| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Exploits EXP/CVE-2011-3544.BU von Avira gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2012, 11:06
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Exploits EXP/CVE-2011-3544.BU von Avira gefunden Ziemlich unauffällig das Ganze Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2012, 13:29
| #17 |
 | Exploits EXP/CVE-2011-3544.BU von Avira gefundenCode:
ATTFilter 14:24:45.0845 0736 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:24:45.0940 0736 ============================================================
14:24:45.0940 0736 Current date / time: 2012/08/07 14:24:45.0940
14:24:45.0940 0736 SystemInfo:
14:24:45.0940 0736
14:24:45.0940 0736 OS Version: 6.1.7601 ServicePack: 1.0
14:24:45.0940 0736 Product type: Workstation
14:24:45.0940 0736 ComputerName: R187129
14:24:45.0941 0736 UserName: Christian_2
14:24:45.0941 0736 Windows directory: C:\Windows
14:24:45.0941 0736 System windows directory: C:\Windows
14:24:45.0941 0736 Running under WOW64
14:24:45.0941 0736 Processor architecture: Intel x64
14:24:45.0941 0736 Number of processors: 2
14:24:45.0941 0736 Page size: 0x1000
14:24:45.0941 0736 Boot type: Normal boot
14:24:45.0941 0736 ============================================================
14:24:47.0341 0736 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:24:47.0351 0736 ============================================================
14:24:47.0351 0736 \Device\Harddisk0\DR0:
14:24:47.0351 0736 MBR partitions:
14:24:47.0351 0736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
14:24:47.0351 0736 ============================================================
14:24:47.0360 0736 C: <-> \Device\Harddisk0\DR0\Partition0
14:24:47.0361 0736 ============================================================
14:24:47.0361 0736 Initialize success
14:24:47.0361 0736 ============================================================
14:25:34.0724 4360 ============================================================
14:25:34.0724 4360 Scan started
14:25:34.0724 4360 Mode: Manual; SigCheck; TDLFS;
14:25:34.0724 4360 ============================================================
14:25:37.0753 4360 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:25:37.0986 4360 1394ohci - ok
14:25:38.0075 4360 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
14:25:38.0096 4360 ac.sharedstore - ok
14:25:38.0161 4360 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:25:38.0181 4360 Accelerometer - ok
14:25:38.0257 4360 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:25:38.0279 4360 ACPI - ok
14:25:38.0325 4360 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:25:38.0412 4360 AcpiPmi - ok
14:25:38.0526 4360 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
14:25:38.0625 4360 ADIHdAudAddService - ok
14:25:38.0856 4360 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:25:38.0869 4360 AdobeARMservice - ok
14:25:39.0142 4360 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:25:39.0161 4360 AdobeFlashPlayerUpdateSvc - ok
14:25:39.0336 4360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:25:39.0362 4360 adp94xx - ok
14:25:39.0415 4360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:25:39.0437 4360 adpahci - ok
14:25:39.0508 4360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:25:39.0527 4360 adpu320 - ok
14:25:39.0582 4360 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
14:25:39.0633 4360 AEADIFilters - ok
14:25:39.0713 4360 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:25:39.0883 4360 AeLookupSvc - ok
14:25:39.0994 4360 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:25:40.0077 4360 AFD - ok
14:25:40.0211 4360 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
14:25:40.0301 4360 AgereSoftModem - ok
14:25:40.0367 4360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:25:40.0384 4360 agp440 - ok
14:25:40.0444 4360 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:25:40.0528 4360 ALG - ok
14:25:40.0548 4360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:25:40.0562 4360 aliide - ok
14:25:40.0623 4360 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
14:25:40.0711 4360 AMD External Events Utility - ok
14:25:40.0724 4360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:25:40.0739 4360 amdide - ok
14:25:40.0796 4360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:25:40.0858 4360 AmdK8 - ok
14:25:40.0887 4360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:25:40.0930 4360 AmdPPM - ok
14:25:40.0979 4360 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:25:40.0996 4360 amdsata - ok
14:25:41.0050 4360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:25:41.0071 4360 amdsbs - ok
14:25:41.0127 4360 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:25:41.0142 4360 amdxata - ok
14:25:41.0382 4360 AntiVirMailService (56beb1292dc71e49c824455ec582bfce) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:25:41.0419 4360 AntiVirMailService - ok
14:25:41.0487 4360 AntiVirSchedulerService (7abe4092c35e7d4596487dfa075d84e1) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:25:41.0502 4360 AntiVirSchedulerService - ok
14:25:41.0606 4360 AntiVirService (5a37ffa608ae126c9702f5c07e07fc08) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:25:41.0622 4360 AntiVirService - ok
14:25:41.0721 4360 AntiVirWebService (5f2f39626586536ca86f402a1c947463) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:25:41.0745 4360 AntiVirWebService - ok
14:25:41.0820 4360 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:25:41.0981 4360 AppID - ok
14:25:42.0024 4360 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:25:42.0099 4360 AppIDSvc - ok
14:25:42.0166 4360 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:25:42.0278 4360 Appinfo - ok
14:25:42.0453 4360 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:25:42.0467 4360 Apple Mobile Device - ok
14:25:42.0536 4360 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:25:42.0576 4360 AppMgmt - ok
14:25:42.0641 4360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:25:42.0658 4360 arc - ok
14:25:42.0673 4360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:25:42.0690 4360 arcsas - ok
14:25:42.0785 4360 ASBroker (6d9c17b3b2526539fb1ea68b3bd4d402) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
14:25:42.0801 4360 ASBroker - ok
14:25:42.0827 4360 ASChannel (47f16e188376c7d263ceeab8fe65a1c2) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll
14:25:42.0842 4360 ASChannel - ok
14:25:42.0894 4360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:25:42.0969 4360 AsyncMac - ok
14:25:43.0005 4360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:25:43.0020 4360 atapi - ok
14:25:43.0442 4360 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
14:25:43.0683 4360 atikmdag - ok
14:25:43.0910 4360 ATService (27bf131c3db208a3e79961693d66d687) C:\Program Files\Fingerprint Sensor\ATService.exe
14:25:43.0963 4360 ATService - ok
14:25:44.0149 4360 ATSwpWDF (e10f5568d058ecf442dd74e2ea09be97) C:\Windows\system32\Drivers\ATSwpWDF.sys
14:25:44.0175 4360 ATSwpWDF - ok
14:25:44.0274 4360 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:25:44.0358 4360 AudioEndpointBuilder - ok
14:25:44.0365 4360 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:25:44.0417 4360 AudioSrv - ok
14:25:44.0528 4360 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
14:25:44.0545 4360 avgntflt - ok
14:25:44.0586 4360 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
14:25:44.0604 4360 avipbb - ok
14:25:44.0631 4360 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:25:44.0646 4360 avkmgr - ok
14:25:44.0712 4360 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:25:44.0802 4360 AxInstSV - ok
14:25:44.0893 4360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:25:44.0946 4360 b06bdrv - ok
14:25:44.0983 4360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:25:45.0044 4360 b57nd60a - ok
14:25:45.0379 4360 BCM43XX (0e14a0071fe26a570bcaff5401014717) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:25:45.0467 4360 BCM43XX - ok
14:25:45.0631 4360 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:25:45.0672 4360 BDESVC - ok
14:25:45.0805 4360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:25:45.0850 4360 Beep - ok
14:25:45.0965 4360 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:25:46.0050 4360 BFE - ok
14:25:46.0142 4360 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:25:46.0219 4360 BITS - ok
14:25:46.0309 4360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:25:46.0342 4360 blbdrive - ok
14:25:46.0470 4360 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:25:46.0494 4360 Bonjour Service - ok
14:25:46.0562 4360 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:25:46.0618 4360 bowser - ok
