| |
| |||||||
Log-Analyse und Auswertung: Computer infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.08.2012, 15:56
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Computer infiziert? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
[2009.07.09 23:03:14 | 000,003,171 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\728kti6y.default\searchplugins\kinoto.xml
O3 - HKU\S-1-5-21-3599808311-370780997-3961054963-1001\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3599808311-370780997-3961054963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a7ae16c-7a69-11e0-bc61-c47791845070}\Shell - "" = AutoRun
O33 - MountPoints2\{5a7ae16c-7a69-11e0-bc61-c47791845070}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5a7ae19a-7a69-11e0-bc61-c47791845070}\Shell - "" = AutoRun
O33 - MountPoints2\{5a7ae19a-7a69-11e0-bc61-c47791845070}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a948b334-9ee2-11de-8dc9-0021868a71de}\Shell - "" = AutoRun
O33 - MountPoints2\{a948b334-9ee2-11de-8dc9-0021868a71de}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\Shell - "" = AutoRun
O33 - MountPoints2\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\Shell - "" = AutoRun
O33 - MountPoints2\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\Shell\AutoRun\command - "" = H:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.08.2012, 17:31
| #17 |
 | Computer infiziert?Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\728kti6y.default\searchplugins\kinoto.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-3599808311-370780997-3961054963-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3599808311-370780997-3961054963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a7ae16c-7a69-11e0-bc61-c47791845070}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a7ae16c-7a69-11e0-bc61-c47791845070}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a7ae16c-7a69-11e0-bc61-c47791845070}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a7ae16c-7a69-11e0-bc61-c47791845070}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a7ae19a-7a69-11e0-bc61-c47791845070}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a7ae19a-7a69-11e0-bc61-c47791845070}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a7ae19a-7a69-11e0-bc61-c47791845070}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a7ae19a-7a69-11e0-bc61-c47791845070}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a948b334-9ee2-11de-8dc9-0021868a71de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a948b334-9ee2-11de-8dc9-0021868a71de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a948b334-9ee2-11de-8dc9-0021868a71de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a948b334-9ee2-11de-8dc9-0021868a71de}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fca9-66a4-11e0-97f2-001eeca609e2}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fcaf-66a4-11e0-97f2-001eeca609e2}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea26fcc4-66a4-11e0-97f2-001e101f8924}\ not found.
File H:\AutoRun.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: *****
->Temp folder emptied: 3737440 bytes
->Temporary Internet Files folder emptied: 216746 bytes
->Java cache emptied: 109448580 bytes
->FireFox cache emptied: 140126233 bytes
->Flash cache emptied: 1109 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3825536 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3641856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 249,00 mb
[EMPTYFLASH]
User: All Users
User: *****
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.56.0 log created on 08052012_182245
Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
05.08.2012, 17:52
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
06.08.2012, 21:25
| #19 |
| | Computer infiziert?Code:
ATTFilter 22:14:56.0039 2420 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:14:56.0304 2420 ============================================================
22:14:56.0304 2420 Current date / time: 2012/08/06 22:14:56.0304
22:14:56.0304 2420 SystemInfo:
22:14:56.0304 2420
22:14:56.0304 2420 OS Version: 6.1.7601 ServicePack: 1.0
22:14:56.0304 2420 Product type: Workstation
22:14:56.0304 2420 ComputerName: T-2000
22:14:56.0304 2420 UserName: *****
22:14:56.0304 2420 Windows directory: C:\Windows
22:14:56.0304 2420 System windows directory: C:\Windows
22:14:56.0304 2420 Running under WOW64
22:14:56.0304 2420 Processor architecture: Intel x64
22:14:56.0304 2420 Number of processors: 2
22:14:56.0304 2420 Page size: 0x1000
22:14:56.0304 2420 Boot type: Normal boot
22:14:56.0304 2420 ============================================================
22:15:00.0111 2420 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:15:00.0438 2420 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:00.0516 2420 ============================================================
22:15:00.0516 2420 \Device\Harddisk0\DR0:
22:15:00.0516 2420 MBR partitions:
22:15:00.0516 2420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BFB67C1
22:15:00.0516 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BFB6800, BlocksNum 0x120D800
