| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: iexplore Verbindung mit Facebook?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2012, 20:11
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  iexplore Verbindung mit Facebook? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 13:13
| #17 |
 | iexplore Verbindung mit Facebook? Hallo,
__________________hier ist der Log vom TDSS: Code:
ATTFilter 14:05:02.0883 3980 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:05:03.0133 3980 ============================================================
14:05:03.0133 3980 Current date / time: 2012/07/20 14:05:03.0133
14:05:03.0133 3980 SystemInfo:
14:05:03.0133 3980
14:05:03.0133 3980 OS Version: 6.1.7601 ServicePack: 1.0
14:05:03.0133 3980 Product type: Workstation
14:05:03.0133 3980 ComputerName: **********
14:05:03.0133 3980 UserName: +++++
14:05:03.0133 3980 Windows directory: C:\Windows
14:05:03.0133 3980 System windows directory: C:\Windows
14:05:03.0133 3980 Running under WOW64
14:05:03.0133 3980 Processor architecture: Intel x64
14:05:03.0133 3980 Number of processors: 4
14:05:03.0133 3980 Page size: 0x1000
14:05:03.0133 3980 Boot type: Normal boot
14:05:03.0133 3980 ============================================================
14:05:03.0647 3980 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:03.0663 3980 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:03.0694 3980 ============================================================
14:05:03.0694 3980 \Device\Harddisk0\DR0:
14:05:03.0710 3980 MBR partitions:
14:05:03.0710 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x18FDC800
14:05:03.0725 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A74D800, BlocksNum 0x20F3000
14:05:03.0725 3980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C840800, BlocksNum 0xD672800
14:05:03.0725 3980 \Device\Harddisk1\DR1:
14:05:03.0741 3980 MBR partitions:
14:05:03.0741 3980 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x14F75000
14:05:03.0741 3980 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x14F76000, BlocksNum 0xA7BA7F8
14:05:03.0741 3980 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1F730800, BlocksNum 0xA782000
14:05:03.0741 3980 ============================================================
14:05:03.0772 3980 C: <-> \Device\Harddisk0\DR0\Partition0
14:05:03.0788 3980 D: <-> \Device\Harddisk1\DR1\Partition0
14:05:03.0819 3980 F: <-> \Device\Harddisk0\DR0\Partition2
14:05:03.0850 3980 G: <-> \Device\Harddisk1\DR1\Partition1
14:05:03.0881 3980 H: <-> \Device\Harddisk1\DR1\Partition2
14:05:03.0913 3980 E: <-> \Device\Harddisk0\DR0\Partition1
14:05:03.0913 3980 ============================================================
14:05:03.0913 3980 Initialize success
14:05:03.0913 3980 ============================================================
14:05:30.0433 3060 ============================================================
14:05:30.0433 3060 Scan started
14:05:30.0433 3060 Mode: Manual; SigCheck; TDLFS;
14:05:30.0433 3060 ============================================================
14:05:31.0197 3060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:05:31.0322 3060 1394ohci - ok
14:05:31.0369 3060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:05:31.0400 3060 ACPI - ok
14:05:31.0431 3060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:05:31.0509 3060 AcpiPmi - ok
14:05:31.0649 3060 AcrSch2Svc (82f8049992c25d77f65903983878fe31) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:05:31.0681 3060 AcrSch2Svc - ok
14:05:31.0743 3060 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:31.0759 3060 AdobeARMservice - ok
14:05:31.0915 3060 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:05:31.0930 3060 AdobeFlashPlayerUpdateSvc - ok
14:05:32.0055 3060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:05:32.0086 3060 adp94xx - ok
14:05:32.0149 3060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:05:32.0180 3060 adpahci - ok
14:05:32.0195 3060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:05:32.0227 3060 adpu320 - ok
14:05:32.0273 3060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:05:32.0414 3060 AeLookupSvc - ok
14:05:32.0476 3060 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
14:05:32.0492 3060 afcdp - ok
14:05:32.0726 3060 afcdpsrv (b6fc28e1b17b4fb6f3cffa0ae8cee250) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
14:05:32.0866 3060 afcdpsrv - ok
14:05:32.0991 3060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:05:33.0038 3060 AFD - ok
14:05:33.0085 3060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:05:33.0100 3060 agp440 - ok
14:05:33.0116 3060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:05:33.0147 3060 ALG - ok
14:05:33.0178 3060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:05:33.0194 3060 aliide - ok
14:05:33.0209 3060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:05:33.0209 3060 amdide - ok
14:05:33.0225 3060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:05:33.0256 3060 AmdK8 - ok
14:05:33.0272 3060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:05:33.0287 3060 AmdPPM - ok
14:05:33.0334 3060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:05:33.0350 3060 amdsata - ok
14:05:33.0381 3060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:05:33.0412 3060 amdsbs - ok
14:05:33.0412 3060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:05:33.0428 3060 amdxata - ok
14:05:33.0459 3060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:05:33.0631 3060 AppID - ok
14:05:33.0646 3060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:05:33.0693 3060 AppIDSvc - ok
14:05:33.0724 3060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:05:33.0771 3060 Appinfo - ok
14:05:33.0802 3060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:05:33.0818 3060 arc - ok
14:05:33.0833 3060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:05:33.0849 3060 arcsas - ok
14:05:33.0958 3060 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:05:33.0958 3060 aspnet_state - ok
14:05:33.0989 3060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:34.0036 3060 AsyncMac - ok
14:05:34.0052 3060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:05:34.0067 3060 atapi - ok
14:05:34.0130 3060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:34.0208 3060 AudioEndpointBuilder - ok
14:05:34.0208 3060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:34.0255 3060 AudioSrv - ok
14:05:34.0286 3060 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
14:05:34.0317 3060 avmaudio - ok
14:05:34.0395 3060 AVP (3d19081fede8e9ef5b4fbb5f88ee4544) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
14:05:34.0411 3060 AVP - ok
14:05:34.0442 3060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:05:34.0489 3060 AxInstSV - ok
14:05:34.0504 3060 azvusb (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys
14:05:34.0551 3060 azvusb - ok
14:05:34.0613 3060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:05:34.0645 3060 b06bdrv - ok
14:05:34.0691 3060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:05:34.0723 3060 b57nd60a - ok
14:05:34.0754 3060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:05:34.0785 3060 BDESVC - ok
14:05:34.0801 3060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:05:34.0832 3060 Beep - ok
14:05:34.0894 3060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:05:34.0957 3060 BFE - ok
14:05:35.0035 3060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:05:35.0113 3060 BITS - ok
14:05:35.0175 3060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:05:35.0206 3060 blbdrive - ok
14:05:35.0237 3060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:05:35.0284 3060 bowser - ok
14:05:35.0300 3060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:05:35.0315 3060 BrFiltLo - ok
14:05:35.0331 3060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:05:35.0362 3060 BrFiltUp - ok
14:05:35.0378 3060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:05:35.0440 3060 Browser - ok
14:05:35.0471 3060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:05:35.0503 3060 Brserid - ok
14:05:35.0518 3060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:05:35.0549 3060 BrSerWdm - ok
14:05:35.0565 3060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:05:35.0596 3060 BrUsbMdm - ok
14:05:35.0596 3060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:05:35.0612 3060 BrUsbSer - ok
14:05:35.0659 3060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
14:05:35.0690 3060 BthEnum - ok
14:05:35.0721 3060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:05:35.0752 3060 BTHMODEM - ok
14:05:35.0783 3060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:05:35.0815 3060 BthPan - ok
14:05:35.0861 3060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:05:35.0893 3060 BTHPORT - ok
14:05:35.0924 3060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:05:35.0971 3060 bthserv - ok
14:05:35.0986 3060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:05:36.0002 3060 BTHUSB - ok
14:05:36.0049 3060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:36.0111 3060 cdfs - ok
14:05:36.0142 3060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:36.0158 3060 cdrom - ok
14:05:36.0189 3060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:36.0236 3060 CertPropSvc - ok
14:05:36.0283 3060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:05:36.0314 3060 circlass - ok
