| |
| |||||||
Log-Analyse und Auswertung: AVG meldet Rootkits in spjl.sysWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.06.2012, 23:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  AVG meldet Rootkits in spjl.sysCode:
ATTFilter (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\MEINBA~1.TIB
 Machst du mit Acronis Backups auf das jetzige Laufwerk F? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.06.2012, 08:57
| #17 |
 | AVG meldet Rootkits in spjl.sys Das war mein "Faulenzer" Backup. Also gleich nach der Installation hab ich ein Backup erstellt. Danach nicht mehr. Ich halte nix vom Wiederherstellen bzw. zurücksetzen. Dann lieber ne Neuinstallation oder ein Backup gleich nach der Installati
__________________Ist Acronis schlecht? Ich hab eigentlich immer Acronis. Geändert von Mieserwitz (21.06.2012 um 09:36 Uhr) |
|
21.06.2012, 11:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG meldet Rootkits in spjl.sys Nein das war nur ein Hinweis, dass CF das Image gelöscht hat!
__________________Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
21.06.2012, 11:47
| #19 |
| | AVG meldet Rootkits in spjl.sysCode:
ATTFilter 12:43:58.0060 5892 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:43:58.0070 5892 ============================================================
12:43:58.0070 5892 Current date / time: 2012/06/21 12:43:58.0070
12:43:58.0070 5892 SystemInfo:
12:43:58.0070 5892
12:43:58.0070 5892 OS Version: 6.1.7601 ServicePack: 1.0
12:43:58.0070 5892 Product type: Workstation
12:43:58.0070 5892 ComputerName: XXXX-PC
12:43:58.0071 5892 UserName: XXXX
12:43:58.0071 5892 Windows directory: C:\Windows
12:43:58.0071 5892 System windows directory: C:\Windows
12:43:58.0071 5892 Running under WOW64
12:43:58.0071 5892 Processor architecture: Intel x64
12:43:58.0071 5892 Number of processors: 6
12:43:58.0071 5892 Page size: 0x1000
12:43:58.0071 5892 Boot type: Normal boot
12:43:58.0071 5892 ============================================================
12:43:58.0246 5892 Drive \Device\Harddisk3\DR3 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:43:58.0261 5892 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0622 5892 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0648 5892 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0661 5892 Drive \Device\Harddisk4\DR6 - Size: 0x3BF700000 (14.99 Gb), SectorSize: 0x200, Cylinders: 0x7A4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:03.0665 5892 Drive \Device\Harddisk5\DR5 - Size: 0xEE400000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:03.0668 5892 ============================================================
12:44:03.0668 5892 \Device\Harddisk3\DR3:
12:44:03.0670 5892 MBR partitions:
12:44:03.0670 5892 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:44:03.0670 5892 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
12:44:03.0670 5892 \Device\Harddisk0\DR0:
12:44:03.0670 5892 MBR partitions:
12:44:03.0670 5892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:44:03.0670 5892 \Device\Harddisk1\DR1:
12:44:03.0670 5892 MBR partitions:
12:44:03.0670 5892 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
12:44:03.0670 5892 \Device\Harddisk2\DR2:
12:44:03.0670 5892 MBR partitions:
12:44:03.0670 5892 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
12:44:03.0670 5892 \Device\Harddisk4\DR6:
12:44:03.0671 5892 MBR partitions:
12:44:03.0671 5892 \Device\Harddisk4\DR6\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DF9800
12:44:03.0671 5892 \Device\Harddisk5\DR5:
12:44:03.0672 5892 MBR partitions:
12:44:03.0672 5892 \Device\Harddisk5\DR5\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x771FC1
12:44:03.0672 5892 ============================================================
12:44:03.0674 5892 C: <-> \Device\Harddisk3\DR3\Partition1
12:44:03.0695 5892 D: <-> \Device\Harddisk0\DR0\Partition0
12:44:03.0721 5892 E: <-> \Device\Harddisk1\DR1\Partition0
12:44:03.0764 5892 F: <-> \Device\Harddisk2\DR2\Partition0
12:44:03.0764 5892 ============================================================
12:44:03.0764 5892 Initialize success
12:44:03.0764 5892 ============================================================
12:44:59.0579 2236 ============================================================
12:44:59.0579 2236 Scan started
12:44:59.0579 2236 Mode: Manual; SigCheck; TDLFS;
12:44:59.0579 2236 ============================================================
12:45:00.0395 2236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:45:00.0459 2236 1394ohci - ok
12:45:00.0470 2236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:45:00.0481 2236 ACPI - ok
12:45:00.0484 2236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:45:00.0502 2236 AcpiPmi - ok
12:45:00.0533 2236 AcrSch2Svc (cab6b4c7c86648b5c119b5d42e71a27d) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:45:00.0553 2236 AcrSch2Svc - ok
12:45:00.0569 2236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:00.0583 2236 adp94xx - ok
12:45:00.0593 2236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:00.0605 2236 adpahci - ok
12:45:00.0612 2236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:00.0621 2236 adpu320 - ok
12:45:00.0627 2236 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:45:00.0672 2236 AeLookupSvc - ok
12:45:00.0683 2236 afcdp (cc946c4ebf60cb6dc8816e5f8a941ead) C:\Windows\system32\DRIVERS\afcdp.sys
12:45:00.0700 2236 afcdp - ok
12:45:00.0829 2236 afcdpsrv (149e8ca66ceade0d17ac4028a567499f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
12:45:00.0906 2236 afcdpsrv - ok
12:45:00.0944 2236 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:45:00.0958 2236 AFD - ok
12:45:00.0962 2236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:45:00.0970 2236 agp440 - ok
12:45:00.0974 2236 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:45:00.0983 2236 ALG - ok
12:45:00.0986 2236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:45:00.0993 2236 aliide - ok
12:45:00.0996 2236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:45:01.0003 2236 amdide - ok
12:45:01.0007 2236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:01.0016 2236 AmdK8 - ok
12:45:01.0020 2236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:01.0028 2236 AmdPPM - ok
12:45:01.0033 2236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:45:01.0042 2236 amdsata - ok
12:45:01.0049 2236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:01.0059 2236 amdsbs - ok
12:45:01.0062 2236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:45:01.0069 2236 amdxata - ok
12:45:01.0072 2236 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
12:45:01.0079 2236 androidusb - ok
12:45:01.0086 2236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:45:01.0109 2236 AppID - ok
12:45:01.0112 2236 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:45:01.0136 2236 AppIDSvc - ok
12:45:01.0141 2236 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:45:01.0163 2236 Appinfo - ok
12:45:01.0172 2236 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:45:01.0181 2236 AppMgmt - ok
12:45:01.0186 2236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:45:01.0194 2236 arc - ok
12:45:01.0199 2236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:01.0207 2236 arcsas - ok
12:45:01.0210 2236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:01.0233 2236 AsyncMac - ok
12:45:01.0236 2236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:45:01.0243 2236 atapi - ok
12:45:01.0267 2236 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:01.0299 2236 AudioEndpointBuilder - ok
12:45:01.0304 2236 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:01.0331 2236 AudioSrv - ok
12:45:01.0336 2236 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:45:01.0342 2236 Avgfwfd - ok
12:45:01.0403 2236 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
12:45:01.0438 2236 avgfws - ok
12:45:01.0570 2236 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:45:01.0670 2236 AVGIDSAgent - ok
12:45:01.0699 2236 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:45:01.0711 2236 AVGIDSDriver - ok
12:45:01.0714 2236 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:45:01.0725 2236 AVGIDSFilter - ok
12:45:01.0728 2236 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:45:01.0739 2236 AVGIDSHA - ok
12:45:01.0748 2236 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:45:01.0762 2236 Avgldx64 - ok
12:45:01.0766 2236 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:45:01.0776 2236 Avgmfx64 - ok
12:45:01.0779 2236 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:45:01.0789 2236 Avgrkx64 - ok
12:45:01.0801 2236 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:45:01.0816 2236 Avgtdia - ok
12:45:01.0828 2236 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:45:01.0840 2236 avgwd - ok
12:45:01.0846 2236 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:45:01.0858 2236 AxInstSV - ok