22:15:00.0516 2420 \Device\Harddisk1\DR1:
22:15:00.0516 2420 MBR partitions:
22:15:00.0516 2420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:15:00.0516 2420 ============================================================
22:15:00.0563 2420 C: <-> \Device\Harddisk0\DR0\Partition0
22:15:00.0610 2420 E: <-> \Device\Harddisk0\DR0\Partition1
22:15:00.0610 2420 D: <-> \Device\Harddisk1\DR1\Partition0
22:15:00.0610 2420 ============================================================
22:15:00.0610 2420 Initialize success
22:15:00.0610 2420 ============================================================
22:15:50.0639 2560 ============================================================
22:15:50.0639 2560 Scan started
22:15:50.0639 2560 Mode: Manual; SigCheck; TDLFS;
22:15:50.0639 2560 ============================================================
22:15:51.0404 2560 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:15:51.0684 2560 1394ohci - ok
22:15:51.0778 2560 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:15:51.0840 2560 ACPI - ok
22:15:51.0934 2560 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:15:52.0106 2560 AcpiPmi - ok
22:15:52.0168 2560 acsock (e5568164c070a4988bd79c896920b3c6) C:\Windows\system32\DRIVERS\acsock64.sys
22:15:52.0652 2560 acsock - ok
22:15:52.0745 2560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:15:52.0823 2560 adp94xx - ok
22:15:52.0917 2560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:15:52.0979 2560 adpahci - ok
22:15:53.0026 2560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:15:53.0073 2560 adpu320 - ok
22:15:53.0104 2560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:15:53.0291 2560 AeLookupSvc - ok
22:15:53.0494 2560 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
22:15:53.0603 2560 AESTFilters - ok
22:15:53.0728 2560 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:15:53.0853 2560 AFD - ok
22:15:53.0946 2560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:15:54.0009 2560 agp440 - ok
22:15:54.0040 2560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:15:54.0212 2560 ALG - ok
22:15:54.0243 2560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:15:54.0290 2560 aliide - ok
22:15:54.0305 2560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:15:54.0352 2560 amdide - ok
22:15:54.0399 2560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:15:54.0539 2560 AmdK8 - ok
22:15:54.0570 2560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:15:54.0633 2560 AmdPPM - ok
22:15:54.0695 2560 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:15:54.0742 2560 amdsata - ok
22:15:54.0773 2560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:15:54.0820 2560 amdsbs - ok
22:15:54.0836 2560 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:15:54.0867 2560 amdxata - ok
22:15:54.0960 2560 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:15:55.0210 2560 AppID - ok
22:15:55.0241 2560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:15:55.0319 2560 AppIDSvc - ok
22:15:55.0366 2560 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:15:55.0460 2560 Appinfo - ok
22:15:55.0584 2560 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
22:15:55.0725 2560 Apple Mobile Device - ok
22:15:55.0803 2560 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:15:55.0912 2560 AppMgmt - ok
22:15:55.0943 2560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:15:56.0006 2560 arc - ok
22:15:56.0006 2560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:15:56.0052 2560 arcsas - ok
22:15:56.0208 2560 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:56.0302 2560 aspnet_state - ok
22:15:56.0349 2560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:15:56.0427 2560 AsyncMac - ok
22:15:56.0489 2560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:15:56.0536 2560 atapi - ok
22:15:56.0630 2560 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:15:56.0708 2560 atksgt - ok
22:15:56.0832 2560 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:15:56.0973 2560 AudioEndpointBuilder - ok
22:15:56.0988 2560 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:15:57.0051 2560 AudioSrv - ok
22:15:57.0144 2560 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:15:57.0300 2560 AxInstSV - ok
22:15:57.0394 2560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:15:57.0472 2560 b06bdrv - ok
22:15:57.0534 2560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:15:57.0612 2560 b57nd60a - ok
22:15:57.0659 2560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:15:57.0722 2560 BDESVC - ok
22:15:57.0753 2560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:15:57.0831 2560 Beep - ok
22:15:57.0987 2560 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:15:58.0080 2560 BFE - ok
22:15:58.0205 2560 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:15:58.0377 2560 BITS - ok
22:15:58.0424 2560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:15:58.0470 2560 blbdrive - ok
22:15:58.0595 2560 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:15:58.0798 2560 Bonjour Service - ok
22:15:58.0892 2560 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:15:59.0016 2560 bowser - ok
