| |
| |||||||
Log-Analyse und Auswertung: Bundespolizeitrojaner, Internetzugang gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.07.2012, 19:22
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizeitrojaner, Internetzugang gesperrt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..keyword.URL: "http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=http://suche.web.de/search/web/?origin=br_urlbar_ff&su="
FF - user.js - File not found
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.startup.homepage: "http://go.web.de/br/ff3_startpage"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.5
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
[2011.05.12 21:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2012.07.04 20:46:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2011.05.11 22:44:54 | 000,000,120 | ---- | C] () -- C:\Users\JC Müller\AppData\Local\Yyikodusexuy.dat
[2011.05.11 22:44:54 | 000,000,000 | ---- | C] () -- C:\Users\JC Müller\AppData\Local\Cmamevub.bin
:Files
C:\Program Files\BabylonToolbar
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.07.2012, 20:01
| #17 |
 | Bundespolizeitrojaner, Internetzugang gesperrt erledigt!
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=" removed from keyword.URL
Prefs.js: "WEB.DE Suche" removed from browser.search.defaultenginename
Prefs.js: "WEB.DE Suche" removed from browser.search.order.1
Prefs.js: "amazon.de" removed from browser.search.order.2
Prefs.js: "amazon.de" removed from browser.search.order.3
Prefs.js: "WEB.DE Suche" removed from browser.search.order.4
Prefs.js: "hxxp://go.web.de/br/ff3_startpage" removed from browser.startup.homepage
Prefs.js: allglassv2@ambroos.neowin.net:2.1.4 removed from extensions.enabledItems
Prefs.js: toolbar@web.de:1.7.5 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\JC Müller\AppData\Roaming\mozilla\Firefox\Profiles\uih78sgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Programme\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Programme\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1782174894-4009563491-1203132981-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Users\JC Müller\AppData\Local\Yyikodusexuy.dat moved successfully.
C:\Users\JC Müller\AppData\Local\Cmamevub.bin moved successfully.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar not found.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\JC Müller\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Claudia
->Temp folder emptied: 59745720 bytes
->Temporary Internet Files folder emptied: 59399998 bytes
->FireFox cache emptied: 54486077 bytes
->Flash cache emptied: 580 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: JC Müller
->Temp folder emptied: 110707003 bytes
->Temporary Internet Files folder emptied: 237823880 bytes
->FireFox cache emptied: 62983856 bytes
->Google Chrome cache emptied: 7253059 bytes
->Apple Safari cache emptied: 882688 bytes
->Flash cache emptied: 4505 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134971097 bytes
RecycleBin emptied: 1796097840 bytes
Total Files Cleaned = 2.407,00 mb
[EMPTYFLASH]
User: All Users
User: Claudia
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: JC Müller
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07122012_205447
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
__________________ |
|
12.07.2012, 21:05
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
12.07.2012, 21:57
| #19 |
| | Bundespolizeitrojaner, Internetzugang gesperrt Hier wie gewünscht: Code:
ATTFilter 22:50:54.0765 4940 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
22:50:55.0101 4940 ============================================================
22:50:55.0101 4940 Current date / time: 2012/07/12 22:50:55.0101
22:50:55.0101 4940 SystemInfo:
22:50:55.0101 4940
22:50:55.0102 4940 OS Version: 6.1.7601 ServicePack: 1.0
22:50:55.0102 4940 Product type: Workstation
22:50:55.0102 4940 ComputerName: PCGELLERTSTR
22:50:55.0102 4940 UserName: JC Müller
22:50:55.0102 4940 Windows directory: C:\Windows
22:50:55.0102 4940 System windows directory: C:\Windows
22:50:55.0102 4940 Processor architecture: Intel x86
22:50:55.0102 4940 Number of processors: 4
22:50:55.0102 4940 Page size: 0x1000
22:50:55.0102 4940 Boot type: Normal boot
22:50:55.0102 4940 ============================================================
22:50:56.0315 4940 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:50:56.0331 4940 ============================================================
22:50:56.0331 4940 \Device\Harddisk0\DR0:
22:50:56.0331 4940 MBR partitions:
22:50:56.0331 4940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48055000
22:50:56.0357 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805644E, BlocksNum 0x2800A73
22:50:56.0357 4940 ============================================================
22:50:56.0402 4940 C: <-> \Device\Harddisk0\DR0\Partition0
22:50:56.0424 4940 D: <-> \Device\Harddisk0\DR0\Partition1
22:50:56.0424 4940 ============================================================
22:50:56.0424 4940 Initialize success
22:50:56.0424 4940 ============================================================
22:51:45.0656 5192 ============================================================
22:51:45.0656 5192 Scan started
22:51:45.0656 5192 Mode: Manual; SigCheck; TDLFS;
22:51:45.0656 5192 ============================================================
22:51:46.0374 5192 !SASCORE (4b7992df1600cf222701435d39fe4f90) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:51:46.0453 5192 !SASCORE - ok
22:51:46.0598 5192 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:51:46.0669 5192 1394ohci - ok
22:51:46.0721 5192 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:51:46.0741 5192 AAV UpdateService - ok
22:51:46.0789 5192 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:51:46.0815 5192 ACPI - ok
22:51:46.0828 5192 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:51:46.0893 5192 AcpiPmi - ok
22:51:46.0954 5192 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:46.0986 5192 adp94xx - ok
22:51:47.0009 5192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:51:47.0024 5192 adpahci - ok
22:51:47.0044 5192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:51:47.0056 5192 adpu320 - ok
22:51:47.0081 5192 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:51:47.0128 5192 AeLookupSvc - ok
22:51:47.0184 5192 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:51:47.0236 5192 AFD - ok
22:51:47.0288 5192 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:51:47.0309 5192 agp440 - ok
22:51:47.0325 5192 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:51:47.0337 5192 aic78xx - ok
22:51:47.0365 5192 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:51:47.0408 5192 ALG - ok
22:51:47.0427 5192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:51:47.0447 5192 aliide - ok
22:51:47.0475 5192 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
22:51:47.0533 5192 AMD External Events Utility - ok
22:51:47.0556 5192 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:51:47.0577 5192 amdagp - ok
22:51:47.0611 5192 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
22:51:47.0627 5192 amdide - ok
22:51:47.0657 5192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:51:47.0703 5192 AmdK8 - ok
22:51:47.0726 5192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:51:47.0769 5192 AmdPPM - ok
22:51:47.0796 5192 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:51:47.0817 5192 amdsata - ok
22:51:47.0842 5192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:47.0865 5192 amdsbs - ok
22:51:47.0886 5192 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:51:47.0897 5192 amdxata - ok