12:45:01.0872 2236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:45:01.0885 2236 b06bdrv - ok
12:45:01.0894 2236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:45:01.0905 2236 b57nd60a - ok
12:45:01.0912 2236 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:45:01.0920 2236 BDESVC - ok
12:45:01.0923 2236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:45:01.0946 2236 Beep - ok
12:45:01.0970 2236 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:45:02.0001 2236 BFE - ok
12:45:02.0022 2236 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe
12:45:02.0030 2236 bgsvcgen - ok
12:45:02.0057 2236 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:45:02.0091 2236 BITS - ok
12:45:02.0097 2236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:02.0105 2236 blbdrive - ok
12:45:02.0110 2236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:45:02.0117 2236 bowser - ok
12:45:02.0120 2236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:02.0138 2236 BrFiltLo - ok
12:45:02.0141 2236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:02.0150 2236 BrFiltUp - ok
12:45:02.0155 2236 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:45:02.0179 2236 BridgeMP - ok
12:45:02.0185 2236 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:45:02.0210 2236 Browser - ok
12:45:02.0219 2236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:45:02.0229 2236 Brserid - ok
12:45:02.0233 2236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:02.0243 2236 BrSerWdm - ok
12:45:02.0246 2236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:02.0255 2236 BrUsbMdm - ok
12:45:02.0257 2236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:02.0265 2236 BrUsbSer - ok
12:45:02.0270 2236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:02.0279 2236 BTHMODEM - ok
12:45:02.0286 2236 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:45:02.0310 2236 bthserv - ok
12:45:02.0316 2236 catchme - ok
12:45:02.0321 2236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:02.0345 2236 cdfs - ok
12:45:02.0350 2236 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
12:45:02.0360 2236 cdrbsdrv - ok
12:45:02.0366 2236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:02.0376 2236 cdrom - ok
12:45:02.0382 2236 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:02.0407 2236 CertPropSvc - ok
12:45:02.0410 2236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:45:02.0421 2236 circlass - ok
12:45:02.0434 2236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:45:02.0447 2236 CLFS - ok
12:45:02.0453 2236 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:02.0461 2236 clr_optimization_v2.0.50727_32 - ok
12:45:02.0467 2236 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:45:02.0475 2236 clr_optimization_v2.0.50727_64 - ok
12:45:02.0484 2236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:02.0496 2236 clr_optimization_v4.0.30319_32 - ok
12:45:02.0504 2236 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:45:02.0512 2236 clr_optimization_v4.0.30319_64 - ok
12:45:02.0515 2236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:02.0524 2236 CmBatt - ok
12:45:02.0527 2236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:45:02.0534 2236 cmdide - ok
12:45:02.0549 2236 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:45:02.0569 2236 CNG - ok
12:45:02.0573 2236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:02.0580 2236 Compbatt - ok
12:45:02.0583 2236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:45:02.0594 2236 CompositeBus - ok
12:45:02.0596 2236 COMSysApp - ok
12:45:02.0600 2236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:02.0607 2236 crcdisk - ok
12:45:02.0616 2236 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:45:02.0626 2236 CryptSvc - ok
12:45:02.0645 2236 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:45:02.0662 2236 CSC - ok
12:45:02.0684 2236 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:45:02.0711 2236 CscService - ok
12:45:02.0741 2236 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:45:02.0756 2236 cvhsvc - ok
12:45:02.0794 2236 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:02.0823 2236 DcomLaunch - ok
12:45:02.0836 2236 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:45:02.0862 2236 defragsvc - ok
12:45:02.0869 2236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:45:02.0893 2236 DfsC - ok
12:45:02.0906 2236 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:45:02.0933 2236 Dhcp - ok
12:45:02.0937 2236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:45:02.0960 2236 discache - ok
12:45:02.0965 2236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:45:02.0973 2236 Disk - ok
12:45:02.0980 2236 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:45:02.0990 2236 Dnscache - ok
12:45:02.0999 2236 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:45:03.0024 2236 dot3svc - ok
12:45:03.0031 2236 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:45:03.0055 2236 DPS - ok
12:45:03.0058 2236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:45:03.0067 2236 drmkaud - ok
12:45:03.0101 2236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:03.0124 2236 DXGKrnl - ok
12:45:03.0130 2236 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:45:03.0154 2236 EapHost - ok
12:45:03.0234 2236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:45:03.0277 2236 ebdrv - ok
12:45:03.0299 2236 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:45:03.0308 2236 EFS - ok
12:45:03.0331 2236 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:45:03.0349 2236 ehRecvr - ok
12:45:03.0355 2236 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:45:03.0364 2236 ehSched - ok
12:45:03.0382 2236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:03.0396 2236 elxstor - ok
12:45:03.0399 2236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:45:03.0406 2236 ErrDev - ok
12:45:03.0425 2236 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:45:03.0455 2236 EventSystem - ok
12:45:03.0463 2236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:45:03.0499 2236 exfat - ok
12:45:03.0506 2236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:45:03.0531 2236 fastfat - ok
12:45:03.0551 2236 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:45:03.0566 2236 Fax - ok
12:45:03.0570 2236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:45:03.0578 2236 fdc - ok
12:45:03.0581 2236 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:45:03.0604 2236 fdPHost - ok
12:45:03.0608 2236 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:45:03.0632 2236 FDResPub - ok
12:45:03.0636 2236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:45:03.0643 2236 FileInfo - ok
12:45:03.0646 2236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:45:03.0670 2236 Filetrace - ok
12:45:03.0673 2236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:03.0680 2236 flpydisk - ok
12:45:03.0691 2236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:45:03.0703 2236 FltMgr - ok
12:45:03.0734 2236 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:45:03.0755 2236 FontCache - ok
12:45:03.0760 2236 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:45:03.0766 2236 FontCache3.0.0.0 - ok
12:45:03.0771 2236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:45:03.0779 2236 FsDepends - ok
12:45:03.0782 2236 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:03.0789 2236 Fs_Rec - ok
12:45:03.0799 2236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:03.0813 2236 fvevol - ok
12:45:03.0817 2236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:03.0825 2236 gagp30kx - ok
12:45:03.0853 2236 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:03.0886 2236 gpsvc - ok
12:45:03.0889 2236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:03.0896 2236 hcw85cir - ok
12:45:03.0908 2236 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:03.0920 2236 HdAudAddService - ok
12:45:03.0927 2236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:03.0937 2236 HDAudBus - ok
12:45:03.0940 2236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:03.0948 2236 HidBatt - ok
12:45:03.0953 2236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:03.0963 2236 HidBth - ok
12:45:03.0967 2236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:03.0977 2236 HidIr - ok
12:45:03.0980 2236 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:45:04.0004 2236 hidserv - ok
12:45:04.0008 2236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:04.0015 2236 HidUsb - ok
12:45:04.0020 2236 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:04.0043 2236 hkmsvc - ok
12:45:04.0052 2236 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:04.0063 2236 HomeGroupListener - ok
12:45:04.0071 2236 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:04.0082 2236 HomeGroupProvider - ok
12:45:04.0086 2236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:04.0094 2236 HpSAMD - ok
