| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2012, 20:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} - No CLSID value found
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes,DefaultScope = {8CADF081-C10D-47E8-A0E7-20B236C7687E}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=ED36A7E0-5C95-4AB8-8C09-627A98C536C5&apn_sauid=7410988B-BF73-4AFF-A876-070C0D8CBA1D
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}: "URL" = http://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=181099&p={searchTerms}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 12:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.07.23 17:37:33 | 000,000,592 | ---- | M] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.23 17:29:02 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:49 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5r
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CEE4A457
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:93B0BB6F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:3BF63E4A
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DA9DB01
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:AE9DFC85
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3E7C402E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DB051353
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:D770A15D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:092DD1DD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F35AE645
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BB718C46
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4B70A9FA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:33A7CC67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2ABB51D4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6EA64886
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:63C68F03
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2530BFBE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:90FA53E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:34C443B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2CED8825
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9CF728A6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2DC35960
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3A4676D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:06C34166
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4A906D4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:349E5B74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:242E63C5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BAFAD1DF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:58EB307C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E40D7F76
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0ACF1AF5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FCBEDCFD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EB2D2CC5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C458CC0A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BC1F7CAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:18A6D2CC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B285A50E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3C0887BF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:28819F45
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A1A86E40
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7BBC3CCD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6DDD2723
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:54F0BBF5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:7425C891
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A17CCD03
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:36A39835
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2C86E2AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0968E571
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6423D635
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E32D2701
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6D5A15BF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7EBCAF87
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DEE46C4E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7BE5BAAB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:88050731
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:DD6F157A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:723E56EC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:E9B2C525
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.08.2012, 11:35
| #17 |
 | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hallo Arne,
__________________hier das file All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ deleted successfully. C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c98be8db-5fd4-4455-9bb2-a3e1ae5a325b}\ not found. HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CADF081-C10D-47E8-A0E7-20B236C7687E}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A638CBD1-8BCB-465B-B483-F2FC8195234B}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE291BCA-9FD8-4E2E-A180-6911D574E358}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8B381EF-841B-4827-9618-5AB4BD966BD2}\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}\ not found. Prefs.js: "" removed from browser.startup.homepage Prefs.js: "" removed from browser.startup.homepage Prefs.js: "" removed from browser.search.selectedEngine Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.startup.homepage Prefs.js: "" removed from browser.search.selectedEngine Prefs.js: "" removed from browser.search.defaultenginename Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found. File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found. File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}\ not found. File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully. Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18d93536-f729-11df-84da-54ed87e48d15}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18d93536-f729-11df-84da-54ed87e48d15}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\AutoRun.exe not found. C:\ProgramData\UVMAhz1x7mghI5 moved successfully. C:\ProgramData\-UVMAhz1x7mghI5 moved successfully. C:\ProgramData\-UVMAhz1x7mghI5r moved successfully. ADS C:\ProgramData\Temp:1A4BF204 deleted successfully. ADS C:\ProgramData\Temp:CEE4A457 deleted successfully. ADS C:\ProgramData\Temp:8E9C9E8F deleted successfully. ADS C:\ProgramData\Temp:93B0BB6F deleted successfully. ADS C:\ProgramData\Temp:3BF63E4A deleted successfully. ADS C:\ProgramData\Temp:0E22C5DB deleted successfully. ADS C:\ProgramData\Temp:12EA4DC9 deleted successfully. ADS C:\ProgramData\Temp:BDCD0530 deleted successfully. ADS C:\ProgramData\Temp:8DA9DB01 deleted successfully. ADS C:\ProgramData\Temp  987CB43 deleted successfully.ADS C:\ProgramData\Temp:07BF512B deleted successfully. ADS C:\ProgramData\Temp:6A9CA6CB deleted successfully. ADS C:\ProgramData\Temp:AE9DFC85 deleted successfully. ADS C:\ProgramData\Temp:6757F885 deleted successfully. ADS C:\ProgramData\Temp:3E7C402E deleted successfully. ADS C:\ProgramData\Temp:10873493 deleted successfully. ADS C:\ProgramData\Temp:E5BA9ADD deleted successfully. ADS C:\ProgramData\Temp B051353 deleted successfully.ADS C:\ProgramData\Temp:639BB5E9 deleted successfully. ADS C:\ProgramData\Temp:5DB36C47 deleted successfully. ADS C:\ProgramData\Temp:5C4A588B deleted successfully. ADS C:\ProgramData\Temp:51E83E25 deleted successfully. ADS C:\ProgramData\Temp:258D2F8B deleted successfully. ADS C:\ProgramData\Temp:F3591DDB deleted successfully. ADS C:\ProgramData\Temp:E153075C deleted successfully. ADS C:\ProgramData\Temp:CAF8DAC8 deleted successfully. ADS C:\ProgramData\Temp:B6E58523 deleted successfully. ADS C:\ProgramData\Temp:AE289451 deleted successfully. ADS C:\ProgramData\Temp:363E775E deleted successfully. ADS C:\ProgramData\Temp 770A15D deleted successfully.ADS C:\ProgramData\Temp:3A4C8FE7 deleted successfully. ADS C:\ProgramData\Temp:092DD1DD deleted successfully. ADS C:\ProgramData\Temp:78696BCD deleted successfully. ADS C:\ProgramData\Temp:5CD70138 deleted successfully. ADS C:\ProgramData\Temp:F35AE645 deleted successfully. ADS C:\ProgramData\Temp:E9900C74 deleted successfully. ADS C:\ProgramData\Temp:BB718C46 deleted successfully. ADS C:\ProgramData\Temp:99AC3203 deleted successfully. ADS C:\ProgramData\Temp:4B70A9FA deleted successfully. ADS C:\ProgramData\Temp:46283136 deleted successfully. ADS C:\ProgramData\Temp:33A7CC67 deleted successfully. ADS C:\ProgramData\Temp:FD786DCA deleted successfully. ADS C:\ProgramData\Temp:908A1B53 deleted successfully. ADS C:\ProgramData\Temp:384AA0FD deleted successfully. ADS C:\ProgramData\Temp:2EB79F01 deleted successfully. ADS C:\ProgramData\Temp:2ABB51D4 deleted successfully. ADS C:\ProgramData\Temp:F98E6C67 deleted successfully. ADS C:\ProgramData\Temp:884C7316 deleted successfully. ADS C:\ProgramData\Temp:6EA64886 deleted successfully. ADS C:\ProgramData\Temp:63C68F03 deleted successfully. ADS C:\ProgramData\Temp:2530BFBE deleted successfully. ADS C:\ProgramData\Temp:BF640EE5 deleted successfully. ADS C:\ProgramData\Temp:90FA53E2 deleted successfully. ADS C:\ProgramData\Temp:6EE8565A deleted successfully. ADS C:\ProgramData\Temp:2B9555D8 deleted successfully. ADS C:\ProgramData\Temp 4558A0B deleted successfully.ADS C:\ProgramData\Temp:C0A2E219 deleted successfully. ADS C:\ProgramData\Temp:34C443B4 deleted successfully. ADS C:\ProgramData\Temp:2F8138B7 deleted successfully. ADS C:\ProgramData\Temp:2CED8825 deleted successfully. ADS C:\ProgramData\Temp:F89F2593 deleted successfully. ADS C:\ProgramData\Temp:C43C957E deleted successfully. ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully. ADS C:\ProgramData\Temp:4EC7F009 deleted successfully. ADS C:\ProgramData\Temp:39EDBD33 deleted successfully. ADS C:\ProgramData\Temp:1234ADAE deleted successfully. ADS C:\ProgramData\Temp:F13867C6 deleted successfully. ADS C:\ProgramData\Temp:9CF728A6 deleted successfully. ADS C:\ProgramData\Temp:44E16D4A deleted successfully. ADS C:\ProgramData\Temp:2DC35960 deleted successfully. ADS C:\ProgramData\Temp:1B389835 deleted successfully. ADS C:\ProgramData\Temp:C37283B5 deleted successfully. ADS C:\ProgramData\Temp:A2B3764A deleted successfully. ADS C:\ProgramData\Temp:1B3549F2 deleted successfully. ADS C:\ProgramData\Temp:18DEBC51 deleted successfully. ADS C:\ProgramData\Temp:16F4BC64 deleted successfully. ADS C:\ProgramData\Temp:0E61938B deleted successfully. ADS C:\ProgramData\Temp:F67947AF deleted successfully. ADS C:\ProgramData\Temp:BD8010FE deleted successfully. ADS C:\ProgramData\Temp:A6B07419 deleted successfully. ADS C:\ProgramData\Temp:4E79C4F8 deleted successfully. ADS C:\ProgramData\Temp:3A4676D7 deleted successfully. ADS C:\ProgramData\Temp:10B970A9 deleted successfully. ADS C:\ProgramData\Temp:06C34166 deleted successfully. ADS C:\ProgramData\Temp:012BC84F deleted successfully. ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully. ADS C:\ProgramData\Temp:4A906D4A deleted successfully. ADS C:\ProgramData\Temp:349E5B74 deleted successfully. ADS C:\ProgramData\Temp:274516E7 deleted successfully. ADS C:\ProgramData\Temp:242E63C5 deleted successfully. ADS C:\ProgramData\Temp:0E5CFA74 deleted successfully. ADS C:\ProgramData\Temp:073139EC deleted successfully. ADS C:\ProgramData\Temp:BA24E689 deleted successfully. ADS C:\ProgramData\Temp:B139DDF3 deleted successfully. ADS C:\ProgramData\Temp:4C49306C deleted successfully. ADS C:\ProgramData\Temp:4C3D5A8B deleted successfully. ADS C:\ProgramData\Temp:E6537A16 deleted successfully. ADS C:\ProgramData\Temp:BAFAD1DF deleted successfully. ADS C:\ProgramData\Temp:8AE92FD3 deleted successfully. ADS C:\ProgramData\Temp:38849DE5 deleted successfully. ADS C:\ProgramData\Temp:87A3A233 deleted successfully. ADS C:\ProgramData\Temp:58EB307C deleted successfully. ADS C:\ProgramData\Temp:3B07E6F4 deleted successfully. ADS C:\ProgramData\Temp:19636FDD deleted successfully. ADS C:\ProgramData\Temp:EC0279DC deleted successfully. ADS C:\ProgramData\Temp:E40D7F76 deleted successfully. ADS C:\ProgramData\Temp:10D45FC3 deleted successfully. ADS C:\ProgramData\Temp:0ACF1AF5 deleted successfully. ADS C:\ProgramData\Temp:04ADB7A6 deleted successfully. ADS C:\ProgramData\Temp:FCBEDCFD deleted successfully. ADS C:\ProgramData\Temp:EB2D2CC5 deleted successfully. ADS C:\ProgramData\Temp 999FFD5 deleted successfully.ADS C:\ProgramData\Temp:C458CC0A deleted successfully. ADS C:\ProgramData\Temp:BC1F7CAE deleted successfully. ADS C:\ProgramData\Temp:9968F0E2 deleted successfully. ADS C:\ProgramData\Temp:90C320E1 deleted successfully. ADS C:\ProgramData\Temp:5E8C18F1 deleted successfully. ADS C:\ProgramData\Temp:51E66512 deleted successfully. ADS C:\ProgramData\Temp:18A6D2CC deleted successfully. ADS C:\ProgramData\Temp:E6708F08 deleted successfully. ADS C:\ProgramData\Temp:B285A50E deleted successfully. ADS C:\ProgramData\Temp:9C2BD975 deleted successfully. ADS C:\ProgramData\Temp:ED0B32CA deleted successfully. ADS C:\ProgramData\Temp:A9056F42 deleted successfully. ADS C:\ProgramData\Temp:07D9FF25 deleted successfully. ADS C:\ProgramData\Temp:E2B84483 deleted successfully. ADS C:\ProgramData\Temp:3C0887BF deleted successfully. ADS C:\ProgramData\Temp:28819F45 deleted successfully. ADS C:\ProgramData\Temp:EA7D76BE deleted successfully. ADS C:\ProgramData\Temp:A1A86E40 deleted successfully. ADS C:\ProgramData\Temp:7E4E56EA deleted successfully. ADS C:\ProgramData\Temp:7BBC3CCD deleted successfully. ADS C:\ProgramData\Temp:6DDD2723 deleted successfully. ADS C:\ProgramData\Temp:54F0BBF5 deleted successfully. ADS C:\ProgramData\Temp:217A2A36 deleted successfully. ADS C:\ProgramData\Temp:823606DE deleted successfully. ADS C:\ProgramData\Temp:7425C891 deleted successfully. ADS C:\ProgramData\Temp:6FD36C4B deleted successfully. ADS C:\ProgramData\Temp:E894A3ED deleted successfully. ADS C:\ProgramData\Temp 576A536 deleted successfully.ADS C:\ProgramData\Temp:BEE39E9B deleted successfully. ADS C:\ProgramData\Temp:A17CCD03 deleted successfully. ADS C:\ProgramData\Temp:9E05DEB0 deleted successfully. ADS C:\ProgramData\Temp:73B78E79 deleted successfully. ADS C:\ProgramData\Temp:36A39835 deleted successfully. ADS C:\ProgramData\Temp:3571475C deleted successfully. ADS C:\ProgramData\Temp:2C86E2AD deleted successfully. ADS C:\ProgramData\Temp:14FA5E46 deleted successfully. ADS C:\ProgramData\Temp:F5FC5DCE deleted successfully. ADS C:\ProgramData\Temp:F5D01D7C deleted successfully. ADS C:\ProgramData\Temp:0968E571 deleted successfully. ADS C:\ProgramData\Temp:F1C8B957 deleted successfully. ADS C:\ProgramData\Temp:ED9B661E deleted successfully. ADS C:\ProgramData\Temp:6423D635 deleted successfully. ADS C:\ProgramData\Temp:57619D72 deleted successfully. ADS C:\ProgramData\Temp:2652902F deleted successfully. ADS C:\ProgramData\Temp:E32D2701 deleted successfully. ADS C:\ProgramData\Temp:6D5A15BF deleted successfully. ADS C:\ProgramData\Temp:58481C6F deleted successfully. ADS C:\ProgramData\Temp:553056F1 deleted successfully. ADS C:\ProgramData\Temp:48862C37 deleted successfully. ADS C:\ProgramData\Temp:A9ABA3FF deleted successfully. ADS C:\ProgramData\Temp:902C848D deleted successfully. ADS C:\ProgramData\Temp:07C99568 deleted successfully. ADS C:\ProgramData\Temp:FACB65E7 deleted successfully. ADS C:\ProgramData\Temp:7EBCAF87 deleted successfully. ADS C:\ProgramData\Temp EE46C4E deleted successfully.ADS C:\ProgramData\Temp:831C6B2D deleted successfully. ADS C:\ProgramData\Temp:7BE5BAAB deleted successfully. ADS C:\ProgramData\Temp:38D2EA83 deleted successfully. ADS C:\ProgramData\Temp:E3615992 deleted successfully. ADS C:\ProgramData\Temp:88050731 deleted successfully. ADS C:\ProgramData\Temp:6C049F97 deleted successfully. ADS C:\ProgramData\Temp:5A2E8BBF deleted successfully. ADS C:\ProgramData\Temp:1604D047 deleted successfully. ADS C:\ProgramData\Temp:E0888117 deleted successfully. ADS C:\ProgramData\Temp D6F157A deleted successfully.ADS C:\ProgramData\Temp:00AA4B31 deleted successfully. ADS C:\ProgramData\Temp:35629AE6 deleted successfully. ADS C:\ProgramData\Temp:43E95997 deleted successfully. ADS C:\ProgramData\Temp:723E56EC deleted successfully. ADS C:\ProgramData\Temp:CC7738DB deleted successfully. ADS C:\ProgramData\Temp:E9B2C525 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: bslap ->Temp folder emptied: 375941889 bytes ->Temporary Internet Files folder emptied: 109460627 bytes ->Java cache emptied: 41259153 bytes ->FireFox cache emptied: 17451877 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 32890880 bytes ->Opera cache emptied: 21375444 bytes ->Flash cache emptied: 1068493 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Johannes ->Temp folder emptied: 322280901 bytes ->Temporary Internet Files folder emptied: 429567190 bytes ->Java cache emptied: 772293 bytes ->Opera cache emptied: 17331620 bytes ->Flash cache emptied: 304300 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 502530513 bytes RecycleBin emptied: 3179214351 bytes Total Files Cleaned = 4.817,00 mb [EMPTYFLASH] User: All Users User: bslap ->Flash cache emptied: 0 bytes User: Default User: Default User User: Johannes ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.56.0 log created on 08072012_121919 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...  |
|
08.08.2012, 15:09
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
08.08.2012, 19:29
| #19 |
| | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hi Arne, hier nun das TDSS-File. 20:23:35.0521 0540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 20:23:35.0537 0540 ============================================================ 20:23:35.0537 0540 Current date / time: 2012/08/08 20:23:35.0537 20:23:35.0537 0540 SystemInfo: 20:23:35.0537 0540 20:23:35.0537 0540 OS Version: 6.1.7600 ServicePack: 0.0 20:23:35.0537 0540 Product type: Workstation 20:23:35.0537 0540 ComputerName: BSLAP-PC 20:23:35.0537 0540 UserName: bslap 20:23:35.0537 0540 Windows directory: C:\Windows 20:23:35.0537 0540 System windows directory: C:\Windows 20:23:35.0537 0540 Processor architecture: Intel x86 20:23:35.0537 0540 Number of processors: 4 20:23:35.0537 0540 Page size: 0x1000 20:23:35.0537 0540 Boot type: Normal boot 20:23:35.0537 0540 ============================================================ 20:23:38.0267 0540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:23:38.0282 0540 ============================================================ 20:23:38.0282 0540 \Device\Harddisk0\DR0: 20:23:38.0298 0540 MBR partitions: 20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A3000 20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B7000, BlocksNum 0xDD19EE5 20:23:38.0313 0540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFD0F24, BlocksNum 0xA8A6AC1 20:23:38.0345 0540 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19877A24, BlocksNum 0xBBB5C9D 20:23:38.0345 0540 ============================================================ 20:23:38.0454 0540 Q: <-> \Device\Harddisk0\DR0\Partition3 20:23:38.0533 0540 C: <-> \Device\Harddisk0\DR0\Partition1 20:23:38.0626 0540 P: <-> \Device\Harddisk0\DR0\Partition2 20:23:38.0626 0540 ============================================================ 20:23:38.0626 0540 Initialize success 20:23:38.0626 0540 ============================================================ 20:24:18.0484 3888 ============================================================ 20:24:18.0484 3888 Scan started 20:24:18.0484 3888 Mode: Manual; SigCheck; TDLFS; 20:24:18.0484 3888 ============================================================ 20:24:19.0186 3888 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys 20:24:19.0264 3888 1394ohci - ok 20:24:19.0296 3888 Acceler (3c189400c996a4301c3f1bd93c9c1a17) C:\Windows\system32\DRIVERS\Acceler.sys 20:24:19.0311 3888 Acceler - ok 20:24:19.0342 3888 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 20:24:19.0358 3888 ACPI - ok 20:24:19.0374 3888 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 20:24:19.0436 3888 AcpiPmi - ok 20:24:19.0498 3888 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 20:24:19.0514 3888 adp94xx - ok 20:24:19.0530 3888 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 20:24:19.0561 3888 adpahci - ok 20:24:19.0576 3888 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 20:24:19.0576 3888 adpu320 - ok 20:24:19.0623 3888 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 20:24:19.0654 3888 AeLookupSvc - ok 20:24:19.0748 3888 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe 20:24:19.0795 3888 AESTFilters - ok 20:24:19.0888 3888 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 20:24:19.0935 3888 AFD - ok 20:24:19.0966 3888 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 20:24:19.0982 3888 agp440 - ok 20:24:20.0029 3888 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 20:24:20.0044 3888 aic78xx - ok 20:24:20.0076 3888 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 20:24:20.0107 3888 ALG - ok 20:24:20.0138 3888 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 20:24:20.0154 3888 aliide - ok 20:24:20.0154 3888 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 20:24:20.0169 3888 amdagp - ok 20:24:20.0169 3888 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 20:24:20.0185 3888 amdide - ok 20:24:20.0200 3888 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 20:24:20.0232 3888 AmdK8 - ok 20:24:20.0247 3888 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 20:24:20.0263 3888 AmdPPM - ok 20:24:20.0310 3888 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 20:24:20.0325 3888 amdsata - ok 20:24:20.0356 3888 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 20:24:20.0372 3888 amdsbs - ok 20:24:20.0403 3888 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 20:24:20.0403 3888 amdxata - ok 20:24:20.0559 3888 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:24:20.0575 3888 AntiVirSchedulerService - ok 20:24:20.0622 3888 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:24:20.0637 3888 AntiVirService - ok 20:24:20.0715 3888 AppHostSvc (ba494509ccd115197450f3ce5b76d7cc) C:\Windows\system32\inetsrv\apphostsvc.dll 20:24:20.0762 3888 AppHostSvc - ok 20:24:20.0778 3888 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 20:24:20.0840 3888 AppID - ok 20:24:20.0887 3888 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 20:24:20.0996 3888 AppIDSvc - ok 20:24:21.0012 3888 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll 20:24:21.0043 3888 Appinfo - ok 20:24:21.0199 3888 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:24:21.0214 3888 Apple Mobile Device - ok 20:24:21.0246 3888 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 20:24:21.0261 3888 AppMgmt - ok 20:24:21.0292 3888 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 20:24:21.0308 3888 arc - ok 20:24:21.0324 3888 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 20:24:21.0339 3888 arcsas - ok 20:24:21.0433 3888 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys 20:24:21.0448 3888 ASPI ( UnsignedFile.Multi.Generic ) - warning 20:24:21.0448 3888 ASPI - detected UnsignedFile.Multi.Generic (1) 20:24:21.0464 3888 ASPI32 (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\system32\drivers\ASPI32.sys 20:24:21.0464 3888 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 20:24:21.0464 3888 ASPI32 - detected UnsignedFile.Multi.Generic (1) 20:24:21.0558 3888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 20:24:21.0636 3888 aspnet_state - ok 20:24:21.0667 3888 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 20:24:21.0714 3888 AsyncMac - ok 20:24:21.0760 3888 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 20:24:21.0776 3888 atapi - ok 20:24:21.0823 3888 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:24:21.0885 3888 AudioEndpointBuilder - ok 20:24:21.0885 3888 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 20:24:21.0932 3888 Audiosrv - ok 20:24:22.0010 3888 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 20:24:22.0026 3888 avgntflt - ok 20:24:22.0088 3888 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 20:24:22.0104 3888 avipbb - ok 20:24:22.0135 3888 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 20:24:22.0150 3888 avkmgr - ok 20:24:22.0244 3888 AVM IGD CTRL Service (6345d23c4e69e35f3d70169153b5d048) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE 20:24:22.0275 3888 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning 20:24:22.0275 3888 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1) 20:24:22.0322 3888 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll 20:24:22.0369 3888 AxInstSV - ok 20:24:22.0416 3888 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 20:24:22.0462 3888 b06bdrv - ok 20:24:22.0494 3888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 20:24:22.0525 3888 b57nd60x - ok 20:24:22.0618 3888 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 20:24:22.0634 3888 BBSvc - ok 20:24:22.0665 3888 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 20:24:22.0681 3888 BBUpdate - ok 20:24:22.0712 3888 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys 20:24:22.0728 3888 BCM42RLY - ok 20:24:22.0868 3888 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys 20:24:22.0915 3888 BCM43XX - ok 20:24:23.0055 3888 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 20:24:23.0071 3888 BDESVC - ok 20:24:23.0118 3888 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 20:24:23.0164 3888 Beep - ok 20:24:23.0211 3888 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll 20:24:23.0274 3888 BFE - ok 20:24:23.0320 3888 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll 20:24:23.0383 3888 BITS - ok 20:24:23.0414 3888 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 20:24:23.0430 3888 blbdrive - ok 20:24:23.0508 3888 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys 20:24:23.0508 3888 BMLoad ( UnsignedFile.Multi.Generic ) - warning 20:24:23.0508 3888 BMLoad - detected UnsignedFile.Multi.Generic (1) 20:24:23.0648 3888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 20:24:23.0664 3888 Bonjour Service - ok 20:24:23.0710 3888 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 20:24:23.0742 3888 bowser - ok 20:24:23.0757 3888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:24:23.0804 3888 BrFiltLo - ok 20:24:23.0820 3888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:24:23.0851 3888 BrFiltUp - ok 20:24:23.0898 3888 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll 20:24:23.0929 3888 Browser - ok 20:24:23.0976 3888 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys 20:24:24.0022 3888 BrSerIb - ok 20:24:24.0038 3888 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 20:24:24.0085 3888 Brserid - ok 20:24:24.0100 3888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 20:24:24.0132 3888 BrSerWdm - ok 20:24:24.0147 3888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:24:24.0178 3888 BrUsbMdm - ok 20:24:24.0210 3888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 20:24:24.0241 3888 BrUsbSer - ok 20:24:24.0256 3888 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys 20:24:24.0272 3888 BrUsbSIb - ok 20:24:24.0303 3888 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 20:24:24.0350 3888 BthEnum - ok 20:24:24.0366 3888 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 20:24:24.0397 3888 BTHMODEM - ok 20:24:24.0412 3888 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 20:24:24.0444 3888 BthPan - ok 20:24:24.0475 3888 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 20:24:24.0506 3888 BTHPORT - ok 20:24:24.0537 3888 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 20:24:24.0568 3888 bthserv - ok 20:24:24.0568 3888 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 20:24:24.0600 3888 BTHUSB - ok 20:24:24.0631 3888 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys 20:24:24.0646 3888 btwaudio - ok 20:24:24.0662 3888 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys 20:24:24.0662 3888 btwavdt - ok 20:24:24.0787 3888 btwdins (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 20:24:24.0802 3888 btwdins - ok 20:24:24.0818 3888 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 20:24:24.0818 3888 btwl2cap - ok 20:24:24.0834 3888 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys 20:24:24.0849 3888 btwrchid - ok 20:24:24.0912 3888 cbfs3 (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys 20:24:24.0927 3888 cbfs3 - ok 20:24:24.0974 3888 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 20:24:25.0021 3888 cdfs - ok 20:24:25.0052 3888 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 20:24:25.0068 3888 cdrom - ok 20:24:25.0114 3888 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:24:25.0146 3888 CertPropSvc - ok 20:24:25.0177 3888 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 20:24:25.0192 3888 circlass - ok 20:24:25.0224 3888 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 20:24:25.0239 3888 CLFS - ok 20:24:25.0317 3888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:24:25.0317 3888 clr_optimization_v2.0.50727_32 - ok 20:24:25.0395 3888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:24:25.0473 3888 clr_optimization_v4.0.30319_32 - ok 20:24:25.0520 3888 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 20:24:25.0536 3888 CmBatt - ok 20:24:25.0536 3888 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 20:24:25.0551 3888 cmdide - ok 20:24:25.0598 3888 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys 20:24:25.0645 3888 CNG - ok 20:24:25.0660 3888 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 20:24:25.0660 3888 Compbatt - ok 20:24:25.0707 3888 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:24:25.0723 3888 CompositeBus - ok 20:24:25.0738 3888 COMSysApp - ok 20:24:25.0785 3888 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\Windows\system32\drivers\omdrv.sys 20:24:25.0801 3888 CP_OMDRV ( UnsignedFile.Multi.Generic ) - warning 20:24:25.0801 3888 CP_OMDRV - detected UnsignedFile.Multi.Generic (1) 20:24:25.0832 3888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 20:24:25.0848 3888 crcdisk - ok 20:24:25.0894 3888 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll 20:24:25.0926 3888 CryptSvc - ok 20:24:25.0972 3888 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 20:24:26.0019 3888 CSC - ok 20:24:26.0050 3888 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll 20:24:26.0082 3888 CscService - ok 20:24:26.0113 3888 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys 20:24:26.0160 3888 CtAudDrv - ok 20:24:26.0191 3888 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys 20:24:26.0206 3888 CtClsFlt - ok 20:24:26.0269 3888 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:24:26.0316 3888 DcomLaunch - ok 20:24:26.0347 3888 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 20:24:26.0394 3888 defragsvc - ok 20:24:26.0503 3888 de_serv (3946a70bd9d2c758bbea429c7d0f7ca0) C:\Program Files\Common Files\AVM\de_serv.exe 20:24:26.0534 3888 de_serv ( UnsignedFile.Multi.Generic ) - warning 20:24:26.0534 3888 de_serv - detected UnsignedFile.Multi.Generic (1) 20:24:26.0581 3888 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 20:24:26.0628 3888 DfsC - ok 20:24:26.0674 3888 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll 20:24:26.0706 3888 Dhcp - ok 20:24:26.0737 3888 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 20:24:26.0784 3888 discache - ok 20:24:26.0815 3888 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 20:24:26.0830 3888 Disk - ok 20:24:26.0862 3888 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll 20:24:26.0893 3888 Dnscache - ok 20:24:26.0908 3888 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll 20:24:26.0955 3888 dot3svc - ok 20:24:27.0049 3888 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 20:24:27.0064 3888 Dot4 - ok 20:24:27.0096 3888 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:24:27.0127 3888 Dot4Print - ok 20:24:27.0142 3888 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 20:24:27.0174 3888 dot4usb - ok 20:24:27.0205 3888 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll 20:24:27.0252 3888 DPS - ok 20:24:27.0298 3888 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 20:24:27.0330 3888 drmkaud - ok 20:24:27.0376 3888 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 20:24:27.0408 3888 DXGKrnl - ok 20:24:27.0439 3888 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 20:24:27.0470 3888 EapHost - ok 20:24:27.0642 3888 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 20:24:27.0704 3888 ebdrv - ok 20:24:27.0813 3888 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe 20:24:27.0860 3888 EFS - ok 20:24:27.0954 3888 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe 20:24:28.0000 3888 ehRecvr - ok 20:24:28.0032 3888 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 20:24:28.0078 3888 ehSched - ok 20:24:28.0156 3888 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 20:24:28.0172 3888 elxstor - ok 20:24:28.0203 3888 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys 20:24:28.0234 3888 epmntdrv ( UnsignedFile.Multi.Generic ) - warning 20:24:28.0234 3888 epmntdrv - detected UnsignedFile.Multi.Generic (1) 20:24:28.0250 3888 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 20:24:28.0281 3888 ErrDev - ok 20:24:28.0312 3888 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys 20:24:28.0328 3888 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning 20:24:28.0328 3888 EuGdiDrv - detected UnsignedFile.Multi.Generic (1) 20:24:28.0375 3888 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 20:24:28.0406 3888 EventSystem - ok 20:24:28.0453 3888 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 20:24:28.0484 3888 exfat - ok 20:24:28.0500 3888 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 20:24:28.0531 3888 fastfat - ok 20:24:28.0578 3888 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe 20:24:28.0624 3888 Fax - ok 20:24:28.0640 3888 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 20:24:28.0671 3888 fdc - ok 20:24:28.0687 3888 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 20:24:28.0734 3888 fdPHost - ok 20:24:28.0749 3888 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 20:24:28.0780 3888 FDResPub - ok 20:24:28.0780 3888 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 20:24:28.0796 3888 FileInfo - ok 20:24:28.0812 3888 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 20:24:28.0843 3888 Filetrace - ok 20:24:28.0843 3888 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 20:24:28.0874 3888 flpydisk - ok 20:24:28.0921 3888 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 20:24:28.0936 3888 FltMgr - ok 20:24:28.0999 3888 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll 20:24:29.0046 3888 FontCache - ok 20:24:29.0139 3888 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:24:29.0139 3888 FontCache3.0.0.0 - ok 20:24:29.0170 3888 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 20:24:29.0170 3888 FsDepends - ok 20:24:29.0202 3888 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys 20:24:29.0217 3888 Fs_Rec - ok 