22:51:48.0016 5192 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:51:48.0043 5192 AntiVirMailService - ok
22:51:48.0081 5192 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:51:48.0099 5192 AntiVirSchedulerService - ok
22:51:48.0146 5192 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:51:48.0165 5192 AntiVirService - ok
22:51:48.0211 5192 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:51:48.0232 5192 AntiVirWebService - ok
22:51:48.0283 5192 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:51:48.0382 5192 AppID - ok
22:51:48.0430 5192 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:51:48.0488 5192 AppIDSvc - ok
22:51:48.0527 5192 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:51:48.0582 5192 Appinfo - ok
22:51:48.0687 5192 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:51:48.0704 5192 Apple Mobile Device - ok
22:51:48.0764 5192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:51:48.0786 5192 arc - ok
22:51:48.0806 5192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:51:48.0817 5192 arcsas - ok
22:51:48.0831 5192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:48.0945 5192 AsyncMac - ok
22:51:48.0964 5192 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:51:48.0975 5192 atapi - ok
22:51:49.0251 5192 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
22:51:49.0381 5192 atikmdag - ok
22:51:49.0529 5192 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:51:49.0555 5192 AtiPcie - ok
22:51:49.0628 5192 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:51:49.0689 5192 AudioEndpointBuilder - ok
22:51:49.0698 5192 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:51:49.0737 5192 Audiosrv - ok
22:51:49.0780 5192 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:49.0795 5192 avgntflt - ok
22:51:49.0842 5192 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:49.0865 5192 avipbb - ok
22:51:49.0894 5192 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:49.0906 5192 avkmgr - ok
22:51:49.0955 5192 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:51:50.0018 5192 AxInstSV - ok
22:51:50.0072 5192 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:51:50.0123 5192 b06bdrv - ok
22:51:50.0162 5192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:51:50.0185 5192 b57nd60x - ok
22:51:50.0289 5192 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:51:50.0314 5192 BBSvc - ok
22:51:50.0345 5192 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:51:50.0396 5192 BDESVC - ok
22:51:50.0406 5192 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:51:50.0454 5192 Beep - ok
22:51:50.0530 5192 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:51:50.0595 5192 BFE - ok
22:51:50.0661 5192 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:51:50.0735 5192 BITS - ok
22:51:50.0741 5192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:50.0770 5192 blbdrive - ok
22:51:50.0833 5192 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:51:50.0859 5192 Bonjour Service - ok
22:51:50.0883 5192 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:51:50.0937 5192 bowser - ok
22:51:50.0952 5192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:51.0017 5192 BrFiltLo - ok
22:51:51.0025 5192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:51.0062 5192 BrFiltUp - ok
22:51:51.0109 5192 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:51:51.0170 5192 Browser - ok
22:51:51.0210 5192 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:51:51.0270 5192 Brserid - ok
22:51:51.0284 5192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:51.0324 5192 BrSerWdm - ok
22:51:51.0344 5192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:51.0377 5192 BrUsbMdm - ok
22:51:51.0395 5192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:51.0432 5192 BrUsbSer - ok
22:51:51.0453 5192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:51.0489 5192 BTHMODEM - ok
22:51:51.0550 5192 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:51:51.0608 5192 bthserv - ok
22:51:51.0732 5192 catchme - ok
22:51:51.0767 5192 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:51.0827 5192 cdfs - ok
22:51:51.0864 5192 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:51:51.0897 5192 cdrom - ok
22:51:51.0949 5192 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:51:52.0002 5192 CertPropSvc - ok
22:51:52.0035 5192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:51:52.0059 5192 circlass - ok
22:51:52.0082 5192 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:51:52.0109 5192 CLFS - ok
22:51:52.0181 5192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:52.0202 5192 clr_optimization_v2.0.50727_32 - ok
22:51:52.0262 5192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:52.0283 5192 clr_optimization_v4.0.30319_32 - ok
22:51:52.0300 5192 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:52.0320 5192 CmBatt - ok
22:51:52.0330 5192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:51:52.0343 5192 cmdide - ok
22:51:52.0388 5192 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:51:52.0409 5192 CNG - ok
22:51:52.0423 5192 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:52.0434 5192 Compbatt - ok
22:51:52.0464 5192 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:51:52.0512 5192 CompositeBus - ok
22:51:52.0530 5192 COMSysApp - ok
22:51:52.0553 5192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:52.0574 5192 crcdisk - ok
22:51:52.0627 5192 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:51:52.0685 5192 CryptSvc - ok
22:51:52.0732 5192 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:51:52.0789 5192 DcomLaunch - ok
22:51:52.0825 5192 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:51:52.0883 5192 defragsvc - ok
22:51:52.0930 5192 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:51:52.0975 5192 DfsC - ok
22:51:53.0035 5192 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:51:53.0090 5192 Dhcp - ok
22:51:53.0103 5192 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:51:53.0157 5192 discache - ok
22:51:53.0189 5192 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:51:53.0208 5192 Disk - ok
22:51:53.0236 5192 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:51:53.0270 5192 Dnscache - ok
22:51:53.0312 5192 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:51:53.0362 5192 dot3svc - ok
22:51:53.0391 5192 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:51:53.0424 5192 Dot4 - ok
22:51:53.0459 5192 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:51:53.0481 5192 Dot4Print - ok
22:51:53.0503 5192 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:51:53.0532 5192 dot4usb - ok
22:51:53.0560 5192 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:51:53.0618 5192 DPS - ok
22:51:53.0673 5192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:51:53.0706 5192 drmkaud - ok
22:51:53.0759 5192 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:53.0788 5192 DXGKrnl - ok
22:51:53.0824 5192 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:51:53.0873 5192 EapHost - ok
22:51:54.0073 5192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:51:54.0147 5192 ebdrv - ok
22:51:54.0234 5192 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:51:54.0270 5192 EFS - ok
22:51:54.0346 5192 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:51:54.0413 5192 ehRecvr - ok
22:51:54.0446 5192 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:51:54.0498 5192 ehSched - ok
22:51:54.0589 5192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:54.0618 5192 elxstor - ok
22:51:54.0651 5192 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:51:54.0682 5192 ErrDev - ok