14:05:36.0345 3060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:05:36.0376 3060 CLFS - ok
14:05:36.0407 3060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:36.0423 3060 clr_optimization_v2.0.50727_32 - ok
14:05:36.0454 3060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:05:36.0470 3060 clr_optimization_v2.0.50727_64 - ok
14:05:36.0532 3060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:36.0548 3060 clr_optimization_v4.0.30319_32 - ok
14:05:36.0579 3060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:05:36.0595 3060 clr_optimization_v4.0.30319_64 - ok
14:05:36.0626 3060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:05:36.0641 3060 CmBatt - ok
14:05:36.0657 3060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:05:36.0673 3060 cmdide - ok
14:05:36.0704 3060 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:05:36.0735 3060 CNG - ok
14:05:36.0751 3060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:05:36.0766 3060 Compbatt - ok
14:05:36.0782 3060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:05:36.0813 3060 CompositeBus - ok
14:05:36.0829 3060 COMSysApp - ok
14:05:36.0829 3060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:05:36.0844 3060 crcdisk - ok
14:05:36.0922 3060 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:05:36.0938 3060 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:05:36.0938 3060 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:05:36.0953 3060 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:05:36.0985 3060 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:05:36.0985 3060 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:05:37.0016 3060 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:05:37.0063 3060 CryptSvc - ok
14:05:37.0109 3060 CSCrySec (ab1201f8de199e764da9a32abf71049c) C:\Windows\system32\DRIVERS\CSCrySec.sys
14:05:37.0109 3060 CSCrySec - ok
14:05:37.0219 3060 CSObjectsSrv (6e5b42219f1fe4a3d087d9d501e343d5) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
14:05:37.0234 3060 CSObjectsSrv - ok
14:05:37.0281 3060 CSVirtualDiskDrv (a6eed705bb510fa6b0f9f097165a3395) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
14:05:37.0297 3060 CSVirtualDiskDrv - ok
14:05:37.0328 3060 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
14:05:37.0343 3060 CT20XUT - ok
14:05:37.0359 3060 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
14:05:37.0375 3060 CT20XUT.SYS - ok
14:05:37.0406 3060 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
14:05:37.0437 3060 ctac32k - ok
14:05:37.0468 3060 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
14:05:37.0499 3060 ctaud2k - ok
14:05:37.0562 3060 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:05:37.0593 3060 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:05:37.0593 3060 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:05:37.0671 3060 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
14:05:37.0702 3060 CTEXFIFX - ok
14:05:37.0843 3060 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
14:05:37.0874 3060 CTEXFIFX.SYS - ok
14:05:37.0921 3060 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
14:05:37.0936 3060 CTHWIUT - ok
14:05:37.0936 3060 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
14:05:37.0952 3060 CTHWIUT.SYS - ok
14:05:37.0967 3060 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
14:05:37.0983 3060 ctprxy2k - ok
14:05:37.0999 3060 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
14:05:38.0014 3060 ctsfm2k - ok
14:05:38.0045 3060 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
14:05:38.0061 3060 dc3d - ok
14:05:38.0108 3060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:38.0170 3060 DcomLaunch - ok
14:05:38.0217 3060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:05:38.0279 3060 defragsvc - ok
14:05:38.0295 3060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:05:38.0342 3060 DfsC - ok
14:05:38.0389 3060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:05:38.0451 3060 Dhcp - ok
14:05:38.0451 3060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:05:38.0498 3060 discache - ok
14:05:38.0545 3060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:05:38.0560 3060 Disk - ok
14:05:38.0591 3060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:05:38.0685 3060 Dnscache - ok
14:05:38.0810 3060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:05:38.0872 3060 dot3svc - ok
14:05:38.0903 3060 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:05:38.0935 3060 Dot4 - ok
14:05:38.0950 3060 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:05:38.0966 3060 Dot4Print - ok
14:05:38.0981 3060 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:05:38.0997 3060 dot4usb - ok
14:05:39.0028 3060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:05:39.0075 3060 DPS - ok
14:05:39.0106 3060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:05:39.0122 3060 drmkaud - ok
14:05:39.0247 3060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:39.0262 3060 DXGKrnl - ok
14:05:39.0293 3060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:05:39.0325 3060 EapHost - ok
14:05:39.0512 3060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:05:39.0621 3060 ebdrv - ok
14:05:39.0699 3060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:05:39.0715 3060 EFS - ok
14:05:39.0793 3060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:05:39.0839 3060 ehRecvr - ok
14:05:39.0871 3060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:05:39.0917 3060 ehSched - ok
14:05:39.0995 3060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:05:40.0027 3060 elxstor - ok
14:05:40.0058 3060 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
14:05:40.0058 3060 emupia - ok
14:05:40.0073 3060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:05:40.0105 3060 ErrDev - ok
14:05:40.0151 3060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:05:40.0214 3060 EventSystem - ok
14:05:40.0245 3060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:05:40.0292 3060 exfat - ok
14:05:40.0307 3060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:05:40.0354 3060 fastfat - ok
14:05:40.0432 3060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:05:40.0510 3060 Fax - ok
14:05:40.0557 3060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:05:40.0588 3060 fdc - ok
14:05:40.0604 3060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:05:40.0651 3060 fdPHost - ok
14:05:40.0682 3060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:05:40.0713 3060 FDResPub - ok
14:05:40.0744 3060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:05:40.0760 3060 FileInfo - ok
14:05:40.0760 3060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:05:40.0807 3060 Filetrace - ok
14:05:40.0900 3060 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:05:40.0916 3060 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:05:40.0916 3060 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:05:40.0947 3060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:05:40.0963 3060 flpydisk - ok
14:05:40.0994 3060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:05:41.0009 3060 FltMgr - ok
14:05:41.0056 3060 fltsrv (d4463a74e1bfbf3fb9b4fc6cf5390152) C:\Windows\system32\DRIVERS\fltsrv.sys
14:05:41.0087 3060 fltsrv - ok
14:05:41.0165 3060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:05:41.0212 3060 FontCache - ok
14:05:41.0290 3060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:05:41.0306 3060 FontCache3.0.0.0 - ok
14:05:41.0337 3060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:05:41.0353 3060 FsDepends - ok
14:05:41.0384 3060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:41.0399 3060 Fs_Rec - ok
14:05:41.0415 3060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:05:41.0446 3060 fvevol - ok
14:05:41.0462 3060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:05:41.0477 3060 gagp30kx - ok
14:05:41.0540 3060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:05:41.0602 3060 gpsvc - ok
14:05:41.0680 3060 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:05:41.0696 3060 gupdate - ok
14:05:41.0711 3060 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:05:41.0711 3060 gupdatem - ok
14:05:41.0805 3060 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
14:05:41.0836 3060 ha20x2k - ok
14:05:41.0930 3060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:05:41.0961 3060 hcw85cir - ok
14:05:41.0977 3060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:05:42.0008 3060 HDAudBus - ok
14:05:42.0023 3060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:05:42.0055 3060 HidBatt - ok
14:05:42.0070 3060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:05:42.0101 3060 HidBth - ok
14:05:42.0133 3060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:05:42.0148 3060 HidIr - ok
14:05:42.0164 3060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:05:42.0211 3060 hidserv - ok
14:05:42.0242 3060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:42.0257 3060 HidUsb - ok
14:05:42.0289 3060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:05:42.0335 3060 hkmsvc - ok
14:05:42.0351 3060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:05:42.0382 3060 HomeGroupListener - ok
14:05:42.0429 3060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:05:42.0460 3060 HomeGroupProvider - ok