20:24:29.0233 3888 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 20:24:29.0264 3888 fvevol - ok 20:24:29.0404 3888 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\Windows\system32\DRIVERS\fw.sys 20:24:29.0451 3888 FW1 - ok 20:24:29.0560 3888 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:24:29.0576 3888 gagp30kx - ok 20:24:29.0623 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:24:29.0638 3888 GEARAspiWDM - ok 20:24:29.0685 3888 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll 20:24:29.0732 3888 gpsvc - ok 20:24:29.0857 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:24:29.0857 3888 gupdate - ok 20:24:29.0872 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:24:29.0888 3888 gupdatem - ok 20:24:29.0919 3888 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 20:24:29.0950 3888 hcw85cir - ok 20:24:29.0982 3888 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:24:29.0997 3888 HDAudBus - ok 20:24:30.0028 3888 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 20:24:30.0106 3888 HECI - ok 20:24:30.0106 3888 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 20:24:30.0138 3888 HidBatt - ok 20:24:30.0169 3888 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 20:24:30.0200 3888 HidBth - ok 20:24:30.0216 3888 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 20:24:30.0247 3888 HidIr - ok 20:24:30.0294 3888 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 20:24:30.0325 3888 hidserv - ok 20:24:30.0372 3888 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 20:24:30.0387 3888 HidUsb - ok 20:24:30.0403 3888 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll 20:24:30.0434 3888 hkmsvc - ok 20:24:30.0465 3888 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll 20:24:30.0496 3888 HomeGroupListener - ok 20:24:30.0528 3888 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll 20:24:30.0559 3888 HomeGroupProvider - ok 20:24:30.0684 3888 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 20:24:30.0699 3888 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 20:24:30.0699 3888 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 20:24:30.0730 3888 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 20:24:30.0730 3888 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 20:24:30.0730 3888 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 20:24:30.0980 3888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:24:30.0996 3888 HpSAMD - ok 20:24:32.0322 3888 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 20:24:32.0400 3888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 20:24:32.0400 3888 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 20:24:32.0509 3888 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 20:24:32.0571 3888 HTTP - ok 20:24:32.0712 3888 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys 20:24:32.0727 3888 hwdatacard - ok 20:24:32.0743 3888 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 20:24:32.0758 3888 hwpolicy - ok 20:24:32.0821 3888 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 20:24:32.0868 3888 hwusbdev - ok 20:24:32.0977 3888 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 20:24:33.0024 3888 i8042prt - ok 20:24:33.0086 3888 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 20:24:33.0102 3888 iaStor - ok 20:24:33.0180 3888 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 20:24:33.0195 3888 iaStorV - ok 20:24:33.0304 3888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 20:24:33.0336 3888 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:24:33.0336 3888 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:24:33.0476 3888 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:24:33.0492 3888 idsvc - ok 20:24:34.0038 3888 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys 20:24:34.0272 3888 igfx - ok 20:24:34.0412 3888 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 20:24:34.0428 3888 iirsp - ok 20:24:34.0474 3888 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll 20:24:34.0521 3888 IKEEXT - ok 20:24:34.0599 3888 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys 20:24:34.0615 3888 Impcd - ok 20:24:34.0755 3888 InstallFilterService (36944f997af08dd85985acbd17e8eda5) C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe 20:24:34.0771 3888 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning 20:24:34.0771 3888 InstallFilterService - detected UnsignedFile.Multi.Generic (1) 20:24:34.0864 3888 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys 20:24:34.0927 3888 IntcDAud - ok 20:24:34.0974 3888 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 20:24:34.0989 3888 intelide - ok 20:24:35.0052 3888 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 20:24:35.0098 3888 intelppm - ok 20:24:35.0145 3888 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 20:24:35.0208 3888 IPBusEnum - ok 20:24:35.0239 3888 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:24:35.0270 3888 IpFilterDriver - ok 20:24:35.0317 3888 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll 20:24:35.0364 3888 iphlpsvc - ok 20:24:35.0379 3888 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:24:35.0395 3888 IPMIDRV - ok 20:24:35.0426 3888 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 20:24:35.0473 3888 IPNAT - ok 20:24:35.0629 3888 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe 20:24:35.0644 3888 iPod Service - ok 20:24:35.0676 3888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 20:24:35.0691 3888 IRENUM - ok 20:24:35.0691 3888 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 20:24:35.0707 3888 isapnp - ok 20:24:35.0722 3888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 20:24:35.0738 3888 iScsiPrt - ok 20:24:35.0785 3888 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:24:35.0800 3888 kbdclass - ok 20:24:35.0816 3888 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 20:24:35.0847 3888 kbdhid - ok 20:24:35.0878 3888 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:24:35.0894 3888 KeyIso - ok 20:24:35.0925 3888 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys 20:24:35.0941 3888 KSecDD - ok 20:24:35.0956 3888 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys 20:24:35.0972 3888 KSecPkg - ok 20:24:36.0003 3888 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 20:24:36.0050 3888 KtmRm - ok 20:24:36.0081 3888 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll 20:24:36.0112 3888 LanmanServer - ok 20:24:36.0144 3888 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll 20:24:36.0175 3888 LanmanWorkstation - ok 20:24:36.0222 3888 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 20:24:36.0268 3888 lltdio - ok 20:24:36.0300 3888 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 20:24:36.0331 3888 lltdsvc - ok 20:24:36.0346 3888 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 20:24:36.0393 3888 lmhosts - ok 20:24:36.0518 3888 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:24:36.0534 3888 LMS - ok 20:24:36.0565 3888 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:24:36.0596 3888 LSI_FC - ok 20:24:36.0643 3888 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:24:36.0658 3888 LSI_SAS - ok 20:24:36.0674 3888 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:24:36.0690 3888 LSI_SAS2 - ok 20:24:36.0705 3888 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:24:36.0721 3888 LSI_SCSI - ok 20:24:36.0736 3888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 20:24:36.0768 3888 luafv - ok 20:24:36.0846 3888 MCSWASVR (92063c0ac741ad5da57ce564e5913bf5) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe 20:24:36.0861 3888 MCSWASVR ( UnsignedFile.Multi.Generic ) - warning 20:24:36.0861 3888 MCSWASVR - detected UnsignedFile.Multi.Generic (1) 20:24:36.0877 3888 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll 20:24:36.0892 3888 Mcx2Svc - ok 20:24:37.0017 3888 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 20:24:37.0033 3888 MDM ( UnsignedFile.Multi.Generic ) - warning 20:24:37.0033 3888 MDM - detected UnsignedFile.Multi.Generic (1) 20:24:37.0064 3888 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 20:24:37.0064 3888 megasas - ok 20:24:37.0111 3888 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 20:24:37.0126 3888 MegaSR - ok 20:24:37.0142 3888 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:24:37.0173 3888 MMCSS - ok 20:24:37.0189 3888 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 20:24:37.0220 3888 Modem - ok 20:24:37.0251 3888 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 20:24:37.0282 3888 monitor - ok 20:24:37.0298 3888 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 20:24:37.0314 3888 mouclass - ok 20:24:37.0314 3888 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 20:24:37.0329 3888 mouhid - ok 20:24:37.0345 3888 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 20:24:37.0360 3888 mountmgr - ok 20:24:37.0376 3888 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 20:24:37.0392 3888 mpio - ok 20:24:37.0407 3888 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 20:24:37.0438 3888 mpsdrv - ok 20:24:37.0485 3888 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll 20:24:37.0532 3888 MpsSvc - ok 20:24:37.0548 3888 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 20:24:37.0563 3888 MRxDAV - ok 20:24:37.0626 3888 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:24:37.0672 3888 mrxsmb - ok 20:24:37.0704 3888 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:24:37.0750 3888 mrxsmb10 - ok 20:24:37.0766 3888 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:24:37.0782 3888 mrxsmb20 - ok 20:24:37.0797 3888 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys 20:24:37.0813 3888 msahci - ok 20:24:37.0828 3888 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 20:24:37.0844 3888 msdsm - ok 20:24:37.0875 3888 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 20:24:37.0906 3888 MSDTC - ok 20:24:37.0938 3888 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 20:24:37.0969 3888 Msfs - ok 20:24:37.0984 3888 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 20:24:38.0016 3888 mshidkmdf - ok 20:24:38.0047 3888 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 20:24:38.0047 3888 msisadrv - ok 20:24:38.0094 3888 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 20:24:38.0125 3888 MSiSCSI - ok 20:24:38.0125 3888 msiserver - ok 20:24:38.0140 3888 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 20:24:38.0187 3888 MSKSSRV - ok 20:24:38.0203 3888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 20:24:38.0250 3888 MSPCLOCK - ok 20:24:38.0250 3888 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 20:24:38.0281 3888 MSPQM - ok 20:24:38.0296 3888 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 20:24:38.0312 3888 MsRPC - ok 20:24:38.0328 3888 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 20:24:38.0343 3888 mssmbios - ok 20:24:38.0468 3888 MSSQL$SQLEXPRESS - ok 20:24:38.0562 3888 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 20:24:38.0577 3888 MSSQLServerADHelper100 - ok 20:24:38.0608 3888 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 20:24:38.0624 3888 MSTEE - ok 20:24:38.0655 3888 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 20:24:38.0686 3888 MTConfig - ok 20:24:38.0702 3888 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 20:24:38.0718 3888 Mup - ok 20:24:38.0749 3888 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll 20:24:38.0796 3888 napagent - ok 20:24:38.0827 3888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 20:24:38.0858 3888 NativeWifiP - ok 20:24:38.0967 3888 NBService (8baa0e43bc0267a462068fb3b3388da0) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 20:24:38.0998 3888 NBService - ok 20:24:39.0045 3888 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 20:24:39.0076 3888 NDIS - ok 20:24:39.0076 3888 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 20:24:39.0123 3888 NdisCap - ok 20:24:39.0139 3888 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 20:24:39.0186 3888 NdisTapi - ok 20:24:39.0217 3888 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 20:24:39.0248 3888 Ndisuio - ok 20:24:39.0264 3888 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 20:24:39.0295 3888 NdisWan - ok 20:24:39.0310 3888 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 20:24:39.0342 3888 NDProxy - ok 20:24:39.0404 3888 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll 20:24:39.0404 3888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:24:39.0404 3888 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:24:39.0466 3888 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 20:24:39.0498 3888 Netaapl - ok 20:24:39.0529 3888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 20:24:39.0576 3888 NetBIOS - ok 20:24:39.0622 3888 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 20:24:39.0654 3888 NetBT - ok 20:24:39.0685 3888 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:24:39.0700 3888 Netlogon - ok 20:24:39.0747 3888 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 20:24:39.0810 3888 Netman - ok 20:24:39.0919 3888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:24:39.0950 3888 NetMsmqActivator - ok 20:24:39.0966 3888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:24:39.0966 3888 NetPipeActivator - ok 20:24:39.0997 3888 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 20:24:40.0044 3888 netprofm - ok 20:24:40.0075 3888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:24:40.0090 3888 NetTcpActivator - ok 20:24:40.0090 3888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:24:40.0090 3888 NetTcpPortSharing - ok 20:24:40.0122 3888 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 20:24:40.0137 3888 nfrd960 - ok 20:24:40.0184 3888 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll 20:24:40.0215 3888 NlaSvc - ok 20:24:40.0356 3888 NMIndexingService (0b77d0d881931da8a067b3214384d0ca) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 20:24:40.0356 3888 NMIndexingService - ok 20:24:40.0387 3888 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 20:24:40.0434 3888 Npfs - ok 20:24:40.0434 3888 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 20:24:40.0465 3888 nsi - ok 20:24:40.0480 3888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 20:24:40.0512 3888 nsiproxy - ok 20:24:40.0590 3888 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 20:24:40.0621 3888 Ntfs - ok 20:24:40.0746 3888 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 20:24:40.0792 3888 Null - ok 20:24:40.0808 3888 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 20:24:40.0824 3888 nvraid - ok 20:24:40.0855 3888 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 20:24:40.0855 3888 nvstor - ok 20:24:40.0870 3888 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 20:24:40.0886 3888 nv_agp - ok 20:24:41.0011 3888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:24:41.0042 3888 odserv - ok 20:24:41.0058 3888 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 20:24:41.0104 3888 ohci1394 - ok 20:24:41.0151 3888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:24:41.0167 3888 ose - ok 20:24:41.0198 3888 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:24:41.0229 3888 p2pimsvc - ok 20:24:41.0260 3888 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 20:24:41.0292 3888 p2psvc - ok 20:24:41.0307 3888 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 20:24:41.0338 3888 Parport - ok 20:24:41.0354 3888 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys 20:24:41.0370 3888 partmgr - ok 20:24:41.0401 3888 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 20:24:41.0432 3888 Parvdm - ok 20:24:41.0448 3888 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 20:24:41.0463 3888 PcaSvc - ok 20:24:41.0494 3888 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 20:24:41.0510 3888 pci - ok 20:24:41.0526 3888 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 20:24:41.0541 3888 pciide - ok 20:24:41.0557 3888 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 20:24:41.0572 3888 pcmcia - ok 20:24:41.0588 3888 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 20:24:41.0604 3888 pcw - ok 20:24:41.0728 3888 PDFProFiltSrv (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe 20:24:41.0744 3888 PDFProFiltSrv - ok 20:24:41.0791 3888 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 20:24:41.0853 3888 PEAUTH - ok 20:24:41.0916 3888 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 20:24:41.0947 3888 PeerDistSvc - ok 20:24:42.0040 3888 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll 20:24:42.0118 3888 pla - ok 20:24:42.0259 3888 PLFlash DeviceIoControl Service (d597e8d5c35cc41d76de5dd6eda2afa1) C:\Windows\system32\IoctlSvc.exe 20:24:42.0259 3888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 20:24:42.0259 3888 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 20:24:42.0321 3888 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll 20:24:42.0352 3888 PlugPlay - ok 20:24:42.0415 3888 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll 20:24:42.0430 3888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:24:42.0430 3888 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:24:42.0508 3888 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys 20:24:42.0524 3888 pnetmdm ( UnsignedFile.Multi.Generic ) - warning 20:24:42.0524 3888 pnetmdm - detected UnsignedFile.Multi.Generic (1) 20:24:42.0602 3888 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 20:24:42.0618 3888 PNRPAutoReg - ok 20:24:42.0649 3888 