22:51:54.0738 5192 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:51:54.0798 5192 EventSystem - ok
22:51:54.0833 5192 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:51:54.0890 5192 exfat - ok
22:51:54.0912 5192 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:51:54.0972 5192 fastfat - ok
22:51:55.0039 5192 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:51:55.0092 5192 Fax - ok
22:51:55.0105 5192 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:51:55.0144 5192 fdc - ok
22:51:55.0160 5192 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:51:55.0215 5192 fdPHost - ok
22:51:55.0233 5192 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:51:55.0284 5192 FDResPub - ok
22:51:55.0328 5192 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:51:55.0350 5192 FileInfo - ok
22:51:55.0363 5192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:51:55.0406 5192 Filetrace - ok
22:51:55.0421 5192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:55.0442 5192 flpydisk - ok
22:51:55.0476 5192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:51:55.0502 5192 FltMgr - ok
22:51:55.0570 5192 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:51:55.0630 5192 FontCache - ok
22:51:55.0727 5192 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:51:55.0745 5192 FontCache3.0.0.0 - ok
22:51:55.0763 5192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:51:55.0774 5192 FsDepends - ok
22:51:55.0809 5192 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:55.0819 5192 Fs_Rec - ok
22:51:55.0863 5192 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:55.0894 5192 fvevol - ok
22:51:55.0921 5192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:55.0942 5192 gagp30kx - ok
22:51:55.0973 5192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:55.0989 5192 GEARAspiWDM - ok
22:51:56.0040 5192 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:51:56.0108 5192 gpsvc - ok
22:51:56.0225 5192 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:56.0244 5192 gupdate - ok
22:51:56.0262 5192 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:56.0280 5192 gupdatem - ok
22:51:56.0312 5192 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:56.0332 5192 gusvc - ok
22:51:56.0353 5192 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:51:56.0403 5192 hcw85cir - ok
22:51:56.0436 5192 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:51:56.0473 5192 HDAudBus - ok
22:51:56.0488 5192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:56.0522 5192 HidBatt - ok
22:51:56.0547 5192 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:56.0579 5192 HidBth - ok
22:51:56.0603 5192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:51:56.0638 5192 HidIr - ok
22:51:56.0662 5192 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:51:56.0717 5192 hidserv - ok
22:51:56.0751 5192 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
22:51:56.0771 5192 HidUsb - ok
22:51:56.0813 5192 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:51:56.0868 5192 hkmsvc - ok
22:51:56.0908 5192 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:51:56.0955 5192 HomeGroupListener - ok
22:51:56.0987 5192 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:51:57.0012 5192 HomeGroupProvider - ok
22:51:57.0113 5192 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:51:57.0146 5192 hpqcxs08 - ok
22:51:57.0169 5192 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:51:57.0186 5192 hpqddsvc - ok
22:51:57.0205 5192 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:51:57.0216 5192 HpSAMD - ok
22:51:57.0268 5192 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:51:57.0293 5192 HPSLPSVC - ok
22:51:57.0363 5192 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:51:57.0411 5192 HTTP - ok
22:51:57.0437 5192 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:51:57.0448 5192 hwpolicy - ok
22:51:57.0462 5192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:51:57.0496 5192 i8042prt - ok
22:51:57.0532 5192 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:51:57.0557 5192 iaStorV - ok
22:51:57.0685 5192 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:51:57.0735 5192 idsvc - ok
22:51:57.0786 5192 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:57.0807 5192 iirsp - ok
22:51:57.0876 5192 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:51:57.0942 5192 IKEEXT - ok
22:51:58.0097 5192 IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
22:51:58.0164 5192 IntcAzAudAddService - ok
22:51:58.0285 5192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:51:58.0305 5192 intelide - ok
22:51:58.0339 5192 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:58.0370 5192 intelppm - ok
22:51:58.0399 5192 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:51:58.0463 5192 IPBusEnum - ok
22:51:58.0482 5192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:58.0525 5192 IpFilterDriver - ok
22:51:58.0573 5192 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:51:58.0615 5192 iphlpsvc - ok
22:51:58.0639 5192 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:51:58.0675 5192 IPMIDRV - ok
22:51:58.0694 5192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:51:58.0757 5192 IPNAT - ok
22:51:58.0907 5192 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:51:58.0940 5192 iPod Service - ok
22:51:58.0965 5192 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:51:58.0979 5192 IRENUM - ok
22:51:58.0993 5192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:51:59.0004 5192 isapnp - ok
22:51:59.0033 5192 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:51:59.0047 5192 iScsiPrt - ok
22:51:59.0068 5192 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:51:59.0079 5192 kbdclass - ok
22:51:59.0096 5192 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:51:59.0119 5192 kbdhid - ok
22:51:59.0145 5192 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:51:59.0156 5192 KeyIso - ok
22:51:59.0191 5192 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:51:59.0202 5192 KSecDD - ok
22:51:59.0243 5192 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:59.0266 5192 KSecPkg - ok
22:51:59.0302 5192 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:51:59.0341 5192 KtmRm - ok
22:51:59.0375 5192 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:51:59.0427 5192 LanmanServer - ok
22:51:59.0463 5192 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:51:59.0500 5192 LanmanWorkstation - ok
22:51:59.0545 5192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:59.0598 5192 lltdio - ok
22:51:59.0627 5192 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:51:59.0654 5192 lltdsvc - ok
22:51:59.0666 5192 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:51:59.0690 5192 lmhosts - ok
22:51:59.0716 5192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:59.0727 5192 LSI_FC - ok
22:51:59.0750 5192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:59.0762 5192 LSI_SAS - ok
22:51:59.0773 5192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:59.0784 5192 LSI_SAS2 - ok
22:51:59.0803 5192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:59.0815 5192 LSI_SCSI - ok
22:51:59.0845 5192 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:51:59.0870 5192 luafv - ok
22:51:59.0899 5192 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:51:59.0914 5192 MBAMProtector - ok
22:52:00.0006 5192 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:52:00.0040 5192 MBAMService - ok
22:52:00.0065 5192 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:52:00.0078 5192 Mcx2Svc - ok
22:52:00.0111 5192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:52:00.0132 5192 megasas - ok
