa014ec9a95f3580437aa6d095bb4b3) C:\Windows\system32\nvvsvc.exe
19:16:27.0302 3496 nvsvc - ok
19:16:27.0318 3496 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:16:27.0333 3496 nv_agp - ok
19:16:27.0333 3496 NwlnkFlt - ok
19:16:27.0333 3496 NwlnkFwd - ok
19:16:27.0364 3496 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:16:27.0411 3496 ohci1394 - ok
19:16:27.0489 3496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:27.0505 3496 ose - ok
19:16:27.0567 3496 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:27.0692 3496 p2pimsvc - ok
19:16:27.0708 3496 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:27.0770 3496 p2psvc - ok
19:16:27.0817 3496 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:16:27.0879 3496 Parport - ok
19:16:27.0910 3496 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:16:27.0926 3496 partmgr - ok
19:16:27.0926 3496 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:16:27.0988 3496 Parvdm - ok
19:16:28.0020 3496 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:16:28.0113 3496 PcaSvc - ok
19:16:28.0144 3496 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:16:28.0160 3496 pci - ok
19:16:28.0191 3496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:16:28.0207 3496 pciide - ok
19:16:28.0222 3496 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:16:28.0238 3496 pcmcia - ok
19:16:28.0316 3496 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:16:28.0394 3496 PEAUTH - ok
19:16:28.0519 3496 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:16:28.0659 3496 pla - ok
19:16:28.0784 3496 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
19:16:28.0800 3496 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:16:28.0800 3496 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:16:28.0846 3496 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:16:28.0924 3496 PlugPlay - ok
19:16:29.0018 3496 PnkBstrA (681da309716aeb98bc901d7a0458d931) C:\Windows\system32\PnkBstrA.exe
19:16:29.0080 3496 PnkBstrA - ok
19:16:29.0127 3496 PnkBstrB (1602a3262fdfeedf527ff3f3e2a7dcc5) C:\Windows\system32\PnkBstrB.exe
19:16:29.0190 3496 PnkBstrB - ok
19:16:29.0268 3496 PnkBstrK (2007b8fe6d9660b4cc52552ad225db76) C:\Windows\system32\drivers\PnkBstrK.sys
19:16:29.0283 3496 PnkBstrK - ok
19:16:29.0346 3496 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:29.0408 3496 PNRPAutoReg - ok
19:16:29.0424 3496 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:16:29.0502 3496 PNRPsvc - ok
19:16:29.0564 3496 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:16:29.0658 3496 PolicyAgent - ok
19:16:29.0704 3496 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:16:29.0751 3496 PptpMiniport - ok
19:16:29.0767 3496 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:16:29.0798 3496 Processor - ok
19:16:29.0845 3496 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:16:29.0907 3496 ProfSvc - ok
19:16:29.0938 3496 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:29.0985 3496 ProtectedStorage - ok
19:16:30.0001 3496 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:16:30.0048 3496 PSched - ok
19:16:30.0063 3496 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:16:30.0079 3496 PxHelp20 - ok
19:16:30.0172 3496 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:16:30.0219 3496 ql2300 - ok
19:16:30.0219 3496 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:16:30.0235 3496 ql40xx - ok
19:16:30.0297 3496 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:16:30.0360 3496 QWAVE - ok
19:16:30.0375 3496 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:16:30.0406 3496 QWAVEdrv - ok
19:16:30.0438 3496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:16:30.0469 3496 RasAcd - ok
19:16:30.0516 3496 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:16:30.0594 3496 RasAuto - ok
19:16:30.0609 3496 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:30.0656 3496 Rasl2tp - ok
19:16:30.0703 3496 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:16:30.0765 3496 RasMan - ok
19:16:30.0781 3496 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:30.0828 3496 RasPppoe - ok
19:16:30.0859 3496 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:16:30.0890 3496 RasSstp - ok
19:16:30.0921 3496 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:16:30.0937 3496 rdbss - ok
19:16:30.0968 3496 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:31.0015 3496 RDPCDD - ok
19:16:31.0046 3496 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:16:31.0077 3496 rdpdr - ok
19:16:31.0077 3496 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:16:31.0124 3496 RDPENCDD - ok
19:16:31.0155 3496 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:16:31.0218 3496 RDPWD - ok
19:16:31.0264 3496 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:16:31.0342 3496 RemoteAccess - ok
19:16:31.0374 3496 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:16:31.0452 3496 RemoteRegistry - ok
19:16:31.0483 3496 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:16:31.0514 3496 RFCOMM - ok
19:16:31.0545 3496 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:16:31.0576 3496 rimmptsk - ok
19:16:31.0576 3496 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:16:31.0639 3496 rimsptsk - ok
19:16:31.0639 3496 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:16:31.0670 3496 rismxdp - ok
19:16:31.0701 3496 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:16:31.0764 3496 RpcLocator - ok
19:16:31.0810 3496 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:16:31.0888 3496 RpcSs - ok
19:16:31.0920 3496 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:16:31.0966 3496 rspndr - ok
19:16:32.0013 3496 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:16:32.0029 3496 RTL8169 - ok
19:16:32.0060 3496 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:16:32.0107 3496 SamSs - ok
19:16:32.0122 3496 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:16:32.0138 3496 sbp2port - ok
19:16:32.0356 3496 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:16:32.0481 3496 SBSDWSCService - ok
19:16:32.0512 3496 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:16:32.0590 3496 SCardSvr - ok
19:16:32.0653 3496 SCDEmu (23aa53256ce05b975398b78a33474265) C:\Windows\system32\drivers\SCDEmu.sys
19:16:32.0668 3496 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
19:16:32.0668 3496 SCDEmu - detected UnsignedFile.Multi.Generic (1)