14:05:42.0569 3060 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) F:\Programme\(x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:05:42.0601 3060 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:05:42.0601 3060 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:05:42.0632 3060 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) F:\Programme\(x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:05:42.0647 3060 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:05:42.0647 3060 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:05:42.0694 3060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:05:42.0710 3060 HpSAMD - ok
14:05:42.0819 3060 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) F:\Programme\(x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:05:42.0835 3060 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:05:42.0835 3060 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:05:42.0913 3060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:05:42.0975 3060 HTTP - ok
14:05:42.0991 3060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:05:43.0006 3060 hwpolicy - ok
14:05:43.0022 3060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:43.0037 3060 i8042prt - ok
14:05:43.0100 3060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:05:43.0115 3060 iaStorV - ok
14:05:43.0240 3060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:05:43.0271 3060 idsvc - ok
14:05:43.0303 3060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:05:43.0318 3060 iirsp - ok
14:05:43.0381 3060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:05:43.0443 3060 IKEEXT - ok
14:05:43.0459 3060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:05:43.0474 3060 intelide - ok
14:05:43.0521 3060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:05:43.0537 3060 intelppm - ok
14:05:43.0568 3060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:05:43.0615 3060 IPBusEnum - ok
14:05:43.0630 3060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:43.0677 3060 IpFilterDriver - ok
14:05:43.0724 3060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:05:43.0786 3060 iphlpsvc - ok
14:05:43.0833 3060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:05:43.0849 3060 IPMIDRV - ok
14:05:43.0895 3060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:05:43.0942 3060 IPNAT - ok
14:05:43.0958 3060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:05:43.0989 3060 IRENUM - ok
14:05:44.0005 3060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:05:44.0020 3060 isapnp - ok
14:05:44.0036 3060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:05:44.0051 3060 iScsiPrt - ok
14:05:44.0098 3060 jdngrcmrpd (6abe8b3ee4a1f1ebf21c94c723c07a63) C:\Windows\system32\DRIVERS\jdngrcmrpd.sys
14:05:44.0129 3060 jdngrcmrpd - ok
14:05:44.0145 3060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:44.0161 3060 kbdclass - ok
14:05:44.0192 3060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:05:44.0207 3060 kbdhid - ok
14:05:44.0239 3060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:44.0239 3060 KeyIso - ok
14:05:44.0301 3060 kl1 (73bf91efbe1f788d0615a396a9211a4b) C:\Windows\system32\DRIVERS\kl1.sys
14:05:44.0332 3060 kl1 - ok
14:05:44.0379 3060 kl2 (dc3cf56209c6a19124fedef1cbfaf55b) C:\Windows\system32\DRIVERS\kl2.sys
14:05:44.0395 3060 kl2 - ok
14:05:44.0441 3060 KLIF (06f1e403d712083930310eb4ba9032c2) C:\Windows\system32\DRIVERS\klif.sys
14:05:44.0457 3060 KLIF - ok
14:05:44.0473 3060 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
14:05:44.0488 3060 KLIM6 - ok
14:05:44.0504 3060 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
14:05:44.0519 3060 klmouflt - ok
14:05:44.0535 3060 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:05:44.0551 3060 KSecDD - ok
14:05:44.0566 3060 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:05:44.0597 3060 KSecPkg - ok
14:05:44.0613 3060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:05:44.0660 3060 ksthunk - ok
14:05:44.0707 3060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:05:44.0753 3060 KtmRm - ok
14:05:44.0769 3060 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
14:05:44.0785 3060 L8042Kbd - ok
14:05:44.0831 3060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:05:44.0878 3060 LanmanServer - ok
14:05:44.0909 3060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:05:44.0956 3060 LanmanWorkstation - ok
14:05:45.0003 3060 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:05:45.0019 3060 LHidFilt - ok
14:05:45.0034 3060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:45.0097 3060 lltdio - ok
14:05:45.0128 3060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:05:45.0190 3060 lltdsvc - ok
14:05:45.0206 3060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:05:45.0253 3060 lmhosts - ok
14:05:45.0268 3060 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:05:45.0284 3060 LMouFilt - ok
14:05:45.0315 3060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:05:45.0331 3060 LSI_FC - ok
14:05:45.0346 3060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:05:45.0362 3060 LSI_SAS - ok
14:05:45.0377 3060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:05:45.0377 3060 LSI_SAS2 - ok
14:05:45.0409 3060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:45.0424 3060 LSI_SCSI - ok
14:05:45.0471 3060 Ltn_stk7070P_64 (639d24e769bdbec6145e4c1921669b73) C:\Windows\system32\DRIVERS\Ltn_stk7070P_64.sys
14:05:45.0518 3060 Ltn_stk7070P_64 ( UnsignedFile.Multi.Generic ) - warning
14:05:45.0518 3060 Ltn_stk7070P_64 - detected UnsignedFile.Multi.Generic (1)
14:05:45.0533 3060 Ltn_stkrc_64 (e028df5a96827a87898d4d7eb768e3ab) C:\Windows\system32\DRIVERS\Ltn_stkrc_64.sys
14:05:45.0565 3060 Ltn_stkrc_64 - ok
14:05:45.0596 3060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:05:45.0643 3060 luafv - ok
14:05:45.0736 3060 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:05:45.0752 3060 MBAMProtector - ok
14:05:45.0861 3060 MBAMService (43683e970f008c93c9429ef428147a54) F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:05:45.0877 3060 MBAMService - ok
14:05:45.0908 3060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:05:45.0923 3060 Mcx2Svc - ok
14:05:45.0939 3060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:05:45.0955 3060 megasas - ok
14:05:45.0986 3060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:05:46.0001 3060 MegaSR - ok
14:05:46.0048 3060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:46.0095 3060 MMCSS - ok
14:05:46.0111 3060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:05:46.0157 3060 Modem - ok
14:05:46.0173 3060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:05:46.0204 3060 monitor - ok
14:05:46.0235 3060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:46.0251 3060 mouclass - ok
14:05:46.0282 3060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:05:46.0282 3060 mouhid - ok
14:05:46.0313 3060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:05:46.0329 3060 mountmgr - ok
14:05:46.0345 3060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:05:46.0376 3060 mpio - ok
14:05:46.0391 3060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:05:46.0423 3060 mpsdrv - ok
14:05:46.0485 3060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:05:46.0547 3060 MpsSvc - ok
14:05:46.0579 3060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:05:46.0610 3060 MRxDAV - ok
14:05:46.0641 3060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:46.0688 3060 mrxsmb - ok
14:05:46.0719 3060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:46.0735 3060 mrxsmb10 - ok
14:05:46.0750 3060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:05:46.0766 3060 mrxsmb20 - ok
14:05:46.0781 3060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:05:46.0797 3060 msahci - ok
14:05:46.0875 3060 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
14:05:46.0891 3060 MSCamSvc - ok
14:05:46.0922 3060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:05:46.0937 3060 msdsm - ok
14:05:46.0969 3060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:05:47.0015 3060 MSDTC - ok
14:05:47.0031 3060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:05:47.0078 3060 Msfs - ok
14:05:47.0109 3060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:05:47.0156 3060 mshidkmdf - ok
14:05:47.0171 3060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:05:47.0187 3060 msisadrv - ok
14:05:47.0203 3060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:05:47.0249 3060 MSiSCSI - ok
14:05:47.0249 3060 msiserver - ok
14:05:47.0281 3060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:05:47.0327 3060 MSKSSRV - ok
14:05:47.0343 3060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:05:47.0390 3060 MSPCLOCK - ok
14:05:47.0405 3060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:05:47.0452 3060 MSPQM - ok
14:05:47.0483 3060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:05:47.0499 3060 MsRPC - ok
14:05:47.0530 3060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:05:47.0530 3060 mssmbios - ok
14:05:47.0546 3060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:05:47.0593 3060 MSTEE - ok
14:05:47.0608 3060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:05:47.0624 3060 MTConfig - ok
14:05:47.0639 3060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:05:47.0655 3060 Mup - ok
14:05:47.0702 3060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:05:47.0764 3060 napagent - ok