22:52:00.0160 5192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:52:00.0174 5192 MegaSR - ok
22:52:00.0208 5192 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:52:00.0258 5192 MMCSS - ok
22:52:00.0278 5192 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:52:00.0340 5192 Modem - ok
22:52:00.0362 5192 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:52:00.0393 5192 monitor - ok
22:52:00.0421 5192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:52:00.0443 5192 mouclass - ok
22:52:00.0464 5192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:52:00.0483 5192 mouhid - ok
22:52:00.0526 5192 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:52:00.0548 5192 mountmgr - ok
22:52:00.0577 5192 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:52:00.0589 5192 mpio - ok
22:52:00.0612 5192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:52:00.0653 5192 mpsdrv - ok
22:52:00.0716 5192 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:52:00.0788 5192 MpsSvc - ok
22:52:00.0823 5192 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:52:00.0850 5192 MRxDAV - ok
22:52:00.0888 5192 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:52:00.0937 5192 mrxsmb - ok
22:52:00.0974 5192 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:52:01.0011 5192 mrxsmb10 - ok
22:52:01.0031 5192 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:52:01.0059 5192 mrxsmb20 - ok
22:52:01.0077 5192 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:52:01.0098 5192 msahci - ok
22:52:01.0126 5192 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:52:01.0149 5192 msdsm - ok
22:52:01.0180 5192 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:52:01.0215 5192 MSDTC - ok
22:52:01.0238 5192 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:52:01.0279 5192 Msfs - ok
22:52:01.0296 5192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:52:01.0320 5192 mshidkmdf - ok
22:52:01.0337 5192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:52:01.0348 5192 msisadrv - ok
22:52:01.0382 5192 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:52:01.0406 5192 MSiSCSI - ok
22:52:01.0411 5192 msiserver - ok
22:52:01.0436 5192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:52:01.0489 5192 MSKSSRV - ok
22:52:01.0509 5192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:52:01.0555 5192 MSPCLOCK - ok
22:52:01.0574 5192 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:52:01.0608 5192 MSPQM - ok
22:52:01.0631 5192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:52:01.0655 5192 MsRPC - ok
22:52:01.0674 5192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:52:01.0685 5192 mssmbios - ok
22:52:01.0690 5192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:52:01.0714 5192 MSTEE - ok
22:52:01.0735 5192 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:52:01.0753 5192 MTConfig - ok
22:52:01.0774 5192 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:52:01.0795 5192 Mup - ok
22:52:01.0837 5192 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:52:01.0882 5192 napagent - ok
22:52:01.0920 5192 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:52:01.0961 5192 NativeWifiP - ok
22:52:02.0018 5192 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:52:02.0056 5192 NDIS - ok
22:52:02.0072 5192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:52:02.0123 5192 NdisCap - ok
22:52:02.0147 5192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:52:02.0181 5192 NdisTapi - ok
22:52:02.0205 5192 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:52:02.0231 5192 Ndisuio - ok
22:52:02.0261 5192 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:52:02.0321 5192 NdisWan - ok
22:52:02.0347 5192 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:52:02.0408 5192 NDProxy - ok
22:52:02.0465 5192 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
22:52:02.0491 5192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:52:02.0491 5192 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:52:02.0528 5192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:52:02.0593 5192 NetBIOS - ok
22:52:02.0629 5192 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:52:02.0684 5192 NetBT - ok
22:52:02.0711 5192 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:02.0732 5192 Netlogon - ok
22:52:02.0789 5192 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:52:02.0845 5192 Netman - ok
22:52:02.0891 5192 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:52:02.0935 5192 netprofm - ok
22:52:02.0990 5192 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
22:52:03.0021 5192 netr28u - ok
22:52:03.0111 5192 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:52:03.0135 5192 NetTcpPortSharing - ok
22:52:03.0187 5192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:52:03.0209 5192 nfrd960 - ok
22:52:03.0254 5192 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:52:03.0346 5192 NlaSvc - ok
22:52:03.0361 5192 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:52:03.0434 5192 Npfs - ok
22:52:03.0458 5192 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:52:03.0499 5192 nsi - ok
22:52:03.0515 5192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:52:03.0562 5192 nsiproxy - ok
22:52:03.0660 5192 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:52:03.0714 5192 Ntfs - ok
22:52:03.0724 5192 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:52:03.0748 5192 Null - ok
22:52:03.0784 5192 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:52:03.0796 5192 nvraid - ok
22:52:03.0812 5192 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:52:03.0824 5192 nvstor - ok
22:52:03.0846 5192 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:52:03.0858 5192 nv_agp - ok
22:52:03.0965 5192 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:04.0005 5192 odserv - ok
22:52:04.0023 5192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:52:04.0060 5192 ohci1394 - ok
22:52:04.0125 5192 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:04.0145 5192 ose - ok
22:52:04.0186 5192 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:52:04.0238 5192 p2pimsvc - ok
22:52:04.0292 5192 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:52:04.0335 5192 p2psvc - ok
22:52:04.0359 5192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:52:04.0396 5192 Parport - ok
22:52:04.0423 5192 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:52:04.0445 5192 partmgr - ok
22:52:04.0464 5192 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:52:04.0498 5192 Parvdm - ok
22:52:04.0540 5192 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:52:04.0570 5192 PcaSvc - ok
22:52:04.0581 5192 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:52:04.0604 5192 pci - ok
22:52:04.0619 5192 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:52:04.0630 5192 pciide - ok
22:52:04.0656 5192 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:52:04.0669 5192 pcmcia - ok
22:52:04.0691 5192 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:52:04.0702 5192 pcw - ok
22:52:04.0739 5192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:52:04.0780 5192 PEAUTH - ok
22:52:04.0894 5192 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:52:04.0970 5192 pla - ok
22:52:05.0091 5192 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:52:05.0140 5192 PlugPlay - ok
22:52:05.0192 5192 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
22:52:05.0216 5192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:52:05.0216 5192 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:52:05.0248 5192 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:52:05.0280 5192 PNRPAutoReg - ok