19:16:32.0746 3496 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:16:32.0856 3496 Schedule - ok
19:16:32.0918 3496 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:16:32.0934 3496 SCPolicySvc - ok
19:16:32.0980 3496 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:16:33.0012 3496 sdbus - ok
19:16:33.0058 3496 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:16:33.0199 3496 SDRSVC - ok
19:16:33.0214 3496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:16:33.0277 3496 secdrv - ok
19:16:33.0292 3496 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:16:33.0370 3496 seclogon - ok
19:16:33.0386 3496 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:16:33.0448 3496 SENS - ok
19:16:33.0464 3496 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:16:33.0511 3496 Serenum - ok
19:16:33.0511 3496 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:16:33.0573 3496 Serial - ok
19:16:33.0573 3496 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:16:33.0604 3496 sermouse - ok
19:16:33.0636 3496 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:16:33.0714 3496 SessionEnv - ok
19:16:33.0729 3496 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:16:33.0745 3496 sffdisk - ok
19:16:33.0776 3496 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:16:33.0807 3496 sffp_mmc - ok
19:16:33.0838 3496 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:16:33.0854 3496 sffp_sd - ok
19:16:33.0870 3496 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:33.0916 3496 sfloppy - ok
19:16:33.0979 3496 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:16:34.0041 3496 SharedAccess - ok
19:16:34.0104 3496 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:16:34.0197 3496 ShellHWDetection - ok
19:16:34.0213 3496 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:16:34.0228 3496 sisagp - ok
19:16:34.0244 3496 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:16:34.0260 3496 SiSRaid2 - ok
19:16:34.0260 3496 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:16:34.0275 3496 SiSRaid4 - ok
19:16:34.0494 3496 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:16:34.0728 3496 slsvc - ok
19:16:34.0837 3496 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:16:34.0915 3496 SLUINotify - ok
19:16:34.0946 3496 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:16:34.0977 3496 Smb - ok
19:16:35.0071 3496 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
19:16:35.0149 3496 smserial - ok
19:16:35.0180 3496 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
19:16:35.0196 3496 snapman - ok
19:16:35.0227 3496 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:16:35.0305 3496 SNMPTRAP - ok
19:16:35.0430 3496 SNP2UVC (8f6838aeebc79e8898c2065d969c47cc) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:16:35.0508 3496 SNP2UVC - ok
19:16:35.0648 3496 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:16:35.0664 3496 spldr - ok
19:16:35.0757 3496 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
19:16:35.0773 3496 spmgr - ok
19:16:35.0788 3496 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:16:35.0913 3496 Spooler - ok
19:16:35.0976 3496 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
19:16:35.0991 3496 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
19:16:35.0991 3496 sptd ( LockedFile.Multi.Generic ) - warning
19:16:35.0991 3496 sptd - detected LockedFile.Multi.Generic (1)
19:16:36.0054 3496 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:16:36.0116 3496 srv - ok
19:16:36.0132 3496 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:16:36.0194 3496 srv2 - ok
19:16:36.0241 3496 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:16:36.0256 3496 srvnet - ok
19:16:36.0303 3496 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:16:36.0397 3496 SSDPSRV - ok
19:16:36.0428 3496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:16:36.0459 3496 ssmdrv - ok
19:16:36.0459 3496 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:16:36.0537 3496 SstpSvc - ok
19:16:36.0600 3496 Steam Client Service - ok
19:16:36.0662 3496 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:16:36.0740 3496 stisvc - ok
19:16:36.0771 3496 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:16:36.0787 3496 swenum - ok
19:16:36.0834 3496 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:16:36.0912 3496 swprv - ok
19:16:36.0927 3496 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:16:36.0943 3496 Symc8xx - ok
19:16:36.0958 3496 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:16:36.0974 3496 Sym_hi - ok
19:16:36.0990 3496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:16:37.0005 3496 Sym_u3 - ok
19:16:37.0021 3496 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:16:37.0036 3496 SynTP - ok
19:16:37.0114 3496 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:16:37.0208 3496 SysMain - ok
19:16:37.0239 3496 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:16:37.0348 3496 TabletInputService - ok
19:16:37.0364 3496 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
19:16:37.0395 3496 tandpl ( UnsignedFile.Multi.Generic ) - warning
19:16:37.0395 3496 tandpl - detected UnsignedFile.Multi.Generic (1)
19:16:37.0426 3496 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:16:37.0520 3496 TapiSrv - ok
19:16:37.0551 3496 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:16:37.0629 3496 TBS - ok
19:16:37.0723 3496 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
19:16:37.0770 3496 Tcpip - ok
19:16:37.0785 3496 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
19:16:37.0816 3496 Tcpip6 - ok
19:16:37.0848 3496 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
19:16:37.0894 3496 tcpipreg - ok
19:16:37.0957 3496 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:16:37.0972 3496 TDPIPE - ok
19:16:37.0988 3496 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:16:38.0019 3496 TDTCP - ok
19:16:38.0050 3496 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:16:38.0082 3496 tdx - ok
19:16:38.0113 3496 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:16:38.0144 3496 TermDD - ok
19:16:38.0191 3496 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:16:38.0269 3496 TermService - ok
19:16:38.0331 3496 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:16:38.0394 3496 Themes - ok
19:16:38.0425 3496 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:16:38.0472 3496 THREADORDER - ok