14:05:47.0811 3060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:05:47.0842 3060 NativeWifiP - ok
14:05:47.0920 3060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:05:47.0951 3060 NDIS - ok
14:05:47.0967 3060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:05:47.0998 3060 NdisCap - ok
14:05:48.0029 3060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:05:48.0061 3060 NdisTapi - ok
14:05:48.0076 3060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:05:48.0123 3060 Ndisuio - ok
14:05:48.0154 3060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:05:48.0201 3060 NdisWan - ok
14:05:48.0217 3060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:05:48.0248 3060 NDProxy - ok
14:05:48.0295 3060 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:05:48.0310 3060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:48.0310 3060 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:48.0341 3060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:05:48.0388 3060 NetBIOS - ok
14:05:48.0419 3060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:05:48.0451 3060 NetBT - ok
14:05:48.0482 3060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:48.0497 3060 Netlogon - ok
14:05:48.0544 3060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:05:48.0607 3060 Netman - ok
14:05:48.0700 3060 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:48.0716 3060 NetMsmqActivator - ok
14:05:48.0731 3060 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:48.0747 3060 NetPipeActivator - ok
14:05:48.0778 3060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:05:48.0856 3060 netprofm - ok
14:05:48.0903 3060 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:48.0919 3060 NetTcpActivator - ok
14:05:48.0919 3060 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:48.0934 3060 NetTcpPortSharing - ok
14:05:49.0059 3060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:05:49.0075 3060 nfrd960 - ok
14:05:49.0106 3060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:05:49.0168 3060 NlaSvc - ok
14:05:49.0215 3060 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
14:05:49.0231 3060 NPF - ok
14:05:49.0262 3060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:05:49.0293 3060 Npfs - ok
14:05:49.0324 3060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:05:49.0371 3060 nsi - ok
14:05:49.0387 3060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:05:49.0433 3060 nsiproxy - ok
14:05:49.0527 3060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:05:49.0589 3060 Ntfs - ok
14:05:49.0683 3060 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:05:49.0699 3060 NuidFltr - ok
14:05:49.0714 3060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:05:49.0761 3060 Null - ok
14:05:49.0808 3060 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:05:49.0855 3060 NVENETFD - ok
14:05:50.0572 3060 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:05:50.0791 3060 nvlddmkm - ok
14:05:50.0931 3060 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:05:50.0931 3060 NVNET - ok
14:05:50.0978 3060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:05:50.0993 3060 nvraid - ok
14:05:51.0025 3060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:05:51.0040 3060 nvstor - ok
14:05:51.0071 3060 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
14:05:51.0087 3060 nvstor64 - ok
14:05:51.0181 3060 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
14:05:51.0212 3060 nvsvc - ok
14:05:51.0337 3060 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:05:51.0383 3060 nvUpdatusService - ok
14:05:51.0477 3060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:05:51.0493 3060 nv_agp - ok
14:05:51.0508 3060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:05:51.0524 3060 ohci1394 - ok
14:05:51.0586 3060 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:05:51.0602 3060 ose - ok
14:05:51.0898 3060 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:05:52.0039 3060 osppsvc - ok
14:05:52.0148 3060 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
14:05:52.0163 3060 ossrv - ok
14:05:52.0195 3060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:52.0241 3060 p2pimsvc - ok
14:05:52.0273 3060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:05:52.0304 3060 p2psvc - ok
14:05:52.0335 3060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:05:52.0366 3060 Parport - ok
14:05:52.0382 3060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:05:52.0397 3060 partmgr - ok
14:05:52.0429 3060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:05:52.0475 3060 PcaSvc - ok
14:05:52.0522 3060 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:05:52.0538 3060 pccsmcfd - ok
14:05:52.0569 3060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:05:52.0600 3060 pci - ok
14:05:52.0600 3060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:05:52.0616 3060 pciide - ok
14:05:52.0631 3060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:05:52.0663 3060 pcmcia - ok
14:05:52.0678 3060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:05:52.0694 3060 pcw - ok
14:05:52.0741 3060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:05:52.0803 3060 PEAUTH - ok
14:05:52.0881 3060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:05:52.0897 3060 PerfHost - ok
14:05:52.0990 3060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:05:53.0068 3060 pla - ok
14:05:53.0131 3060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:05:53.0177 3060 PlugPlay - ok
14:05:53.0209 3060 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:05:53.0224 3060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:53.0224 3060 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:53.0255 3060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:05:53.0271 3060 PNRPAutoReg - ok
14:05:53.0287 3060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:53.0302 3060 PNRPsvc - ok
14:05:53.0349 3060 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:05:53.0365 3060 Point64 - ok
14:05:53.0411 3060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:05:53.0474 3060 PolicyAgent - ok
14:05:53.0505 3060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:05:53.0567 3060 Power - ok
14:05:53.0599 3060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:05:53.0645 3060 PptpMiniport - ok
14:05:53.0661 3060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:05:53.0692 3060 Processor - ok
14:05:53.0723 3060 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:05:53.0770 3060 ProfSvc - ok
14:05:53.0801 3060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:53.0801 3060 ProtectedStorage - ok
14:05:53.0848 3060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:05:53.0895 3060 Psched - ok
14:05:53.0926 3060 pwdrvio (ff40216a382b30cc39372b889ae1f785) C:\Windows\system32\pwdrvio.sys
14:05:53.0942 3060 pwdrvio - ok
14:05:53.0957 3060 pwdspio (bd08a9cdf23502b1c141d52d9d6a6648) C:\Windows\system32\pwdspio.sys
14:05:53.0973 3060 pwdspio - ok
14:05:54.0035 3060 QDrive - ok
14:05:54.0269 3060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:05:54.0316 3060 ql2300 - ok
14:05:54.0410 3060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:05:54.0441 3060 ql40xx - ok
14:05:54.0472 3060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:05:54.0503 3060 QWAVE - ok
14:05:54.0535 3060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:05:54.0566 3060 QWAVEdrv - ok
14:05:54.0597 3060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:05:54.0628 3060 RasAcd - ok
14:05:54.0659 3060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:05:54.0706 3060 RasAgileVpn - ok
14:05:54.0737 3060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:05:54.0784 3060 RasAuto - ok
14:05:54.0815 3060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:05:54.0847 3060 Rasl2tp - ok
14:05:54.0878 3060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:05:54.0925 3060 RasMan - ok
14:05:54.0940 3060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:05:54.0987 3060 RasPppoe - ok
14:05:55.0018 3060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:05:55.0065 3060 RasSstp - ok
14:05:55.0096 3060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:05:55.0143 3060 rdbss - ok
14:05:55.0159 3060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:05:55.0190 3060 rdpbus - ok
14:05:55.0205 3060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:05:55.0237 3060 RDPCDD - ok
14:05:55.0252 3060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:05:55.0299 3060 RDPENCDD - ok
14:05:55.0299 3060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:05:55.0330 3060 RDPREFMP - ok
14:05:55.0361 3060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:05:55.0393 3060 RDPWD - ok
14:05:55.0439 3060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:05:55.0455 3060 rdyboost - ok
14:05:55.0486 3060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:05:55.0533 3060 RemoteAccess - ok
14:05:55.0564 3060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:05:55.0611 3060 RemoteRegistry - ok
14:05:55.0642 3060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:05:55.0689 3060 RFCOMM - ok
14:05:55.0736 3060 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:05:55.0751 3060 RimUsb - ok
14:05:55.0798 3060 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:05:55.0829 3060 RimVSerPort - ok