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 20:24:42.0664 3888 PNRPsvc - ok 20:24:42.0711 3888 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll 20:24:42.0758 3888 PolicyAgent - ok 20:24:42.0789 3888 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll 20:24:42.0820 3888 Power - ok 20:24:42.0852 3888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 20:24:42.0883 3888 PptpMiniport - ok 20:24:42.0898 3888 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 20:24:42.0914 3888 Processor - ok 20:24:42.0976 3888 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll 20:24:43.0008 3888 ProfSvc - ok 20:24:43.0039 3888 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:24:43.0054 3888 ProtectedStorage - ok 20:24:43.0086 3888 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 20:24:43.0117 3888 Psched - ok 20:24:43.0179 3888 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 20:24:43.0226 3888 ql2300 - ok 20:24:43.0335 3888 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 20:24:43.0351 3888 ql40xx - ok 20:24:43.0382 3888 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 20:24:43.0413 3888 QWAVE - ok 20:24:43.0444 3888 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 20:24:43.0460 3888 QWAVEdrv - ok 20:24:43.0460 3888 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 20:24:43.0522 3888 RasAcd - ok 20:24:43.0538 3888 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:24:43.0585 3888 RasAgileVpn - ok 20:24:43.0600 3888 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 20:24:43.0632 3888 RasAuto - ok 20:24:43.0647 3888 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:24:43.0694 3888 Rasl2tp - ok 20:24:43.0741 3888 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll 20:24:43.0772 3888 RasMan - ok 20:24:43.0788 3888 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 20:24:43.0819 3888 RasPppoe - ok 20:24:43.0834 3888 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 20:24:43.0866 3888 RasSstp - ok 20:24:43.0881 3888 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 20:24:43.0944 3888 rdbss - ok 20:24:43.0959 3888 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 20:24:43.0975 3888 rdpbus - ok 20:24:44.0006 3888 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:24:44.0022 3888 RDPCDD - ok 20:24:44.0053 3888 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 20:24:44.0100 3888 RDPDR - ok 20:24:44.0115 3888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 20:24:44.0146 3888 RDPENCDD - ok 20:24:44.0162 3888 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 20:24:44.0178 3888 RDPREFMP - ok 20:24:44.0240 3888 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys 20:24:44.0271 3888 RDPWD - ok 20:24:44.0302 3888 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 20:24:44.0318 3888 rdyboost - ok 20:24:44.0349 3888 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 20:24:44.0396 3888 RemoteAccess - ok 20:24:44.0427 3888 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 20:24:44.0458 3888 RemoteRegistry - ok 20:24:44.0490 3888 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 20:24:44.0521 3888 RFCOMM - ok 20:24:44.0536 3888 RimUsb - ok 20:24:44.0583 3888 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 20:24:44.0599 3888 RimVSerPort - ok 20:24:44.0614 3888 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 20:24:44.0646 3888 ROOTMODEM - ok 20:24:44.0677 3888 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 20:24:44.0708 3888 RpcEptMapper - ok 20:24:44.0724 3888 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 20:24:44.0755 3888 RpcLocator - ok 20:24:44.0802 3888 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 20:24:44.0833 3888 RpcSs - ok 20:24:44.0895 3888 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys 20:24:44.0911 3888 RsFx0105 - ok 20:24:44.0926 3888 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 20:24:44.0973 3888 rspndr - ok 20:24:45.0020 3888 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys 20:24:45.0036 3888 RSUSBSTOR - ok 20:24:45.0067 3888 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys 20:24:45.0082 3888 RTL8167 - ok 20:24:45.0098 3888 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 20:24:45.0114 3888 s3cap - ok 20:24:45.0145 3888 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:24:45.0160 3888 SamSs - ok 20:24:45.0192 3888 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 20:24:45.0207 3888 sbp2port - ok 20:24:45.0238 3888 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 20:24:45.0285 3888 SCardSvr - ok 20:24:45.0301 3888 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 20:24:45.0332 3888 scfilter - ok 20:24:45.0441 3888 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll 20:24:45.0504 3888 Schedule - ok 20:24:45.0535 3888 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 20:24:45.0566 3888 SCPolicySvc - ok 20:24:45.0628 3888 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll 20:24:45.0660 3888 SDRSVC - ok 20:24:45.0816 3888 SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 20:24:45.0816 3888 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning 20:24:45.0816 3888 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1) 20:24:45.0847 3888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:24:45.0894 3888 secdrv - ok 20:24:45.0925 3888 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 20:24:45.0972 3888 seclogon - ok 20:24:46.0003 3888 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 20:24:46.0050 3888 SENS - ok 20:24:46.0065 3888 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 20:24:46.0112 3888 SensrSvc - ok 20:24:46.0159 3888 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS 20:24:46.0174 3888 Sentinel - ok 20:24:46.0190 3888 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 20:24:46.0206 3888 Serenum - ok 20:24:46.0221 3888 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 20:24:46.0252 3888 Serial - ok 20:24:46.0284 3888 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 20:24:46.0284 3888 sermouse - ok 20:24:46.0315 3888 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll 20:24:46.0346 3888 SessionEnv - ok 20:24:46.0362 3888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 20:24:46.0408 3888 sffdisk - ok 20:24:46.0424 3888 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 20:24:46.0455 3888 sffp_mmc - ok 20:24:46.0455 3888 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:24:46.0486 3888 sffp_sd - ok 20:24:46.0486 3888 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 20:24:46.0502 3888 sfloppy - ok 20:24:46.0549 3888 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 20:24:46.0596 3888 SharedAccess - ok 20:24:46.0627 3888 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll 20:24:46.0658 3888 ShellHWDetection - ok 20:24:46.0674 3888 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe 20:24:46.0674 3888 simptcp - ok 20:24:46.0705 3888 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 20:24:46.0705 3888 sisagp - ok 20:24:46.0720 3888 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:24:46.0736 3888 SiSRaid2 - ok 20:24:46.0752 3888 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 20:24:46.0767 3888 SiSRaid4 - ok 20:24:46.0783 3888 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 20:24:46.0845 3888 Smb - ok 20:24:46.0876 3888 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 20:24:46.0908 3888 SNMPTRAP - ok 20:24:46.0923 3888 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 20:24:46.0923 3888 spldr - ok 20:24:47.0001 3888 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe 20:24:47.0017 3888 Spooler - ok 20:24:47.0173 3888 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe 20:24:47.0235 3888 sppsvc - ok 20:24:47.0360 3888 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll 20:24:47.0391 3888 sppuinotify - ok 20:24:47.0547 3888 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 20:24:47.0578 3888 SQLAgent$SQLEXPRESS - ok 20:24:47.0625 3888 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:24:47.0641 3888 SQLBrowser - ok 20:24:47.0672 3888 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:24:47.0688 3888 SQLWriter - ok 20:24:47.0766 3888 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 20:24:47.0797 3888 srv - ok 20:24:47.0844 3888 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 20:24:47.0875 3888 srv2 - ok 20:24:47.0890 3888 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 20:24:47.0922 3888 srvnet - ok 20:24:48.0031 3888 SR_Service (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe 20:24:48.0031 3888 SR_Service - ok 20:24:48.0078 3888 SR_Watchdog (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe 20:24:48.0078 3888 SR_Watchdog - ok 20:24:48.0109 3888 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 20:24:48.0156 3888 SSDPSRV - ok 20:24:48.0218 3888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:24:48.0218 3888 ssmdrv - ok 20:24:48.0234 3888 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 20:24:48.0265 3888 SstpSvc - ok 20:24:48.0358 3888 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe 20:24:48.0374 3888 STacSV - ok 20:24:48.0405 3888 stdflt (972f577308b006070de8d09573dbae53) C:\Windows\system32\DRIVERS\stdflt.sys 20:24:48.0421 3888 stdflt - ok 20:24:48.0436 3888 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 20:24:48.0452 3888 stexstor - ok 20:24:48.0483 3888 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys 20:24:48.0514 3888 STHDA - ok 20:24:48.0546 3888 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 20:24:48.0577 3888 StillCam - ok 20:24:48.0624 3888 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll 20:24:48.0670 3888 StiSvc - ok 20:24:48.0686 3888 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 20:24:48.0702 3888 storflt - ok 20:24:48.0717 3888 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 20:24:48.0733 3888 StorSvc - ok 20:24:48.0748 3888 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 20:24:48.0764 3888 storvsc - ok 20:24:48.0780 3888 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 20:24:48.0780 3888 swenum - ok 20:24:48.0811 3888 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 20:24:48.0873 3888 swprv - ok 20:24:48.0920 3888 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys 20:24:48.0982 3888 SynTP - ok 20:24:49.0903 3888 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll 20:24:50.0028 3888 SysMain - ok 20:24:50.0121 3888 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll 20:24:50.0152 3888 TabletInputService - ok 20:24:50.0168 3888 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll 20:24:50.0199 3888 TapiSrv - ok 20:24:50.0230 3888 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 20:24:50.0277 3888 TBS - ok 20:24:50.0402 3888 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys 20:24:50.0433 3888 Tcpip - ok 20:24:50.0620 3888 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys 20:24:50.0652 3888 TCPIP6 - ok 20:24:50.0854 3888 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys 20:24:50.0854 3888 tcpipBM ( UnsignedFile.Multi.Generic ) - warning 20:24:50.0854 3888 tcpipBM - detected UnsignedFile.Multi.Generic (1) 20:24:50.0886 3888 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 20:24:50.0964 3888 tcpipreg - ok 20:24:50.0979 3888 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 20:24:51.0026 3888 TDPIPE - ok 20:24:51.0073 3888 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys 20:24:51.0104 3888 TDTCP - ok 20:24:51.0120 3888 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 20:24:51.0151 3888 tdx - ok 20:24:51.0166 3888 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 20:24:51.0182 3888 TermDD - ok 20:24:51.0229 3888 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll 20:24:51.0260 3888 TermService - ok 20:24:51.0276 3888 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 20:24:51.0291 3888 Themes - ok 20:24:51.0322 3888 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 20:24:51.0354 3888 THREADORDER - ok 20:24:51.0385 3888 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe 20:24:51.0400 3888 TlntSvr - ok 20:24:51.0447 3888 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 20:24:51.0494 3888 TrkWks - ok 20:24:51.0619 3888 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe 20:24:51.0634 3888 TrustedInstaller - ok 20:24:51.0634 3888 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:24:51.0681 3888 tssecsrv - ok 20:24:51.0728 3888 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 20:24:51.0759 3888 tunnel - ok 20:24:51.0884 3888 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 20:24:51.0900 3888 uagp35 - ok 20:24:52.0227 3888 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys 20:24:52.0305 3888 udfs - ok 20:24:52.0336 3888 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 20:24:52.0352 3888 UI0Detect - ok 20:24:52.0414 3888 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:24:52.0430 3888 uliagpkx - ok 20:24:52.0524 3888 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 20:24:52.0570 3888 umbus - ok 20:24:52.0602 3888 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 20:24:52.0617 3888 UmPass - ok 20:24:52.0695 3888 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll 20:24:52.0726 3888 UmRdpService - ok 20:24:53.0007 3888 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:24:53.0085 3888 UNS - ok 20:24:53.0304 3888 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 20:24:53.0350 3888 upnphost - ok 20:24:53.0428 3888 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys 20:24:53.0475 3888 USBAAPL - ok 20:24:53.0506 3888 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys 20:24:53.0522 3888 usbccgp - ok 20:24:53.0709 3888 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 20:24:53.0756 3888 usbcir - ok 20:24:53.0834 3888 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys 20:24:53.0850 3888 usbehci - ok 20:24:54.0661 3888 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys 20:24:54.0770 3888 usbhub - ok 20:24:54.0848 3888 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys 20:24:54.0848 3888 usbohci - ok 20:24:54.0879 3888 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 20:24:54.0926 3888 usbprint - ok 20:24:54.0973 3888 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 20:24:54.0988 3888 usbscan - ok 20:24:55.0004 3888 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:24:55.0035 3888 USBSTOR - ok 20:24:55.0051 3888 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys 20:24:55.0066 3888 usbuhci - ok 20:24:55.0129 3888 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys 20:24:55.0176 3888 usbvideo - ok 20:24:55.0191 3888 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 20:24:55.0207 3888 usb_rndisx - ok 20:24:55.0238 3888 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 20:24:55.0269 3888 UxSms - ok 20:24:55.0332 3888 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 20:24:55.0347 3888 VaultSvc - ok 20:24:55.0363 3888 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:24:55.0378 3888 vdrvroot - ok 20:24:55.0425 3888 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe 20:24:55.0488 3888 vds - ok 20:24:55.0519 3888 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 20:24:55.0534 3888 vga - ok 20:24:55.0566 3888 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 20:24:55.0597 3888 VgaSave - ok 20:24:55.0722 3888 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 20:24:55.0737 3888 vhdmp - ok 20:24:55.0815 3888 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 20:24:55.0831 3888 viaagp - ok 20:24:55.0909 3888 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 20:24:55.0940 3888 ViaC7 - ok 20:24:55.0987 3888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 20:24:55.0987 3888 viaide - ok 20:24:56.0112 3888 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 20:24:56.0143 3888 vmbus - ok 20:24:56.0143 3888 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 20:24:56.0158 3888 VMBusHID - ok 20:24:56.0205 3888 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\Windows\system32\DRIVERS\vnasc.sys 20:24:56.0221 3888 VNASC - ok 20:24:56.0268 3888 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 20:24:56.0283 3888 volmgr - ok 20:24:56.0299 3888 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 20:24:56.0330 3888 volmgrx - ok 20:24:56.0346 3888 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 20:24:56.0361 3888 volsnap - ok 20:24:56.0439 3888 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\Windows\System32\drivers\vpn.sys 20:24:56.0455 3888 VPN-1 - ok 20:24:56.0486 3888 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 20:24:56.0502 3888 vsmraid - ok 20:24:56.0782 3888 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe 20:24:56.0829 3888 VSS - ok 20:24:56.0954 3888 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 20:24:57.0016 3888 vwifibus - ok 20:24:57.0048 3888 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 20:24:57.0094 3888 vwififlt - ok 20:24:57.0172 3888 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 20:24:57.0204 3888 vwifimp - ok 20:24:57.0328 3888 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 20:24:57.0360 3888 W32Time - ok 20:24:57.0406 3888 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 20:24:57.0422 3888 WacomPen - ok 20:24:57.0469 3888 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:24:57.0500 3888 WANARP - ok 20:24:57.0500 3888 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 20:24:57.0531 3888 Wanarpv6 - ok 20:24:57.0656 