22:15:59.0032 2560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:15:59.0141 2560 BrFiltLo - ok
22:15:59.0157 2560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:15:59.0204 2560 BrFiltUp - ok
22:15:59.0250 2560 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:15:59.0391 2560 Browser - ok
22:15:59.0469 2560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:15:59.0578 2560 Brserid - ok
22:15:59.0594 2560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:15:59.0640 2560 BrSerWdm - ok
22:15:59.0640 2560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:15:59.0703 2560 BrUsbMdm - ok
22:15:59.0718 2560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:15:59.0765 2560 BrUsbSer - ok
22:15:59.0828 2560 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:15:59.0937 2560 BthEnum - ok
22:15:59.0968 2560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:00.0015 2560 BTHMODEM - ok
22:16:00.0046 2560 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:16:00.0108 2560 BthPan - ok
22:16:00.0171 2560 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:16:00.0280 2560 BTHPORT - ok
22:16:00.0327 2560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:16:00.0436 2560 bthserv - ok
22:16:00.0498 2560 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:16:00.0530 2560 BTHUSB - ok
22:16:00.0576 2560 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
22:16:00.0608 2560 btwaudio - ok
22:16:00.0654 2560 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\DRIVERS\btwavdt.sys
22:16:00.0701 2560 btwavdt - ok
22:16:00.0842 2560 btwdins (d724316f5aa1ab1870e57f0bfc017f64) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:16:00.0951 2560 btwdins - ok
22:16:00.0982 2560 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
22:16:01.0013 2560 btwrchid - ok
22:16:01.0044 2560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:01.0107 2560 cdfs - ok
22:16:01.0185 2560 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:01.0263 2560 cdrom - ok
22:16:01.0341 2560 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:16:01.0419 2560 CertPropSvc - ok
22:16:01.0450 2560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:16:01.0481 2560 circlass - ok
22:16:01.0528 2560 CLBStor (fe9e7b984796a2d2198abb04910d16ad) C:\Windows\system32\DRIVERS\CLBStor.sys
22:16:01.0575 2560 CLBStor - ok
22:16:01.0622 2560 CLBUDF (f9693138bacdfa4513a7f464bd6663fd) C:\Windows\system32\drivers\CLBUDF.sys
22:16:01.0653 2560 CLBUDF - ok
22:16:01.0700 2560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:16:01.0746 2560 CLFS - ok
22:16:01.0949 2560 CLHNServiceForPowerDVD (2b0c748f99feb99e0a743bb3628dfbcd) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
22:16:02.0012 2560 CLHNServiceForPowerDVD - ok
22:16:02.0074 2560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:16:02.0230 2560 clr_optimization_v2.0.50727_32 - ok
22:16:02.0292 2560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:16:02.0355 2560 clr_optimization_v2.0.50727_64 - ok
22:16:02.0511 2560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:16:02.0838 2560 clr_optimization_v4.0.30319_32 - ok
22:16:02.0901 2560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:16:02.0994 2560 clr_optimization_v4.0.30319_64 - ok
22:16:03.0072 2560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:03.0150 2560 CmBatt - ok
22:16:03.0182 2560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:16:03.0228 2560 cmdide - ok
22:16:03.0353 2560 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:16:03.0416 2560 CNG - ok
22:16:03.0525 2560 Com4QLBEx (ab420fa8ee829f80d5fe56b866432da8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:16:03.0603 2560 Com4QLBEx - ok
22:16:03.0650 2560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:03.0696 2560 Compbatt - ok
22:16:03.0806 2560 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:16:03.0884 2560 CompositeBus - ok
22:16:03.0899 2560 COMSysApp - ok
22:16:03.0915 2560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:16:03.0946 2560 crcdisk - ok
22:16:04.0055 2560 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:16:04.0180 2560 CryptSvc - ok
22:16:05.0615 2560 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:16:05.0802 2560 CSC - ok
22:16:06.0411 2560 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:16:06.0536 2560 CscService - ok
22:16:06.0567 2560 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:16:06.0629 2560 CVirtA - ok
22:16:06.0910 2560 CyberLink PowerDVD 11.0 Monitor Service (081c37926bbc9197a49cac04425d7ac6) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
22:16:07.0004 2560 CyberLink PowerDVD 11.0 Monitor Service - ok
22:16:07.0082 2560 CyberLink PowerDVD 11.0 Service (f4f769a9a85cdcd5ff206e3a27e77c2e) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
22:16:07.0238 2560 CyberLink PowerDVD 11.0 Service - ok
22:16:07.0690 2560 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:16:07.0768 2560 DcomLaunch - ok
22:16:08.0033 2560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:16:08.0158 2560 defragsvc - ok