14:25:46.0675 4360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:25:46.0739 4360 BrFiltLo - ok
14:25:46.0749 4360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:25:46.0768 4360 BrFiltUp - ok
14:25:46.0828 4360 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:25:46.0901 4360 Browser - ok
14:25:46.0934 4360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:25:46.0980 4360 Brserid - ok
14:25:47.0001 4360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:25:47.0039 4360 BrSerWdm - ok
14:25:47.0147 4360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:25:47.0252 4360 BrUsbMdm - ok
14:25:47.0264 4360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:25:47.0305 4360 BrUsbSer - ok
14:25:47.0377 4360 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:25:47.0472 4360 BthEnum - ok
14:25:47.0530 4360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:25:47.0563 4360 BTHMODEM - ok
14:25:47.0779 4360 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:25:47.0835 4360 BthPan - ok
14:25:47.0911 4360 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:25:47.0971 4360 BTHPORT - ok
14:25:48.0038 4360 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:25:48.0100 4360 bthserv - ok
14:25:48.0155 4360 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:25:48.0192 4360 BTHUSB - ok
14:25:48.0234 4360 catchme - ok
14:25:48.0313 4360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:25:48.0384 4360 cdfs - ok
14:25:48.0455 4360 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:25:48.0475 4360 cdrom - ok
14:25:48.0537 4360 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:25:48.0614 4360 CertPropSvc - ok
14:25:48.0680 4360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:25:48.0723 4360 circlass - ok
14:25:48.0830 4360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:25:48.0856 4360 CLFS - ok
14:25:48.0958 4360 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:25:48.0980 4360 clr_optimization_v2.0.50727_32 - ok
14:25:49.0087 4360 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:25:49.0114 4360 clr_optimization_v2.0.50727_64 - ok
14:25:49.0272 4360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:25:49.0291 4360 clr_optimization_v4.0.30319_32 - ok
14:25:49.0339 4360 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:25:49.0367 4360 clr_optimization_v4.0.30319_64 - ok
14:25:49.0391 4360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:25:49.0412 4360 CmBatt - ok
14:25:49.0461 4360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:25:49.0476 4360 cmdide - ok
14:25:49.0542 4360 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:25:49.0609 4360 CNG - ok
14:25:49.0774 4360 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:25:49.0791 4360 Com4QLBEx - ok
14:25:49.0858 4360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:25:49.0873 4360 Compbatt - ok
14:25:49.0927 4360 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:25:49.0954 4360 CompositeBus - ok
14:25:49.0965 4360 COMSysApp - ok
14:25:49.0984 4360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:25:49.0998 4360 crcdisk - ok
14:25:50.0068 4360 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:25:50.0096 4360 CryptSvc - ok
14:25:50.0179 4360 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:25:50.0264 4360 CSC - ok
14:25:50.0502 4360 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:25:50.0573 4360 CscService - ok
14:25:50.0694 4360 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:25:50.0819 4360 DcomLaunch - ok
14:25:51.0060 4360 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:25:51.0147 4360 defragsvc - ok
14:25:51.0241 4360 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:25:51.0284 4360 DfsC - ok
14:25:51.0362 4360 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:25:51.0408 4360 Dhcp - ok
14:25:51.0450 4360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:25:51.0499 4360 discache - ok
14:25:51.0530 4360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:25:51.0546 4360 Disk - ok
14:25:51.0607 4360 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:25:51.0664 4360 Dnscache - ok
14:25:51.0722 4360 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:25:51.0787 4360 dot3svc - ok
14:25:51.0836 4360 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:25:51.0892 4360 DPS - ok
14:25:51.0962 4360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:25:51.0980 4360 drmkaud - ok
14:25:52.0076 4360 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:25:52.0112 4360 DXGKrnl - ok
14:25:52.0181 4360 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:25:52.0244 4360 EapHost - ok
14:25:53.0192 4360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:25:53.0279 4360 ebdrv - ok
14:25:53.0436 4360 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:25:53.0498 4360 EFS - ok
14:25:53.0630 4360 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:25:53.0698 4360 ehRecvr - ok
14:25:53.0763 4360 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:25:53.0809 4360 ehSched - ok
14:25:53.0927 4360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:25:53.0954 4360 elxstor - ok
14:25:53.0992 4360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:25:54.0026 4360 ErrDev - ok
14:25:54.0185 4360 EskerLicenseControl (79f9cc85c1533b03cb59ee9995c29163) C:\Program Files (x86)\Esker\Common\eslcbcst.exe
14:25:54.0215 4360 EskerLicenseControl ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0216 4360 EskerLicenseControl - detected UnsignedFile.Multi.Generic (1)
14:25:54.0281 4360 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:25:54.0348 4360 EventSystem - ok
14:25:54.0391 4360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:25:54.0454 4360 exfat - ok
14:25:54.0486 4360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:25:54.0532 4360 fastfat - ok
14:25:54.0629 4360 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:25:54.0712 4360 Fax - ok
14:25:54.0798 4360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:25:54.0826 4360 fdc - ok
14:25:54.0863 4360 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:25:54.0935 4360 fdPHost - ok
14:25:54.0957 4360 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:25:55.0017 4360 FDResPub - ok
14:25:55.0037 4360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:25:55.0054 4360 FileInfo - ok
14:25:55.0073 4360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:25:55.0133 4360 Filetrace - ok
14:25:55.0149 4360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:25:55.0165 4360 flpydisk - ok
14:25:55.0235 4360 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:25:55.0255 4360 FltMgr - ok
14:25:55.0365 4360 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:25:55.0423 4360 FontCache - ok
14:25:55.0539 4360 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:25:55.0552 4360 FontCache3.0.0.0 - ok
14:25:55.0637 4360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:25:55.0652 4360 FsDepends - ok
14:25:55.0694 4360 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:25:55.0709 4360 Fs_Rec - ok
14:25:55.0772 4360 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:25:55.0795 4360 fvevol - ok
14:25:55.0824 4360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:25:55.0840 4360 gagp30kx - ok
14:25:55.0900 4360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:25:55.0912 4360 GEARAspiWDM - ok
14:25:56.0006 4360 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:25:56.0070 4360 gpsvc - ok
14:25:56.0212 4360 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:25:56.0226 4360 gupdate - ok
14:25:56.0251 4360 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:25:56.0265 4360 gupdatem - ok
14:25:56.0326 4360 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:25:56.0341 4360 gusvc - ok
14:25:56.0383 4360 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:25:56.0398 4360 hamachi - ok
14:25:56.0620 4360 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:25:56.0697 4360 Hamachi2Svc - ok
14:25:56.0861 4360 HBtnKey (93c3c66d38b0bc08a04f0b28055bc9ac) C:\Windows\system32\DRIVERS\cpqbttn.sys
14:25:56.0874 4360 HBtnKey - ok
14:25:56.0921 4360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:25:56.0955 4360 hcw85cir - ok
14:25:57.0030 4360 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:25:57.0069 4360 HdAudAddService - ok
14:25:57.0112 4360 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:25:57.0145 4360 HDAudBus - ok
14:25:57.0199 4360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:25:57.0215 4360 HidBatt - ok
14:25:57.0234 4360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:25:57.0270 4360 HidBth - ok
14:25:57.0298 4360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:25:57.0348 4360 HidIr - ok