12:45:04.0119 2236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:04.0160 2236 HTTP - ok
12:45:04.0163 2236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:04.0170 2236 hwpolicy - ok
12:45:04.0175 2236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:04.0183 2236 i8042prt - ok
12:45:04.0198 2236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:04.0211 2236 iaStorV - ok
12:45:04.0239 2236 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:04.0260 2236 idsvc - ok
12:45:04.0264 2236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:04.0271 2236 iirsp - ok
12:45:04.0302 2236 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:04.0337 2236 IKEEXT - ok
12:45:04.0341 2236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:04.0348 2236 intelide - ok
12:45:04.0352 2236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:04.0360 2236 intelppm - ok
12:45:04.0366 2236 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:04.0390 2236 IPBusEnum - ok
12:45:04.0394 2236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:04.0417 2236 IpFilterDriver - ok
12:45:04.0436 2236 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:04.0467 2236 iphlpsvc - ok
12:45:04.0471 2236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:04.0480 2236 IPMIDRV - ok
12:45:04.0485 2236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:04.0510 2236 IPNAT - ok
12:45:04.0513 2236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:04.0523 2236 IRENUM - ok
12:45:04.0526 2236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:04.0533 2236 isapnp - ok
12:45:04.0543 2236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:04.0554 2236 iScsiPrt - ok
12:45:04.0558 2236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:04.0565 2236 kbdclass - ok
12:45:04.0569 2236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:04.0577 2236 kbdhid - ok
12:45:04.0580 2236 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:04.0587 2236 KeyIso - ok
12:45:04.0592 2236 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:04.0600 2236 KSecDD - ok
12:45:04.0607 2236 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:04.0617 2236 KSecPkg - ok
12:45:04.0620 2236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:04.0643 2236 ksthunk - ok
12:45:04.0654 2236 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:04.0681 2236 KtmRm - ok
12:45:04.0692 2236 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:45:04.0718 2236 LanmanServer - ok
12:45:04.0724 2236 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:04.0749 2236 LanmanWorkstation - ok
12:45:04.0762 2236 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:45:04.0777 2236 LBTServ - ok
12:45:04.0783 2236 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:45:04.0794 2236 LEqdUsb - ok
12:45:04.0798 2236 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:45:04.0808 2236 LHidEqd - ok
12:45:04.0812 2236 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:45:04.0823 2236 LHidFilt - ok
12:45:04.0833 2236 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:45:04.0837 2236 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:45:04.0837 2236 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:45:04.0841 2236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:04.0864 2236 lltdio - ok
12:45:04.0874 2236 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:04.0901 2236 lltdsvc - ok
12:45:04.0904 2236 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:04.0927 2236 lmhosts - ok
12:45:04.0931 2236 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:45:04.0942 2236 LMouFilt - ok
12:45:04.0949 2236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:04.0957 2236 LSI_FC - ok
12:45:04.0963 2236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:04.0971 2236 LSI_SAS - ok
12:45:04.0975 2236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:04.0982 2236 LSI_SAS2 - ok
12:45:04.0988 2236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:04.0996 2236 LSI_SCSI - ok
12:45:05.0001 2236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:05.0025 2236 luafv - ok
12:45:05.0029 2236 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
12:45:05.0040 2236 LUsbFilt - ok
12:45:05.0048 2236 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
12:45:05.0057 2236 MarvinBus - ok
12:45:05.0063 2236 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:45:05.0074 2236 MBAMProtector - ok
12:45:05.0095 2236 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:45:05.0110 2236 MBAMService - ok
12:45:05.0114 2236 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:05.0124 2236 Mcx2Svc - ok
12:45:05.0127 2236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:05.0134 2236 megasas - ok
12:45:05.0143 2236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:05.0154 2236 MegaSR - ok
12:45:05.0159 2236 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:05.0184 2236 MMCSS - ok
12:45:05.0188 2236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:05.0211 2236 Modem - ok
12:45:05.0215 2236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:05.0224 2236 monitor - ok
12:45:05.0227 2236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:05.0235 2236 mouclass - ok
12:45:05.0238 2236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:05.0245 2236 mouhid - ok
12:45:05.0251 2236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:05.0259 2236 mountmgr - ok
12:45:05.0266 2236 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:05.0274 2236 MozillaMaintenance - ok
12:45:05.0281 2236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:05.0291 2236 mpio - ok
12:45:05.0295 2236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:05.0319 2236 mpsdrv - ok
12:45:05.0349 2236 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:05.0384 2236 MpsSvc - ok
12:45:05.0391 2236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:05.0403 2236 MRxDAV - ok
12:45:05.0410 2236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:05.0421 2236 mrxsmb - ok
12:45:05.0432 2236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:05.0444 2236 mrxsmb10 - ok
12:45:05.0450 2236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:05.0458 2236 mrxsmb20 - ok
12:45:05.0462 2236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:05.0469 2236 msahci - ok
12:45:05.0475 2236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:05.0484 2236 msdsm - ok
12:45:05.0491 2236 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:05.0501 2236 MSDTC - ok
12:45:05.0507 2236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:05.0530 2236 Msfs - ok
12:45:05.0533 2236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:05.0565 2236 mshidkmdf - ok
12:45:05.0568 2236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:05.0575 2236 msisadrv - ok
12:45:05.0582 2236 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:05.0607 2236 MSiSCSI - ok
12:45:05.0610 2236 msiserver - ok
12:45:05.0613 2236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:05.0637 2236 MSKSSRV - ok
12:45:05.0640 2236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:05.0662 2236 MSPCLOCK - ok
12:45:05.0665 2236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:05.0688 2236 MSPQM - ok
12:45:05.0702 2236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:05.0715 2236 MsRPC - ok
12:45:05.0720 2236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:05.0728 2236 mssmbios - ok
12:45:05.0730 2236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:05.0755 2236 MSTEE - ok
12:45:05.0757 2236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:05.0765 2236 MTConfig - ok
12:45:05.0768 2236 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
12:45:05.0774 2236 MTsensor - ok
12:45:05.0778 2236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:05.0786 2236 Mup - ok
12:45:05.0801 2236 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:05.0830 2236 napagent - ok
12:45:05.0841 2236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:05.0855 2236 NativeWifiP - ok
12:45:05.0888 2236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:05.0911 2236 NDIS - ok
12:45:05.0914 2236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:05.0937 2236 NdisCap - ok
12:45:05.0941 2236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:05.0964 2236 NdisTapi - ok
12:45:05.0968 2236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:05.0990 2236 Ndisuio - ok
12:45:05.0998 2236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:06.0021 2236 NdisWan - ok
12:45:06.0026 2236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:06.0048 2236 NDProxy - ok
12:45:06.0052 2236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:06.0076 2236 NetBIOS - ok
12:45:06.0086 2236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:06.0112 2236 NetBT - ok
12:45:06.0116 2236 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:06.0123 2236 Netlogon - ok