22:16:08.0236 2560 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:16:08.0298 2560 DfsC - ok
22:16:08.0376 2560 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:16:08.0517 2560 Dhcp - ok
22:16:08.0548 2560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:16:08.0626 2560 discache - ok
22:16:08.0735 2560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:16:08.0798 2560 Disk - ok
22:16:08.0876 2560 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:16:08.0922 2560 DNE - ok
22:16:09.0141 2560 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:16:09.0266 2560 Dnscache - ok
22:16:09.0328 2560 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:16:09.0390 2560 dot3svc - ok
22:16:09.0437 2560 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:16:09.0515 2560 Dot4 - ok
22:16:09.0562 2560 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:16:09.0593 2560 Dot4Print - ok
22:16:09.0624 2560 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:16:09.0687 2560 dot4usb - ok
22:16:10.0170 2560 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:16:10.0326 2560 DPS - ok
22:16:10.0373 2560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:16:10.0404 2560 drmkaud - ok
22:16:11.0949 2560 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:12.0042 2560 DXGKrnl - ok
22:16:12.0089 2560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:16:12.0167 2560 EapHost - ok
22:16:18.0064 2560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:16:18.0267 2560 ebdrv - ok
22:16:18.0594 2560 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:16:18.0750 2560 EFS - ok
22:16:19.0359 2560 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:16:19.0484 2560 ehRecvr - ok
22:16:19.0530 2560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:16:19.0593 2560 ehSched - ok
22:16:19.0780 2560 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:16:19.0827 2560 ElbyCDIO - ok
22:16:19.0983 2560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:16:20.0076 2560 elxstor - ok
22:16:20.0108 2560 enecir (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
22:16:20.0186 2560 enecir - ok
22:16:20.0716 2560 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
22:16:20.0950 2560 EPSON_PM_RPCV4_01 - ok
22:16:21.0184 2560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:16:21.0262 2560 ErrDev - ok
22:16:21.0356 2560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:16:21.0465 2560 EventSystem - ok
22:16:21.0574 2560 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\Windows\system32\DRIVERS\ewusbnet.sys
22:16:21.0605 2560 ewusbnet - ok
22:16:21.0652 2560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:16:21.0761 2560 exfat - ok
22:16:21.0902 2560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:16:22.0011 2560 fastfat - ok
22:16:22.0214 2560 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:16:22.0323 2560 Fax - ok
22:16:22.0385 2560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:16:22.0416 2560 fdc - ok
22:16:22.0448 2560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:16:22.0541 2560 fdPHost - ok
22:16:22.0557 2560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:16:22.0635 2560 FDResPub - ok
22:16:22.0682 2560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:16:22.0728 2560 FileInfo - ok
22:16:22.0916 2560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:16:22.0994 2560 Filetrace - ok
22:16:23.0243 2560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:23.0306 2560 flpydisk - ok
22:16:23.0508 2560 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:16:23.0555 2560 FltMgr - ok
22:16:23.0789 2560 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:16:23.0883 2560 FontCache - ok
22:16:24.0039 2560 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:16:24.0132 2560 FontCache3.0.0.0 - ok
22:16:24.0179 2560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:16:24.0226 2560 FsDepends - ok
22:16:24.0257 2560 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:24.0320 2560 Fs_Rec - ok
22:16:24.0382 2560 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:16:24.0429 2560 fvevol - ok
22:16:24.0460 2560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:16:24.0507 2560 gagp30kx - ok
22:16:24.0569 2560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:16:24.0616 2560 GEARAspiWDM - ok
22:16:24.0710 2560 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:16:24.0834 2560 gpsvc - ok
22:16:24.0990 2560 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:25.0084 2560 gupdate - ok
22:16:25.0131 2560 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:25.0162 2560 gupdatem - ok
22:16:25.0271 2560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:16:25.0365 2560 hcw85cir - ok
22:16:25.0474 2560 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:16:25.0536 2560 HdAudAddService - ok
22:16:25.0599 2560 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:16:25.0661 2560 HDAudBus - ok
22:16:25.0677 2560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:16:25.0755 2560 HidBatt - ok
22:16:25.0770 2560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:16:25.0833 2560 HidBth - ok