14:25:57.0389 4360 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:25:57.0459 4360 hidserv - ok
14:25:57.0535 4360 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:25:57.0551 4360 HidUsb - ok
14:25:57.0605 4360 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:25:57.0682 4360 hkmsvc - ok
14:25:57.0735 4360 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:25:57.0772 4360 HomeGroupListener - ok
14:25:57.0837 4360 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:25:57.0875 4360 HomeGroupProvider - ok
14:25:57.0979 4360 HP ProtectTools Service (aa1ecd3306f0c5bb2418d5715199bff7) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
14:25:58.0004 4360 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
14:25:58.0004 4360 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
14:25:58.0059 4360 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:25:58.0072 4360 hpdskflt - ok
14:25:58.0103 4360 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:25:58.0155 4360 HpqKbFiltr - ok
14:25:58.0233 4360 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:25:58.0250 4360 hpqwmiex - ok
14:25:58.0309 4360 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:25:58.0325 4360 HpSAMD - ok
14:25:58.0369 4360 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:25:58.0384 4360 hpsrv - ok
14:25:58.0477 4360 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:25:58.0543 4360 HTTP - ok
14:25:58.0577 4360 hujfvq - ok
14:25:58.0621 4360 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:25:58.0635 4360 hwpolicy - ok
14:25:58.0699 4360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:25:58.0716 4360 i8042prt - ok
14:25:58.0790 4360 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:25:58.0814 4360 iaStorV - ok
14:25:58.0951 4360 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:25:58.0974 4360 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:25:58.0974 4360 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:25:59.0150 4360 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:25:59.0183 4360 idsvc - ok
14:25:59.0246 4360 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
14:25:59.0260 4360 IGDCTRL - ok
14:25:59.0392 4360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:25:59.0408 4360 iirsp - ok
14:25:59.0497 4360 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:25:59.0562 4360 IKEEXT - ok
14:25:59.0606 4360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:25:59.0621 4360 intelide - ok
14:25:59.0685 4360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:25:59.0719 4360 intelppm - ok
14:25:59.0766 4360 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:25:59.0832 4360 IPBusEnum - ok
14:25:59.0885 4360 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:25:59.0938 4360 IpFilterDriver - ok
14:26:00.0009 4360 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:26:00.0076 4360 iphlpsvc - ok
14:26:00.0123 4360 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:26:00.0154 4360 IPMIDRV - ok
14:26:00.0188 4360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:26:00.0249 4360 IPNAT - ok
14:26:00.0416 4360 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:26:00.0449 4360 iPod Service - ok
14:26:00.0475 4360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:26:00.0556 4360 IRENUM - ok
14:26:00.0605 4360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:26:00.0620 4360 isapnp - ok
14:26:00.0671 4360 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:26:00.0692 4360 iScsiPrt - ok
14:26:00.0732 4360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:00.0747 4360 kbdclass - ok
14:26:00.0772 4360 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:00.0804 4360 kbdhid - ok
14:26:00.0845 4360 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:00.0861 4360 KeyIso - ok
14:26:00.0903 4360 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:26:00.0919 4360 KSecDD - ok
14:26:00.0940 4360 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:26:00.0958 4360 KSecPkg - ok
14:26:01.0013 4360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:26:01.0067 4360 ksthunk - ok
14:26:01.0126 4360 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:26:01.0193 4360 KtmRm - ok
14:26:01.0268 4360 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:26:01.0337 4360 LanmanServer - ok
14:26:01.0384 4360 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:26:01.0428 4360 LanmanWorkstation - ok
14:26:01.0471 4360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:26:01.0531 4360 lltdio - ok
14:26:01.0584 4360 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:26:01.0646 4360 lltdsvc - ok
14:26:01.0664 4360 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:26:01.0706 4360 lmhosts - ok
14:26:01.0742 4360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:26:01.0759 4360 LSI_FC - ok
14:26:01.0813 4360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:26:01.0830 4360 LSI_SAS - ok
14:26:01.0855 4360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:26:01.0870 4360 LSI_SAS2 - ok
14:26:01.0881 4360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:26:01.0897 4360 LSI_SCSI - ok
14:26:01.0928 4360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:26:01.0993 4360 luafv - ok
14:26:02.0062 4360 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:26:02.0078 4360 MBAMProtector - ok
14:26:02.0213 4360 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:26:02.0241 4360 MBAMService - ok
14:26:02.0281 4360 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:26:02.0313 4360 Mcx2Svc - ok
14:26:02.0357 4360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:26:02.0372 4360 megasas - ok
14:26:02.0409 4360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:26:02.0430 4360 MegaSR - ok
14:26:02.0520 4360 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:26:02.0534 4360 Microsoft Office Groove Audit Service - ok
14:26:02.0600 4360 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:26:02.0664 4360 MMCSS - ok
14:26:02.0688 4360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:26:02.0742 4360 Modem - ok
14:26:02.0809 4360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:26:02.0846 4360 monitor - ok
14:26:02.0888 4360 motmodem (14eb6898923b5816e574f88835f4f454) C:\Windows\system32\DRIVERS\motmodem.sys
14:26:02.0939 4360 motmodem - ok
14:26:02.0995 4360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:26:03.0010 4360 mouclass - ok
14:26:03.0033 4360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:26:03.0055 4360 mouhid - ok
14:26:03.0105 4360 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:26:03.0121 4360 mountmgr - ok
14:26:03.0180 4360 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:26:03.0198 4360 mpio - ok
14:26:03.0241 4360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:26:03.0285 4360 mpsdrv - ok
14:26:03.0497 4360 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:26:03.0568 4360 MpsSvc - ok
14:26:03.0618 4360 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:26:03.0656 4360 MRxDAV - ok
14:26:03.0715 4360 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:03.0761 4360 mrxsmb - ok
14:26:03.0819 4360 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:03.0864 4360 mrxsmb10 - ok
14:26:03.0890 4360 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:03.0907 4360 mrxsmb20 - ok
14:26:03.0949 4360 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:26:03.0964 4360 msahci - ok
14:26:04.0011 4360 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:26:04.0029 4360 msdsm - ok
14:26:04.0084 4360 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:26:04.0105 4360 MSDTC - ok
14:26:04.0180 4360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:26:04.0222 4360 Msfs - ok
14:26:04.0236 4360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:26:04.0287 4360 mshidkmdf - ok
14:26:04.0336 4360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:26:04.0350 4360 msisadrv - ok
14:26:04.0420 4360 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:26:04.0481 4360 MSiSCSI - ok
14:26:04.0486 4360 msiserver - ok
14:26:04.0541 4360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:26:04.0585 4360 MSKSSRV - ok
14:26:04.0597 4360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:04.0652 4360 MSPCLOCK - ok
14:26:04.0667 4360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:26:04.0729 4360 MSPQM - ok
14:26:04.0787 4360 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:26:04.0810 4360 MsRPC - ok
14:26:04.0858 4360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:26:04.0873 4360 mssmbios - ok
14:26:04.0913 4360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:26:04.0969 4360 MSTEE - ok
14:26:04.0987 4360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:26:05.0018 4360 MTConfig - ok