19:16:38.0487 3496 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
19:16:38.0503 3496 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
19:16:38.0503 3496 tifsfilter - detected UnsignedFile.Multi.Generic (1)
19:16:38.0550 3496 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
19:16:38.0565 3496 timounter ( UnsignedFile.Multi.Generic ) - warning
19:16:38.0565 3496 timounter - detected UnsignedFile.Multi.Generic (1)
19:16:38.0581 3496 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:16:38.0674 3496 TrkWks - ok
19:16:38.0721 3496 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:16:38.0768 3496 TrustedInstaller - ok
19:16:38.0799 3496 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:38.0830 3496 tssecsrv - ok
19:16:38.0846 3496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:16:38.0908 3496 tunmp - ok
19:16:38.0924 3496 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:16:38.0955 3496 tunnel - ok
19:16:38.0971 3496 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:16:38.0986 3496 uagp35 - ok
19:16:39.0033 3496 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:16:39.0064 3496 udfs - ok
19:16:39.0096 3496 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:16:39.0205 3496 UI0Detect - ok
19:16:39.0236 3496 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:16:39.0252 3496 uliagpkx - ok
19:16:39.0267 3496 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:16:39.0298 3496 uliahci - ok
19:16:39.0298 3496 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:16:39.0314 3496 UlSata - ok
19:16:39.0330 3496 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:16:39.0345 3496 ulsata2 - ok
19:16:39.0361 3496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:16:39.0376 3496 umbus - ok
19:16:39.0408 3496 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:16:39.0501 3496 upnphost - ok
19:16:39.0532 3496 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:16:39.0564 3496 usbaudio - ok
19:16:39.0579 3496 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:39.0626 3496 usbccgp - ok
19:16:39.0657 3496 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:16:39.0704 3496 usbcir - ok
19:16:39.0735 3496 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:16:39.0766 3496 usbehci - ok
19:16:39.0813 3496 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:16:39.0844 3496 usbhub - ok
19:16:39.0860 3496 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:16:39.0907 3496 usbohci - ok
19:16:39.0922 3496 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:16:39.0969 3496 usbprint - ok
19:16:40.0000 3496 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:16:40.0032 3496 usbscan - ok
19:16:40.0047 3496 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:40.0094 3496 USBSTOR - ok
19:16:40.0110 3496 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:16:40.0156 3496 usbuhci - ok
19:16:40.0188 3496 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:16:40.0234 3496 usbvideo - ok
19:16:40.0250 3496 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:16:40.0344 3496 UxSms - ok
19:16:40.0359 3496 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
19:16:40.0406 3496 VCSVADHWSer - ok
19:16:40.0453 3496 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:16:40.0546 3496 vds - ok
19:16:40.0578 3496 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:40.0609 3496 vga - ok
19:16:40.0609 3496 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:16:40.0656 3496 VgaSave - ok
19:16:40.0656 3496 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:16:40.0687 3496 viaagp - ok
19:16:40.0687 3496 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:16:40.0718 3496 ViaC7 - ok
19:16:40.0718 3496 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:16:40.0734 3496 viaide - ok
19:16:40.0749 3496 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:16:40.0765 3496 volmgr - ok
19:16:40.0796 3496 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:16:40.0812 3496 volmgrx - ok
19:16:40.0858 3496 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:16:40.0890 3496 volsnap - ok
19:16:40.0890 3496 vsdatant7 - ok
19:16:40.0905 3496 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:16:40.0936 3496 vsmraid - ok
19:16:41.0014 3496 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:16:41.0139 3496 VSS - ok
19:16:41.0217 3496 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:16:41.0311 3496 W32Time - ok
19:16:41.0358 3496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:16:41.0404 3496 WacomPen - ok
19:16:41.0404 3496 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:41.0436 3496 Wanarp - ok
19:16:41.0436 3496 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:41.0451 3496 Wanarpv6 - ok
19:16:41.0498 3496 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:16:41.0592 3496 wcncsvc - ok
19:16:41.0638 3496 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:16:41.0716 3496 WcsPlugInService - ok
19:16:41.0732 3496 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:16:41.0748 3496 Wd - ok
19:16:41.0794 3496 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:16:41.0826 3496 Wdf01000 - ok
19:16:41.0841 3496 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:16:41.0935 3496 WdiServiceHost - ok
19:16:41.0935 3496 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:16:42.0028 3496 WdiSystemHost - ok
19:16:42.0060 3496 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:16:42.0153 3496 WebClient - ok
19:16:42.0200 3496 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:16:42.0356 3496 Wecsvc - ok
19:16:42.0387 3496 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:16:42.0465 3496 wercplsupport - ok
19:16:42.0496 3496 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:16:42.0574 3496 WerSvc - ok
19:16:42.0684 3496 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:16:42.0699 3496 WinDefend - ok
19:16:42.0715 3496 WinHttpAutoProxySvc - ok
19:16:42.0793 3496 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:16:43.0386 3496 Winmgmt - ok
19:16:43.0479 3496 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:16:43.0620 3496 WinRM - ok
19:16:43.0682 3496 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:16:43.0807 3496 Wlansvc - ok
19:16:44.0041 3496 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:16:44.0134 3496 wlidsvc - ok
19:16:44.0275 3496 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:44.0322 3496 WmiAcpi - ok