12:45:06.0137 2236 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:06.0167 2236 Netman - ok
12:45:06.0183 2236 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:06.0213 2236 netprofm - ok
12:45:06.0220 2236 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:06.0227 2236 NetTcpPortSharing - ok
12:45:06.0231 2236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:06.0239 2236 nfrd960 - ok
12:45:06.0251 2236 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:06.0278 2236 NlaSvc - ok
12:45:06.0295 2236 NMSAccess32A.exe - ok
12:45:06.0300 2236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:06.0323 2236 Npfs - ok
12:45:06.0327 2236 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:06.0351 2236 nsi - ok
12:45:06.0354 2236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:06.0377 2236 nsiproxy - ok
12:45:06.0435 2236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:06.0471 2236 Ntfs - ok
12:45:06.0495 2236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:06.0521 2236 Null - ok
12:45:06.0525 2236 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:45:06.0533 2236 nusb3hub - ok
12:45:06.0540 2236 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:45:06.0548 2236 nusb3xhc - ok
12:45:06.0555 2236 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
12:45:06.0567 2236 NVHDA - ok
12:45:06.0909 2236 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:07.0147 2236 nvlddmkm - ok
12:45:07.0179 2236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:07.0188 2236 nvraid - ok
12:45:07.0195 2236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:07.0204 2236 nvstor - ok
12:45:07.0233 2236 NVSvc (d6731031aa1f7bb8a3921a93e9d5a838) C:\Windows\system32\nvvsvc.exe
12:45:07.0259 2236 NVSvc - ok
12:45:07.0265 2236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:07.0274 2236 nv_agp - ok
12:45:07.0291 2236 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:45:07.0303 2236 odserv - ok
12:45:07.0308 2236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:07.0317 2236 ohci1394 - ok
12:45:07.0323 2236 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:07.0330 2236 ose - ok
12:45:07.0461 2236 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:07.0544 2236 osppsvc - ok
12:45:07.0578 2236 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:07.0590 2236 p2pimsvc - ok
12:45:07.0604 2236 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:07.0617 2236 p2psvc - ok
12:45:07.0624 2236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:07.0632 2236 Parport - ok
12:45:07.0637 2236 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:07.0645 2236 partmgr - ok
12:45:07.0653 2236 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:07.0667 2236 PcaSvc - ok
12:45:07.0675 2236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:07.0685 2236 pci - ok
12:45:07.0687 2236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:07.0694 2236 pciide - ok
12:45:07.0702 2236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:07.0712 2236 pcmcia - ok
12:45:07.0716 2236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:07.0723 2236 pcw - ok
12:45:07.0741 2236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:07.0774 2236 PEAUTH - ok
12:45:07.0809 2236 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:45:07.0832 2236 PeerDistSvc - ok
12:45:07.0852 2236 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:07.0861 2236 PerfHost - ok
12:45:07.0919 2236 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:07.0959 2236 pla - ok
12:45:07.0973 2236 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:07.0987 2236 PlugPlay - ok
12:45:07.0990 2236 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:07.0998 2236 PNRPAutoReg - ok
12:45:08.0009 2236 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:08.0019 2236 PNRPsvc - ok
12:45:08.0036 2236 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:08.0064 2236 PolicyAgent - ok
12:45:08.0074 2236 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:08.0101 2236 Power - ok
12:45:08.0109 2236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:08.0133 2236 PptpMiniport - ok
12:45:08.0137 2236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:08.0146 2236 Processor - ok
12:45:08.0153 2236 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:45:08.0164 2236 ProfSvc - ok
12:45:08.0167 2236 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:08.0174 2236 ProtectedStorage - ok
12:45:08.0181 2236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:08.0204 2236 Psched - ok
12:45:08.0244 2236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:08.0273 2236 ql2300 - ok
12:45:08.0299 2236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:08.0308 2236 ql40xx - ok
12:45:08.0318 2236 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:08.0333 2236 QWAVE - ok
12:45:08.0336 2236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:08.0347 2236 QWAVEdrv - ok
12:45:08.0357 2236 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
12:45:08.0367 2236 RapiMgr - ok
12:45:08.0370 2236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:08.0393 2236 RasAcd - ok
12:45:08.0397 2236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:08.0421 2236 RasAgileVpn - ok
12:45:08.0426 2236 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:08.0452 2236 RasAuto - ok
12:45:08.0458 2236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:08.0481 2236 Rasl2tp - ok
12:45:08.0493 2236 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:08.0520 2236 RasMan - ok
12:45:08.0525 2236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:08.0549 2236 RasPppoe - ok
12:45:08.0553 2236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:08.0578 2236 RasSstp - ok
12:45:08.0590 2236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:08.0616 2236 rdbss - ok
12:45:08.0619 2236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:08.0629 2236 rdpbus - ok
12:45:08.0631 2236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:08.0654 2236 RDPCDD - ok
12:45:08.0663 2236 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:45:08.0671 2236 RDPDR - ok
12:45:08.0674 2236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:08.0697 2236 RDPENCDD - ok
12:45:08.0702 2236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:08.0724 2236 RDPREFMP - ok
12:45:08.0732 2236 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:45:08.0742 2236 RDPWD - ok
12:45:08.0751 2236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:08.0762 2236 rdyboost - ok
12:45:08.0767 2236 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:08.0792 2236 RemoteAccess - ok
12:45:08.0799 2236 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:08.0825 2236 RemoteRegistry - ok
12:45:08.0831 2236 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:08.0856 2236 RpcEptMapper - ok
12:45:08.0859 2236 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:08.0867 2236 RpcLocator - ok
12:45:08.0886 2236 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:08.0911 2236 RpcSs - ok
12:45:08.0916 2236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:08.0940 2236 rspndr - ok
12:45:08.0956 2236 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:08.0973 2236 RTL8167 - ok
12:45:08.0975 2236 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:45:08.0982 2236 s3cap - ok
12:45:08.0985 2236 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:08.0992 2236 SamSs - ok
12:45:08.0997 2236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:09.0006 2236 sbp2port - ok
12:45:09.0014 2236 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:09.0040 2236 SCardSvr - ok
12:45:09.0044 2236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:09.0067 2236 scfilter - ok
12:45:09.0102 2236 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:09.0141 2236 Schedule - ok
12:45:09.0148 2236 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:09.0170 2236 SCPolicySvc - ok
12:45:09.0178 2236 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:09.0188 2236 SDRSVC - ok
12:45:09.0193 2236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:09.0216 2236 secdrv - ok
12:45:09.0220 2236 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:09.0243 2236 seclogon - ok
12:45:09.0247 2236 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:45:09.0271 2236 SENS - ok
12:45:09.0274 2236 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:09.0283 2236 SensrSvc - ok
12:45:09.0286 2236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:09.0294 2236 Serenum - ok
12:45:09.0298 2236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:09.0306 2236 Serial - ok
12:45:09.0309 2236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:09.0316 2236 sermouse - ok
12:45:09.0326 2236 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:09.0351 2236 SessionEnv - ok
12:45:09.0354 2236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:09.0363 2236 sffdisk - ok