14:26:05.0061 4360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:26:05.0077 4360 Mup - ok
14:26:05.0154 4360 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:26:05.0217 4360 napagent - ok
14:26:05.0301 4360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:26:05.0347 4360 NativeWifiP - ok
14:26:05.0448 4360 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:26:05.0484 4360 NDIS - ok
14:26:05.0549 4360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:26:05.0605 4360 NdisCap - ok
14:26:05.0640 4360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:05.0682 4360 NdisTapi - ok
14:26:05.0727 4360 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:05.0780 4360 Ndisuio - ok
14:26:05.0825 4360 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:05.0880 4360 NdisWan - ok
14:26:05.0928 4360 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:26:05.0969 4360 NDProxy - ok
14:26:06.0027 4360 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
14:26:06.0076 4360 Netaapl - ok
14:26:06.0137 4360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:26:06.0187 4360 NetBIOS - ok
14:26:06.0243 4360 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:26:06.0305 4360 NetBT - ok
14:26:06.0346 4360 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:06.0362 4360 Netlogon - ok
14:26:06.0437 4360 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:26:06.0498 4360 Netman - ok
14:26:06.0545 4360 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:26:06.0612 4360 netprofm - ok
14:26:06.0730 4360 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:26:06.0745 4360 NetTcpPortSharing - ok
14:26:06.0801 4360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:26:06.0817 4360 nfrd960 - ok
14:26:06.0890 4360 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:26:06.0949 4360 NlaSvc - ok
14:26:06.0994 4360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:26:07.0040 4360 Npfs - ok
14:26:07.0079 4360 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:26:07.0124 4360 nsi - ok
14:26:07.0197 4360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:26:07.0265 4360 nsiproxy - ok
14:26:07.0482 4360 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:26:07.0532 4360 Ntfs - ok
14:26:07.0690 4360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:26:07.0750 4360 Null - ok
14:26:07.0797 4360 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:26:07.0815 4360 nvraid - ok
14:26:07.0837 4360 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:26:07.0855 4360 nvstor - ok
14:26:07.0902 4360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:26:07.0919 4360 nv_agp - ok
14:26:08.0045 4360 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:26:08.0069 4360 odserv - ok
14:26:08.0114 4360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:26:08.0146 4360 ohci1394 - ok
14:26:08.0213 4360 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:26:08.0230 4360 ose - ok
14:26:08.0304 4360 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:26:08.0357 4360 p2pimsvc - ok
14:26:08.0392 4360 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:26:08.0430 4360 p2psvc - ok
14:26:08.0500 4360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:26:08.0518 4360 Parport - ok
14:26:08.0571 4360 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:26:08.0587 4360 partmgr - ok
14:26:08.0642 4360 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:26:08.0686 4360 PcaSvc - ok
14:26:08.0733 4360 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:26:08.0751 4360 pci - ok
14:26:08.0765 4360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:26:08.0780 4360 pciide - ok
14:26:08.0832 4360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:26:08.0852 4360 pcmcia - ok
14:26:08.0926 4360 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
14:26:08.0974 4360 pcouffin - ok
14:26:08.0987 4360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:26:09.0002 4360 pcw - ok
14:26:09.0051 4360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:26:09.0116 4360 PEAUTH - ok
14:26:09.0246 4360 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:26:09.0322 4360 PeerDistSvc - ok
14:26:09.0431 4360 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:26:09.0471 4360 PerfHost - ok
14:26:09.0662 4360 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:26:09.0747 4360 pla - ok
14:26:09.0817 4360 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:26:09.0882 4360 PlugPlay - ok
14:26:09.0924 4360 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:26:09.0941 4360 PNRPAutoReg - ok
14:26:09.0969 4360 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:26:09.0989 4360 PNRPsvc - ok
14:26:10.0079 4360 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
14:26:10.0093 4360 Point64 - ok
14:26:10.0161 4360 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:26:10.0226 4360 PolicyAgent - ok
14:26:10.0274 4360 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:26:10.0334 4360 Power - ok
14:26:10.0409 4360 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:26:10.0458 4360 PptpMiniport - ok
14:26:10.0504 4360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:26:10.0534 4360 Processor - ok
14:26:10.0615 4360 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:26:10.0672 4360 ProfSvc - ok
14:26:10.0801 4360 Prosieben (9cc2c93394241e602da63826413055ff) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
14:26:10.0817 4360 Prosieben - ok
14:26:10.0855 4360 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:10.0871 4360 ProtectedStorage - ok
14:26:10.0939 4360 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:26:10.0981 4360 Psched - ok
14:26:11.0031 4360 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
14:26:11.0068 4360 PxHlpa64 - ok
14:26:11.0184 4360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:26:11.0232 4360 ql2300 - ok
14:26:11.0472 4360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:26:11.0489 4360 ql40xx - ok
14:26:11.0550 4360 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:26:11.0576 4360 QWAVE - ok
14:26:11.0592 4360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:26:11.0630 4360 QWAVEdrv - ok
14:26:11.0659 4360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:26:11.0722 4360 RasAcd - ok
14:26:11.0789 4360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:26:11.0834 4360 RasAgileVpn - ok
14:26:11.0888 4360 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:26:11.0951 4360 RasAuto - ok
14:26:11.0993 4360 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:12.0057 4360 Rasl2tp - ok
14:26:12.0117 4360 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:26:12.0166 4360 RasMan - ok
14:26:12.0227 4360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:12.0290 4360 RasPppoe - ok
14:26:12.0310 4360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:26:12.0375 4360 RasSstp - ok
14:26:12.0431 4360 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:26:12.0490 4360 rdbss - ok
14:26:12.0525 4360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:26:12.0559 4360 rdpbus - ok
14:26:12.0584 4360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:12.0627 4360 RDPCDD - ok
14:26:12.0681 4360 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:26:12.0716 4360 RDPDR - ok
14:26:12.0748 4360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:26:12.0813 4360 RDPENCDD - ok
14:26:12.0834 4360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:26:12.0876 4360 RDPREFMP - ok
14:26:12.0928 4360 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:26:12.0984 4360 RDPWD - ok
14:26:13.0050 4360 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:26:13.0070 4360 rdyboost - ok
14:26:13.0124 4360 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:26:13.0196 4360 RemoteAccess - ok
14:26:13.0248 4360 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:26:13.0295 4360 RemoteRegistry - ok
14:26:13.0353 4360 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:13.0397 4360 RFCOMM - ok
14:26:13.0438 4360 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:26:13.0473 4360 RimUsb - ok
14:26:13.0494 4360 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:26:13.0519 4360 RimVSerPort - ok
14:26:13.0567 4360 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:26:13.0630 4360 ROOTMODEM - ok
14:26:13.0792 4360 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
14:26:13.0808 4360 Roxio UPnP Renderer 9 - ok
14:26:13.0853 4360 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
14:26:13.0875 4360 Roxio Upnp Server 9 - ok
14:26:13.0992 4360 RoxLiveShare9 (e06224cf971d33a680e852dfa212a8ab) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
14:26:14.0012 4360 RoxLiveShare9 - ok