14:05:55.0876 3060 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:05:55.0907 3060 ROOTMODEM - ok
14:05:55.0970 3060 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
14:05:55.0985 3060 rpcapd - ok
14:05:56.0017 3060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:05:56.0110 3060 RpcEptMapper - ok
14:05:56.0141 3060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:05:56.0157 3060 RpcLocator - ok
14:05:56.0204 3060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:56.0251 3060 RpcSs - ok
14:05:56.0266 3060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:05:56.0297 3060 rspndr - ok
14:05:56.0313 3060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:56.0329 3060 SamSs - ok
14:05:56.0391 3060 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys
14:05:56.0391 3060 SANDRA - ok
14:05:56.0453 3060 SandraAgentSrv (96f6f3e594d780b7e20fdc94504d4d89) F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe
14:05:56.0485 3060 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
14:05:56.0485 3060 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
14:05:56.0516 3060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:05:56.0531 3060 sbp2port - ok
14:05:56.0578 3060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:05:56.0609 3060 SCardSvr - ok
14:05:56.0625 3060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:05:56.0672 3060 scfilter - ok
14:05:56.0734 3060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:05:56.0812 3060 Schedule - ok
14:05:56.0843 3060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:56.0875 3060 SCPolicySvc - ok
14:05:56.0906 3060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:05:56.0937 3060 SDRSVC - ok
14:05:56.0999 3060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:05:57.0031 3060 secdrv - ok
14:05:57.0062 3060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:05:57.0093 3060 seclogon - ok
14:05:57.0109 3060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:05:57.0171 3060 SENS - ok
14:05:57.0202 3060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:05:57.0233 3060 SensrSvc - ok
14:05:57.0265 3060 Ser2pl (3dc3ec72952bd60c438e397781ff0572) C:\Windows\system32\DRIVERS\ser2pl64.sys
14:05:57.0296 3060 Ser2pl - ok
14:05:57.0311 3060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:05:57.0327 3060 Serenum - ok
14:05:57.0358 3060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:05:57.0374 3060 Serial - ok
14:05:57.0405 3060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:05:57.0421 3060 sermouse - ok
14:05:57.0514 3060 ServiceLayer (279a06aed3727571ad98984d353bd7c7) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:05:57.0545 3060 ServiceLayer - ok
14:05:57.0592 3060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:05:57.0639 3060 SessionEnv - ok
14:05:57.0655 3060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:05:57.0670 3060 sffdisk - ok
14:05:57.0701 3060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:05:57.0733 3060 sffp_mmc - ok
14:05:57.0748 3060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:05:57.0764 3060 sffp_sd - ok
14:05:57.0779 3060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:05:57.0795 3060 sfloppy - ok
14:05:57.0842 3060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:05:57.0889 3060 SharedAccess - ok
14:05:57.0935 3060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:05:57.0982 3060 ShellHWDetection - ok
14:05:57.0998 3060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:05:58.0013 3060 SiSRaid2 - ok
14:05:58.0045 3060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:05:58.0060 3060 SiSRaid4 - ok
14:05:58.0091 3060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:05:58.0138 3060 Smb - ok
14:05:58.0185 3060 snapman (f26aad9adfc9b62ac59a004a913c92da) C:\Windows\system32\DRIVERS\snapman.sys
14:05:58.0216 3060 snapman - ok
14:05:58.0232 3060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:05:58.0263 3060 SNMPTRAP - ok
14:05:58.0279 3060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:05:58.0294 3060 spldr - ok
14:05:58.0341 3060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:05:58.0388 3060 Spooler - ok
14:05:58.0559 3060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:05:58.0700 3060 sppsvc - ok
14:05:58.0778 3060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:05:58.0809 3060 sppuinotify - ok
14:05:58.0871 3060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:05:58.0918 3060 srv - ok
14:05:58.0949 3060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:05:58.0981 3060 srv2 - ok
14:05:59.0012 3060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:05:59.0043 3060 srvnet - ok
14:05:59.0074 3060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:05:59.0121 3060 SSDPSRV - ok
14:05:59.0137 3060 SSHDRV76 - ok
14:05:59.0152 3060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:05:59.0215 3060 SstpSvc - ok
14:05:59.0339 3060 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:05:59.0371 3060 Stereo Service - ok
14:05:59.0386 3060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:05:59.0402 3060 stexstor - ok
14:05:59.0464 3060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:05:59.0542 3060 stisvc - ok
14:05:59.0573 3060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:05:59.0589 3060 swenum - ok
14:05:59.0636 3060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:05:59.0729 3060 swprv - ok
14:06:00.0073 3060 syncagentsrv (dee1262c3bf7784caede42d0ad0262ec) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
14:06:00.0166 3060 syncagentsrv - ok
14:06:00.0322 3060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:06:00.0400 3060 SysMain - ok
14:06:00.0463 3060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:06:00.0494 3060 TabletInputService - ok
14:06:00.0509 3060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:06:00.0572 3060 TapiSrv - ok
14:06:00.0572 3060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:06:00.0619 3060 TBS - ok
14:06:00.0759 3060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:06:00.0837 3060 Tcpip - ok
14:06:01.0009 3060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:06:01.0055 3060 TCPIP6 - ok
14:06:01.0133 3060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:06:01.0180 3060 tcpipreg - ok
14:06:01.0196 3060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:06:01.0211 3060 TDPIPE - ok
14:06:01.0289 3060 tdrpman (7bc43335c778370fd0040d5224d8edeb) C:\Windows\system32\DRIVERS\tdrpman.sys
14:06:01.0336 3060 tdrpman - ok
14:06:01.0367 3060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:06:01.0383 3060 TDTCP - ok
14:06:01.0414 3060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:06:01.0445 3060 tdx - ok
14:06:01.0679 3060 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) F:\Programme\(x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:06:01.0726 3060 TeamViewer7 - ok
14:06:01.0757 3060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:06:01.0773 3060 TermDD - ok
14:06:01.0820 3060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:06:01.0882 3060 TermService - ok
14:06:01.0898 3060 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:06:01.0929 3060 Themes - ok
14:06:01.0960 3060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:06:01.0991 3060 THREADORDER - ok
14:06:02.0054 3060 timounter (7d68eab50df8b71408b645ba8581800e) C:\Windows\system32\DRIVERS\timntr.sys
14:06:02.0101 3060 timounter - ok
14:06:02.0132 3060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:06:02.0179 3060 TrkWks - ok
14:06:02.0241 3060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:06:02.0272 3060 TrustedInstaller - ok
14:06:02.0303 3060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:06:02.0350 3060 tssecsrv - ok
14:06:02.0381 3060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:06:02.0397 3060 TsUsbFlt - ok
14:06:02.0413 3060 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:06:02.0428 3060 TsUsbGD - ok
14:06:02.0444 3060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:06:02.0506 3060 tunnel - ok
14:06:02.0506 3060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:06:02.0522 3060 uagp35 - ok
14:06:02.0553 3060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:06:02.0615 3060 udfs - ok
14:06:02.0647 3060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:06:02.0678 3060 UI0Detect - ok
14:06:02.0693 3060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:06:02.0709 3060 uliagpkx - ok
14:06:02.0725 3060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:06:02.0756 3060 umbus - ok
14:06:02.0771 3060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:06:02.0787 3060 UmPass - ok
14:06:02.0865 3060 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) F:\Programme\(x86)\Unlocker\UnlockerDriver5.sys
14:06:02.0865 3060 UnlockerDriver5 - ok
14:06:02.0912 3060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:06:02.0974 3060 upnphost - ok
14:06:02.0990 3060 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:06:03.0021 3060 usbaudio - ok
14:06:03.0052 3060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:06:03.0068 3060 usbccgp - ok
14:06:03.0099 3060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:06:03.0115 3060 usbcir - ok
14:06:03.0130 3060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:06:03.0161 3060 usbehci - ok