12:45:09.0366 2236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:09.0375 2236 sffp_mmc - ok
12:45:09.0378 2236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:09.0388 2236 sffp_sd - ok
12:45:09.0390 2236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:09.0398 2236 sfloppy - ok
12:45:09.0420 2236 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:45:09.0436 2236 Sftfs - ok
12:45:09.0458 2236 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:45:09.0476 2236 sftlist - ok
12:45:09.0485 2236 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:45:09.0495 2236 Sftplay - ok
12:45:09.0498 2236 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:45:09.0504 2236 Sftredir - ok
12:45:09.0507 2236 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:45:09.0513 2236 Sftvol - ok
12:45:09.0522 2236 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:45:09.0532 2236 sftvsa - ok
12:45:09.0543 2236 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:09.0571 2236 SharedAccess - ok
12:45:09.0584 2236 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:09.0611 2236 ShellHWDetection - ok
12:45:09.0615 2236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:09.0623 2236 SiSRaid2 - ok
12:45:09.0627 2236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:09.0635 2236 SiSRaid4 - ok
12:45:09.0654 2236 SKYNET (8082dace8988825b52433f2379af9458) C:\Windows\system32\DRIVERS\SkyNET_AMD64.SYS
12:45:09.0672 2236 SKYNET - ok
12:45:09.0678 2236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:09.0702 2236 Smb - ok
12:45:09.0716 2236 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
12:45:09.0730 2236 snapman - ok
12:45:09.0733 2236 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:09.0742 2236 SNMPTRAP - ok
12:45:09.0745 2236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:09.0752 2236 spldr - ok
12:45:09.0773 2236 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:09.0805 2236 Spooler - ok
12:45:09.0924 2236 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:10.0034 2236 sppsvc - ok
12:45:10.0058 2236 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:10.0083 2236 sppuinotify - ok
12:45:10.0085 2236 sptd - ok
12:45:10.0106 2236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:10.0122 2236 srv - ok
12:45:10.0138 2236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:10.0152 2236 srv2 - ok
12:45:10.0160 2236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:10.0170 2236 srvnet - ok
12:45:10.0179 2236 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:10.0206 2236 SSDPSRV - ok
12:45:10.0210 2236 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:10.0235 2236 SstpSvc - ok
12:45:10.0238 2236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:10.0246 2236 stexstor - ok
12:45:10.0266 2236 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:10.0286 2236 stisvc - ok
12:45:10.0290 2236 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:45:10.0298 2236 storflt - ok
12:45:10.0301 2236 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:45:10.0309 2236 StorSvc - ok
12:45:10.0312 2236 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:45:10.0320 2236 storvsc - ok
12:45:10.0323 2236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:10.0330 2236 swenum - ok
12:45:10.0347 2236 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:10.0379 2236 swprv - ok
12:45:10.0431 2236 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:10.0465 2236 SysMain - ok
12:45:10.0489 2236 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:10.0502 2236 TabletInputService - ok
12:45:10.0512 2236 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:10.0539 2236 TapiSrv - ok
12:45:10.0544 2236 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:10.0569 2236 TBS - ok
12:45:10.0627 2236 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:10.0662 2236 Tcpip - ok
12:45:10.0733 2236 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:10.0759 2236 TCPIP6 - ok
12:45:10.0785 2236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:10.0808 2236 tcpipreg - ok
12:45:10.0813 2236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:10.0820 2236 TDPIPE - ok
12:45:10.0862 2236 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
12:45:10.0894 2236 tdrpman273 - ok
12:45:10.0897 2236 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:10.0905 2236 TDTCP - ok
12:45:10.0911 2236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:10.0934 2236 tdx - ok
12:45:11.0004 2236 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:45:11.0049 2236 TeamViewer7 - ok
12:45:11.0073 2236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:45:11.0081 2236 TermDD - ok
12:45:11.0101 2236 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:11.0133 2236 TermService - ok
12:45:11.0136 2236 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:11.0148 2236 Themes - ok
12:45:11.0153 2236 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:11.0176 2236 THREADORDER - ok
12:45:11.0207 2236 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
12:45:11.0232 2236 timounter - ok
12:45:11.0239 2236 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:11.0264 2236 TrkWks - ok
12:45:11.0272 2236 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:11.0297 2236 TrustedInstaller - ok
12:45:11.0302 2236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:11.0324 2236 tssecsrv - ok
12:45:11.0330 2236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:11.0338 2236 TsUsbFlt - ok
12:45:11.0344 2236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:11.0367 2236 tunnel - ok
12:45:11.0371 2236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:11.0379 2236 uagp35 - ok
12:45:11.0390 2236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:11.0416 2236 udfs - ok
12:45:11.0423 2236 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:11.0432 2236 UI0Detect - ok
12:45:11.0437 2236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:11.0444 2236 uliagpkx - ok
12:45:11.0448 2236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:45:11.0457 2236 umbus - ok
12:45:11.0459 2236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:45:11.0467 2236 UmPass - ok
12:45:11.0475 2236 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:45:11.0485 2236 UmRdpService - ok
12:45:11.0498 2236 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:11.0527 2236 upnphost - ok
12:45:11.0532 2236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:11.0541 2236 usbccgp - ok
12:45:11.0546 2236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:11.0556 2236 usbcir - ok
12:45:11.0560 2236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:11.0567 2236 usbehci - ok
12:45:11.0579 2236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:11.0591 2236 usbhub - ok
12:45:11.0595 2236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:11.0602 2236 usbohci - ok
12:45:11.0605 2236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:11.0615 2236 usbprint - ok
12:45:11.0619 2236 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:11.0628 2236 usbscan - ok
12:45:11.0633 2236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:11.0641 2236 USBSTOR - ok
12:45:11.0644 2236 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:45:11.0652 2236 usbuhci - ok
12:45:11.0655 2236 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:45:11.0663 2236 usb_rndisx - ok
12:45:11.0667 2236 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:11.0691 2236 UxSms - ok
12:45:11.0695 2236 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:11.0702 2236 VaultSvc - ok
12:45:11.0705 2236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:11.0712 2236 vdrvroot - ok
12:45:11.0729 2236 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:11.0758 2236 vds - ok
12:45:11.0761 2236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:11.0771 2236 vga - ok
12:45:11.0774 2236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:11.0799 2236 VgaSave - ok
12:45:11.0807 2236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:11.0816 2236 vhdmp - ok
12:45:11.0819 2236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:11.0827 2236 viaide - ok
12:45:11.0836 2236 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:45:11.0846 2236 vmbus - ok
12:45:11.0849 2236 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:45:11.0856 2236 VMBusHID - ok
12:45:11.0861 2236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:11.0868 2236 volmgr - ok
12:45:11.0884 2236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:11.0897 2236 volmgrx - ok
12:45:11.0909 2236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:11.0921 2236 volsnap - ok
12:45:11.0930 2236 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
12:45:11.0940 2236 vpcbus - ok
12:45:11.0945 2236 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:45:11.0953 2236 vpcnfltr - ok
12:45:11.0958 2236 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