14:26:14.0130 4360 RoxMediaDB9 (fb68fd9505ab89416d70a0e8a5c49e45) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:26:14.0168 4360 RoxMediaDB9 - ok
14:26:14.0220 4360 RoxWatch9 (d6bdb50d2a28ff70ce60b4d995f0143a) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:26:14.0238 4360 RoxWatch9 - ok
14:26:14.0390 4360 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:26:14.0443 4360 RpcEptMapper - ok
14:26:14.0493 4360 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:26:14.0526 4360 RpcLocator - ok
14:26:14.0592 4360 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
14:26:14.0641 4360 RpcSs - ok
14:26:14.0737 4360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:26:14.0781 4360 rspndr - ok
14:26:14.0827 4360 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:26:14.0866 4360 s3cap - ok
14:26:14.0910 4360 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:14.0927 4360 SamSs - ok
14:26:14.0948 4360 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:26:14.0965 4360 sbp2port - ok
14:26:15.0017 4360 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:26:15.0064 4360 SCardSvr - ok
14:26:15.0108 4360 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:26:15.0169 4360 scfilter - ok
14:26:15.0282 4360 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:26:15.0355 4360 Schedule - ok
14:26:15.0405 4360 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:26:15.0446 4360 SCPolicySvc - ok
14:26:15.0498 4360 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:26:15.0559 4360 SDRSVC - ok
14:26:15.0638 4360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:26:15.0689 4360 secdrv - ok
14:26:15.0741 4360 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:26:15.0799 4360 seclogon - ok
14:26:15.0841 4360 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:26:15.0886 4360 SENS - ok
14:26:15.0903 4360 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:26:15.0933 4360 SensrSvc - ok
14:26:15.0938 4360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:26:15.0972 4360 Serenum - ok
14:26:16.0009 4360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:26:16.0026 4360 Serial - ok
14:26:16.0063 4360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:26:16.0092 4360 sermouse - ok
14:26:16.0141 4360 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:26:16.0204 4360 SessionEnv - ok
14:26:16.0240 4360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:26:16.0284 4360 sffdisk - ok
14:26:16.0296 4360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:26:16.0329 4360 sffp_mmc - ok
14:26:16.0345 4360 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:26:16.0379 4360 sffp_sd - ok
14:26:16.0418 4360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:26:16.0433 4360 sfloppy - ok
14:26:16.0497 4360 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:26:16.0560 4360 SharedAccess - ok
14:26:16.0624 4360 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:26:16.0686 4360 ShellHWDetection - ok
14:26:16.0720 4360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:26:16.0735 4360 SiSRaid2 - ok
14:26:16.0785 4360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:26:16.0801 4360 SiSRaid4 - ok
14:26:16.0844 4360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:26:16.0888 4360 Smb - ok
14:26:16.0949 4360 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:26:16.0989 4360 SNMPTRAP - ok
14:26:17.0170 4360 SNP2UVC (84de101b4fa40cd28b84637924c060ce) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:26:17.0225 4360 SNP2UVC - ok
14:26:17.0373 4360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:26:17.0388 4360 spldr - ok
14:26:17.0465 4360 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:26:17.0517 4360 Spooler - ok
14:26:17.0755 4360 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:26:17.0898 4360 sppsvc - ok
14:26:18.0031 4360 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:26:18.0077 4360 sppuinotify - ok
14:26:18.0185 4360 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
14:26:18.0185 4360 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
14:26:18.0188 4360 sptd ( LockedFile.Multi.Generic ) - warning
14:26:18.0188 4360 sptd - detected LockedFile.Multi.Generic (1)
14:26:18.0282 4360 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:26:18.0300 4360 SQLWriter - ok
14:26:18.0371 4360 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:26:18.0428 4360 srv - ok
14:26:18.0471 4360 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:26:18.0493 4360 srv2 - ok
14:26:18.0514 4360 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:26:18.0546 4360 srvnet - ok
14:26:18.0623 4360 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:26:18.0671 4360 SSDPSRV - ok
14:26:18.0685 4360 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:26:18.0732 4360 SstpSvc - ok
14:26:18.0779 4360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:26:18.0794 4360 stexstor - ok
14:26:18.0836 4360 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:26:18.0872 4360 StillCam - ok
14:26:18.0978 4360 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:26:19.0025 4360 stisvc - ok
14:26:19.0080 4360 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:26:19.0095 4360 storflt - ok
14:26:19.0133 4360 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:26:19.0179 4360 StorSvc - ok
14:26:19.0194 4360 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:26:19.0209 4360 storvsc - ok
14:26:19.0260 4360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:26:19.0274 4360 swenum - ok
14:26:19.0354 4360 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:26:19.0423 4360 swprv - ok
14:26:19.0569 4360 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
14:26:19.0613 4360 SynTP - ok
14:26:19.0845 4360 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:26:19.0924 4360 SysMain - ok
14:26:20.0054 4360 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:26:20.0098 4360 TabletInputService - ok
14:26:20.0150 4360 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:26:20.0221 4360 TapiSrv - ok
14:26:20.0269 4360 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:26:20.0314 4360 TBS - ok
14:26:20.0507 4360 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:26:20.0578 4360 Tcpip - ok
14:26:20.0859 4360 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:26:20.0907 4360 TCPIP6 - ok
14:26:21.0064 4360 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:26:21.0112 4360 tcpipreg - ok
14:26:21.0167 4360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:26:21.0216 4360 TDPIPE - ok
14:26:21.0267 4360 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:26:21.0293 4360 TDTCP - ok
14:26:21.0367 4360 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:26:21.0410 4360 tdx - ok
14:26:21.0704 4360 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:26:21.0791 4360 TeamViewer7 - ok
14:26:21.0943 4360 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:26:21.0958 4360 TermDD - ok
14:26:22.0035 4360 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:26:22.0095 4360 TermService - ok
14:26:22.0149 4360 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:26:22.0195 4360 Themes - ok
14:26:22.0242 4360 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:26:22.0285 4360 THREADORDER - ok
14:26:22.0351 4360 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
14:26:22.0376 4360 TPM - ok
14:26:22.0450 4360 TridVid (d6306d2446aaac7e6583911a9fcaa6bc) C:\Windows\system32\DRIVERS\tridvid6010.sys
14:26:22.0487 4360 TridVid - ok
14:26:22.0557 4360 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:26:22.0625 4360 TrkWks - ok
14:26:22.0697 4360 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:26:22.0757 4360 TrustedInstaller - ok
14:26:22.0802 4360 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:22.0860 4360 tssecsrv - ok
14:26:22.0946 4360 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:26:22.0978 4360 TsUsbFlt - ok
14:26:23.0057 4360 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:26:23.0100 4360 tunnel - ok
14:26:23.0150 4360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:26:23.0165 4360 uagp35 - ok
14:26:23.0229 4360 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:26:23.0289 4360 udfs - ok
14:26:23.0385 4360 UDXTTM6000 (74606e42408924453d86418b1a6aaee7) C:\Windows\system32\Drivers\UDXTTM6000.sys
14:26:23.0417 4360 UDXTTM6000 - ok
14:26:23.0439 4360 UDXTTM6000HID (a8f57fefb2060d99f78c26f75023f4af) C:\Windows\system32\drivers\UDXTTM6000HID.sys
14:26:23.0460 4360 UDXTTM6000HID - ok
14:26:23.0515 4360 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:26:23.0534 4360 UI0Detect - ok
14:26:23.0575 4360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:26:23.0591 4360 uliagpkx - ok