19:16:44.0384 3496 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:16:44.0415 3496 wmiApSrv - ok
19:16:44.0540 3496 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:16:44.0665 3496 WMPNetworkSvc - ok
19:16:44.0680 3496 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:16:44.0790 3496 WPCSvc - ok
19:16:44.0821 3496 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:16:44.0946 3496 WPDBusEnum - ok
19:16:44.0992 3496 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:16:45.0008 3496 WpdUsb - ok
19:16:45.0195 3496 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:16:45.0320 3496 WPFFontCache_v0400 - ok
19:16:45.0351 3496 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:45.0382 3496 ws2ifsl - ok
19:16:45.0398 3496 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:16:45.0476 3496 wscsvc - ok
19:16:45.0476 3496 WSearch - ok
19:16:45.0648 3496 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:16:45.0788 3496 wuauserv - ok
19:16:45.0944 3496 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:45.0960 3496 WUDFRd - ok
19:16:45.0991 3496 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:16:46.0100 3496 wudfsvc - ok
19:16:46.0162 3496 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
19:16:46.0209 3496 xnacc - ok
19:16:46.0240 3496 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:16:46.0303 3496 yukonwlh - ok
19:16:46.0318 3496 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
19:16:46.0818 3496 \Device\Harddisk0\DR0 - ok
19:16:46.0818 3496 Boot (0x1200) (b48d57c52766fe1979209ef9a56733e9) \Device\Harddisk0\DR0\Partition0
19:16:46.0818 3496 \Device\Harddisk0\DR0\Partition0 - ok
19:16:46.0849 3496 Boot (0x1200) (47cee93253431d7764e58cae3f5e0d13) \Device\Harddisk0\DR0\Partition1
19:16:46.0849 3496 \Device\Harddisk0\DR0\Partition1 - ok
19:16:46.0849 3496 ============================================================
19:16:46.0849 3496 Scan finished
19:16:46.0849 3496 ============================================================
19:16:46.0864 3580 Detected object count: 17
19:16:46.0864 3580 Actual detected object count: 17
19:50:16.0383 3580 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0383 3580 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0383 3580 Alidevice ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0383 3580 Alidevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 AmplusnetPrivacyTools ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:16.0398 3580 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:16.0398 3580 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.06.2012, 10:09
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) Mails Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 14:26
| #21 |
| | E-Mail Account verschickt (SPAM) Mails Hier die Log-Datei von Combofix: Code:
ATTFilter ComboFix 12-06-21.01 - *** 21.06.2012 12:48:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1866 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Common Files\ASPG_icon.ico
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\SPlus.dll
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\users\***\AppData\Roaming\7za.exe
c:\users\***\AppData\Roaming\a.7z
c:\users\***\AppData\Roaming\Google\Update\1
c:\users\***\AppData\Roaming\Google\Update\1\SD\m.txt
c:\users\***\AppData\Roaming\Google\Update\1\SD\s.txt
c:\users\***\AppData\Roaming\Mac\MacJie.key
c:\users\***\AppData\Roaming\SogouExplorer
c:\users\***\AppData\Roaming\SogouExplorer\abw
c:\users\***\AppData\Roaming\SogouExplorer\adbdata.dat
c:\users\***\AppData\Roaming\SogouExplorer\CommCfg.xml
c:\users\***\AppData\Roaming\SogouExplorer\confdll.dll
c:\users\***\AppData\Roaming\SogouExplorer\Config.xml
c:\users\***\AppData\Roaming\SogouExplorer\configlocal.xml
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.08.19.16
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.13.11
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.17.18
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.11.20.11
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2011.03.03.04
c:\users\***\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2011.08.04.20
c:\users\***\AppData\Roaming\SogouExplorer\dew
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\default_page.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_ie.sogou.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_pinyin.sogou.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_pralerts.zonealarm.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.ceruleanstudios.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.icq.com_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\http_www.trillian.im_80_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\FavIcon\https_www3.gotowebinar.com_443_fav.ico
c:\users\***\AppData\Roaming\SogouExplorer\Favorite2.dat
c:\users\***\AppData\Roaming\SogouExplorer\FormData.dat
c:\users\***\AppData\Roaming\SogouExplorer\HistoryUrl.db
c:\users\***\AppData\Roaming\SogouExplorer\MCPattern.db
c:\users\***\AppData\Roaming\SogouExplorer\Misc.db
c:\users\***\AppData\Roaming\SogouExplorer\Openpage.xml
c:\users\***\AppData\Roaming\SogouExplorer\playevent.pat
c:\users\***\AppData\Roaming\SogouExplorer\se_setup.ini
c:\users\***\AppData\Roaming\SogouExplorer\SEacc_F5_pattern.txt
c:\users\***\AppData\Roaming\SogouExplorer\SEacc_refresh_pattern.txt
c:\users\***\AppData\Roaming\SogouExplorer\sodaliblite.dll
c:\users\***\AppData\Roaming\SogouExplorer\SogouExplorerSetup.exe
c:\users\***\AppData\Roaming\SogouExplorer\uhistory.db
c:\users\***\AppData\Roaming\SogouExplorer\UserId.enc
c:\users\***\AppData\Roaming\SogouExplorer\videopattern
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_0
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_1
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_2
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\data_3
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000001
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000002
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000003
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000004
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cache\index
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\Cookies
c:\users\***\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\system32\drivers\~GLH0014.TMP