22:52:05.0310 5192 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:52:05.0336 5192 PNRPsvc - ok
22:52:05.0370 5192 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:52:05.0423 5192 PolicyAgent - ok
22:52:05.0459 5192 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:52:05.0485 5192 Power - ok
22:52:05.0548 5192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:05.0601 5192 PptpMiniport - ok
22:52:05.0628 5192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:52:05.0659 5192 Processor - ok
22:52:05.0713 5192 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:52:05.0755 5192 ProfSvc - ok
22:52:05.0779 5192 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:05.0800 5192 ProtectedStorage - ok
22:52:05.0828 5192 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
22:52:05.0840 5192 ProtexisLicensing - ok
22:52:05.0878 5192 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:52:05.0922 5192 Psched - ok
22:52:06.0012 5192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:52:06.0080 5192 ql2300 - ok
22:52:06.0170 5192 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:52:06.0192 5192 ql40xx - ok
22:52:06.0232 5192 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:52:06.0259 5192 QWAVE - ok
22:52:06.0273 5192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:52:06.0286 5192 QWAVEdrv - ok
22:52:06.0343 5192 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
22:52:06.0366 5192 RapiMgr - ok
22:52:06.0379 5192 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:06.0411 5192 RasAcd - ok
22:52:06.0463 5192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:06.0504 5192 RasAgileVpn - ok
22:52:06.0524 5192 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:52:06.0550 5192 RasAuto - ok
22:52:06.0570 5192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:06.0624 5192 Rasl2tp - ok
22:52:06.0675 5192 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:52:06.0720 5192 RasMan - ok
22:52:06.0746 5192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:06.0801 5192 RasPppoe - ok
22:52:06.0824 5192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:06.0855 5192 RasSstp - ok
22:52:06.0892 5192 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:06.0946 5192 rdbss - ok
22:52:06.0960 5192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:06.0973 5192 rdpbus - ok
22:52:07.0000 5192 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:07.0055 5192 RDPCDD - ok
22:52:07.0075 5192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:52:07.0106 5192 RDPENCDD - ok
22:52:07.0123 5192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:52:07.0155 5192 RDPREFMP - ok
22:52:07.0191 5192 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:52:07.0238 5192 RDPWD - ok
22:52:07.0284 5192 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:52:07.0307 5192 rdyboost - ok
22:52:07.0343 5192 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:52:07.0394 5192 RemoteAccess - ok
22:52:07.0428 5192 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:52:07.0490 5192 RemoteRegistry - ok
22:52:07.0517 5192 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:52:07.0556 5192 RpcEptMapper - ok
22:52:07.0588 5192 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:52:07.0600 5192 RpcLocator - ok
22:52:07.0643 5192 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
22:52:07.0681 5192 RpcSs - ok
22:52:07.0690 5192 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:07.0716 5192 rspndr - ok
22:52:07.0763 5192 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
22:52:07.0787 5192 RTHDMIAzAudService - ok
22:52:07.0836 5192 RTL8167 (e099d23ee1bbce0cf5745f811f3b1882) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:52:07.0868 5192 RTL8167 - ok
22:52:07.0910 5192 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:52:07.0981 5192 RTL8169 - ok
22:52:08.0001 5192 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:08.0012 5192 SamSs - ok
22:52:08.0073 5192 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:52:08.0090 5192 SASDIFSV - ok
22:52:08.0119 5192 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:52:08.0139 5192 SASKUTIL - ok
22:52:08.0177 5192 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:52:08.0199 5192 sbp2port - ok
22:52:08.0240 5192 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:52:08.0276 5192 SCardSvr - ok
22:52:08.0300 5192 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:08.0338 5192 scfilter - ok
22:52:08.0405 5192 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:52:08.0455 5192 Schedule - ok
22:52:08.0483 5192 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:52:08.0506 5192 SCPolicySvc - ok
22:52:08.0539 5192 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:52:08.0589 5192 SDRSVC - ok
22:52:08.0682 5192 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:52:08.0708 5192 SeaPort - ok
22:52:08.0753 5192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:52:08.0806 5192 secdrv - ok
22:52:08.0829 5192 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:52:08.0873 5192 seclogon - ok
22:52:08.0908 5192 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:52:08.0960 5192 SENS - ok
22:52:08.0977 5192 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:52:09.0021 5192 SensrSvc - ok
22:52:09.0044 5192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:52:09.0073 5192 Serenum - ok
22:52:09.0096 5192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:52:09.0128 5192 Serial - ok
22:52:09.0153 5192 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:52:09.0173 5192 sermouse - ok
22:52:09.0225 5192 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:52:09.0264 5192 SessionEnv - ok
22:52:09.0284 5192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:52:09.0320 5192 sffdisk - ok
22:52:09.0325 5192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:52:09.0353 5192 sffp_mmc - ok
22:52:09.0374 5192 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:52:09.0397 5192 sffp_sd - ok
22:52:09.0409 5192 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:52:09.0427 5192 sfloppy - ok
22:52:09.0486 5192 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:52:09.0546 5192 SharedAccess - ok
22:52:09.0596 5192 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:52:09.0653 5192 ShellHWDetection - ok
22:52:09.0686 5192 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:52:09.0706 5192 sisagp - ok
22:52:09.0727 5192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:52:09.0738 5192 SiSRaid2 - ok
22:52:09.0760 5192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:52:09.0772 5192 SiSRaid4 - ok
22:52:09.0804 5192 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:52:09.0829 5192 Smb - ok
22:52:09.0890 5192 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:52:09.0913 5192 SNMPTRAP - ok
22:52:09.0921 5192 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:52:09.0932 5192 spldr - ok
22:52:09.0982 5192 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:52:10.0040 5192 Spooler - ok
22:52:10.0242 5192 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:52:10.0303 5192 sppsvc - ok
22:52:10.0409 5192 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:52:10.0473 5192 sppuinotify - ok
22:52:10.0537 5192 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:52:10.0587 5192 srv - ok
22:52:10.0621 5192 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:52:10.0660 5192 srv2 - ok
22:52:10.0687 5192 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:10.0707 5192 srvnet - ok
22:52:10.0744 5192 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:52:10.0795 5192 SSDPSRV - ok
22:52:10.0836 5192 SSHDRV76 (ef3504dd32e2ea222be0cbc9a0895f89) C:\Windows\system32\drivers\SSHDRV76.sys