14:26:23.0649 4360 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:26:23.0680 4360 umbus - ok
14:26:23.0737 4360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:26:23.0766 4360 UmPass - ok
14:26:23.0814 4360 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:26:23.0836 4360 UmRdpService - ok
14:26:23.0896 4360 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:26:23.0955 4360 upnphost - ok
14:26:24.0019 4360 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:26:24.0044 4360 USBAAPL64 - ok
14:26:24.0119 4360 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:26:24.0153 4360 usbaudio - ok
14:26:24.0205 4360 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:24.0255 4360 usbccgp - ok
14:26:24.0274 4360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:26:24.0294 4360 usbcir - ok
14:26:24.0315 4360 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:26:24.0360 4360 usbehci - ok
14:26:24.0412 4360 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:26:24.0453 4360 usbhub - ok
14:26:24.0476 4360 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:26:24.0501 4360 usbohci - ok
14:26:24.0555 4360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:26:24.0588 4360 usbprint - ok
14:26:24.0633 4360 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:24.0683 4360 USBSTOR - ok
14:26:24.0702 4360 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:26:24.0732 4360 usbuhci - ok
14:26:24.0810 4360 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:26:24.0832 4360 usbvideo - ok
14:26:25.0128 4360 uvnc_service (50676f61c6a44a3b25fb29a18a7cba95) C:\Program Files (x86)\UltraVNC\WinVNC.exe
14:26:25.0176 4360 uvnc_service - ok
14:26:25.0311 4360 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:26:25.0363 4360 UxSms - ok
14:26:25.0409 4360 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:25.0425 4360 VaultSvc - ok
14:26:25.0497 4360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:26:25.0512 4360 vdrvroot - ok
14:26:25.0588 4360 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:26:25.0647 4360 vds - ok
14:26:25.0691 4360 vflt (70eb327d68d7cec357b734b0be5b4a21) C:\Windows\system32\DRIVERS\vfilter.sys
14:26:25.0730 4360 vflt ( UnsignedFile.Multi.Generic ) - warning
14:26:25.0730 4360 vflt - detected UnsignedFile.Multi.Generic (1)
14:26:25.0799 4360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:25.0818 4360 vga - ok
14:26:25.0834 4360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:26:25.0889 4360 VgaSave - ok
14:26:25.0949 4360 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:26:25.0968 4360 vhdmp - ok
14:26:26.0014 4360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:26:26.0028 4360 viaide - ok
14:26:26.0082 4360 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:26:26.0101 4360 vmbus - ok
14:26:26.0118 4360 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:26:26.0150 4360 VMBusHID - ok
14:26:26.0177 4360 vnet (71bf90872b6a7b34a26f4794dda7aec3) C:\Windows\system32\DRIVERS\virtualnet.sys
14:26:26.0203 4360 vnet ( UnsignedFile.Multi.Generic ) - warning
14:26:26.0203 4360 vnet - detected UnsignedFile.Multi.Generic (1)
14:26:26.0305 4360 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:26:26.0372 4360 volmgr - ok
14:26:26.0578 4360 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:26:26.0601 4360 volmgrx - ok
14:26:26.0678 4360 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:26:26.0699 4360 volsnap - ok
14:26:26.0762 4360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:26:26.0780 4360 vsmraid - ok
14:26:26.0908 4360 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:26:26.0995 4360 VSS - ok
14:26:27.0149 4360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:26:27.0188 4360 vwifibus - ok
14:26:27.0228 4360 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:26:27.0260 4360 vwififlt - ok
14:26:27.0316 4360 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:26:27.0357 4360 vwifimp - ok
14:26:27.0436 4360 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:26:27.0487 4360 W32Time - ok
14:26:27.0503 4360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:26:27.0537 4360 WacomPen - ok
14:26:27.0614 4360 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:27.0678 4360 WANARP - ok
14:26:27.0682 4360 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:27.0723 4360 Wanarpv6 - ok
14:26:27.0855 4360 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:26:27.0921 4360 wbengine - ok
14:26:28.0068 4360 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:26:28.0095 4360 WbioSrvc - ok
14:26:28.0160 4360 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:26:28.0205 4360 wcncsvc - ok
14:26:28.0225 4360 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:26:28.0268 4360 WcsPlugInService - ok
14:26:28.0349 4360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:26:28.0363 4360 Wd - ok
14:26:28.0410 4360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:26:28.0438 4360 Wdf01000 - ok
14:26:28.0462 4360 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:26:28.0542 4360 WdiServiceHost - ok
14:26:28.0545 4360 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:26:28.0569 4360 WdiSystemHost - ok
14:26:28.0627 4360 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:26:28.0672 4360 WebClient - ok
14:26:28.0720 4360 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:26:28.0770 4360 Wecsvc - ok
14:26:28.0791 4360 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:26:28.0859 4360 wercplsupport - ok
14:26:28.0896 4360 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:26:28.0962 4360 WerSvc - ok
14:26:29.0042 4360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:26:29.0102 4360 WfpLwf - ok
14:26:29.0172 4360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:26:29.0188 4360 WIMMount - ok
14:26:29.0345 4360 WinDefend - ok
14:26:29.0349 4360 WinHttpAutoProxySvc - ok
14:26:29.0437 4360 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:26:29.0496 4360 Winmgmt - ok
14:26:29.0664 4360 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:26:29.0759 4360 WinRM - ok
14:26:29.0968 4360 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:26:29.0988 4360 WinUsb - ok
14:26:30.0090 4360 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:26:30.0129 4360 Wlansvc - ok
14:26:30.0183 4360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:26:30.0216 4360 WmiAcpi - ok
14:26:30.0316 4360 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:26:30.0354 4360 wmiApSrv - ok
14:26:30.0430 4360 WMPNetworkSvc - ok
14:26:30.0507 4360 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:26:30.0528 4360 WPCSvc - ok
14:26:30.0578 4360 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:26:30.0624 4360 WPDBusEnum - ok
14:26:30.0676 4360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:26:30.0719 4360 ws2ifsl - ok
14:26:30.0746 4360 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:26:30.0787 4360 wscsvc - ok
14:26:30.0791 4360 WSearch - ok
14:26:30.0968 4360 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:26:31.0038 4360 wuauserv - ok
14:26:31.0200 4360 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:26:31.0248 4360 WudfPf - ok
14:26:31.0300 4360 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:31.0359 4360 WUDFRd - ok
14:26:31.0409 4360 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:26:31.0455 4360 wudfsvc - ok
14:26:31.0514 4360 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:26:31.0561 4360 WwanSvc - ok
14:26:31.0635 4360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:26:31.0945 4360 \Device\Harddisk0\DR0 - ok
14:26:31.0969 4360 Boot (0x1200) (7716213b0d5a56fb4be1d822a3ca4a43) \Device\Harddisk0\DR0\Partition0
14:26:31.0970 4360 \Device\Harddisk0\DR0\Partition0 - ok
14:26:31.0971 4360 ============================================================
14:26:31.0971 4360 Scan finished
14:26:31.0971 4360 ============================================================
14:26:31.0977 4696 Detected object count: 6
14:26:31.0977 4696 Actual detected object count: 6
14:28:11.0240 4696 EskerLicenseControl ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:11.0240 4696 EskerLicenseControl ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:11.0241 4696 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:11.0241 4696 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:11.0241 4696 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:11.0241 4696 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:11.0242 4696 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:28:11.0242 4696 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:28:11.0242 4696 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:11.0242 4696 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:28:11.0242 4696 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