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-21 10:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:29 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:29 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 23:24 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-19 23:24 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-06-19 23:24 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-19 23:24 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-19 18:49 . 2012-06-19 18:49 -------- d-----w- c:\program files\Microsoft Chart Controls
2012-06-19 14:17 . 2012-06-19 14:17 -------- d-----w- C:\fe83392acf11f46d51bad2caf9119a
2012-06-19 14:07 . 2012-06-19 14:07 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-19 13:52 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-06-19 13:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-06-19 13:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-06-19 13:48 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-19 13:48 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-19 13:48 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-19 13:45 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-06-19 10:30 . 2012-06-19 10:30 -------- d-----w- C:\_OTL
2012-06-17 12:20 . 2012-06-17 12:20 0 ----a-w- c:\windows\system32\nsd8756.tmp
2012-06-16 12:18 . 2012-06-16 12:18 -------- d-----w- c:\program files\ESET
2012-06-14 14:43 . 2012-06-14 14:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 14:43 . 2012-06-14 14:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-14 10:33 . 2012-06-14 10:33 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-06-14 10:33 . 2012-06-14 10:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 10:33 . 2012-06-14 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 10:33 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 07:21 . 2012-06-08 07:21 2991512 ----a-w- c:\windows\system32\SogouPY.ime
2012-05-22 16:19 . 2012-06-20 18:04 -------- d-----w- c:\program files\Diablo III
2012-05-22 16:19 . 2012-05-22 16:44 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-22 16:19 . 2012-05-22 16:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-05-22 16:13 . 2012-05-22 16:13 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 12:07 . 2009-07-10 17:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-06-20 22:03 . 2009-07-11 17:51 140304 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-20 22:03 . 2009-07-11 19:01 281032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-20 22:03 . 2009-07-11 17:51 281032 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-20 18:35 . 2009-07-11 17:51 281032 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-19 18:43 . 2009-07-11 17:51 138056 ----a-w- c:\users\***\AppData\Roaming\PnkBstrK.sys
2012-06-19 18:43 . 2009-07-11 17:50 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-09 14:55 . 2011-10-16 13:24 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 14:55 . 2011-10-16 13:24 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-01 13:28 . 2012-04-01 13:28 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2008-08-08 22:48 . 2008-08-08 22:48 90112 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2012-05-06 10:58 . 2011-05-15 17:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-05-04 05:14 . 2009-10-11 18:17 36864 ----a-w- c:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-05-04 05:14 . 2009-10-11 18:17 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-12 2969496]
"Dexpot"="c:\program files\Dexpot\dexpot.exe" [2011-11-22 1425408]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"DirectConsole2"="c:\program files\ASUS\Direct Console\Direct Console.exe" [2008-08-21 2705976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-12-5 692224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 03:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 18:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 07:24 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-19 07:24 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 09:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-04 15:03]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 15:04]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 15:04]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 15:48]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3hp8zgmd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: network.proxy.http - 114.32.112.213
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\***\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-Google - c:\users\***\AppData\Roaming\googleoez.exe
AddRemove-Command & Conquer - d:\spiele\CnC\Uninstal.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 14:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1799299016-3692624258-2031827036-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:45,ca,61,db,8e,38,ba,2e,41,da,d4,d3,f0,4e,f2,d0,e0,eb,24,0f,e7,29,1a,
30,8b,a8,62,b5,c7,15,14,c9,68,c1,e0,64,1c,46,90,b7,b5,d5,94,07,33,cb,fc,10,\
"??"=hex:3e,f2,b3,06,b5,62,1f,ca,97,78,ed,73,a0,8c,5f,4d
.
[HKEY_USERS\S-1-5-21-1799299016-3692624258-2031827036-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,55,66,54,ae,a3,0c,53,72,e2,6e,21,10,53,b3,da,ca,c1,9a,5d,1d,
9f,74,10,f8,9a,58,03,43,3e,bd,ea,0f,24,d7,be,00,08,18,84,19,2d,1a,09,cb,f7,\
"rkeysecu"=hex:ae,76,d6,ff,5c,aa,c1,e8,dd,b6,31,1e,eb,bc,d0,71
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:2a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a002354
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:26002243
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001e8c
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:24000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1c000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10002354
"Dhcpv6State"=dword:00000001
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:29000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1100215d
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:277a7700
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c002243
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:217a7991
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'Explorer.exe'(4524)
c:\program files\Dexpot\hooxpot.dll
c:\program files\SetPoint\GameHook.dll
c:\program files\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Windows Mail\WinMail.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 14:20:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 12:19
.