12:45:11.0967 2236 vpcusb - ok
12:45:11.0978 2236 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
12:45:11.0991 2236 vpcvmm - ok
12:45:11.0997 2236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:12.0007 2236 vsmraid - ok
12:45:12.0058 2236 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:12.0107 2236 VSS - ok
12:45:12.0135 2236 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
12:45:12.0155 2236 vToolbarUpdater11.1.0 - ok
12:45:12.0178 2236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:45:12.0187 2236 vwifibus - ok
12:45:12.0201 2236 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:12.0230 2236 W32Time - ok
12:45:12.0235 2236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:12.0243 2236 WacomPen - ok
12:45:12.0249 2236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:12.0272 2236 WANARP - ok
12:45:12.0274 2236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:12.0296 2236 Wanarpv6 - ok
12:45:12.0342 2236 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:12.0378 2236 wbengine - ok
12:45:12.0404 2236 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:12.0418 2236 WbioSrvc - ok
12:45:12.0433 2236 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
12:45:12.0446 2236 WcesComm - ok
12:45:12.0458 2236 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:12.0474 2236 wcncsvc - ok
12:45:12.0478 2236 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:12.0486 2236 WcsPlugInService - ok
12:45:12.0491 2236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:45:12.0498 2236 Wd - ok
12:45:12.0517 2236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:12.0533 2236 Wdf01000 - ok
12:45:12.0539 2236 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:12.0552 2236 WdiServiceHost - ok
12:45:12.0555 2236 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:12.0566 2236 WdiSystemHost - ok
12:45:12.0577 2236 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:12.0593 2236 WebClient - ok
12:45:12.0601 2236 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:12.0628 2236 Wecsvc - ok
12:45:12.0633 2236 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:12.0658 2236 wercplsupport - ok
12:45:12.0663 2236 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:12.0688 2236 WerSvc - ok
12:45:12.0693 2236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:12.0716 2236 WfpLwf - ok
12:45:12.0719 2236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:12.0726 2236 WIMMount - ok
12:45:12.0729 2236 WinDefend - ok
12:45:12.0734 2236 WinHttpAutoProxySvc - ok
12:45:12.0747 2236 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:12.0772 2236 Winmgmt - ok
12:45:12.0840 2236 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:12.0891 2236 WinRM - ok
12:45:12.0937 2236 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:12.0959 2236 Wlansvc - ok
12:45:13.0036 2236 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:13.0085 2236 wlidsvc - ok
12:45:13.0108 2236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:45:13.0115 2236 WmiAcpi - ok
12:45:13.0126 2236 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:13.0137 2236 wmiApSrv - ok
12:45:13.0140 2236 WMPNetworkSvc - ok
12:45:13.0145 2236 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:13.0152 2236 WPCSvc - ok
12:45:13.0158 2236 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:13.0168 2236 WPDBusEnum - ok
12:45:13.0172 2236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:13.0195 2236 ws2ifsl - ok
12:45:13.0200 2236 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:45:13.0212 2236 wscsvc - ok
12:45:13.0215 2236 WSearch - ok
12:45:13.0279 2236 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:45:13.0321 2236 wuauserv - ok
12:45:13.0346 2236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:13.0370 2236 WudfPf - ok
12:45:13.0378 2236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:13.0402 2236 WUDFRd - ok
12:45:13.0407 2236 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:13.0430 2236 wudfsvc - ok
12:45:13.0439 2236 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:13.0454 2236 WwanSvc - ok
12:45:13.0466 2236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
12:45:13.0556 2236 \Device\Harddisk3\DR3 - ok
12:45:13.0558 2236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:45:13.0613 2236 \Device\Harddisk0\DR0 - ok
12:45:13.0629 2236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:45:13.0908 2236 \Device\Harddisk1\DR1 - ok
12:45:13.0927 2236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:45:14.0007 2236 \Device\Harddisk2\DR2 - ok
12:45:14.0016 2236 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR6
12:45:14.0168 2236 \Device\Harddisk4\DR6 - ok
12:45:14.0177 2236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
12:45:18.0647 2236 \Device\Harddisk5\DR5 - ok
12:45:18.0653 2236 Boot (0x1200) (52f04af99918c91567351ea9df844fda) \Device\Harddisk3\DR3\Partition0
12:45:18.0654 2236 \Device\Harddisk3\DR3\Partition0 - ok
12:45:18.0658 2236 Boot (0x1200) (6e52c5a0635a2f3cffa86c8a9779b759) \Device\Harddisk3\DR3\Partition1
12:45:18.0659 2236 \Device\Harddisk3\DR3\Partition1 - ok
12:45:18.0663 2236 Boot (0x1200) (9c663e82fdba2c6f07f00270bd7eb317) \Device\Harddisk0\DR0\Partition0
12:45:18.0664 2236 \Device\Harddisk0\DR0\Partition0 - ok
12:45:18.0681 2236 Boot (0x1200) (41ec0699c9dfbf87b8dd5e0ff2e87e3a) \Device\Harddisk1\DR1\Partition0
12:45:18.0683 2236 \Device\Harddisk1\DR1\Partition0 - ok
12:45:18.0713 2236 Boot (0x1200) (42a9fdbc231a558ac61520d4e0b3f7a6) \Device\Harddisk2\DR2\Partition0
12:45:18.0714 2236 \Device\Harddisk2\DR2\Partition0 - ok
12:45:18.0718 2236 Boot (0x1200) (7a975f142c2ee56036da1d7d2d54c0a2) \Device\Harddisk4\DR6\Partition0
12:45:18.0719 2236 \Device\Harddisk4\DR6\Partition0 - ok
12:45:18.0725 2236 Boot (0x1200) (db3837faea7ca5d9e06e62eaecb03ed5) \Device\Harddisk5\DR5\Partition0
12:45:18.0728 2236 \Device\Harddisk5\DR5\Partition0 - ok
12:45:18.0728 2236 ============================================================
12:45:18.0729 2236 Scan finished
12:45:18.0729 2236 ============================================================
12:45:18.0765 1600 Detected object count: 1
12:45:18.0765 1600 Actual detected object count: 1
12:45:33.0862 1600 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:33.0862 1600 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:42.0368 3168 Deinitialize success
|
|
21.06.2012, 13:31
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG meldet Rootkits in spjl.sysCode:
ATTFilter 12:45:06.0295 2236 NMSAccess32A.exe - ok
 Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccess32A.exe]
"ImagePath"=-
Dirlook::
c:\windows\SysWOW64\OEMWARE\API
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 14:37
| #21 |
| | AVG meldet Rootkits in spjl.sysCode:
ATTFilter ComboFix 12-06-21.01 - XXXX 21.06.2012 15:22:38.2.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6394 [GMT 2:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXXX\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\swtlib-32\swt-gdip-win32-3707.dll
f:\temp\swtlib-32\swt-win32-3707.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:55 . 2012-06-19 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 07:55 . 2012-06-19 07:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 07:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 13:12 . 2012-06-19 12:34 -------- d-----w- c:\users\XXXX\AppData\Roaming\Dropbox
2012-06-18 12:43 . 2007-06-15 10:57 59488 ----a-w- c:\windows\SysWow64\GenSvcInst.exe
2012-06-18 12:43 . 2007-06-15 10:57 145504 ----a-w- c:\windows\SysWow64\bgsvcgen.exe
2012-06-18 12:43 . 2006-08-25 12:36 39208 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-18 12:42 . 2012-06-18 12:42 -------- d-----w- c:\program files (x86)\Panasonic
2012-06-18 08:53 . 2012-06-18 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 08:53 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 17:22 . 2012-06-17 17:22 -------- d-----w- c:\program files (x86)\Tools&More
2012-06-17 17:21 . 2012-06-17 17:21 -------- d-----w- c:\windows\Downloaded Installations
2012-06-16 20:27 . 2012-06-16 20:27 -------- d-----w- c:\users\XXXX\AppData\Local\Google
2012-06-16 18:41 . 2012-06-16 18:47 -------- d-----w- c:\users\XXXX\AppData\Roaming\Tobit
2012-06-16 18:41 . 2012-06-16 18:41 -------- d-----w- c:\program files (x86)\Common Files\Tobit
2012-06-16 18:41 . 2012-01-03 09:38 2681344 ----a-w- c:\windows\SysWow64\dvmsg.dll
2012-06-16 17:18 . 2012-06-16 17:18 -------- d-----w- c:\users\XXXX\AppData\Local\Macromedia
2012-06-15 16:47 . 2012-06-15 16:47 -------- d-----w- c:\programdata\Logitech
2012-06-13 17:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 20:50 . 2012-06-13 16:40 -------- d-----w- c:\program files (x86)\nLite
2012-06-11 14:40 . 2012-06-11 14:40 -------- d-----w- c:\users\XXXX\AppData\Local\FRITZ!
2012-06-11 14:40 . 2012-06-11 14:40 -------- d-----w- c:\users\XXXX\AppData\Roaming\FRITZ!