22:16:25.0880 2560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:16:25.0942 2560 HidIr - ok
22:16:25.0958 2560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:16:26.0051 2560 hidserv - ok
22:16:26.0129 2560 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:26.0207 2560 HidUsb - ok
22:16:26.0254 2560 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:16:26.0426 2560 hkmsvc - ok
22:16:26.0586 2560 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:16:26.0716 2560 HomeGroupListener - ok
22:16:26.0856 2560 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:16:26.0926 2560 HomeGroupProvider - ok
22:16:26.0976 2560 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:16:27.0106 2560 HpqKbFiltr - ok
22:16:27.0206 2560 hpqwmiex (111f2e783ff94fb55d42b8cf7114b4a3) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:16:27.0266 2560 hpqwmiex - ok
22:16:27.0446 2560 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:16:27.0496 2560 HpSAMD - ok
22:16:27.0606 2560 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:16:27.0706 2560 HTTP - ok
22:16:27.0806 2560 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:16:27.0906 2560 hwdatacard - ok
22:16:27.0986 2560 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:16:28.0036 2560 hwpolicy - ok
22:16:28.0076 2560 hwusbdev (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys
22:16:28.0156 2560 hwusbdev - ok
22:16:28.0216 2560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:28.0266 2560 i8042prt - ok
22:16:28.0676 2560 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:16:28.0866 2560 IAANTMON - ok
22:16:28.0946 2560 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
22:16:28.0986 2560 iaStor - ok
22:16:29.0436 2560 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:16:29.0576 2560 iaStorV - ok
22:16:29.0706 2560 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:16:29.0766 2560 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:16:29.0766 2560 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:16:30.0486 2560 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:16:30.0836 2560 idsvc - ok
22:16:31.0586 2560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:16:31.0646 2560 iirsp - ok
22:16:31.0836 2560 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:16:31.0976 2560 IKEEXT - ok
22:16:32.0026 2560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:16:32.0096 2560 intelide - ok
22:16:32.0136 2560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:32.0206 2560 intelppm - ok
22:16:32.0256 2560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:16:32.0336 2560 IPBusEnum - ok
22:16:32.0386 2560 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:32.0476 2560 IpFilterDriver - ok
22:16:32.0916 2560 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:16:33.0026 2560 iphlpsvc - ok
22:16:33.0126 2560 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:16:33.0196 2560 IPMIDRV - ok
22:16:33.0236 2560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:16:33.0316 2560 IPNAT - ok
22:16:33.0856 2560 iPod Service (004629a2a244783318d43e3df6978d4c) C:\Program Files\iPod\bin\iPodService.exe
22:16:34.0016 2560 iPod Service - ok
22:16:34.0096 2560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:16:34.0236 2560 IRENUM - ok
22:16:34.0336 2560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:16:34.0386 2560 isapnp - ok
22:16:34.0596 2560 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:16:34.0706 2560 iScsiPrt - ok
22:16:34.0776 2560 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
22:16:34.0856 2560 JMCR - ok
22:16:34.0906 2560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:34.0946 2560 kbdclass - ok
22:16:35.0016 2560 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:35.0086 2560 kbdhid - ok
22:16:35.0126 2560 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:16:35.0176 2560 KeyIso - ok
22:16:35.0336 2560 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:16:35.0396 2560 KSecDD - ok
22:16:35.0526 2560 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:16:35.0576 2560 KSecPkg - ok
22:16:35.0696 2560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:16:35.0816 2560 ksthunk - ok
22:16:36.0236 2560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:16:36.0366 2560 KtmRm - ok
22:16:36.0426 2560 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:16:36.0536 2560 LanmanServer - ok
22:16:36.0706 2560 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:16:36.0796 2560 LanmanWorkstation - ok
22:16:36.0856 2560 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:16:36.0916 2560 lirsgt - ok
22:16:36.0976 2560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:37.0066 2560 lltdio - ok
22:16:37.0406 2560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:16:37.0636 2560 lltdsvc - ok
22:16:37.0716 2560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:16:37.0816 2560 lmhosts - ok
22:16:37.0886 2560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:37.0926 2560 LSI_FC - ok
22:16:37.0966 2560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:38.0006 2560 LSI_SAS - ok