Vor Suchlauf: 16 Verzeichnis(se), 34.484.191.232 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.857.126.912 Bytes frei
.
- - End Of File - - 56DBC4D0925505FD4C13B816650ACAC2
|
|
21.06.2012, 15:10
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) Mails Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 12:18
| #23 |
| | E-Mail Account verschickt (SPAM) Mails Hier erstmal die beiden Log-Dateien von GMER und OSAM: GMER Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 11:58:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.BKFO
Running: fpbl496r.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kwxciuod.sys
---- System - GMER 1.0.15 ----
SSDT 925FD9E6 ZwCreateSection
SSDT 925FD9F0 ZwRequestWaitReplyPort
SSDT 925FD9EB ZwSetContextThread
SSDT 925FD9F5 ZwSetSecurityObject
SSDT 925FD9FA ZwSystemDebugControl
SSDT 925FD987 ZwTerminateProcess
INT 0x51 ? 90E0C550
INT 0x62 ? 87AEFBF8
INT 0x71 ? 90E0C7D0
INT 0x72 ? 87AEFBF8
INT 0x81 ? 90E0CA50
INT 0x82 ? 87AEFBF8
INT 0x82 ? 87AEFBF8
INT 0xA2 ? 8612CBF8
INT 0xA2 ? 87AEFBF8
INT 0xA2 ? 87AEFBF8
INT 0xA2 ? 8612CBF8
INT 0xA3 ? 87AEFBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828B88D8 4 Bytes [E6, D9, 5F, 92] {OUT 0xd9, AL; POP EDI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 539 828B8BFC 4 Bytes [F0, D9, 5F, 92]
.text ntkrnlpa.exe!KeSetEvent + 56D 828B8C30 4 Bytes [EB, D9, 5F, 92] {JMP 0xffffffffffffffdb; POP EDI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 5D1 828B8C94 4 Bytes [F5, D9, 5F, 92] {CMC ; FSTP DWORD [EDI-0x6e]}
.text ntkrnlpa.exe!KeSetEvent + 619 828B8CDC 4 Bytes [FA, D9, 5F, 92] {CLI ; FSTP DWORD [EDI-0x6e]}
.text ...
? System32\Drivers\sppu.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8F54341B 5 Bytes JMP 87AEF1D8
.text aqlmmun0.SYS 908B2000 22 Bytes [82, D3, BC, 82, 6C, D2, BC, ...]
.text aqlmmun0.SYS 908B2017 111 Bytes [00, 32, 57, 79, 80, 3D, 55, ...]
.text aqlmmun0.SYS 908B2087 33 Bytes [82, E6, E4, 8B, 82, 36, 3A, ...]
.text aqlmmun0.SYS 908B20A9 35 Bytes [22, 85, 82, A0, 19, 85, 82, ...]
.text aqlmmun0.SYS 908B20CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA9EF4300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA9FCC300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D6] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B042] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B800] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0C0] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13E] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069AE9C] \SystemRoot\System32\Drivers\sppu.sys
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortUchar] 83908D7F
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F908D50
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aqlmmun0.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8612F1F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\fastfat \FatCdrom 927FC1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Alidevice.SYS (Windows NT alipay kernel module/alipay.com)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 853701F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C3FF4A6B-AFD8-4B3B-B55B-DE46EADD3BD9} 926F4390
Device \Driver\usbuhci \Device\USBPDO-0 87AD8498
Device \Driver\usbuhci \Device\USBPDO-1 87AD8498
Device \Driver\usbuhci \Device\USBPDO-2 87AD8498
Device \Driver\usbehci \Device\USBPDO-3 87AE01F8
Device \Driver\usbuhci \Device\USBPDO-4 87AD8498
Device \Driver\usbuhci \Device\USBPDO-5 87AD8498
Device \Driver\PCI_PNP6229 \Device\00000062 sppu.sys
Device \Driver\usbuhci \Device\USBPDO-6 87AD8498
Device \Driver\volmgr \Device\HarddiskVolume1 853701F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\usbehci \Device\USBPDO-7 87AE01F8
Device \Driver\volmgr \Device\HarddiskVolume2 853701F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\cdrom \Device\CdRom0 87D1D1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82EB55A0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 853701F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\netbt \Device\NetBT_Tcpip_{ED7EB904-6721-47CC-A022-F7788A4A5638} 926F4390
Device \Driver\cdrom \Device\CdRom1 87D1D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 926F4390
Device \Driver\Smb \Device\NetbiosSmb 9273F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 87D991F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AC27E35C-A17D-4F60-BE78-EB644ACFF10D} 926F4390
Device \Driver\BTHUSB \Device\00000098 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000098 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 87AD8498
Device \Driver\usbuhci \Device\USBFDO-1 87AD8498
Device \Driver\usbuhci \Device\USBFDO-2 87AD8498
Device \Driver\usbehci \Device\USBFDO-3 87AE01F8
Device \Driver\usbuhci \Device\USBFDO-4 87AD8498
Device \Driver\usbuhci \Device\USBFDO-5 87AD8498
Device \Driver\usbuhci \Device\USBFDO-6 87AD8498
Device \Driver\usbehci \Device\USBFDO-7 87AE01F8
Device \Driver\sptd \Device\3035466244 sppu.sys
Device \Driver\aqlmmun0 \Device\Scsi\aqlmmun01Port2Path0Target0Lun0 87D841F8
Device \Driver\aqlmmun0 \Device\Scsi\aqlmmun01 87D841F8
Device \Driver\BTHUSB \Device\0000009a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000009a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \FileSystem\fastfat \Fat 927FC1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs AECE01F8
---- Threads - GMER 1.0.15 ----
Thread System [4:2996] AC5198C8
Thread System [4:3000] AC5198C8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c4f209
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c4f209@000de68e61ff 0x41 0xCB 0xCF 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0xDA 0x14 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x77 0xF2 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD0 0x6A 0xD1 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x8B 0x5A 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6Iaid 704643072
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6Iaid 167781204