2012-06-07 22:22 . 2012-06-07 22:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-07 22:15 . 2012-06-07 22:15 -------- d-----w- c:\users\XXXX\AppData\Local\PunkBuster
2012-06-07 18:33 . 2012-06-07 18:35 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-07 17:36 . 2012-06-16 21:06 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-06-07 09:38 . 2012-06-07 09:38 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 09:38 . 2012-06-07 09:38 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\windows\Sun
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\users\XXXX\AppData\Local\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\program files (x86)\Wondershare
2012-05-31 17:19 . 2012-05-31 17:21 -------- d-----w- c:\users\XXXX\AppData\Roaming\Ashampoo
2012-05-31 17:18 . 2012-05-31 17:19 -------- d-----w- c:\users\XXXX\AppData\Local\ashampoo
2012-05-31 17:18 . 2012-05-31 17:18 -------- d-----w- c:\programdata\ashampoo
2012-05-31 17:18 . 2012-05-31 17:20 -------- d-----w- c:\program files (x86)\Ashampoo
2012-05-27 18:41 . 2012-05-27 18:41 -------- d-----w- c:\users\XXXX\AppData\Local\Apps
2012-05-27 10:31 . 2012-05-27 10:43 -------- d-----w- c:\users\XXXX\AppData\Roaming\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30 -------- d-----w- c:\programdata\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30 -------- d-----w- c:\program files (x86)\ID3-TagIT 3
2012-05-25 19:13 . 2012-05-25 19:13 -------- d-----w- c:\users\XXXX\AppData\Roaming\CoSoSys
2012-05-25 19:07 . 2012-05-25 19:07 -------- d-----w- c:\windows\system32\appmgmt
2012-05-22 18:13 . 2012-05-22 18:14 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
2012-05-22 18:06 . 2012-05-22 18:14 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-05-22 17:53 . 2012-05-22 17:53 -------- d-----w- c:\programdata\SlySoft
2012-05-22 17:51 . 2012-05-22 18:13 -------- d-----w- c:\program files (x86)\SlySoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 12:01 . 2012-04-18 18:21 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-15 16:46 . 2012-04-18 18:18 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-29 12:11 . 2012-04-29 12:11 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-29 12:11 . 2012-04-29 12:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 12:11 . 2012-04-29 12:11 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 14:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-19 14:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:29 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 21:00 . 2012-04-18 21:00 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-04-18 21:00 . 2012-04-18 21:00 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-04-18 21:00 . 2012-04-18 21:00 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-18 21:00 . 2012-04-18 21:00 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-18 20:57 . 2012-04-18 20:57 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-18 20:57 . 2012-04-18 20:57 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 20:50 . 2012-04-18 20:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-18 20:50 . 2012-04-18 20:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-18 20:50 . 2012-04-18 20:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50 448512 ----a-w- c:\windows\system32\html.iec
2012-04-18 20:50 . 2012-04-18 20:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-18 18:24 . 2012-04-18 18:24 53248 ----a-r- c:\users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 18:15 . 2012-04-18 18:15 521448 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-12 08:30 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SysWOW64\OEMWARE\API ----
.
2012-04-18 21:53 . 2011-01-18 10:29 163840 ----a-w- c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll
2012-04-18 21:53 . 2010-06-02 09:22 528384 ----a-w- c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll
2012-04-18 21:53 . 2011-01-18 09:29 352256 ----a-w- c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll
2012-04-18 21:53 . 2009-01-12 06:15 71096 ----a-w- c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe
2012-04-18 21:53 . 2009-07-20 01:52 1242552 ----a-w- c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-20_22.24.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 13:30 . 2012-06-21 13:30 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-20 22:20 . 2012-06-20 22:20 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 18:31 . 2012-06-21 07:56 34270 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 07:56 34340 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-18 17:54 . 2012-06-21 07:56 5810 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-626165826-1394388628-393875434-1000_UserData.bin
- 2012-06-20 22:21 . 2012-06-20 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 13:31 . 2012-06-21 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-20 15:17 616792 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-21 12:29 616792 c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-06-20 15:17 656246 c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-06-21 12:29 656246 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-20 15:17 106914 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-21 12:29 106914 c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-06-21 12:29 130620 c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-06-20 15:17 130620 c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-21 13:30 351496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-20 22:20 351496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 18:26 . 2012-06-21 13:30 30486072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-626165826-1394388628-393875434-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 20:55 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
.
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
jAnrufmonitor 5.0.lnk - c:\eigenes zeug\JAnrufmonitor\jam.exe [2012-1-20 45056]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-4-18 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NMSAccess32A.exe;NMSAccess; [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-18 3975088]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1x2m12al.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 15:33:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 13:33
ComboFix2.txt 2012-06-20 22:26
.
Vor Suchlauf: 14 Verzeichnis(se), 51.214.925.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.128.492.032 Bytes frei
.
- - End Of File - - F25BEF7EE518734BB1E761A1323EA970
|
|
21.06.2012, 15:07
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG meldet Rootkits in spjl.sys Und nochmal, bin mir aber fast sicher, dass das mit irgendeinem Brennprogramm zusammenhängt  Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll
c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll
c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll
c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe
c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 15:43
| #23 |
| | AVG meldet Rootkits in spjl.sysCode:
ATTFilter ComboFix 12-06-21.01 - XXXX 21.06.2012 16:24:30.3.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6629 [GMT 2:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXXX\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\swtlib-32\swt-gdip-win32-3707.dll
f:\temp\swtlib-32\swt-win32-3707.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:55 . 2012-06-19 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 07:55 . 2012-06-19 07:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 07:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 13:12 . 2012-06-19 12:34 -------- d-----w- c:\users\XXXX\AppData\Roaming\Dropbox
2012-06-18 12:43 . 2007-06-15 10:57 59488 ----a-w- c:\windows\SysWow64\GenSvcInst.exe
2012-06-18 12:43 . 2007-06-15 10:57 145504 ----a-w- c:\windows\SysWow64\bgsvcgen.exe
2012-06-18 12:43 . 2006-08-25 12:36 39208 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-18 12:42 . 2012-06-18 12:42 -------- d-----w- c:\program files (x86)\Panasonic
2012-06-18 08:53 . 2012-06-18 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 08:53 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 17:22 . 2012-06-17 17:22 -------- d-----w- c:\program files (x86)\Tools&More
2012-06-17 17:21 . 2012-06-17 17:21 -------- d-----w- c:\windows\Downloaded Installations
2012-06-16 20:27 . 2012-06-16 20:27 -------- d-----w- c:\users\XXXX\AppData\Local\Google
2012-06-16 18:41 . 2012-06-16 18:47 -------- d-----w- c:\users\XXXX\AppData\Roaming\Tobit
2012-06-16 18:41 . 2012-06-16 18:41 -------- d-----w- c:\program files (x86)\Common Files\Tobit
2012-06-16 18:41 . 2012-01-03 09:38 2681344 ----a-w- c:\windows\SysWow64\dvmsg.dll
2012-06-16 17:18 . 2012-06-16 17:18 -------- d-----w- c:\users\XXXX\AppData\Local\Macromedia
2012-06-15 16:47 . 2012-06-15 16:47 -------- d-----w- c:\programdata\Logitech
2012-06-13 17:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 20:50 . 2012-06-13 16:40 -------- d-----w- c:\program files (x86)\nLite
2012-06-11 14:40 . 2012-06-11 14:40 -------- d-----w- c:\users\XXXX\AppData\Local\FRITZ!
2012-06-11 14:40 . 2012-06-11 14:40 -------- d-----w- c:\users\XXXX\AppData\Roaming\FRITZ!