14:06:03.0193 3060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:06:03.0255 3060 usbhub - ok
14:06:03.0271 3060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:06:03.0302 3060 usbohci - ok
14:06:03.0317 3060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:06:03.0349 3060 usbprint - ok
14:06:03.0364 3060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:06:03.0380 3060 usbscan - ok
14:06:03.0411 3060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:06:03.0442 3060 USBSTOR - ok
14:06:03.0458 3060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:06:03.0473 3060 usbuhci - ok
14:06:03.0505 3060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:06:03.0551 3060 UxSms - ok
14:06:03.0567 3060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:06:03.0583 3060 VaultSvc - ok
14:06:03.0614 3060 VBoxDrv (ba20a718e25228b9d69d72e4f19edeb5) C:\Windows\system32\DRIVERS\VBoxDrv.sys
14:06:03.0629 3060 VBoxDrv - ok
14:06:03.0661 3060 VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:06:03.0676 3060 VBoxNetAdp - ok
14:06:03.0692 3060 VBoxNetFlt (8b86a00d13e2dcbfe320061f3435faff) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
14:06:03.0707 3060 VBoxNetFlt - ok
14:06:03.0739 3060 VBoxUSBMon (cec73cea22b7258c0a8f2354dc49d25c) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
14:06:03.0754 3060 VBoxUSBMon - ok
14:06:03.0770 3060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:06:03.0785 3060 vdrvroot - ok
14:06:03.0832 3060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:06:03.0910 3060 vds - ok
14:06:03.0926 3060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:06:03.0941 3060 vga - ok
14:06:03.0957 3060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:06:04.0004 3060 VgaSave - ok
14:06:04.0019 3060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
14:06:04.0051 3060 vhdmp - ok
14:06:04.0066 3060 VHidKbd (30f4fc19a72d01eea474912bf38f9af9) C:\Windows\system32\DRIVERS\jdngrcvkbd.sys
14:06:04.0082 3060 VHidKbd - ok
14:06:04.0097 3060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:06:04.0113 3060 viaide - ok
14:06:04.0129 3060 vididr (acbcbd8421920d20f1f40b6f76a4c213) C:\Windows\system32\DRIVERS\vididr.sys
14:06:04.0160 3060 vididr - ok
14:06:04.0191 3060 vidsflt67 (905dd422d28a32face8ae695b3823843) C:\Windows\system32\DRIVERS\vsflt67.sys
14:06:04.0207 3060 vidsflt67 - ok
14:06:04.0253 3060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:06:04.0269 3060 volmgr - ok
14:06:04.0347 3060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:06:04.0363 3060 volmgrx - ok
14:06:04.0394 3060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:06:04.0425 3060 volsnap - ok
14:06:04.0456 3060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:06:04.0472 3060 vsmraid - ok
14:06:04.0581 3060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:06:04.0659 3060 VSS - ok
14:06:04.0753 3060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:06:04.0784 3060 vwifibus - ok
14:06:04.0909 3060 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
14:06:04.0955 3060 VX1000 - ok
14:06:05.0065 3060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:06:05.0111 3060 W32Time - ok
14:06:05.0143 3060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:06:05.0174 3060 WacomPen - ok
14:06:05.0205 3060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:05.0252 3060 WANARP - ok
14:06:05.0252 3060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:05.0299 3060 Wanarpv6 - ok
14:06:05.0392 3060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:06:05.0439 3060 wbengine - ok
14:06:05.0517 3060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:06:05.0548 3060 WbioSrvc - ok
14:06:05.0579 3060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:06:05.0626 3060 wcncsvc - ok
14:06:05.0642 3060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:06:05.0673 3060 WcsPlugInService - ok
14:06:05.0720 3060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:06:05.0735 3060 Wd - ok
14:06:05.0782 3060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:06:05.0813 3060 Wdf01000 - ok
14:06:05.0845 3060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:06:05.0876 3060 WdiServiceHost - ok
14:06:05.0876 3060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:06:05.0907 3060 WdiSystemHost - ok
14:06:05.0938 3060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:06:05.0985 3060 WebClient - ok
14:06:06.0016 3060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:06:06.0063 3060 Wecsvc - ok
14:06:06.0079 3060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:06:06.0125 3060 wercplsupport - ok
14:06:06.0157 3060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:06:06.0188 3060 WerSvc - ok
14:06:06.0266 3060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:06:06.0297 3060 WfpLwf - ok
14:06:06.0313 3060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:06:06.0328 3060 WIMMount - ok
14:06:06.0359 3060 WinDefend - ok
14:06:06.0375 3060 WinHttpAutoProxySvc - ok
14:06:06.0422 3060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:06:06.0469 3060 Winmgmt - ok
14:06:06.0578 3060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:06:06.0671 3060 WinRM - ok
14:06:06.0796 3060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:06:06.0843 3060 Wlansvc - ok
14:06:06.0905 3060 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:06:06.0921 3060 wlcrasvc - ok
14:06:07.0077 3060 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:06:07.0124 3060 wlidsvc - ok
14:06:07.0217 3060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:06:07.0249 3060 WmiAcpi - ok
14:06:07.0327 3060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:06:07.0358 3060 wmiApSrv - ok
14:06:07.0389 3060 WMPNetworkSvc - ok
14:06:07.0405 3060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:06:07.0420 3060 WPCSvc - ok
14:06:07.0436 3060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:06:07.0467 3060 WPDBusEnum - ok
14:06:07.0483 3060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:06:07.0514 3060 ws2ifsl - ok
14:06:07.0529 3060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:06:07.0561 3060 wscsvc - ok
14:06:07.0576 3060 WSearch - ok
14:06:07.0717 3060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:06:07.0810 3060 wuauserv - ok
14:06:07.0904 3060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:06:07.0951 3060 WudfPf - ok
14:06:07.0982 3060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:06:08.0029 3060 WUDFRd - ok
14:06:08.0060 3060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:06:08.0091 3060 wudfsvc - ok
14:06:08.0122 3060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:06:08.0185 3060 WwanSvc - ok
14:06:08.0247 3060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:06:08.0590 3060 \Device\Harddisk0\DR0 - ok
14:06:08.0606 3060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:06:09.0011 3060 \Device\Harddisk1\DR1 - ok
14:06:09.0043 3060 Boot (0x1200) (c83ed0eee426c0839a533a17880c6ff5) \Device\Harddisk0\DR0\Partition0
14:06:09.0043 3060 \Device\Harddisk0\DR0\Partition0 - ok
14:06:09.0058 3060 Boot (0x1200) (cec29872ffb6e82bd673504c7c3d64ab) \Device\Harddisk0\DR0\Partition1
14:06:09.0058 3060 \Device\Harddisk0\DR0\Partition1 - ok
14:06:09.0074 3060 Boot (0x1200) (6566ee2346a58440a14c6e1df593ccfd) \Device\Harddisk0\DR0\Partition2
14:06:09.0074 3060 \Device\Harddisk0\DR0\Partition2 - ok
14:06:09.0105 3060 Boot (0x1200) (9fa02af3aeb0706d46302b33a8704a7b) \Device\Harddisk1\DR1\Partition0
14:06:09.0105 3060 \Device\Harddisk1\DR1\Partition0 - ok
14:06:09.0121 3060 Boot (0x1200) (148e2e210f4610ba27652a7de6c5f90e) \Device\Harddisk1\DR1\Partition1
14:06:09.0121 3060 \Device\Harddisk1\DR1\Partition1 - ok
14:06:09.0136 3060 Boot (0x1200) (a752fa1dd19bd91be115edbdd66087dc) \Device\Harddisk1\DR1\Partition2
14:06:09.0136 3060 \Device\Harddisk1\DR1\Partition2 - ok
14:06:09.0136 3060 ============================================================
14:06:09.0136 3060 Scan finished
14:06:09.0136 3060 ============================================================
14:06:09.0152 5724 Detected object count: 11
14:06:09.0152 5724 Actual detected object count: 11
14:07:09.0693 5724 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 Ltn_stk7070P_64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 Ltn_stk7070P_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0693 5724 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0693 5724 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0709 5724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0709 5724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:07:09.0709 5724 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:09.0709 5724 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
AnDan |
|
20.07.2012, 18:05
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore Verbindung mit Facebook? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
23.07.2012, 09:51
| #19 |
| | iexplore Verbindung mit Facebook? HAllo, hier isr der ComboFix Log: Code:
ATTFilter ComboFix 12-07-20.02 - ***** 20.07.2012 21:09:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.5119.3474 [GMT 2:00]
ausgeführt von:: d:\download\AntiVir\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
e:\temp\{17552F59-A685-4F47-B832-02553A7BE0A6}\fpb.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-22 bis 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-19 06:03 . 2012-07-19 06:03 -------- d-----w- c:\users\*****\AppData\Local\Macromedia