14:28:11.0242 4696 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.08.2012, 15:30
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
09.08.2012, 09:26
| #19 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden So, hier der CF Log. Musste die Datei als Zip hochladen, da der Text als Code zu lange war. Ich bin jetzt dann bis Montag nicht da. Den nächsten Schritt kann ich also erst am Montag Vormittag machen. Nochmal vielen Dank für deine Hilfe! Chris |
|
10.08.2012, 10:44
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 08:40
| #21 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Hey, so...hier schon mal der GMER Log. Rest folgt! Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 09:39:47
Windows 6.1.7601 Service Pack 1
Running: m0ko7ygo.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e7b2b61
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x2D 0x43 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x97 0x0A 0x95 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xEF 0xFF 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e7b2b61 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x2D 0x43 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x97 0x0A 0x95 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xEF 0xFF 0x80 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:49:26 on 14.08.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bioscrypt Inc." - C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job" - "Google Inc." - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job" - "Google Inc." - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "HP 3D DriveGuard" - ? - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\MLCFG32.CPL "QlbConfig" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "hujfvq" (hujfvq) - ? - C:\Windows\System32\drivers\hfccup.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHlpa64" (PxHlpa64) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHlpa64.sys "Shrew Soft Lightweight Filter" (vflt) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\vfilter.sys "Shrew Soft Virtual Adapter" (vnet) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\virtualnet.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\OLKFSTUB.DLL {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files (x86)\Brice Lambson\PhotoToysClone\PhotoToysClone.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_270.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Exec" - ? - C:\Windows\bdoscandel.exe (File found, but it contains no detailed information) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Christian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "RoxWatchTray" - "Sonic Solutions" - "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJL64.DLL "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "ActivIdentity Shared Store Service" (ac.sharedstore) - "ActivIdentity" - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Esker License Control" (EskerLicenseControl) - "Esker S.A." - C:\Program Files (x86)\Esker\Common\eslcbcst.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LiveShare P2P Server 9" (RoxLiveShare9) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe "LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe "Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "Lokaler Verbindungskanal" (ASChannel) - "Bioscrypt Inc." - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe "Roxio Upnp Server 9" (Roxio Upnp Server 9) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe "uvnc_service" (uvnc_service) - "UltraVNC" - C:\Program Files (x86)\UltraVNC\WinVNC.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItVCard.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 09:53:02
-----------------------------
09:53:02.377 OS Version: Windows x64 6.1.7601 Service Pack 1
09:53:02.377 Number of processors: 2 586 0x301
09:53:02.378 ComputerName: R187129 UserName:
09:53:03.350 Initialize success
09:54:44.489 AVAST engine defs: 12081400
09:56:23.475 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:56:23.480 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 11
09:56:23.489 Disk 0 MBR read successfully
09:56:23.492 Disk 0 MBR scan
09:56:23.500 Disk 0 Windows 7 default MBR code
09:56:23.504 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
09:56:23.534 Disk 0 scanning C:\Windows\system32\drivers
09:56:39.438 Service scanning
09:57:13.303 Modules scanning
09:57:13.314 Disk 0 trace - called modules:
09:57:13.357 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys >>UNKNOWN [0xfffffa8003cab2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:57:13.362 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ee3790]
09:57:13.371 3 CLASSPNP.SYS[fffff88001b7143f] -> nt!IofCallDriver -> [0xfffffa8004ee3040]
09:57:13.382 5 hpdskflt.sys[fffff88001b18189] -> nt!IofCallDriver -> [0xfffffa8004bb8520]
09:57:13.406 7 ACPI.sys[fffff880010e97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bab680]
09:57:13.414 \Driver\atapi[0xfffffa8004b0b6d0] -> IRP_MJ_CREATE -> 0xfffffa8003cab2c0
09:57:15.398 AVAST engine scan C:\Windows
09:57:20.053 AVAST engine scan C:\Windows\system32
10:01:29.779 AVAST engine scan C:\Windows\system32\drivers
10:01:51.397 AVAST engine scan C:\Users\Christian_2
10:01:59.896 AVAST engine scan C:\ProgramData
10:03:56.710 Scan finished successfully
10:07:09.985 Disk 0 MBR has been saved successfully to "C:\Users\Christian_2\Desktop\MBR.dat"
10:07:09.994 The log file has been saved successfully to "C:\Users\Christian_2\Desktop\aswMBR.txt"
10:07:28.964 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
10:07:28.971 The log file has been saved successfully to "C:\aswMBR.txt"
|
|
14.08.2012, 15:48
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefundenCode:
ATTFilter C:\Windows\SysWow64\drivers\hfccup.sys
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 16:15
| #23 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden https://www.virustotal.com/file/03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae/analysis/1344957143/ |
|
14.08.2012, 17:01
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefundenCode:
ATTFilter "hujfvq" (hujfvq) - ? - C:\Windows\System32\drivers\hfccup.sys (File not found)
Mach dann bitte ein neues Log auch mit OSAM
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 09:07
| #25 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Das funktioniert bei mir leider nicht. Wenn ich nach Anleitung vorgehe und unter Settings/Scanner auf: Disable objekts using driver klicke, kommt folgende Fehlermeldung: "Sorry, but disabling objekts using driver is not supported on 64-bit operating systems" Gibt es hier ein Version für ein 64-bit System? |
|
16.08.2012, 10:59
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Ach ich seh schon, so ganz haut das mit OSAM bei 64bit noch nicht richtig hin  Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
hujfvq
File::
c:\windows\system32\drivers\hfccup.sys
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 12:20
| #27 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Hab combofix ausgeführt. Nach dem Neustart öffnet und schließt sich das combifix DOS fenster ununterbrochen Super schnell. Ich kann meinen pc zwar Bedienen, aber nur mit Einschränkungen  was nun? Hab es schon mit einem manuellen Neustart versucht. Hat nichts gebracht!Wo finde ich das Log das ich Posten soll? |
|
16.08.2012, 13:50
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Ist das bei jedem Neustart der Fall? Auch im abgesicherten Modus?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 14:18
| #29 |
| | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Im abgesicherten Modus ist es nicht. Den normalen Modus habe ich jetzt mit administrator rechten gestartet. Das war wohl der Fehler. Jetzt heißt es: "bereite logdatei" vor... So...alles wieder gut, auch im normalen Modus. hier der Combofix Log: Code:
ATTFilter ComboFix 12-08-16.01 - Christian_2 16.08.2012 12:37:23.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3837.2356 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Christian\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\hfccup.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christian_2\AppData\Local\TempDIR
c:\users\Christian_2\AppData\Local\TempDIR\ApnIC.dll
c:\users\Christian_2\AppData\Local\TempDIR\ApnStub.exe
c:\users\Christian_2\AppData\Local\TempDIR\ApnToolbarInstaller.exe
c:\users\Christian_2\AppData\Local\TempDIR\AskToolbar.bmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hujfvq
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-16 bis 2012-08-16 ))))))))))))))))))))))))))))))
.
.