2012-06-07 22:22 . 2012-06-07 22:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-07 22:15 . 2012-06-07 22:15 -------- d-----w- c:\users\XXXX\AppData\Local\PunkBuster
2012-06-07 18:33 . 2012-06-07 18:35 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-07 17:36 . 2012-06-16 21:06 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-06-07 09:38 . 2012-06-07 09:38 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 09:38 . 2012-06-07 09:38 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\windows\Sun
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\users\XXXX\AppData\Local\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25 -------- d-----w- c:\program files (x86)\Wondershare
2012-05-31 17:19 . 2012-05-31 17:21 -------- d-----w- c:\users\XXXX\AppData\Roaming\Ashampoo
2012-05-31 17:18 . 2012-05-31 17:19 -------- d-----w- c:\users\XXXX\AppData\Local\ashampoo
2012-05-31 17:18 . 2012-05-31 17:18 -------- d-----w- c:\programdata\ashampoo
2012-05-31 17:18 . 2012-05-31 17:20 -------- d-----w- c:\program files (x86)\Ashampoo
2012-05-27 18:41 . 2012-05-27 18:41 -------- d-----w- c:\users\XXXX\AppData\Local\Apps
2012-05-27 10:31 . 2012-05-27 10:43 -------- d-----w- c:\users\XXXX\AppData\Roaming\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30 -------- d-----w- c:\programdata\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30 -------- d-----w- c:\program files (x86)\ID3-TagIT 3
2012-05-25 19:13 . 2012-05-25 19:13 -------- d-----w- c:\users\XXXX\AppData\Roaming\CoSoSys
2012-05-25 19:07 . 2012-05-25 19:07 -------- d-----w- c:\windows\system32\appmgmt
2012-05-22 18:13 . 2012-05-22 18:14 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
2012-05-22 18:06 . 2012-05-22 18:14 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-05-22 17:53 . 2012-05-22 17:53 -------- d-----w- c:\programdata\SlySoft
2012-05-22 17:51 . 2012-05-22 18:13 -------- d-----w- c:\program files (x86)\SlySoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 12:01 . 2012-04-18 18:21 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-15 16:46 . 2012-04-18 18:18 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-29 12:11 . 2012-04-29 12:11 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-29 12:11 . 2012-04-29 12:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 12:11 . 2012-04-29 12:11 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 14:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-19 14:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:29 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 21:00 . 2012-04-18 21:00 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-04-18 21:00 . 2012-04-18 21:00 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-04-18 21:00 . 2012-04-18 21:00 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-18 21:00 . 2012-04-18 21:00 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-18 20:57 . 2012-04-18 20:57 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-18 20:57 . 2012-04-18 20:57 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 20:50 . 2012-04-18 20:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-18 20:50 . 2012-04-18 20:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-18 20:50 . 2012-04-18 20:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50 448512 ----a-w- c:\windows\system32\html.iec
2012-04-18 20:50 . 2012-04-18 20:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-18 18:24 . 2012-04-18 18:24 53248 ----a-r- c:\users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 18:15 . 2012-04-18 18:15 521448 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-12 08:30 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 71096
Created time: 2012-04-18 21:53
Modified time: 2009-01-12 06:15
MD5: AFAE2AB36CE33749D174D54FB1B68D15
SHA1: 862B0C633620908A559D801C9FD11B750B63F24F
.
.
--- c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll ---
Company: NuMedia Soft, Inc.
File Description: NMS DVD Burning SDK - ActiveX Edition
File Version: 1, 0, 1, 4
Product Name: NMS DVD Burning SDK - ActiveX Edition
Copyright: Copyright 2009 - Numedia Soft, Inc.
Original Filename: NMSDVDX.DLL
File size: 1242552
Created time: 2012-04-18 21:53
Modified time: 2009-07-20 01:52
MD5: E8DF0C02268DB9B9CB97BBF31C76EB87
SHA1: 95C436F2C8F33D23E7922CC2CE280A58D2FCC522
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll ---
Company: OEMWARE®
File Description: OEM Brenn Engine
File Version: 2.09.0013
Product Name: OEMBURN2
Copyright: OEMWARE®
Original Filename: OEMBURN2.dll
File size: 352256
Created time: 2012-04-18 21:53
Modified time: 2011-01-18 09:29
MD5: 52750C8C5AC1ABDCD1D9F0CA90B3F658
SHA1: 29AB71D2619FFCE2BAA5E71C3E2076B1F4D745B4
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll ---
Company: OEMWARE
File Description: rhvFibu API
File Version: 2.09.0009
Product Name: OEMFX3
Copyright: 2010, OEMWARE
Original Filename: OEMFX3.dll
File size: 528384
Created time: 2012-04-18 21:53
Modified time: 2010-06-02 09:22
MD5: D951EE71E4ED5A5F7F6E320319CCB832
SHA1: 9F59E4FFBA0856A367C22DBF67442C84C5597B05
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll ---
Company: OEMWARE
File Description: PDF View and Print
File Version: 2.09.0013
Product Name: OEMPDF
Copyright: OEMWARE
Original Filename: OEMPDF.dll
File size: 163840
Created time: 2012-04-18 21:53
Modified time: 2011-01-18 10:29
MD5: A97842D3946CE596D76BDF26DE559D84
SHA1: 6555F4FF1221E482C32EEC4A81A822CD0C37DB40
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-20_22.24.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 14:31 . 2012-06-21 14:31 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-20 22:20 . 2012-06-20 22:20 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 18:31 . 2012-06-21 13:38 34366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 13:38 34364 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-18 17:54 . 2012-06-21 13:38 5980 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-626165826-1394388628-393875434-1000_UserData.bin
- 2012-06-20 22:21 . 2012-06-20 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 14:32 . 2012-06-21 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-20 13:19 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-20 15:17 616792 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-21 13:57 616792 c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-06-20 15:17 656246 c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-06-21 13:57 656246 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-20 15:17 106914 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-21 13:57 106914 c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-06-21 13:57 130620 c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-06-20 15:17 130620 c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-21 14:31 351496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-20 22:20 351496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 18:26 . 2012-06-21 14:31 30486072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-626165826-1394388628-393875434-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 20:55 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
.
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
jAnrufmonitor 5.0.lnk - c:\eigenes zeug\JAnrufmonitor\jam.exe [2012-1-20 45056]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-4-18 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NMSAccess32A.exe;NMSAccess; [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-18 3975088]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1x2m12al.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 16:34:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 14:34
ComboFix2.txt 2012-06-20 22:26
.
Vor Suchlauf: 14 Verzeichnis(se), 51.217.514.496 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.123.740.672 Bytes frei
.
- - End Of File - - 11F509125EB4D8E190103138F1DCFA57
|
|
21.06.2012, 18:30
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVG meldet Rootkits in spjl.sys Ich denke du kannst aufatmen, GMER zeigt diese Datei zwar als Rootkit an, aber das wird nichts Böses sein Über die MD5-Prüfsumme von CF: Code:
ATTFilter --- c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe ---
Created time: 2012-04-18 21:53
Modified time: 2009-01-12 06:15
MD5: AFAE2AB36CE33749D174D54FB1B68D15
SHA1: 862B0C633620908A559D801C9FD11B750B63F24F
Code:
ATTFilter SHA256 : c6740acf9dcb9d7140dc714b41ec315eb9478df26919863d2ed3c87e54dff383
SHA1 : 862b0c633620908a559d801c9fd11b750b63f24f
MD5 : afae2ab36ce33749d174d54fb1b68d15
File size: 69.4 KB ( 71096 bytes )
File name: NMSAccess32A.exe
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-03-19 21:29:25 UTC ( 3 Monate ago )
Die Datei stammt von Code:
ATTFilter signers..................: Numedia Soft, Inc.
Thawte Code Signing CA
Thawte Premium Server CA
signing date.............: 6:37 PM 1/9/20099
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 19:46
| #25 |
| | AVG meldet Rootkits in spjl.sys Super. Dankeschön. |
|
| Themen zu AVG meldet Rootkits in spjl.sys |
| akamai, application/pdf, application/pdf:, autorun, avg, avg secure search, avg security toolbar, bho, error, excel, explorer, firefox, firefox 13.0.1, flash player, format, google, helper, inline-hook, install.exe, internet, jdownloader, kunde, langs, logfile, microsoft office starter 2010, microsoft office word, mozilla, office 2007, plug-in, reaktivieren, realtek, registry, rundll, scan, searchqu toolbar, searchscopes, secure search, security, svchost.exe, system, udp, usb, usb 3.0, visual studio, vtoolbarupdater, windows |
Linear-Darstellung