3888 WAS (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll 20:24:57.0672 3888 WAS - ok 20:24:57.0937 3888 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 20:24:58.0015 3888 WatAdminSvc - ok 20:24:58.0592 3888 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe 20:24:58.0717 3888 wbengine - ok 20:24:58.0732 3888 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 20:24:58.0748 3888 WbioSrvc - ok 20:24:58.0826 3888 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll 20:24:58.0857 3888 wcncsvc - ok 20:24:58.0904 3888 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 20:24:58.0966 3888 WcsPlugInService - ok 20:24:59.0044 3888 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 20:24:59.0060 3888 Wd - ok 20:24:59.0091 3888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 20:24:59.0122 3888 Wdf01000 - ok 20:24:59.0138 3888 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:24:59.0154 3888 WdiServiceHost - ok 20:24:59.0169 3888 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 20:24:59.0185 3888 WdiSystemHost - ok 20:24:59.0294 3888 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll 20:24:59.0341 3888 WebClient - ok 20:24:59.0372 3888 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 20:24:59.0403 3888 Wecsvc - ok 20:24:59.0419 3888 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 20:24:59.0450 3888 wercplsupport - ok 20:24:59.0481 3888 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 20:24:59.0512 3888 WerSvc - ok 20:24:59.0544 3888 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 20:24:59.0575 3888 WfpLwf - ok 20:24:59.0606 3888 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 20:24:59.0622 3888 WIMMount - ok 20:24:59.0715 3888 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 20:24:59.0731 3888 WinDefend - ok 20:24:59.0746 3888 WinHttpAutoProxySvc - ok 20:24:59.0824 3888 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 20:24:59.0856 3888 Winmgmt - ok 20:24:59.0934 3888 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll 20:24:59.0996 3888 WinRM - ok 20:25:00.0058 3888 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 20:25:00.0074 3888 WinUsb - ok 20:25:00.0136 3888 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 20:25:00.0183 3888 Wlansvc - ok 20:25:00.0261 3888 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 20:25:00.0277 3888 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 20:25:00.0277 3888 wltrysvc - detected UnsignedFile.Multi.Generic (1) 20:25:00.0308 3888 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:25:00.0324 3888 WmiAcpi - ok 20:25:00.0386 3888 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 20:25:00.0402 3888 wmiApSrv - ok 20:25:00.0495 3888 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe 20:25:00.0542 3888 WMPNetworkSvc - ok 20:25:00.0682 3888 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 20:25:00.0729 3888 WPCSvc - ok 20:25:00.0745 3888 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll 20:25:00.0745 3888 WPDBusEnum - ok 20:25:00.0854 3888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 20:25:00.0901 3888 ws2ifsl - ok 20:25:00.0932 3888 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll 20:25:00.0948 3888 wscsvc - ok 20:25:01.0010 3888 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 20:25:01.0026 3888 WSDPrintDevice - ok 20:25:01.0057 3888 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys 20:25:01.0088 3888 WSDScan - ok 20:25:01.0104 3888 WSearch - ok 20:25:01.0213 3888 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 20:25:01.0260 3888 wuauserv - ok 20:25:02.0086 3888 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys 20:25:02.0133 3888 WudfPf - ok 20:25:02.0476 3888 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:25:02.0508 3888 WUDFRd - ok 20:25:02.0648 3888 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll 20:25:02.0726 3888 wudfsvc - ok 20:25:03.0022 3888 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 20:25:03.0085 3888 WwanSvc - ok 20:25:03.0241 3888 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 20:25:05.0050 3888 \Device\Harddisk0\DR0 - ok 20:25:05.0128 3888 Boot (0x1200) (e6f3f13999f4be88efba1d93b874507b) \Device\Harddisk0\DR0\Partition0 20:25:05.0128 3888 \Device\Harddisk0\DR0\Partition0 - ok 20:25:05.0160 3888 Boot (0x1200) (007dced352129e778a49d2aad7ee9167) \Device\Harddisk0\DR0\Partition1 20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition1 - ok 20:25:05.0160 3888 Boot (0x1200) (fe239bcf2fb282cc1ec90bb216ec87f2) \Device\Harddisk0\DR0\Partition2 20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition2 - ok 20:25:05.0191 3888 Boot (0x1200) (56fd26809b43cfedecce0a5a43006905) \Device\Harddisk0\DR0\Partition3 20:25:05.0222 3888 \Device\Harddisk0\DR0\Partition3 - ok 20:25:05.0222 3888 ============================================================ 20:25:05.0222 3888 Scan finished 20:25:05.0222 3888 ============================================================ 20:25:05.0222 3552 Detected object count: 22 20:25:05.0222 3552 Actual detected object count: 22 20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip Danke und bis denn   |
|
09.08.2012, 15:25
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Bitte die Logs in CODE-Tags posten!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 16:26
| #21 |
| | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Sorry  Code:
ATTFilter 20:23:35.0521 0540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:23:35.0537 0540 ============================================================
20:23:35.0537 0540 Current date / time: 2012/08/08 20:23:35.0537
20:23:35.0537 0540 SystemInfo:
20:23:35.0537 0540
20:23:35.0537 0540 OS Version: 6.1.7600 ServicePack: 0.0
20:23:35.0537 0540 Product type: Workstation
20:23:35.0537 0540 ComputerName: BSLAP-PC
20:23:35.0537 0540 UserName: bslap
20:23:35.0537 0540 Windows directory: C:\Windows
20:23:35.0537 0540 System windows directory: C:\Windows
20:23:35.0537 0540 Processor architecture: Intel x86
20:23:35.0537 0540 Number of processors: 4
20:23:35.0537 0540 Page size: 0x1000
20:23:35.0537 0540 Boot type: Normal boot
20:23:35.0537 0540 ============================================================
20:23:38.0267 0540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:38.0282 0540 ============================================================
20:23:38.0282 0540 \Device\Harddisk0\DR0:
20:23:38.0298 0540 MBR partitions:
20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A3000
20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B7000, BlocksNum 0xDD19EE5
20:23:38.0313 0540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFD0F24, BlocksNum 0xA8A6AC1
20:23:38.0345 0540 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19877A24, BlocksNum 0xBBB5C9D
20:23:38.0345 0540 ============================================================
20:23:38.0454 0540 Q: <-> \Device\Harddisk0\DR0\Partition3
20:23:38.0533 0540 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:38.0626 0540 P: <-> \Device\Harddisk0\DR0\Partition2
20:23:38.0626 0540 ============================================================
20:23:38.0626 0540 Initialize success
20:23:38.0626 0540 ============================================================
20:24:18.0484 3888 ============================================================
20:24:18.0484 3888 Scan started
20:24:18.0484 3888 Mode: Manual; SigCheck; TDLFS;
20:24:18.0484 3888 ============================================================
20:24:19.0186 3888 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:19.0264 3888 1394ohci - ok
20:24:19.0296 3888 Acceler (3c189400c996a4301c3f1bd93c9c1a17) C:\Windows\system32\DRIVERS\Acceler.sys
20:24:19.0311 3888 Acceler - ok
20:24:19.0342 3888 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:19.0358 3888 ACPI - ok
20:24:19.0374 3888 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:19.0436 3888 AcpiPmi - ok
20:24:19.0498 3888 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:19.0514 3888 adp94xx - ok
20:24:19.0530 3888 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:19.0561 3888 adpahci - ok
20:24:19.0576 3888 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:19.0576 3888 adpu320 - ok
20:24:19.0623 3888 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:24:19.0654 3888 AeLookupSvc - ok
20:24:19.0748 3888 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
20:24:19.0795 3888 AESTFilters - ok
20:24:19.0888 3888 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:24:19.0935 3888 AFD - ok
20:24:19.0966 3888 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:24:19.0982 3888 agp440 - ok
20:24:20.0029 3888 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:20.0044 3888 aic78xx - ok
20:24:20.0076 3888 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:24:20.0107 3888 ALG - ok
20:24:20.0138 3888 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:24:20.0154 3888 aliide - ok
20:24:20.0154 3888 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:24:20.0169 3888 amdagp - ok
20:24:20.0169 3888 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:24:20.0185 3888 amdide - ok
20:24:20.0200 3888 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:20.0232 3888 AmdK8 - ok
20:24:20.0247 3888 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:20.0263 3888 AmdPPM - ok
20:24:20.0310 3888 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:24:20.0325 3888 amdsata - ok
20:24:20.0356 3888 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:20.0372 3888 amdsbs - ok
20:24:20.0403 3888 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:24:20.0403 3888 amdxata - ok
20:24:20.0559 3888 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:24:20.0575 3888 AntiVirSchedulerService - ok
20:24:20.0622 3888 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:24:20.0637 3888 AntiVirService - ok
20:24:20.0715 3888 AppHostSvc (ba494509ccd115197450f3ce5b76d7cc) C:\Windows\system32\inetsrv\apphostsvc.dll
20:24:20.0762 3888 AppHostSvc - ok
20:24:20.0778 3888 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:24:20.0840 3888 AppID - ok
20:24:20.0887 3888 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:24:20.0996 3888 AppIDSvc - ok
20:24:21.0012 3888 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:24:21.0043 3888 Appinfo - ok
20:24:21.0199 3888 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:21.0214 3888 Apple Mobile Device - ok
20:24:21.0246 3888 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:24:21.0261 3888 AppMgmt - ok
20:24:21.0292 3888 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:24:21.0308 3888 arc - ok
20:24:21.0324 3888 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:21.0339 3888 arcsas - ok
20:24:21.0433 3888 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
20:24:21.0448 3888 ASPI ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0448 3888 ASPI - detected UnsignedFile.Multi.Generic (1)
20:24:21.0464 3888 ASPI32 (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\system32\drivers\ASPI32.sys
20:24:21.0464 3888 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0464 3888 ASPI32 - detected UnsignedFile.Multi.Generic (1)
20:24:21.0558 3888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:24:21.0636 3888 aspnet_state - ok
20:24:21.0667 3888 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:21.0714 3888 AsyncMac - ok
20:24:21.0760 3888 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:24:21.0776 3888 atapi - ok
20:24:21.0823 3888 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0885 3888 AudioEndpointBuilder - ok
20:24:21.0885 3888 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0932 3888 Audiosrv - ok
20:24:22.0010 3888 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:22.0026 3888 avgntflt - ok
20:24:22.0088 3888 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:24:22.0104 3888 avipbb - ok
20:24:22.0135 3888 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:22.0150 3888 avkmgr - ok
20:24:22.0244 3888 AVM IGD CTRL Service (6345d23c4e69e35f3d70169153b5d048) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
20:24:22.0275 3888 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
20:24:22.0275 3888 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
20:24:22.0322 3888 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:24:22.0369 3888 AxInstSV - ok
20:24:22.0416 3888 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:24:22.0462 3888 b06bdrv - ok
20:24:22.0494 3888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:24:22.0525 3888 b57nd60x - ok
20:24:22.0618 3888 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:24:22.0634 3888 BBSvc - ok
20:24:22.0665 3888 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:24:22.0681 3888 BBUpdate - ok
20:24:22.0712 3888 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
20:24:22.0728 3888 BCM42RLY - ok
20:24:22.0868 3888 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:24:22.0915 3888 BCM43XX - ok
20:24:23.0055 3888 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:24:23.0071 3888 BDESVC - ok
20:24:23.0118 3888 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:24:23.0164 3888 Beep - ok
20:24:23.0211 3888 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
20:24:23.0274 3888 BFE - ok
20:24:23.0320 3888 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
20:24:23.0383 3888 BITS - ok
20:24:23.0414 3888 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:23.0430 3888 blbdrive - ok
20:24:23.0508 3888 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
20:24:23.0508 3888 BMLoad ( UnsignedFile.Multi.Generic ) - warning
20:24:23.0508 3888 BMLoad - detected UnsignedFile.Multi.Generic (1)
20:24:23.0648 3888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:24:23.0664 3888 Bonjour Service - ok
20:24:23.0710 3888 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:24:23.0742 3888 bowser - ok
20:24:23.0757 3888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:23.0804 3888 BrFiltLo - ok
20:24:23.0820 3888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:23.0851 3888 BrFiltUp - ok
20:24:23.0898 3888 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:24:23.0929 3888 Browser - ok
20:24:23.0976 3888 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
20:24:24.0022 3888 BrSerIb - ok
20:24:24.0038 3888 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:24:24.0085 3888 Brserid - ok
20:24:24.0100 3888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:24.0132 3888 BrSerWdm - ok
20:24:24.0147 3888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:24.0178 3888 BrUsbMdm - ok
20:24:24.0210 3888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:24.0241 3888 BrUsbSer - ok
20:24:24.0256 3888 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:24:24.0272 3888 BrUsbSIb - ok
20:24:24.0303 3888 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
20:24:24.0350 3888 BthEnum - ok
20:24:24.0366 3888 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:24.0397 3888 BTHMODEM - ok
20:24:24.0412 3888 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:24:24.0444 3888 BthPan - ok
20:24:24.0475 3888 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
20:24:24.0506 3888 BTHPORT - ok
20:24:24.0537 3888 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:24:24.0568 3888 bthserv - ok
20:24:24.0568 3888 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
20:24:24.0600 3888 BTHUSB - ok
20:24:24.0631 3888 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
20:24:24.0646 3888 btwaudio - ok
20:24:24.0662 3888 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
20:24:24.0662 3888 btwavdt - ok
20:24:24.0787 3888 btwdins (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:24:24.0802 3888 btwdins - ok
20:24:24.0818 3888 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:24:24.0818 3888 btwl2cap - ok
20:24:24.0834 3888 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:24:24.0849 3888 btwrchid - ok
20:24:24.0912 3888 cbfs3 (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys
20:24:24.0927 3888 cbfs3 - ok
20:24:24.0974 3888 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:25.0021 3888 cdfs - ok
20:24:25.0052 3888 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:25.0068 3888 cdrom - ok
20:24:25.0114 3888 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:25.0146 3888 CertPropSvc - ok
20:24:25.0177 3888 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:24:25.0192 3888 circlass - ok
20:24:25.0224 3888 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:24:25.0239 3888 CLFS - ok
20:24:25.0317 3888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:25.0317 3888 clr_optimization_v2.0.50727_32 - ok
20:24:25.0395 3888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:25.0473 3888 clr_optimization_v4.0.30319_32 - ok
20:24:25.0520 3888 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:25.0536 3888 CmBatt - ok
20:24:25.0536 3888 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:24:25.0551 3888 cmdide - ok
20:24:25.0598 3888 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
20:24:25.0645 3888 CNG - ok
20:24:25.0660 3888 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:25.0660 3888 Compbatt - ok
20:24:25.0707 3888 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:25.0723 3888 CompositeBus - ok
20:24:25.0738 3888 COMSysApp - ok
20:24:25.0785 3888 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\Windows\system32\drivers\omdrv.sys
20:24:25.0801 3888 CP_OMDRV ( UnsignedFile.Multi.Generic ) - warning
20:24:25.0801 3888 CP_OMDRV - detected UnsignedFile.Multi.Generic (1)