2012-07-17 12:32 . 2012-07-17 12:32 -------- d-----w- c:\program files (x86)\WinPcap
2012-07-17 12:29 . 2012-07-17 12:34 -------- d-----w- c:\users\*****\AppData\Roaming\Wireshark
2012-07-15 14:10 . 2012-07-15 14:10 -------- d-----w- c:\program files (x86)\ESET
2012-07-11 10:22 . 2012-07-11 10:22 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2012-07-11 10:22 . 2012-07-11 10:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-11 10:22 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 06:23 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 01:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:59 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 01:59 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 01:59 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 01:59 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 01:59 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 09:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-09 07:25 . 2012-07-09 07:25 -------- d-----w- c:\users\*****\AppData\Roaming\AVM
2012-07-05 14:51 . 2012-07-05 14:51 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-07-05 14:51 . 2012-07-05 14:51 -------- d-----w- c:\users\*****\AppData\Roaming\4B71C6F2-7AFC-4240-827F-FEC445F51B6B
2012-07-05 14:51 . 2012-07-05 14:51 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-07-05 14:51 . 2012-07-05 14:51 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-07-05 14:51 . 2012-07-05 14:51 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
2012-06-25 15:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 15:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 15:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 15:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 15:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 15:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 15:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 15:10 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 15:10 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 10:49 . 2012-04-07 14:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 10:49 . 2012-01-07 19:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:21 . 2012-01-07 17:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 14:51 . 2012-01-09 13:39 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-07-05 14:51 . 2012-01-09 13:39 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-07-05 14:51 . 2012-01-09 13:39 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-05-22 12:26 . 2012-05-31 15:44 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 12:26 . 2012-05-31 15:44 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-15 10:48 . 2012-05-24 12:38 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 12:38 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-24 12:38 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 12:38 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 12:38 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 12:38 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-24 12:38 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 12:38 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 12:38 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 12:38 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-24 12:38 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-24 12:38 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-24 12:38 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 12:38 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-03-02 09:02 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-02 09:02 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-02 09:02 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-03-02 09:02 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-02 09:02 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-03-02 09:02 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-02 09:02 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-03-02 09:04 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-03-02 09:04 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-02 09:04 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-03-02 09:04 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-02 09:04 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-03-02 09:04 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-05 09:37 . 2012-05-05 09:37 39424 ----a-w- c:\windows\system32\udefrag.exe
2012-05-05 09:37 . 2012-05-05 09:37 7168 ----a-w- c:\windows\system32\hibernate4win.exe
2012-05-05 09:37 . 2012-05-05 09:37 12800 ----a-w- c:\windows\system32\bootexctrl.exe
2012-05-05 09:37 . 2012-05-05 09:37 31232 ----a-w- c:\windows\system32\wgx.dll
2012-05-05 09:37 . 2012-05-05 09:37 204288 ----a-w- c:\windows\system32\lua5.1a.dll
2012-05-05 09:37 . 2012-05-05 09:37 62464 ----a-w- c:\windows\system32\udefrag.dll
2012-05-05 09:37 . 2012-05-05 09:37 98816 ----a-w- c:\windows\system32\zenwinx.dll
2012-05-05 09:37 . 2012-05-05 09:37 166400 ----a-w- c:\windows\system32\defrag_native.exe
2012-05-04 11:06 . 2012-06-13 09:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 10:27 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 09:10 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:10 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 10:27 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 09:10 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 09:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 09:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 09:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 09:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 09:10 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 09:10 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 09:10 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 09:10 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 09:10 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 09:10 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-05-30 12:57 496016 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\*****\AppData\Local\Apps\2.0\6NLOL0XP.XBE\1Y3EEC9L.7RD\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-01-11 147456]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 5993136]
"HP Software Update"="f:\programme\(x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"MMReminderService"="f:\programme\(x86)\Mindjet\MindManager 7\MMReminderService.exe" [2008-04-09 37144]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"hpqSRMon"="f:\programme\(x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Acrobat Assistant 8.0"="f:\programme\(x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2011-12-24 202296]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-27 1173680]
"Malwarebytes' Anti-Malware"="f:\programme\(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - f:\programme\(x86)\Microsoft Office 2003\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Quicken 2012 Zahlungserinnerung.lnk - c:\windows\Installer\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe [2012-1-9 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-13 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-13 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
R3 jdngrcmrpd;jdngrcmrpd;c:\windows\system32\DRIVERS\jdngrcmrpd.sys [2011-04-11 6144]
R3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [2007-10-19 543232]
R3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [2007-10-19 16256]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 QDrive;QDrive;e:\temp\QDrive.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [2008-12-12 95896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-07-05 137312]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-07-05 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-07-05 146528]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-07-05 3491792]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 MBAMService;MBAMService;f:\programme\(x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-27 5924008]
S2 TeamViewer7;TeamViewer 7;f:\programme\(x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-07-05 367200]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-11 116096]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
S3 VHidKbd;Hitachi Remote Control Virtual HID Keyboard;c:\windows\system32\DRIVERS\jdngrcvkbd.sys [2011-04-07 7296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:49]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 08:44]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 08:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2011-12-24 10:24 284560 ----a-w- f:\programme\(x86)\Kaspersky Lab\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 403656]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = ***.***.***.***.
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ppv1iju7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\programme\(x86)\NetBak\Enclosure.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-22 20:31:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-22 18:31
.
Vor Suchlauf: 10 Verzeichnis(se), 167.933.734.912 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 167.453.069.312 Bytes frei
.