22:52:10.0841 5192 SSHDRV76 ( UnsignedFile.Multi.Generic ) - warning
22:52:10.0841 5192 SSHDRV76 - detected UnsignedFile.Multi.Generic (1)
22:52:10.0876 5192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:52:10.0892 5192 ssmdrv - ok
22:52:10.0909 5192 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:52:10.0946 5192 SstpSvc - ok
22:52:10.0968 5192 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:52:10.0979 5192 stexstor - ok
22:52:11.0037 5192 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:52:11.0075 5192 StiSvc - ok
22:52:11.0098 5192 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:52:11.0109 5192 swenum - ok
22:52:11.0138 5192 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:52:11.0168 5192 swprv - ok
22:52:11.0258 5192 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:52:11.0289 5192 SysMain - ok
22:52:11.0325 5192 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:52:11.0371 5192 TabletInputService - ok
22:52:11.0465 5192 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:52:11.0510 5192 TapiSrv - ok
22:52:11.0528 5192 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:52:11.0574 5192 TBS - ok
22:52:11.0693 5192 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:52:11.0732 5192 Tcpip - ok
22:52:11.0752 5192 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:11.0782 5192 TCPIP6 - ok
22:52:11.0817 5192 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:52:11.0867 5192 tcpipreg - ok
22:52:11.0897 5192 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:52:11.0941 5192 TDPIPE - ok
22:52:11.0972 5192 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:52:12.0003 5192 TDTCP - ok
22:52:12.0027 5192 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:52:12.0070 5192 tdx - ok
22:52:12.0097 5192 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:52:12.0109 5192 TermDD - ok
22:52:12.0167 5192 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:52:12.0209 5192 TermService - ok
22:52:12.0227 5192 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:52:12.0284 5192 Themes - ok
22:52:12.0320 5192 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:52:12.0356 5192 THREADORDER - ok
22:52:12.0393 5192 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:52:12.0431 5192 TrkWks - ok
22:52:12.0493 5192 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:52:12.0551 5192 TrustedInstaller - ok
22:52:12.0578 5192 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:12.0622 5192 tssecsrv - ok
22:52:12.0664 5192 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:52:12.0697 5192 TsUsbFlt - ok
22:52:12.0746 5192 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:12.0801 5192 tunnel - ok
22:52:12.0825 5192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:52:12.0836 5192 uagp35 - ok
22:52:12.0873 5192 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:52:12.0910 5192 udfs - ok
22:52:12.0935 5192 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:52:12.0960 5192 UI0Detect - ok
22:52:12.0998 5192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:52:13.0010 5192 uliagpkx - ok
22:52:13.0035 5192 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:52:13.0047 5192 umbus - ok
22:52:13.0069 5192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:52:13.0100 5192 UmPass - ok
22:52:13.0132 5192 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:52:13.0190 5192 upnphost - ok
22:52:13.0246 5192 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:52:13.0269 5192 USBAAPL - ok
22:52:13.0287 5192 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:13.0339 5192 usbccgp - ok
22:52:13.0369 5192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:52:13.0406 5192 usbcir - ok
22:52:13.0427 5192 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:52:13.0446 5192 usbehci - ok
22:52:13.0480 5192 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:13.0531 5192 usbhub - ok
22:52:13.0546 5192 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:52:13.0580 5192 usbohci - ok
22:52:13.0624 5192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:13.0647 5192 usbprint - ok
22:52:13.0700 5192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:52:13.0738 5192 usbscan - ok
22:52:13.0761 5192 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:13.0809 5192 USBSTOR - ok
22:52:13.0820 5192 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:52:13.0839 5192 usbuhci - ok
22:52:13.0876 5192 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:52:13.0929 5192 UxSms - ok
22:52:13.0957 5192 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:52:13.0977 5192 VaultSvc - ok
22:52:13.0992 5192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:52:14.0004 5192 vdrvroot - ok
22:52:14.0056 5192 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:52:14.0109 5192 vds - ok
22:52:14.0136 5192 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:14.0148 5192 vga - ok
22:52:14.0167 5192 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:52:14.0192 5192 VgaSave - ok
22:52:14.0215 5192 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:52:14.0227 5192 vhdmp - ok
22:52:14.0250 5192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:52:14.0262 5192 viaagp - ok
22:52:14.0272 5192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:52:14.0283 5192 ViaC7 - ok
22:52:14.0299 5192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:52:14.0309 5192 viaide - ok
22:52:14.0328 5192 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:52:14.0339 5192 volmgr - ok
22:52:14.0360 5192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:52:14.0375 5192 volmgrx - ok
22:52:14.0397 5192 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:52:14.0410 5192 volsnap - ok
22:52:14.0452 5192 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:14.0477 5192 vsmraid - ok
22:52:14.0558 5192 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:52:14.0607 5192 VSS - ok
22:52:14.0631 5192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:14.0655 5192 vwifibus - ok
22:52:14.0679 5192 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:14.0693 5192 vwififlt - ok
22:52:14.0710 5192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:52:14.0723 5192 vwifimp - ok
22:52:14.0762 5192 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:52:14.0799 5192 W32Time - ok
22:52:14.0826 5192 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:52:14.0854 5192 WacomPen - ok
22:52:14.0896 5192 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:14.0951 5192 WANARP - ok
22:52:14.0956 5192 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:14.0979 5192 Wanarpv6 - ok
22:52:15.0099 5192 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:52:15.0133 5192 WatAdminSvc - ok
22:52:15.0210 5192 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:52:15.0277 5192 wbengine - ok
22:52:15.0301 5192 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:52:15.0344 5192 WbioSrvc - ok
22:52:15.0437 5192 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
22:52:15.0465 5192 WcesComm - ok
22:52:15.0510 5192 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:52:15.0562 5192 wcncsvc - ok
22:52:15.0584 5192 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:52:15.0643 5192 WcsPlugInService - ok
22:52:15.0706 5192 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:52:15.0726 5192 Wd - ok
22:52:15.0762 5192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:52:15.0779 5192 Wdf01000 - ok
22:52:15.0795 5192 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:15.0856 5192 WdiServiceHost - ok
22:52:15.0861 5192 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:15.0876 5192 WdiSystemHost - ok