20:24:25.0832 3888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:25.0848 3888 crcdisk - ok
20:24:25.0894 3888 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
20:24:25.0926 3888 CryptSvc - ok
20:24:25.0972 3888 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:24:26.0019 3888 CSC - ok
20:24:26.0050 3888 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
20:24:26.0082 3888 CscService - ok
20:24:26.0113 3888 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
20:24:26.0160 3888 CtAudDrv - ok
20:24:26.0191 3888 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:24:26.0206 3888 CtClsFlt - ok
20:24:26.0269 3888 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:26.0316 3888 DcomLaunch - ok
20:24:26.0347 3888 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:24:26.0394 3888 defragsvc - ok
20:24:26.0503 3888 de_serv (3946a70bd9d2c758bbea429c7d0f7ca0) C:\Program Files\Common Files\AVM\de_serv.exe
20:24:26.0534 3888 de_serv ( UnsignedFile.Multi.Generic ) - warning
20:24:26.0534 3888 de_serv - detected UnsignedFile.Multi.Generic (1)
20:24:26.0581 3888 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:24:26.0628 3888 DfsC - ok
20:24:26.0674 3888 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:24:26.0706 3888 Dhcp - ok
20:24:26.0737 3888 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:24:26.0784 3888 discache - ok
20:24:26.0815 3888 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:24:26.0830 3888 Disk - ok
20:24:26.0862 3888 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
20:24:26.0893 3888 Dnscache - ok
20:24:26.0908 3888 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:24:26.0955 3888 dot3svc - ok
20:24:27.0049 3888 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
20:24:27.0064 3888 Dot4 - ok
20:24:27.0096 3888 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:24:27.0127 3888 Dot4Print - ok
20:24:27.0142 3888 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
20:24:27.0174 3888 dot4usb - ok
20:24:27.0205 3888 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:24:27.0252 3888 DPS - ok
20:24:27.0298 3888 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:24:27.0330 3888 drmkaud - ok
20:24:27.0376 3888 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:27.0408 3888 DXGKrnl - ok
20:24:27.0439 3888 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:24:27.0470 3888 EapHost - ok
20:24:27.0642 3888 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:24:27.0704 3888 ebdrv - ok
20:24:27.0813 3888 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
20:24:27.0860 3888 EFS - ok
20:24:27.0954 3888 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
20:24:28.0000 3888 ehRecvr - ok
20:24:28.0032 3888 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:24:28.0078 3888 ehSched - ok
20:24:28.0156 3888 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:28.0172 3888 elxstor - ok
20:24:28.0203 3888 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
20:24:28.0234 3888 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0234 3888 epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0250 3888 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:24:28.0281 3888 ErrDev - ok
20:24:28.0312 3888 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
20:24:28.0328 3888 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0328 3888 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0375 3888 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:24:28.0406 3888 EventSystem - ok
20:24:28.0453 3888 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:24:28.0484 3888 exfat - ok
20:24:28.0500 3888 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:24:28.0531 3888 fastfat - ok
20:24:28.0578 3888 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:24:28.0624 3888 Fax - ok
20:24:28.0640 3888 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:24:28.0671 3888 fdc - ok
20:24:28.0687 3888 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:24:28.0734 3888 fdPHost - ok
20:24:28.0749 3888 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:24:28.0780 3888 FDResPub - ok
20:24:28.0780 3888 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:24:28.0796 3888 FileInfo - ok
20:24:28.0812 3888 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:24:28.0843 3888 Filetrace - ok
20:24:28.0843 3888 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:28.0874 3888 flpydisk - ok
20:24:28.0921 3888 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:24:28.0936 3888 FltMgr - ok
20:24:28.0999 3888 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
20:24:29.0046 3888 FontCache - ok
20:24:29.0139 3888 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:24:29.0139 3888 FontCache3.0.0.0 - ok
20:24:29.0170 3888 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:24:29.0170 3888 FsDepends - ok
20:24:29.0202 3888 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:29.0217 3888 Fs_Rec - ok
20:24:29.0233 3888 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:29.0264 3888 fvevol - ok
20:24:29.0404 3888 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\Windows\system32\DRIVERS\fw.sys
20:24:29.0451 3888 FW1 - ok
20:24:29.0560 3888 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:29.0576 3888 gagp30kx - ok
20:24:29.0623 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:29.0638 3888 GEARAspiWDM - ok
20:24:29.0685 3888 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:24:29.0732 3888 gpsvc - ok
20:24:29.0857 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0857 3888 gupdate - ok
20:24:29.0872 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0888 3888 gupdatem - ok
20:24:29.0919 3888 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:24:29.0950 3888 hcw85cir - ok
20:24:29.0982 3888 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:29.0997 3888 HDAudBus - ok
20:24:30.0028 3888 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
20:24:30.0106 3888 HECI - ok
20:24:30.0106 3888 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:30.0138 3888 HidBatt - ok
20:24:30.0169 3888 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:30.0200 3888 HidBth - ok
20:24:30.0216 3888 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:24:30.0247 3888 HidIr - ok
20:24:30.0294 3888 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:24:30.0325 3888 hidserv - ok
20:24:30.0372 3888 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:30.0387 3888 HidUsb - ok
20:24:30.0403 3888 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:24:30.0434 3888 hkmsvc - ok
20:24:30.0465 3888 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:24:30.0496 3888 HomeGroupListener - ok
20:24:30.0528 3888 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:24:30.0559 3888 HomeGroupProvider - ok
20:24:30.0684 3888 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:24:30.0699 3888 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0699 3888 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:24:30.0730 3888 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:24:30.0730 3888 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0730 3888 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:24:30.0980 3888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:30.0996 3888 HpSAMD - ok
20:24:32.0322 3888 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:24:32.0400 3888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:24:32.0400 3888 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:24:32.0509 3888 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:24:32.0571 3888 HTTP - ok
20:24:32.0712 3888 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:24:32.0727 3888 hwdatacard - ok
20:24:32.0743 3888 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:24:32.0758 3888 hwpolicy - ok
20:24:32.0821 3888 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
20:24:32.0868 3888 hwusbdev - ok
20:24:32.0977 3888 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:33.0024 3888 i8042prt - ok
20:24:33.0086 3888 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
20:24:33.0102 3888 iaStor - ok
20:24:33.0180 3888 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:24:33.0195 3888 iaStorV - ok
20:24:33.0304 3888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:24:33.0336 3888 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:24:33.0336 3888 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:24:33.0476 3888 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:33.0492 3888 idsvc - ok
20:24:34.0038 3888 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:24:34.0272 3888 igfx - ok
20:24:34.0412 3888 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:34.0428 3888 iirsp - ok
20:24:34.0474 3888 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:24:34.0521 3888 IKEEXT - ok
20:24:34.0599 3888 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
20:24:34.0615 3888 Impcd - ok
20:24:34.0755 3888 InstallFilterService (36944f997af08dd85985acbd17e8eda5) C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
20:24:34.0771 3888 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
20:24:34.0771 3888 InstallFilterService - detected UnsignedFile.Multi.Generic (1)
20:24:34.0864 3888 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:24:34.0927 3888 IntcDAud - ok
20:24:34.0974 3888 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:24:34.0989 3888 intelide - ok
20:24:35.0052 3888 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:35.0098 3888 intelppm - ok
20:24:35.0145 3888 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:24:35.0208 3888 IPBusEnum - ok
20:24:35.0239 3888 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:35.0270 3888 IpFilterDriver - ok
20:24:35.0317 3888 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
20:24:35.0364 3888 iphlpsvc - ok
20:24:35.0379 3888 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:35.0395 3888 IPMIDRV - ok
20:24:35.0426 3888 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:35.0473 3888 IPNAT - ok
20:24:35.0629 3888 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:24:35.0644 3888 iPod Service - ok
20:24:35.0676 3888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:35.0691 3888 IRENUM - ok
20:24:35.0691 3888 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:24:35.0707 3888 isapnp - ok
20:24:35.0722 3888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:35.0738 3888 iScsiPrt - ok
20:24:35.0785 3888 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:35.0800 3888 kbdclass - ok
20:24:35.0816 3888 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:35.0847 3888 kbdhid - ok
20:24:35.0878 3888 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:35.0894 3888 KeyIso - ok
20:24:35.0925 3888 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
20:24:35.0941 3888 KSecDD - ok
20:24:35.0956 3888 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:35.0972 3888 KSecPkg - ok
20:24:36.0003 3888 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:24:36.0050 3888 KtmRm - ok
20:24:36.0081 3888 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
20:24:36.0112 3888 LanmanServer - ok
20:24:36.0144 3888 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:24:36.0175 3888 LanmanWorkstation - ok
20:24:36.0222 3888 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:36.0268 3888 lltdio - ok
20:24:36.0300 3888 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:24:36.0331 3888 lltdsvc - ok
20:24:36.0346 3888 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:24:36.0393 3888 lmhosts - ok
20:24:36.0518 3888 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:24:36.0534 3888 LMS - ok
20:24:36.0565 3888 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:36.0596 3888 LSI_FC - ok
20:24:36.0643 3888 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:36.0658 3888 LSI_SAS - ok
20:24:36.0674 3888 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:36.0690 3888 LSI_SAS2 - ok
20:24:36.0705 3888 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:36.0721 3888 LSI_SCSI - ok
20:24:36.0736 3888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:36.0768 3888 luafv - ok
20:24:36.0846 3888 MCSWASVR (92063c0ac741ad5da57ce564e5913bf5) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
20:24:36.0861 3888 MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
20:24:36.0861 3888 MCSWASVR - detected UnsignedFile.Multi.Generic (1)
20:24:36.0877 3888 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:24:36.0892 3888 Mcx2Svc - ok
20:24:37.0017 3888 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:24:37.0033 3888 MDM ( UnsignedFile.Multi.Generic ) - warning
20:24:37.0033 3888 MDM - detected UnsignedFile.Multi.Generic (1)
20:24:37.0064 3888 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:37.0064 3888 megasas - ok
20:24:37.0111 3888 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:37.0126 3888 MegaSR - ok
20:24:37.0142 3888 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:37.0173 3888 MMCSS - ok
20:24:37.0189 3888 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:37.0220 3888 Modem - ok
20:24:37.0251 3888 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:37.0282 3888 monitor - ok
20:24:37.0298 3888 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:37.0314 3888 mouclass - ok
20:24:37.0314 3888 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:37.0329 3888 mouhid - ok
20:24:37.0345 3888 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:24:37.0360 3888 mountmgr - ok
20:24:37.0376 3888 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:24:37.0392 3888 mpio - ok
20:24:37.0407 3888 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:37.0438 3888 mpsdrv - ok
20:24:37.0485 3888 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
20:24:37.0532 3888 MpsSvc - ok
20:24:37.0548 3888 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:24:37.0563 3888 MRxDAV - ok
20:24:37.0626 3888 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:37.0672 3888 mrxsmb - ok
20:24:37.0704 3888 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:37.0750 3888 mrxsmb10 - ok
20:24:37.0766 3888 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:37.0782 3888 mrxsmb20 - ok
20:24:37.0797 3888 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
20:24:37.0813 3888 msahci - ok
20:24:37.0828 3888 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:24:37.0844 3888 msdsm - ok
20:24:37.0875 3888 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:24:37.0906 3888 MSDTC - ok
20:24:37.0938 3888 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:37.0969 3888 Msfs - ok
20:24:37.0984 3888 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:38.0016 3888 mshidkmdf - ok
20:24:38.0047 3888 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:38.0047 3888 msisadrv - ok
20:24:38.0094 3888 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:24:38.0125 3888 MSiSCSI - ok
20:24:38.0125 3888 msiserver - ok
20:24:38.0140 3888 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:38.0187 3888 MSKSSRV - ok
20:24:38.0203 3888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:38.0250 3888 MSPCLOCK - ok
20:24:38.0250 3888 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:38.0281 3888 MSPQM - ok
20:24:38.0296 3888 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:38.0312 3888 MsRPC - ok
20:24:38.0328 3888 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:38.0343 3888 mssmbios - ok
20:24:38.0468 3888 MSSQL$SQLEXPRESS - ok
20:24:38.0562 3888 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:24:38.0577 3888 MSSQLServerADHelper100 - ok
20:24:38.0608 3888 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:38.0624 3888 MSTEE - ok
20:24:38.0655 3888 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:38.0686 3888 MTConfig - ok
20:24:38.0702 3888 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:38.0718 3888 Mup - ok
20:24:38.0749 3888 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:24:38.0796 3888 napagent - ok
20:24:38.0827 3888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:38.0858 3888 NativeWifiP - ok
20:24:38.0967 3888 NBService (8baa0e43bc0267a462068fb3b3388da0) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:24:38.0998 3888 NBService - ok
20:24:39.0045 3888 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:24:39.0076 3888 NDIS - ok
20:24:39.0076 3888 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:39.0123 3888 NdisCap - ok
20:24:39.0139 3888 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:39.0186 3888 NdisTapi - ok
20:24:39.0217 3888 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:39.0248 3888 Ndisuio - ok
20:24:39.0264 3888 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:39.0295 3888 NdisWan - ok
20:24:39.0310 3888 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:24:39.0342 3888 NDProxy - ok
20:24:39.0404 3888 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
20:24:39.0404 3888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:39.0404 3888 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:39.0466 3888 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
20:24:39.0498 3888 Netaapl - ok
20:24:39.0529 3888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:39.0576 3888 NetBIOS - ok
20:24:39.0622 3888 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:24:39.0654 3888 NetBT - ok
20:24:39.0685 3888 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:39.0700 3888 Netlogon - ok
20:24:39.0747 3888 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:24:39.0810 3888 Netman - ok