- - End Of File - - 9C26D2C86EBB5BDB3242B691C8179617
AnDan |
|
23.07.2012, 15:07
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore Verbindung mit Facebook? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 14:38
| #21 |
| | iexplore Verbindung mit Facebook? HAllo, bin leider beruflich etwas unterwegs gewesen. Hier die Logs, GMR: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-27 09:52:05
Windows 6.1.7601 Service Pack 1
Running: yjiycqbt.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00046180c29b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00046180c29b@002106c5bc97 0x92 0x81 0xDA 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000761170d4b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000761170d4b@00076118678b 0x3B 0xE7 0xCD 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000761170d4b@00076118efcd 0xE3 0xCF 0x83 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00046180c29b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00046180c29b@002106c5bc97 0x92 0x81 0xDA 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000761170d4b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000761170d4b@00076118678b 0x3B 0xE7 0xCD 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000761170d4b@00076118efcd 0xE3 0xCF 0x83 0x9B ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:30:50 on 27.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\AudioCS\CTAudCS.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LHidFilt.Sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "PCTV based TV tuner device" (Ltn_stk7070P_64) - "LITEON" - C:\Windows\System32\DRIVERS\Ltn_stk7070P_64.sys "pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys (File found, but it contains no detailed information) "pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys (File found, but it contains no detailed information) "QDrive" (QDrive) - ? - e:\Temp\QDrive.sys (File not found) "SANDRA" (SANDRA) - "SiSoftware" - F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys "SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\L8042Kbd.sys "SSHDRV76" (SSHDRV76) - ? - C:\Windows\system32\drivers\SSHDRV76.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\VISSHE.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - F:\PROGRA~1\(x86)\MICROS~1\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONFILTER.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - F:\PROGRA~1\(x86)\MICROS~1\OFFICE11\OLKFSTUB.DLL {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {E705A591-DA3C-4228-B0D5-A356DBA42FBF} "Creative Software AutoUpdate 2" - "Creative Technology Ltd" - C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTSUEng.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab {F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab {D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab {85C86CCC-2158-4123-9C7D-785190CED875} "dp Launcher Plugin" - "digital publishing AG" - C:\Windows\DOWNLO~1\DPLAUN~1.OCX / https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab {99FE5072-78AA-4FEE-89BA-69A5FA55343F} "IGDTester Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\igdtoolx.dll / hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {05317530-B882-449D-9421-18D94FA3ED34} "OSInfo Control" - "hiChannel" - C:\Windows\OSInfo.ocx / hxxp://w3.sis.com/ocis/OSInfo.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab {16095503-786F-4097-AED6-5D567A26D760} "SiS_OCX Control" - "SiS" - C:\Windows\SiS_OCX.ocx / hxxp://w3.sis.com/ocis/SiSAutodetectNT.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" - "Cisco WebEx LLC" - F:\Programme\(x86)\webex\ieatgpc.dll / -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - F:\PROGRA~1\(x86)\MICROS~1\OFFICE11\REFIEBAR.DLL {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - F:\PROGRA~1\(x86)\MICROS~1\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\+++++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Quicken 2012 Zahlungserinnerung.lnk" - "Haufe-Lexware GmbH & Co. KG" - F:\Programme\(x86)\Lexware\Quicken\2012\billmind.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\+++++\AppData\Local\Apps\2.0\Z7CMGQ70.0O8\HNQE0M7P.CXD\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" "CTxfiHlp" - ? - CTXFIHLP.EXE (File not found) "HP Software Update" - "Hewlett-Packard" - F:\Programme\(x86)\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - F:\Programme\(x86)\HP\Digital Imaging\bin\hpqSRMon.exe "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "LifeCam" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MMReminderService" - "Mindjet" - F:\Programme\(x86)\Mindjet\MindManager 7\MMReminderService.exe "RIMBBLaunchAgent.exe" - "Research In Motion Limited" - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe "TrueImageMonitor.exe" - "Acronis" - "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF64.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "Acronis Nonstop Backup Service" (afcdpsrv) - "Acronis" - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe "Acronis Sync Agent Service" (syncagentsrv) - "Acronis" - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe "Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe "Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - F:\Programme\(x86)\HP\Digital Imaging\bin\hpqcxs08.dll "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS64.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files (x86)\WinPcap\rpcapd.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - F:\Programme\(x86)\TeamViewer\Version7\TeamViewer_Service.exe "Verwaltungsservice vom CryproStorage-System" (CSObjectsSrv) - "Infowatch" - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-27 10:38:01
-----------------------------
10:38:01.442 OS Version: Windows x64 6.1.7601 Service Pack 1
10:38:01.442 Number of processors: 4 586 0xF0B
10:38:01.442 ComputerName: ******** UserName: +++++
10:38:03.033 Initialize success
10:38:07.682 AVAST engine defs: 12072602
10:40:32.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
10:40:32.169 Disk 0 Vendor: ST336032 3.AA Size: 343399MB BusType: 3
10:40:32.185 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000072
10:40:32.185 Disk 1 Vendor: ST336032 3.AA Size: 343399MB BusType: 3
10:40:32.216 Disk 0 MBR read successfully
10:40:32.216 Disk 0 MBR scan
10:40:32.232 Disk 0 Windows 7 default MBR code
10:40:32.232 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
10:40:32.294 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 204729 MB offset 24578048
10:40:32.294 Disk 0 Partition - 00 0F Extended LBA 16871 MB offset 443863040
10:40:32.325 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 109797 MB offset 478414848
10:40:32.388 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 16870 MB offset 443865088
10:40:32.450 Disk 0 scanning C:\Windows\system32\drivers
10:40:45.242 Service scanning
10:41:02.777 Service SANDRA F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys **LOCKED** 32
10:41:10.545 Modules scanning
10:41:10.545 Disk 0 trace - called modules:
10:41:10.561
10:41:10.561 Scan finished successfully
10:42:52.211 Disk 0 MBR has been saved successfully to "D:\download\AntiVir\MBR.dat"
10:42:52.211 The log file has been saved successfully to "D:\download\AntiVir\aswMBR_Log.txt"
AnDan |
|
27.07.2012, 15:27
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore Verbindung mit Facebook? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 07:21
| #23 |
| | iexplore Verbindung mit Facebook? HAllo, anbei die beiden Logs. mbam-log-2012-07-29: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 +++++:: ********** [Administrator] 29.07.2012 13:08:50 mbam-log-2012-07-29 (13-08-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 438650 Laufzeit: 1 Stunde(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/29/2012 at 05:01 PM
Application Version : 5.5.1012
Core Rules Database Version : 8977
Trace Rules Database Version: 6789
Scan type : Complete Scan
Total Scan Time : 00:52:52
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 694
Memory threats detected : 0
Registry items scanned : 68299
Registry threats detected : 0
File items scanned : 90027
File threats detected : 17
Adware.Tracking Cookie
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\STGCH89S.txt [ Cookie:+++++@apmebf.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQTA4GOI.txt [ Cookie:+++++@doubleclick.net/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\H186SHCJ.txt [ Cookie:+++++@tracking.klicktel.de/dcsbusili10000cl8aqvw6567_6w4v ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJK5FDLR.txt [ Cookie:+++++@imrworldwide.com/cgi-bin ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2H4B7FQ.txt [ Cookie:+++++@ad.zanox.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\M32DU9QV.txt [ Cookie:+++++@zanox-affiliate.de/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\H17ZZ3UB.txt [ Cookie:+++++@ad1.adfarm1.adition.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\9F7BS396.txt [ Cookie:+++++@ad2.adfarm1.adition.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\KFW5AIUH.txt [ Cookie:+++++@invitemedia.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6S1SRFG.txt [ Cookie:+++++@tradedoubler.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\9WQHWG87.txt [ Cookie:+++++@traffictrack.de/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJESSY4Y.txt [ Cookie:+++++@zanox.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\14IR46T8.txt [ Cookie:+++++@xiti.com/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJ7GDCOE.txt [ Cookie:+++++@revsci.net/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYNYEKHD.txt [ Cookie:+++++@www.etracker.de/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\WH8HOFXG.txt [ Cookie:+++++@tracking.klicktel.de/ ]
C:\USERS\+++++\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKF22UR7.txt [ Cookie:+++++@adtech.de/ ]
AnDan |
|
30.07.2012, 09:43
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore Verbindung mit Facebook? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 10:28
| #25 |
| | iexplore Verbindung mit Facebook? Hallo, die Cookies fliegen bei mir in unregelmäßigen Abständen, ca alle 3 Tage vom Rechner. Bei meinem Rechner kann ich auch keine Auffäligkeiten weiter feststellen. Somit habe ich, hoffe ich, erstmal Ruhe. Aber woher kam denn diese Facebook Verbindung, bzw. was hat es damit auf sich. Können die installierten Programme eigentlich wieder runter? Vielen, vielen Dank für Eure Unterstützung. Andan |
|
30.07.2012, 15:35
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore Verbindung mit Facebook? Das mit der facebookverbindung kann ich nicht nachvollziehen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu iexplore Verbindung mit Facebook? |
| administrator, adobe, adobe flash player, alternate, autorun, bho, document, download, error, explorer, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, iexplore, intranet, kaspersky, langs, locker, logfile, maleware, microsoft, microsoft office 2003, monitor, nvidia, nvidia update, plug-in, programme, registry, ressourcenmonitor, scan, searchscopes, senden, tastatur, warum, windows xp |
Linear-Darstellung