22:16:38.0016 2560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:38.0066 2560 LSI_SAS2 - ok
22:16:38.0116 2560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:38.0156 2560 LSI_SCSI - ok
22:16:38.0336 2560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:16:38.0466 2560 luafv - ok
22:16:38.0566 2560 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:16:38.0706 2560 Mcx2Svc - ok
22:16:38.0766 2560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:16:38.0816 2560 megasas - ok
22:16:38.0846 2560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:38.0896 2560 MegaSR - ok
22:16:38.0926 2560 MEMSWEEP2 - ok
22:16:39.0126 2560 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:16:39.0196 2560 Microsoft Office Groove Audit Service - ok
22:16:39.0236 2560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:16:39.0326 2560 MMCSS - ok
22:16:39.0346 2560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:16:39.0416 2560 Modem - ok
22:16:39.0446 2560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:16:39.0496 2560 monitor - ok
22:16:39.0546 2560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:39.0596 2560 mouclass - ok
22:16:39.0626 2560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:39.0676 2560 mouhid - ok
22:16:39.0816 2560 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:16:39.0886 2560 mountmgr - ok
22:16:40.0006 2560 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:40.0076 2560 MozillaMaintenance - ok
22:16:40.0256 2560 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:16:40.0336 2560 mpio - ok
22:16:40.0446 2560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:16:40.0516 2560 mpsdrv - ok
22:16:42.0966 2560 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:16:43.0066 2560 MpsSvc - ok
22:16:43.0246 2560 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:16:43.0326 2560 MRxDAV - ok
22:16:43.0426 2560 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:43.0536 2560 mrxsmb - ok
22:16:43.0846 2560 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:43.0956 2560 mrxsmb10 - ok
22:16:43.0996 2560 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:44.0066 2560 mrxsmb20 - ok
22:16:44.0136 2560 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:16:44.0206 2560 msahci - ok
22:16:44.0446 2560 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:16:44.0536 2560 msdsm - ok
22:16:44.0816 2560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:16:44.0976 2560 MSDTC - ok
22:16:45.0026 2560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:16:45.0086 2560 Msfs - ok
22:16:45.0146 2560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:16:45.0236 2560 mshidkmdf - ok
22:16:45.0316 2560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:16:45.0376 2560 msisadrv - ok
22:16:45.0586 2560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:16:45.0776 2560 MSiSCSI - ok
22:16:45.0776 2560 msiserver - ok
22:16:45.0856 2560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:45.0966 2560 MSKSSRV - ok
22:16:45.0976 2560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:46.0056 2560 MSPCLOCK - ok
22:16:46.0076 2560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:16:46.0146 2560 MSPQM - ok
22:16:46.0606 2560 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:16:46.0686 2560 MsRPC - ok
22:16:46.0776 2560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:16:46.0846 2560 mssmbios - ok
22:16:46.0896 2560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:16:46.0976 2560 MSTEE - ok
22:16:51.0676 2560 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
22:16:52.0306 2560 msvsmon90 - ok
22:16:53.0376 2560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:53.0436 2560 MTConfig - ok
22:16:53.0466 2560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:16:53.0506 2560 Mup - ok
22:16:54.0126 2560 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:16:54.0226 2560 napagent - ok
22:16:54.0416 2560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:54.0496 2560 NativeWifiP - ok
22:16:55.0546 2560 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:16:55.0886 2560 NDIS - ok
22:16:55.0996 2560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:56.0076 2560 NdisCap - ok
22:16:56.0126 2560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:56.0236 2560 NdisTapi - ok
22:16:56.0316 2560 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:56.0396 2560 Ndisuio - ok
22:16:56.0556 2560 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:56.0646 2560 NdisWan - ok
22:16:56.0696 2560 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:16:56.0786 2560 NDProxy - ok
22:16:56.0936 2560 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll
22:16:56.0986 2560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:16:56.0986 2560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:16:57.0026 2560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:16:57.0096 2560 NetBIOS - ok
22:16:57.0376 2560 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:16:57.0436 2560 NetBT - ok
22:16:57.0496 2560 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:16:57.0526 2560 Netlogon - ok