22:52:15.0908 5192 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:52:15.0926 5192 WebClient - ok
22:52:15.0946 5192 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:52:15.0973 5192 Wecsvc - ok
22:52:15.0985 5192 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:52:16.0010 5192 wercplsupport - ok
22:52:16.0037 5192 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:52:16.0063 5192 WerSvc - ok
22:52:16.0088 5192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:16.0113 5192 WfpLwf - ok
22:52:16.0127 5192 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:52:16.0137 5192 WIMMount - ok
22:52:16.0243 5192 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:52:16.0283 5192 WinDefend - ok
22:52:16.0291 5192 WinHttpAutoProxySvc - ok
22:52:16.0353 5192 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:52:16.0404 5192 Winmgmt - ok
22:52:16.0485 5192 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:52:16.0583 5192 WinRM - ok
22:52:16.0675 5192 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
22:52:16.0716 5192 WINUSB - ok
22:52:16.0787 5192 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:52:16.0844 5192 Wlansvc - ok
22:52:16.0993 5192 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:17.0039 5192 wlidsvc - ok
22:52:17.0131 5192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:52:17.0151 5192 WmiAcpi - ok
22:52:17.0213 5192 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:52:17.0252 5192 wmiApSrv - ok
22:52:17.0372 5192 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:52:17.0425 5192 WMPNetworkSvc - ok
22:52:17.0454 5192 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:52:17.0500 5192 WPCSvc - ok
22:52:17.0527 5192 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:52:17.0571 5192 WPDBusEnum - ok
22:52:17.0606 5192 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:17.0660 5192 ws2ifsl - ok
22:52:17.0684 5192 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:52:17.0725 5192 wscsvc - ok
22:52:17.0730 5192 WSearch - ok
22:52:17.0863 5192 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:52:17.0905 5192 wuauserv - ok
22:52:18.0012 5192 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:52:18.0051 5192 WudfPf - ok
22:52:18.0098 5192 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:18.0122 5192 WUDFRd - ok
22:52:18.0174 5192 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:52:18.0208 5192 wudfsvc - ok
22:52:18.0253 5192 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:52:18.0310 5192 WwanSvc - ok
22:52:18.0362 5192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:52:18.0669 5192 \Device\Harddisk0\DR0 - ok
22:52:18.0674 5192 Boot (0x1200) (6f15c00de9200e707c72a926292b01fa) \Device\Harddisk0\DR0\Partition0
22:52:18.0676 5192 \Device\Harddisk0\DR0\Partition0 - ok
22:52:18.0693 5192 Boot (0x1200) (149dfd75a77a0e00c31bd7c48f0646d6) \Device\Harddisk0\DR0\Partition1
22:52:18.0694 5192 \Device\Harddisk0\DR0\Partition1 - ok
22:52:18.0694 5192 ============================================================
22:52:18.0694 5192 Scan finished
22:52:18.0694 5192 ============================================================
22:52:18.0708 1252 Detected object count: 3
22:52:18.0708 1252 Actual detected object count: 3
22:52:40.0000 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0000 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:40.0003 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0003 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:40.0005 1252 SSHDRV76 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:40.0005 1252 SSHDRV76 ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________ Schönen Gruß JC |
|
13.07.2012, 12:40
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 16:40
| #21 |
| | Bundespolizeitrojaner, Internetzugang gesperrt Hey there, hier das Ergebnis [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-13.02 - JC Müller 13.07.2012 17:09:08.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.2257 [GMT 2:00]
ausgeführt von:: c:\users\JC M³ller\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-13 bis 2012-07-13 ))))))))))))))))))))))))))))))
.
.
2012-07-13 15:17 . 2012-07-13 15:17 -------- d-----w- c:\users\JC Müller\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 15:17 . 2012-07-13 15:17 -------- d-----w- c:\users\Claudia\AppData\Local\temp
2012-07-13 15:12 . 2012-07-13 15:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DC36BC-2522-4319-8587-BF8413D5B1C5}\offreg.dll
2012-07-13 14:47 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DC36BC-2522-4319-8587-BF8413D5B1C5}\mpengine.dll
2012-07-11 22:08 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 22:08 . 2012-06-02 08:22 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-11 22:08 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-11 22:08 . 2012-06-02 08:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-11 22:08 . 2012-06-02 08:21 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-11 22:08 . 2012-06-02 08:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-11 22:07 . 2012-06-02 09:08 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-11 22:07 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-11 22:07 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-11 22:07 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 22:07 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 22:06 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 17:59 . 2012-07-05 17:59 -------- d-----w- c:\program files\ESET
2012-07-04 19:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 18:47 . 2012-07-04 18:47 -------- d-----w- c:\users\Claudia\AppData\Local\AAV
2012-06-18 21:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 21:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 21:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 21:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 21:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-18 21:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 21:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 21:22 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 21:22 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 20:57 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 20:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 20:57 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 20:57 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 20:57 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 20:57 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 20:57 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 20:57 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 20:57 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 17:49 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-31 17:49 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-14 20:32 . 2012-02-09 17:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 20:32 . 2012-02-09 17:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-05-16 19:34 . 2011-05-16 19:34 1110476 ----a-w- c:\program files\7z920.exe
2012-03-25 19:18 . 2011-05-13 13:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-31 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\JC Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 19:48]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} -
FF - ProfilePath - c:\users\JC Müller\AppData\Roaming\Mozilla\Firefox\Profiles\uih78sgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/br/ff3_startpage
FF - prefs.js: keyword.URL - hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-13 17:25:04
ComboFix-quarantined-files.txt 2012-07-13 15:25
ComboFix2.txt 2011-05-17 19:34
.