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6Iaid 637542979
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6Iaid 251666060
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6Iaid 603979776
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6Iaid 469762048
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6Iaid 268444500
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6State 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6Iaid 687865856
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6Iaid 285221213
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6Iaid 335675476
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6Iaid 662337280
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6Iaid 201335363
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6Iaid 561674641
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6State 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243c4f209 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243c4f209@000de68e61ff 0x41 0xCB 0xCF 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0xDA 0x14 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x77 0xF2 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD0 0x6A 0xD1 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x8B 0x5A 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6Iaid 704643072
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{0494ed2b-a00c-406c-a62f-21ebc82e1186}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6Iaid 167781204
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{199d9774-1d87-43c0-bcef-811959e175fd}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6Iaid 637542979
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{214985cb-91b5-4edb-bf49-04603d706110}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6Iaid 251666060
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6Iaid 603979776
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{524e379e-e44e-48f3-bcc2-88d51e6e642f}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6Iaid 469762048
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{98595871-6298-4994-88cc-750eae58c6e5}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6Iaid 268444500
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@Dhcpv6State 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ac27e35c-a17d-4f60-be78-eb644acff10d}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6Iaid 687865856
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{b040e30f-1320-4b9c-aeb9-c4a1e75acbdd}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6Iaid 285221213
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c3ff4a6b-afd8-4b3b-b55b-de46eadd3bd9}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6Iaid 335675476
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e0a5b4ad-2971-4d2c-9730-425ce6b065a4}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6Iaid 662337280
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{e3956ff0-3f9f-4edc-b5e3-0fbfac891c85}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6Iaid 201335363
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ed7eb904-6721-47cc-a022-f7788a4a5638}@NameServer
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6Iaid 561674641
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ee935c63-a647-4d71-b1eb-b2cb7135d8d9}@Dhcpv6State 1
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:52:06 on 22.06.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 12.00 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1799299016-3692624258-2031827036-1000UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys "Alidevice" (Alidevice) - "alipay.com" - C:\Windows\system32\drivers\Alidevice.sys "aqlmmun0" (aqlmmun0) - "Microsoft Corporation" - C:\Windows\system32\drivers\aqlmmun0.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "EterlogicVirtualSerialDriver" (EterlogicVirtualSerialDriver) - ? - C:\Windows\system32\drivers\VSPE.sys (File found, but it contains no detailed information) "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwxciuod" (kwxciuod) - ? - C:\Users\***~1\AppData\Local\Temp\kwxciuod.sys (Hidden registry entry, rootkit activity | File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PlayLinc Adapter" (hamachi_oem) - "Applied Networking Inc." - C:\Windows\System32\DRIVERS\gan_adapter.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\Windows\system32\drivers\SCDEmu.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) "vsdatant7" (vsdatant7) - ? - C:\Windows\System32\drivers\vsdatant.win7.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f "StubPath" - "Expert System S.p.A." - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Program Files\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Program Files\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Program Files\PowerISO\PWRISOSH.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} "CDownloadCtrl Object" - "IGN Entertainment" - C:\Program Files\Download Manager\DLMControl.dll / hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - ? - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX (File not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "SetPoint.lnk" - "Logitech Inc." - C:\Program Files\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun "Dexpot" - "Dexpot GbR" - C:\Program Files\Dexpot\dexpot.exe "Duden Korrektor SysTray" - "Expert System S.p.A." - C:\Program Files\Duden\Duden-Rechtschreibprüfung\DKTray.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DirectConsole2" - "ASUSTek." - C:\Program Files\ASUS\Direct Console\Direct Console.exe "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (File found, but it contains no detailed information) "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe "AmplusnetPrivacyTools" (AmplusnetPrivacyTools) - ? - C:\Windows\system32\AmplusnetPrivacyTools.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1ca1514d26808b8)" (gupdate1ca1514d26808b8) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Nachdem der Autorun-Scan durchgelaufen ist und ich die ersten zwei "Next" geklickt habe (siehe Eure OSAM-Anleitung) will er zu dem Online Malware Scanner verbinden. Dabei erhalte ich: * Connecting to OMS Base: OK * Checking protocol version: OK * Getting server configuration: OK * Collecting hashes: OK * Waiting for server analyse request: FAILED Bei diesem Fenster bleibt mir also nur der Cancel-Button. Das als Anmerkung, weil ich nicht weiss, ob das aus der Log-Datei ersichtlich ist. Nächster Schritt Deiner Anweisung kommt je nach Zeit voraussichtlich heute am Nachmittag oder Abend. - |