20:24:39.0919 3888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0950 3888 NetMsmqActivator - ok
20:24:39.0966 3888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0966 3888 NetPipeActivator - ok
20:24:39.0997 3888 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:24:40.0044 3888 netprofm - ok
20:24:40.0075 3888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888 NetTcpActivator - ok
20:24:40.0090 3888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888 NetTcpPortSharing - ok
20:24:40.0122 3888 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:40.0137 3888 nfrd960 - ok
20:24:40.0184 3888 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:24:40.0215 3888 NlaSvc - ok
20:24:40.0356 3888 NMIndexingService (0b77d0d881931da8a067b3214384d0ca) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:24:40.0356 3888 NMIndexingService - ok
20:24:40.0387 3888 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:40.0434 3888 Npfs - ok
20:24:40.0434 3888 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:24:40.0465 3888 nsi - ok
20:24:40.0480 3888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:40.0512 3888 nsiproxy - ok
20:24:40.0590 3888 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:24:40.0621 3888 Ntfs - ok
20:24:40.0746 3888 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:40.0792 3888 Null - ok
20:24:40.0808 3888 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:24:40.0824 3888 nvraid - ok
20:24:40.0855 3888 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:24:40.0855 3888 nvstor - ok
20:24:40.0870 3888 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:40.0886 3888 nv_agp - ok
20:24:41.0011 3888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:41.0042 3888 odserv - ok
20:24:41.0058 3888 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:41.0104 3888 ohci1394 - ok
20:24:41.0151 3888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:41.0167 3888 ose - ok
20:24:41.0198 3888 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:41.0229 3888 p2pimsvc - ok
20:24:41.0260 3888 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:24:41.0292 3888 p2psvc - ok
20:24:41.0307 3888 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:41.0338 3888 Parport - ok
20:24:41.0354 3888 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
20:24:41.0370 3888 partmgr - ok
20:24:41.0401 3888 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:41.0432 3888 Parvdm - ok
20:24:41.0448 3888 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:24:41.0463 3888 PcaSvc - ok
20:24:41.0494 3888 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:24:41.0510 3888 pci - ok
20:24:41.0526 3888 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:24:41.0541 3888 pciide - ok
20:24:41.0557 3888 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:41.0572 3888 pcmcia - ok
20:24:41.0588 3888 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:41.0604 3888 pcw - ok
20:24:41.0728 3888 PDFProFiltSrv (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
20:24:41.0744 3888 PDFProFiltSrv - ok
20:24:41.0791 3888 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:41.0853 3888 PEAUTH - ok
20:24:41.0916 3888 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:24:41.0947 3888 PeerDistSvc - ok
20:24:42.0040 3888 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:24:42.0118 3888 pla - ok
20:24:42.0259 3888 PLFlash DeviceIoControl Service (d597e8d5c35cc41d76de5dd6eda2afa1) C:\Windows\system32\IoctlSvc.exe
20:24:42.0259 3888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0259 3888 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:24:42.0321 3888 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
20:24:42.0352 3888 PlugPlay - ok
20:24:42.0415 3888 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
20:24:42.0430 3888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0430 3888 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:42.0508 3888 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
20:24:42.0524 3888 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0524 3888 pnetmdm - detected UnsignedFile.Multi.Generic (1)
20:24:42.0602 3888 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:24:42.0618 3888 PNRPAutoReg - ok
20:24:42.0649 3888 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:42.0664 3888 PNRPsvc - ok
20:24:42.0711 3888 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:24:42.0758 3888 PolicyAgent - ok
20:24:42.0789 3888 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:24:42.0820 3888 Power - ok
20:24:42.0852 3888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0883 3888 PptpMiniport - ok
20:24:42.0898 3888 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0914 3888 Processor - ok
20:24:42.0976 3888 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
20:24:43.0008 3888 ProfSvc - ok
20:24:43.0039 3888 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:43.0054 3888 ProtectedStorage - ok
20:24:43.0086 3888 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:43.0117 3888 Psched - ok
20:24:43.0179 3888 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:43.0226 3888 ql2300 - ok
20:24:43.0335 3888 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:43.0351 3888 ql40xx - ok
20:24:43.0382 3888 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:24:43.0413 3888 QWAVE - ok
20:24:43.0444 3888 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:43.0460 3888 QWAVEdrv - ok
20:24:43.0460 3888 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:43.0522 3888 RasAcd - ok
20:24:43.0538 3888 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:43.0585 3888 RasAgileVpn - ok
20:24:43.0600 3888 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:24:43.0632 3888 RasAuto - ok
20:24:43.0647 3888 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:43.0694 3888 Rasl2tp - ok
20:24:43.0741 3888 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:24:43.0772 3888 RasMan - ok
20:24:43.0788 3888 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:43.0819 3888 RasPppoe - ok
20:24:43.0834 3888 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:43.0866 3888 RasSstp - ok
20:24:43.0881 3888 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:43.0944 3888 rdbss - ok
20:24:43.0959 3888 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:43.0975 3888 rdpbus - ok
20:24:44.0006 3888 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:44.0022 3888 RDPCDD - ok
20:24:44.0053 3888 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:24:44.0100 3888 RDPDR - ok
20:24:44.0115 3888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:44.0146 3888 RDPENCDD - ok
20:24:44.0162 3888 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:44.0178 3888 RDPREFMP - ok
20:24:44.0240 3888 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
20:24:44.0271 3888 RDPWD - ok
20:24:44.0302 3888 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:24:44.0318 3888 rdyboost - ok
20:24:44.0349 3888 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:24:44.0396 3888 RemoteAccess - ok
20:24:44.0427 3888 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:24:44.0458 3888 RemoteRegistry - ok
20:24:44.0490 3888 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:44.0521 3888 RFCOMM - ok
20:24:44.0536 3888 RimUsb - ok
20:24:44.0583 3888 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
20:24:44.0599 3888 RimVSerPort - ok
20:24:44.0614 3888 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
20:24:44.0646 3888 ROOTMODEM - ok
20:24:44.0677 3888 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:24:44.0708 3888 RpcEptMapper - ok
20:24:44.0724 3888 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:24:44.0755 3888 RpcLocator - ok
20:24:44.0802 3888 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:44.0833 3888 RpcSs - ok
20:24:44.0895 3888 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
20:24:44.0911 3888 RsFx0105 - ok
20:24:44.0926 3888 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:44.0973 3888 rspndr - ok
20:24:45.0020 3888 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
20:24:45.0036 3888 RSUSBSTOR - ok
20:24:45.0067 3888 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:24:45.0082 3888 RTL8167 - ok
20:24:45.0098 3888 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:45.0114 3888 s3cap - ok
20:24:45.0145 3888 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:45.0160 3888 SamSs - ok
20:24:45.0192 3888 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:45.0207 3888 sbp2port - ok
20:24:45.0238 3888 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:24:45.0285 3888 SCardSvr - ok
20:24:45.0301 3888 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:45.0332 3888 scfilter - ok
20:24:45.0441 3888 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
20:24:45.0504 3888 Schedule - ok
20:24:45.0535 3888 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:45.0566 3888 SCPolicySvc - ok
20:24:45.0628 3888 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:24:45.0660 3888 SDRSVC - ok
20:24:45.0816 3888 SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:24:45.0816 3888 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:24:45.0816 3888 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:24:45.0847 3888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:45.0894 3888 secdrv - ok
20:24:45.0925 3888 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:24:45.0972 3888 seclogon - ok
20:24:46.0003 3888 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:24:46.0050 3888 SENS - ok
20:24:46.0065 3888 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:24:46.0112 3888 SensrSvc - ok
20:24:46.0159 3888 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
20:24:46.0174 3888 Sentinel - ok
20:24:46.0190 3888 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:46.0206 3888 Serenum - ok
20:24:46.0221 3888 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:24:46.0252 3888 Serial - ok
20:24:46.0284 3888 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:46.0284 3888 sermouse - ok
20:24:46.0315 3888 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:24:46.0346 3888 SessionEnv - ok
20:24:46.0362 3888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:46.0408 3888 sffdisk - ok
20:24:46.0424 3888 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:46.0455 3888 sffp_mmc - ok
20:24:46.0455 3888 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:46.0486 3888 sffp_sd - ok
20:24:46.0486 3888 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:46.0502 3888 sfloppy - ok
20:24:46.0549 3888 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:24:46.0596 3888 SharedAccess - ok
20:24:46.0627 3888 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:24:46.0658 3888 ShellHWDetection - ok
20:24:46.0674 3888 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
20:24:46.0674 3888 simptcp - ok
20:24:46.0705 3888 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:24:46.0705 3888 sisagp - ok
20:24:46.0720 3888 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:46.0736 3888 SiSRaid2 - ok
20:24:46.0752 3888 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:46.0767 3888 SiSRaid4 - ok
20:24:46.0783 3888 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:46.0845 3888 Smb - ok
20:24:46.0876 3888 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:24:46.0908 3888 SNMPTRAP - ok
20:24:46.0923 3888 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:46.0923 3888 spldr - ok
20:24:47.0001 3888 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
20:24:47.0017 3888 Spooler - ok
20:24:47.0173 3888 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:24:47.0235 3888 sppsvc - ok
20:24:47.0360 3888 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:24:47.0391 3888 sppuinotify - ok
20:24:47.0547 3888 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:24:47.0578 3888 SQLAgent$SQLEXPRESS - ok
20:24:47.0625 3888 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:24:47.0641 3888 SQLBrowser - ok
20:24:47.0672 3888 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:24:47.0688 3888 SQLWriter - ok
20:24:47.0766 3888 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:24:47.0797 3888 srv - ok
20:24:47.0844 3888 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:24:47.0875 3888 srv2 - ok
20:24:47.0890 3888 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:47.0922 3888 srvnet - ok
20:24:48.0031 3888 SR_Service (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
20:24:48.0031 3888 SR_Service - ok
20:24:48.0078 3888 SR_Watchdog (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
20:24:48.0078 3888 SR_Watchdog - ok
20:24:48.0109 3888 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:24:48.0156 3888 SSDPSRV - ok
20:24:48.0218 3888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:24:48.0218 3888 ssmdrv - ok
20:24:48.0234 3888 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:24:48.0265 3888 SstpSvc - ok
20:24:48.0358 3888 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
20:24:48.0374 3888 STacSV - ok
20:24:48.0405 3888 stdflt (972f577308b006070de8d09573dbae53) C:\Windows\system32\DRIVERS\stdflt.sys
20:24:48.0421 3888 stdflt - ok
20:24:48.0436 3888 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:48.0452 3888 stexstor - ok
20:24:48.0483 3888 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
20:24:48.0514 3888 STHDA - ok
20:24:48.0546 3888 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
20:24:48.0577 3888 StillCam - ok
20:24:48.0624 3888 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:24:48.0670 3888 StiSvc - ok
20:24:48.0686 3888 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:48.0702 3888 storflt - ok
20:24:48.0717 3888 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
20:24:48.0733 3888 StorSvc - ok
20:24:48.0748 3888 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:24:48.0764 3888 storvsc - ok
20:24:48.0780 3888 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:24:48.0780 3888 swenum - ok
20:24:48.0811 3888 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:24:48.0873 3888 swprv - ok
20:24:48.0920 3888 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
20:24:48.0982 3888 SynTP - ok
20:24:49.0903 3888 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:24:50.0028 3888 SysMain - ok
20:24:50.0121 3888 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:24:50.0152 3888 TabletInputService - ok
20:24:50.0168 3888 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:24:50.0199 3888 TapiSrv - ok
20:24:50.0230 3888 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:24:50.0277 3888 TBS - ok
20:24:50.0402 3888 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
20:24:50.0433 3888 Tcpip - ok
20:24:50.0620 3888 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:50.0652 3888 TCPIP6 - ok
20:24:50.0854 3888 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
20:24:50.0854 3888 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
20:24:50.0854 3888 tcpipBM - detected UnsignedFile.Multi.Generic (1)
20:24:50.0886 3888 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:24:50.0964 3888 tcpipreg - ok
20:24:50.0979 3888 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0026 3888 TDPIPE - ok
20:24:51.0073 3888 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0104 3888 TDTCP - ok
20:24:51.0120 3888 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0151 3888 tdx - ok
20:24:51.0166 3888 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0182 3888 TermDD - ok
20:24:51.0229 3888 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:24:51.0260 3888 TermService - ok
20:24:51.0276 3888 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:24:51.0291 3888 Themes - ok
20:24:51.0322 3888 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:51.0354 3888 THREADORDER - ok
20:24:51.0385 3888 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe
20:24:51.0400 3888 TlntSvr - ok
20:24:51.0447 3888 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:24:51.0494 3888 TrkWks - ok
20:24:51.0619 3888 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0634 3888 TrustedInstaller - ok
20:24:51.0634 3888 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0681 3888 tssecsrv - ok
20:24:51.0728 3888 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:51.0759 3888 tunnel - ok
20:24:51.0884 3888 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:51.0900 3888 uagp35 - ok
20:24:52.0227 3888 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0305 3888 udfs - ok
20:24:52.0336 3888 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:24:52.0352 3888 UI0Detect - ok
20:24:52.0414 3888 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:52.0430 3888 uliagpkx - ok
20:24:52.0524 3888 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:24:52.0570 3888 umbus - ok
20:24:52.0602 3888 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:52.0617 3888 UmPass - ok
20:24:52.0695 3888 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
20:24:52.0726 3888 UmRdpService - ok
20:24:53.0007 3888 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:24:53.0085 3888 UNS - ok
20:24:53.0304 3888 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:24:53.0350 3888 upnphost - ok
20:24:53.0428 3888 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:24:53.0475 3888 USBAAPL - ok
20:24:53.0506 3888 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:53.0522 3888 usbccgp - ok
20:24:53.0709 3888 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:24:53.0756 3888 usbcir - ok