Vor Suchlauf: 16 Verzeichnis(se), 491.370.475.520 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 491.298.775.040 Bytes frei
.
- - End Of File - - EA5A15A1DB997F9B0B47673C565CDFEC
__________________ --> Bundespolizeitrojaner, Internetzugang gesperrt |
|
13.07.2012, 21:23
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 23:00
| #23 |
| | Bundespolizeitrojaner, Internetzugang gesperrt Guten Abend, also GMER mag mich nicht, hab ich gelassen nachdem der Rechner abgestürzt war. Aber OSAM war besser. Hier der LOG Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 23:37:02
-----------------------------
23:37:02.919 OS Version: Windows 6.1.7601 Service Pack 1
23:37:02.919 Number of processors: 4 586 0x203
23:37:02.919 ComputerName: PCGELLERTSTR UserName: JC Müller
23:37:04.167 Initialize success
23:37:13.152 AVAST engine defs: 12071301
23:37:19.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:37:19.626 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
23:37:19.642 Disk 0 MBR read successfully
23:37:19.658 Disk 0 MBR scan
23:37:19.658 Disk 0 Windows 7 default MBR code
23:37:19.673 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 589994 MB offset 2048
23:37:19.689 Disk 0 Partition - 00 0F Extended LBA 20481 MB offset 1208312847
23:37:19.720 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20481 MB offset 1208312910
23:37:19.736 Disk 0 scanning sectors +1250258625
23:37:19.814 Disk 0 scanning C:\Windows\system32\drivers
23:37:32.340 Service scanning
23:37:52.121 Modules scanning
23:38:12.075 Disk 0 trace - called modules:
23:38:12.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:38:12.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa7650]
23:38:12.652 3 CLASSPNP.SYS[843aa59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86f9d030]
23:38:14.103 AVAST engine scan C:\Windows
23:38:22.356 AVAST engine scan C:\Windows\system32
23:41:51.570 AVAST engine scan C:\Windows\system32\drivers
23:42:04.549 AVAST engine scan C:\Users\JC Müller
23:56:33.274 AVAST engine scan C:\ProgramData
23:57:42.491 Scan finished successfully
23:58:32.739 Disk 0 MBR has been saved successfully to "C:\Users\JC Müller\Desktop\MBR.dat"
23:58:32.739 The log file has been saved successfully to "C:\Users\JC Müller\Desktop\aswMBR.txt"
__________________ Schönen Gruß JC |
|
14.07.2012, 13:09
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 04:55
| #25 |
| | Bundespolizeitrojaner, Internetzugang gesperrt Guten Morgen hier beide Logs: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/16/2012 at 11:24 PM
Application Version : 4.52.1000
Core Rules Database Version : 7167
Trace Rules Database Version: 4979
Scan type : Complete Scan
Total Scan Time : 01:45:01
Memory items scanned : 796
Memory threats detected : 0
Registry items scanned : 10455
Registry threats detected : 0
File items scanned : 152267
File threats detected : 3
Adware.Tracking Cookie
C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Cookies\D2PWBNLN.txt
C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Cookies\jc_müller@doubleclick[1].txt
Trojan.Dropper/SVCHost-Fake
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 JC Müller :: PCGELLERTSTR [Administrator] Schutz: Aktiviert 16.07.2012 18:16:57 mbam-log-2012-07-16 (18-16-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377660 Laufzeit: 1 Stunde(n), 27 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)
__________________ Schönen Gruß JC |
|
17.07.2012, 14:37
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Sieht ok aus, da wurden nur Cookies gefunden. Der andere Fund bei SUPERAntiSpyware ist ein Fehlalarm. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 19:32
| #27 |
| |  Bundespolizeitrojaner, Internetzugang gesperrt Hallo Arne, vielen Dank für die so erfreuliche Nachricht. Und danke für Deine tolle Arbeit!  Eine letzte Frage habe ich noch: Beim starten des Rechners erscheint immernoch die Mitteilung "Problem beim Starten von C:\user\JCMLLE~1\AppData\Local\Temp\O_On_l.exe das angegebene Modul wurde nicht gefunden". Was hat es damit auf sich? Wurde die Datei evtl. in eine Quarantäne verschoben weil Trojaner? Oder ist es womöglich ein Fehlalarm o.ä. Freue mich über Info! Und nochmals vielen Dank!
__________________ Schönen Gruß JC |
|
18.07.2012, 15:51
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeitrojaner, Internetzugang gesperrt Ist nur ein verwaister Autostart-Eintrag, den solltest du über msconfig deaktivieren können Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 17:13
| #29 |
| | Bundespolizeitrojaner, Internetzugang gesperrt Hallo Arne, nochmals besten Dank! Meine Hochachtung für Deine und eure tolle Arbeit!!  Deine Hinweise werde ich gerne berücksichtigen und hoffe nicht so schnell wieder auf eure kompetente Hilfe angewiesen zu sein. Schönen Sommer wünsche ich!
__________________ Schönen Gruß JC |
|
| Themen zu Bundespolizeitrojaner, Internetzugang gesperrt |
| .dll, 0_0u_l.exe, 4d36e972-e325-11ce-bfc1-08002be10318, administrator, antivirus, avg, avira, bundespolizeitrojaner, desktop, dllhost.exe, gesperrt, google, heuristiks/extra, heuristiks/shuriken, home, icreinstall, iexplore.exe, infizierte, infizierte dateien, internet, juli 2012, kompetent, nt.dll, officejet, programm, prozesse, pup.adware.installcore, recover, registry, rundll, scan, services.exe, software, svchost.exe, taskhost.exe, teredo, trojaner, verweise, warnung, windows, winlogon.exe |
Linear-Darstellung