|
22.06.2012, 12:55
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) MailsZitat:
- die Online-Abfrage durch OSAM bitte überspringen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 13:50
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  E-Mail Account verschickt (SPAM) MailsZitat:
 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2012, 11:36
| #27 |
| | E-Mail Account verschickt (SPAM) Mails So, hier nun doch mit einem Tag Verzug die Log-Datei von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-23 02:52:05
-----------------------------
02:52:05.935 OS Version: Windows 6.0.6002 Service Pack 2
02:52:05.935 Number of processors: 2 586 0x1706
02:52:05.935 ComputerName: ***LAPTOP UserName: ***
02:52:24.409 Initialize success
02:52:35.809 AVAST engine defs: 12062200
02:52:51.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:52:51.472 Disk 0 Vendor: Hitachi_ BKFO Size: 476940MB BusType: 3
02:52:51.940 Disk 0 MBR read successfully
02:52:51.940 Disk 0 MBR scan
02:52:52.002 Disk 0 unknown MBR code
02:52:52.111 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
02:52:52.252 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 102406 MB offset 20482875
02:52:52.267 Disk 0 Partition - 00 05 Extended 364529 MB offset 230211450
02:52:52.423 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 364529 MB offset 230211514
02:52:53.110 Disk 0 scanning sectors +976768065
02:52:53.547 Disk 0 scanning C:\Windows\system32\drivers
02:55:15.007 Service scanning
02:55:41.527 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:55:50.153 Modules scanning
02:58:51.035 Disk 0 trace - called modules:
02:58:51.145 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys sppu.sys >>UNKNOWN [0x860e4938]<<
02:58:51.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872fd848]
02:58:51.145 3 CLASSPNP.SYS[8b3b98b3] -> nt!IofCallDriver -> [0x862016c8]
02:58:51.145 5 acpi.sys[807c16bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8618a028]
02:58:51.784 AVAST engine scan C:\Windows
03:00:20.657 AVAST engine scan C:\Windows\system32
03:32:17.082 AVAST engine scan C:\Windows\system32\drivers
03:35:51.831 AVAST engine scan C:\Users\***
05:43:59.808 AVAST engine scan C:\ProgramData
06:04:44.625 Scan finished successfully
12:32:27.284 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:32:27.284 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
24.06.2012, 16:16
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) Mails Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 10:12
| #29 |
| | E-Mail Account verschickt (SPAM) Mails Der MBR-Fix scheint geklappt zu haben, bekam nach wenigen Sekunden die Nachricht über den Erfolg des Fixens. Nach Neustart des PCs und einem weiteren Scan mit MBR sieht das entsprechende Log folgendermaßen aus: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-25 01:34:16
-----------------------------
01:34:16.341 OS Version: Windows 6.0.6002 Service Pack 2
01:34:16.341 Number of processors: 2 586 0x1706
01:34:16.341 ComputerName: ***LAPTOP UserName: ***
01:34:58.882 Initialize success
01:35:17.072 AVAST engine defs: 12062401
01:36:25.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:36:25.259 Disk 0 Vendor: Hitachi_ BKFO Size: 476940MB BusType: 3
01:36:25.290 Disk 0 MBR read successfully
01:36:25.290 Disk 0 MBR scan
01:36:25.290 Disk 0 Windows VISTA default MBR code
01:36:25.306 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
01:36:25.322 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 102406 MB offset 20482875
01:36:25.337 Disk 0 Partition - 00 05 Extended 364529 MB offset 230211450
01:36:25.368 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 364529 MB offset 230211514
01:36:25.384 Disk 0 scanning sectors +976768065
01:36:25.509 Disk 0 scanning C:\Windows\system32\drivers
01:36:48.659 Service scanning
01:37:18.762 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:37:36.437 Modules scanning
01:38:06.389 Disk 0 trace - called modules:
01:38:06.420 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spkk.sys >>UNKNOWN [0x860e8938]<<
01:38:06.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8738e8e0]
01:38:06.420 3 CLASSPNP.SYS[8b3c78b3] -> nt!IofCallDriver -> [0x86202678]
01:38:06.436 5 acpi.sys[805c26bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8539e028]
01:38:08.604 AVAST engine scan C:\Windows
01:38:13.736 AVAST engine scan C:\Windows\system32
01:41:16.818 AVAST engine scan C:\Windows\system32\drivers
01:41:32.418 AVAST engine scan C:\Users\***
02:06:14.012 AVAST engine scan C:\ProgramData
02:11:42.751 Scan finished successfully
11:06:22.813 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:06:22.829 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR_2.txt"
|
|
25.06.2012, 12:11
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail Account verschickt (SPAM) Mails Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu E-Mail Account verschickt (SPAM) Mails |
| administrator, adware.gamespyarcade, adware.sogou, antivir, dateisystem, desktop, e-mail, e-mail account, entfernen, explorer, formatieren, geliefert, heuristiks/shuriken, index, install.exe, malwarebytes, microsoft, namen, problem, programm, pup.toolbardownloader, schließen, seiten, software, tencent, trojan.agent, trojan.bho, vista, ändern |
Linear-Darstellung