2012-08-16 11:08 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-16 10:47 . 2012-08-16 10:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-16 10:47 . 2012-08-16 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 09:42 . 2012-08-16 10:58 -------- d-----w- c:\users\Christian\AppData\Local\BC356190-93EA-4AAA-92B1-A5EAEEA87E89.aplzod
2012-08-15 20:14 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 20:14 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 20:14 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 20:14 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 20:14 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 20:14 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 20:13 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 20:13 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 20:13 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 20:13 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 20:13 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 20:13 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 06:32 . 2012-06-29 10:04 9133488 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9549F625-AEBE-48B8-893F-49599AB69506}\mpengine.dll ERROR(0x00000005)
2012-07-31 09:39 . 2012-07-31 09:39 -------- d-----w- c:\program files (x86)\ESET
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 09:14 . 2012-07-27 09:15 -------- d-----w- c:\users\Christian_2
2012-07-27 06:33 . 2012-07-27 06:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-27 06:32 . 2012-07-27 06:32 -------- d-----w- c:\program files (x86)\Oracle
2012-07-27 06:32 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 11:00 . 2009-11-24 16:49 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-16 06:51 . 2012-04-13 16:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 06:51 . 2011-03-17 07:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-05-17 06:54 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2010-08-18 09:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 10:04 . 2009-11-27 12:43 9133488 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-06-09 05:43 . 2012-07-11 12:27 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 12:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 12:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 12:27 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 12:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 12:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 12:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-30 12:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 12:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 12:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 12:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 12:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-30 12:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 12:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-30 12:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 12:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 12:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 12:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 12:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 12:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 12:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 12:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 12:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 12:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 12:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2009-11-24 14:11 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-09_07.53.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 20:13 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
- 2012-07-11 17:28 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-16 11:06 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-16 11:06 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 17:28 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 17:28 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-16 11:06 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-08-03 11:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 06:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 06:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 11:53 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 11:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 06:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-24 14:40 . 2012-08-16 13:18 63132 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 13:18 59074 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-09 07:09 59074 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-24 14:16 . 2012-08-16 11:17 23898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1284297116-794809632-3988175124-1000_UserData.bin
- 2012-07-11 17:28 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-16 11:06 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-16 11:06 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 17:28 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-16 11:06 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2012-07-11 17:28 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2012-08-16 11:12 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-04 17:13 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 05:26 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
- 2009-11-24 13:49 . 2012-08-07 11:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 13:49 . 2012-08-16 06:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 13:33 . 2012-08-16 06:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-11 13:33 . 2012-08-07 11:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 06:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 11:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-02 16:40 . 2012-08-16 11:09 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-16 13:15 . 2012-08-16 13:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 07:07 . 2012-08-09 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 13:15 . 2012-08-16 13:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 07:07 . 2012-08-09 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 11:06 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
- 2012-07-11 17:28 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-16 06:51 . 2012-08-16 06:51 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-15 20:53 . 2012-08-15 20:53 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 20:53 . 2012-08-15 20:53 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-04-13 16:40 . 2012-08-03 11:53 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-13 16:40 . 2012-08-16 06:51 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-16 11:06 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-08-16 11:06 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 17:28 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 17:28 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-16 11:06 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
+ 2009-12-11 10:44 . 2012-08-16 06:50 463798 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2012-07-11 17:28 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-08-16 11:06 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-08-09 07:14 619146 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 11:21 619146 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-09 07:14 107466 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-16 11:21 107466 c:\windows\system32\perfc009.dat
+ 2012-08-16 06:50 . 2012-08-16 06:50 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-15 20:53 . 2012-08-15 20:53 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 20:53 . 2012-08-15 20:53 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-16 11:06 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
+ 2012-08-16 11:06 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-07-11 17:28 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-16 11:06 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2012-07-11 17:28 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-08-16 11:14 624320 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-12 06:29 624320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-08-16 11:12 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-04 17:13 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-16 11:12 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-04 17:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-06-21 07:11 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-16 11:08 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
- 2009-07-14 05:31 . 2011-07-13 17:07 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2012-08-16 11:12 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 04:46 . 2012-08-16 11:18 108000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-08-16 13:05 521288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-02-23 20:22 . 2012-08-16 13:05 521288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1284297116-794809632-3988175124-1000-8192.dat
+ 2012-07-18 13:46 . 2012-07-18 13:46 593408 c:\windows\Installer\3f833.msp
+ 2010-05-02 16:40 . 2012-08-16 11:09 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\adobearmhelper.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-23 08:54 . 2011-06-23 08:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\MSCONV97.DLL
- 2012-07-11 17:28 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-16 11:06 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-11 17:28 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-16 11:06 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-16 06:51 . 2012-08-16 06:51 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-16 06:51 . 2012-08-16 06:51 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
+ 2012-08-16 11:06 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
- 2012-07-11 17:28 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-16 11:06 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-16 11:06 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 17:28 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 17:28 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-08-16 11:06 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
+ 2012-08-16 11:06 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
- 2012-07-11 17:28 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-16 11:06 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
- 2012-07-11 17:28 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-16 11:06 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-08-16 11:17 7439360 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-12 06:32 7439360 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-26 16:03 . 2012-06-26 16:03 3875840 c:\windows\Installer\3f851.msp
+ 2012-07-18 13:53 . 2012-07-18 13:53 5009920 c:\windows\Installer\3f807.msp
+ 2010-05-02 16:40 . 2012-08-16 11:09 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-02 16:40 . 2012-07-11 17:36 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-05-02 16:40 . 2012-08-16 11:09 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\AGM.dll
+ 2012-08-16 11:06 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-08-16 11:12 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-12 06:27 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-16 11:06 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-16 06:50 . 2012-08-16 06:50 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
+ 2012-08-16 11:06 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2012-07-25 14:59 . 2012-07-25 14:59 11032064 c:\windows\Installer\3f849.msp
+ 2012-07-18 13:53 . 2012-07-18 13:53 10937344 c:\windows\Installer\3f81d.msp
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\3f7f2.msp
+ 2011-08-03 18:53 . 2011-08-03 18:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\MSO.DLL
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-01 623960]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 549888]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-06 82816]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2010-07-13 404352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys [2007-02-27 365824]
R3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys [2007-02-27 17920]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-07-29 1841912]
R4 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe [2009-05-01 77032]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 503352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2009-12-06 1590216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 06:51]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 15:05]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 15:05]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 12:02]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 12:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}]
2009-07-28 02:06 568592 ----a-w- c:\program files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
"UFBX6Y5AHC6I2K63MVSK2YA1ZE1"=hex:01,00,01,00,00,00,00,00,bc,09,02,36,3f,bc,b3,
f9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F16633BB-6FFB-FEEF-6851EE4CF61ADAA7}\{8DE0EF13-9AB8-84BF-28848AB6F741F092}\{2912CDF2-3190-D0FE-95FF87CEE55A8F74}*]
"UFBX6Y5AHC6I2K63MVSK2YA1ZE1"=hex:01,00,01,00,00,00,00,00,bc,09,02,36,3f,bc,b3,
f9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Esker\Common\eslcbcst.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-16 15:25:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-16 13:25
ComboFix2.txt 2012-08-09 07:57
ComboFix3.txt 2011-02-11 21:10
ComboFix4.txt 2011-02-11 15:55
.
Vor Suchlauf: 27 Verzeichnis(se), 90.463.801.344 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 90.114.781.184 Bytes frei
.
- - End Of File - - FCDBA3C7EB39563B95F2834D94ED182B
|
|
17.08.2012, 17:21
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2011-3544.BU von Avira gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Exploits EXP/CVE-2011-3544.BU von Avira gefunden |
| avira, chris, datei, exploits, folge, folgende, folgendes, gefunde, helfer, liebe, quarantäne, schädlinge |
Linear-Darstellung