20:24:53.0834 3888 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
20:24:53.0850 3888 usbehci - ok
20:24:54.0661 3888 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:54.0770 3888 usbhub - ok
20:24:54.0848 3888 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
20:24:54.0848 3888 usbohci - ok
20:24:54.0879 3888 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:54.0926 3888 usbprint - ok
20:24:54.0973 3888 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:24:54.0988 3888 usbscan - ok
20:24:55.0004 3888 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:55.0035 3888 USBSTOR - ok
20:24:55.0051 3888 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
20:24:55.0066 3888 usbuhci - ok
20:24:55.0129 3888 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
20:24:55.0176 3888 usbvideo - ok
20:24:55.0191 3888 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:24:55.0207 3888 usb_rndisx - ok
20:24:55.0238 3888 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:24:55.0269 3888 UxSms - ok
20:24:55.0332 3888 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:55.0347 3888 VaultSvc - ok
20:24:55.0363 3888 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:55.0378 3888 vdrvroot - ok
20:24:55.0425 3888 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:24:55.0488 3888 vds - ok
20:24:55.0519 3888 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:55.0534 3888 vga - ok
20:24:55.0566 3888 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:55.0597 3888 VgaSave - ok
20:24:55.0722 3888 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:55.0737 3888 vhdmp - ok
20:24:55.0815 3888 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:24:55.0831 3888 viaagp - ok
20:24:55.0909 3888 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:55.0940 3888 ViaC7 - ok
20:24:55.0987 3888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:24:55.0987 3888 viaide - ok
20:24:56.0112 3888 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:24:56.0143 3888 vmbus - ok
20:24:56.0143 3888 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:56.0158 3888 VMBusHID - ok
20:24:56.0205 3888 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\Windows\system32\DRIVERS\vnasc.sys
20:24:56.0221 3888 VNASC - ok
20:24:56.0268 3888 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:24:56.0283 3888 volmgr - ok
20:24:56.0299 3888 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:24:56.0330 3888 volmgrx - ok
20:24:56.0346 3888 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:24:56.0361 3888 volsnap - ok
20:24:56.0439 3888 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\Windows\System32\drivers\vpn.sys
20:24:56.0455 3888 VPN-1 - ok
20:24:56.0486 3888 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:56.0502 3888 vsmraid - ok
20:24:56.0782 3888 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:24:56.0829 3888 VSS - ok
20:24:56.0954 3888 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:57.0016 3888 vwifibus - ok
20:24:57.0048 3888 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:57.0094 3888 vwififlt - ok
20:24:57.0172 3888 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:57.0204 3888 vwifimp - ok
20:24:57.0328 3888 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:24:57.0360 3888 W32Time - ok
20:24:57.0406 3888 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:57.0422 3888 WacomPen - ok
20:24:57.0469 3888 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0500 3888 WANARP - ok
20:24:57.0500 3888 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0531 3888 Wanarpv6 - ok
20:24:57.0656 3888 WAS (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll
20:24:57.0672 3888 WAS - ok
20:24:57.0937 3888 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:58.0015 3888 WatAdminSvc - ok
20:24:58.0592 3888 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:24:58.0717 3888 wbengine - ok
20:24:58.0732 3888 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:24:58.0748 3888 WbioSrvc - ok
20:24:58.0826 3888 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
20:24:58.0857 3888 wcncsvc - ok
20:24:58.0904 3888 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:24:58.0966 3888 WcsPlugInService - ok
20:24:59.0044 3888 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:24:59.0060 3888 Wd - ok
20:24:59.0091 3888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:24:59.0122 3888 Wdf01000 - ok
20:24:59.0138 3888 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0154 3888 WdiServiceHost - ok
20:24:59.0169 3888 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0185 3888 WdiSystemHost - ok
20:24:59.0294 3888 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
20:24:59.0341 3888 WebClient - ok
20:24:59.0372 3888 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:24:59.0403 3888 Wecsvc - ok
20:24:59.0419 3888 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:24:59.0450 3888 wercplsupport - ok
20:24:59.0481 3888 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:24:59.0512 3888 WerSvc - ok
20:24:59.0544 3888 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:59.0575 3888 WfpLwf - ok
20:24:59.0606 3888 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:24:59.0622 3888 WIMMount - ok
20:24:59.0715 3888 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:24:59.0731 3888 WinDefend - ok
20:24:59.0746 3888 WinHttpAutoProxySvc - ok
20:24:59.0824 3888 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:24:59.0856 3888 Winmgmt - ok
20:24:59.0934 3888 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:24:59.0996 3888 WinRM - ok
20:25:00.0058 3888 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
20:25:00.0074 3888 WinUsb - ok
20:25:00.0136 3888 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:25:00.0183 3888 Wlansvc - ok
20:25:00.0261 3888 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
20:25:00.0277 3888 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
20:25:00.0277 3888 wltrysvc - detected UnsignedFile.Multi.Generic (1)
20:25:00.0308 3888 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:00.0324 3888 WmiAcpi - ok
20:25:00.0386 3888 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:00.0402 3888 wmiApSrv - ok
20:25:00.0495 3888 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:25:00.0542 3888 WMPNetworkSvc - ok
20:25:00.0682 3888 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:25:00.0729 3888 WPCSvc - ok
20:25:00.0745 3888 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:25:00.0745 3888 WPDBusEnum - ok
20:25:00.0854 3888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:00.0901 3888 ws2ifsl - ok
20:25:00.0932 3888 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
20:25:00.0948 3888 wscsvc - ok
20:25:01.0010 3888 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:25:01.0026 3888 WSDPrintDevice - ok
20:25:01.0057 3888 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
20:25:01.0088 3888 WSDScan - ok
20:25:01.0104 3888 WSearch - ok
20:25:01.0213 3888 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:25:01.0260 3888 wuauserv - ok
20:25:02.0086 3888 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
20:25:02.0133 3888 WudfPf - ok
20:25:02.0476 3888 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:02.0508 3888 WUDFRd - ok
20:25:02.0648 3888 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
20:25:02.0726 3888 wudfsvc - ok
20:25:03.0022 3888 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:25:03.0085 3888 WwanSvc - ok
20:25:03.0241 3888 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:25:05.0050 3888 \Device\Harddisk0\DR0 - ok
20:25:05.0128 3888 Boot (0x1200) (e6f3f13999f4be88efba1d93b874507b) \Device\Harddisk0\DR0\Partition0
20:25:05.0128 3888 \Device\Harddisk0\DR0\Partition0 - ok
20:25:05.0160 3888 Boot (0x1200) (007dced352129e778a49d2aad7ee9167) \Device\Harddisk0\DR0\Partition1
20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition1 - ok
20:25:05.0160 3888 Boot (0x1200) (fe239bcf2fb282cc1ec90bb216ec87f2) \Device\Harddisk0\DR0\Partition2
20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition2 - ok
20:25:05.0191 3888 Boot (0x1200) (56fd26809b43cfedecce0a5a43006905) \Device\Harddisk0\DR0\Partition3
20:25:05.0222 3888 \Device\Harddisk0\DR0\Partition3 - ok
20:25:05.0222 3888 ============================================================
20:25:05.0222 3888 Scan finished
20:25:05.0222 3888 ============================================================
20:25:05.0222 3552 Detected object count: 22
20:25:05.0222 3552 Actual detected object count: 22
20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:38.0129 4136 Deinitialize success
Steffen |
|
10.08.2012, 19:14
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 11:46
| #23 |
| | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hallo Arne, hier das logfile von combofix. Combofix Logfile: Code:
ATTFilter ComboFix 12-08-13.01 - bslap 14.08.2012 12:18:58.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2935.1603 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bslap\AppData\Roaming\log.txt
c:\users\Johannes\Desktop\Internet Explorer.lnk
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winsusrm.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-14 10:14 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19 -------- d-----w- C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24 -------- d-----w- c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-13 16:08 -------- d-----w- c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11 -------- d-----w- c:\program files\FreeTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 14:26 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 14:30 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 14:30 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 14:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 14:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 14:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22 452032 ----a-w- c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01 284160 ----a-w- c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52 2384896 ----a-w- c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13 110592 ----a-w- c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02 328992 ----a-w- c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01 106496 ----a-w- c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26 3873648 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21 2539520 ----a-w- c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C98BE8DB-5FD4-4455-9BB2-A3E1AE5A325B} - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-Visio Professional - c:\windows\unin0407.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\bslap\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(1036)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-14 12:43:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-14 10:43
.
Vor Suchlauf: 20 Verzeichnis(se), 40.829.112.320 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 40.385.060.864 Bytes frei
.
- - End Of File - - 64FD5239447891B2BBE5C43042FB603D
Danke und Gruß Steffen |
|
14.08.2012, 16:08
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 12:04
| #25 |
| | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Anbei die Log-Datei von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-16.01 - bslap 16.08.2012 12:44:03.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2935.1766 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bslap\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-16 bis 2012-08-16 ))))))))))))))))))))))))))))))
.
.
2012-08-16 10:51 . 2012-08-16 10:51 -------- d-----w- c:\users\Johannes\AppData\Local\temp
2012-08-16 10:51 . 2012-08-16 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 10:30 . 2012-08-16 10:51 -------- d-----w- c:\users\bslap\AppData\Local\temp
2012-08-14 10:14 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19 -------- d-----w- C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24 -------- d-----w- c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-16 10:37 -------- d-----w- c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11 -------- d-----w- c:\program files\FreeTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 14:26 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 14:30 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 14:30 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 14:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 14:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 14:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22 452032 ----a-w- c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01 284160 ----a-w- c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52 2384896 ----a-w- c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13 110592 ----a-w- c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02 328992 ----a-w- c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01 106496 ----a-w- c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26 3873648 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21 2539520 ----a-w- c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(5812)
c:\windows\system32\CbFsMntNtf3.dll
.
Zeit der Fertigstellung: 2012-08-16 12:54:31
ComboFix-quarantined-files.txt 2012-08-16 10:54
ComboFix2.txt 2012-08-14 10:43
.
Vor Suchlauf: 22 Verzeichnis(se), 39.439.360.000 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 39.241.756.672 Bytes frei
.
- - End Of File - - DF8E6C83628A3D53405946C6047CEEC2
Gruß Steffen |
|
16.08.2012, 13:39
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hm, ich das Teil mit einer Datei verwechselt, nochmal aber so bitte: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 14:30
| #27 |
| | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hier der 2. Versuch: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-16.01 - bslap 16.08.2012 15:11:15.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2935.1411 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bslap\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-16 bis 2012-08-16 ))))))))))))))))))))))))))))))
.
.
2012-08-16 13:21 . 2012-08-16 13:21 -------- d-----w- c:\users\Johannes\AppData\Local\temp
2012-08-16 13:21 . 2012-08-16 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 09:29 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 09:29 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 09:29 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 09:29 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 10:30 . 2012-08-16 13:21 -------- d-----w- c:\users\bslap\AppData\Local\temp
2012-08-14 10:14 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19 -------- d-----w- C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24 -------- d-----w- c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-16 13:08 -------- d-----w- c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28 -------- d-----w- c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11 -------- d-----w- c:\program files\FreeTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-06 05:09 . 2012-07-11 09:43 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 09:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod ----
.
2012-07-30 06:37 . 2012-08-16 13:08 5120 ----a-w- c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod\alarms.db
2012-07-30 06:35 . 2012-08-16 13:08 4862976 ----a-w- c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod\main.db
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22 452032 ----a-w- c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01 284160 ----a-w- c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52 2384896 ----a-w- c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13 110592 ----a-w- c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02 328992 ----a-w- c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01 106496 ----a-w- c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26 3873648 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21 2539520 ----a-w- c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(6148)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-16 15:24:27
ComboFix-quarantined-files.txt 2012-08-16 13:24
ComboFix2.txt 2012-08-16 10:54
ComboFix3.txt 2012-08-14 10:43
.
Vor Suchlauf: 21 Verzeichnis(se), 39.002.292.224 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 38.590.222.336 Bytes frei
.
- - End Of File - - 36F2AD3BA9729CB2A5325AC4F312BCF1
Danke und Gruß Steffen |
|
17.08.2012, 17:32
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdecktCode:
ATTFilter c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
Die Archivdatei dann bitte hier bei uns hochladen => http://www.trojaner-board.de/54791-a...tml#post349565
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 17:59
| #29 |
| |  a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Erledigt! Hab die Datei eben hochgeladen. Gruß Steffen |
|
17.08.2012, 21:15
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Ach jetzt weiß ich was das ist. Das scheint irgendeine Mailclient-Datenbank zu sein. Nicht Gefährliches Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt |
| adware, appdata, bild, bluescreen, dateien, explorer, folge, fremdsoftware, gmer, internet explorer, kryptik.ai trojaner, laptop, launch, maus, microsoft, popups, problem, programm, rechner, recycle.bin, scan, system volume information, systemfehler, systemsteuerung, systemwiederherstellung, taskmanager, temp, variant, versteckte dateien, windows |
Linear-Darstellung