22:16:57.0756 2560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:16:57.0856 2560 Netman - ok
22:16:58.0536 2560 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:58.0816 2560 NetMsmqActivator - ok
22:16:58.0916 2560 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:59.0036 2560 NetPipeActivator - ok
22:16:59.0086 2560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:16:59.0166 2560 netprofm - ok
22:16:59.0186 2560 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:59.0296 2560 NetTcpActivator - ok
22:16:59.0296 2560 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:59.0446 2560 NetTcpPortSharing - ok
22:17:02.0206 2560 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:17:02.0526 2560 NETw5s64 - ok
22:17:03.0156 2560 netw5v64 (263796d4f50df61c0c7ca86f746b5767) C:\Windows\system32\DRIVERS\netw5v64.sys
22:17:03.0516 2560 netw5v64 - ok
22:17:04.0526 2560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:04.0586 2560 nfrd960 - ok
22:17:04.0956 2560 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:17:05.0056 2560 NlaSvc - ok
22:17:05.0106 2560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:05.0186 2560 Npfs - ok
22:17:05.0206 2560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:17:05.0286 2560 nsi - ok
22:17:05.0306 2560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:05.0396 2560 nsiproxy - ok
22:17:07.0026 2560 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:17:07.0136 2560 Ntfs - ok
22:17:07.0456 2560 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
22:17:07.0536 2560 ntk_PowerDVD - ok
22:17:08.0686 2560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:08.0796 2560 Null - ok
22:17:09.0056 2560 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
22:17:09.0116 2560 NVHDA - ok
22:17:11.0386 2560 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:11.0856 2560 nvlddmkm - ok
22:17:12.0096 2560 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:17:12.0196 2560 nvraid - ok
22:17:12.0356 2560 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:17:12.0466 2560 nvstor - ok
22:17:13.0736 2560 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
22:17:13.0906 2560 nvsvc - ok
22:17:14.0156 2560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:17:14.0236 2560 nv_agp - ok
22:17:14.0916 2560 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:17:15.0066 2560 odserv - ok
22:17:15.0236 2560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:17:15.0356 2560 ohci1394 - ok
22:17:15.0606 2560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:17:15.0736 2560 ose - ok
22:17:19.0446 2560 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:17:20.0126 2560 osppsvc - ok
22:17:20.0576 2560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:20.0646 2560 p2pimsvc - ok
22:17:21.0076 2560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:17:21.0126 2560 p2psvc - ok
22:17:21.0386 2560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:17:21.0466 2560 Parport - ok
22:17:21.0636 2560 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:17:21.0706 2560 partmgr - ok
22:17:22.0086 2560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:17:22.0156 2560 PcaSvc - ok
22:17:22.0276 2560 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
22:17:22.0356 2560 pccsmcfd - ok
22:17:22.0646 2560 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:17:22.0696 2560 pci - ok
22:17:22.0786 2560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:17:22.0846 2560 pciide - ok
22:17:23.0156 2560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:17:23.0266 2560 pcmcia - ok
22:17:23.0396 2560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:23.0436 2560 pcw - ok
22:17:24.0046 2560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:24.0166 2560 PEAUTH - ok
22:17:24.0556 2560 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:17:24.0666 2560 PeerDistSvc - ok
22:17:24.0766 2560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:17:24.0866 2560 PerfHost - ok
22:17:25.0186 2560 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:17:25.0376 2560 pla - ok
22:17:25.0476 2560 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:17:25.0596 2560 PlugPlay - ok
22:17:25.0676 2560 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll
22:17:25.0736 2560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:17:25.0736 2560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:17:25.0776 2560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:17:25.0836 2560 PNRPAutoReg - ok
22:17:25.0896 2560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:25.0936 2560 PNRPsvc - ok
22:17:26.0056 2560 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:17:26.0116 2560 Point64 - ok
22:17:26.0256 2560 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:17:26.0376 2560 PolicyAgent - ok
22:17:26.0406 2560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:17:26.0486 2560 Power - ok
22:17:26.0556 2560 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:26.0646 2560 PptpMiniport - ok
22:17:26.0676 2560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:17:26.0736 2560 Processor - ok
22:17:26.0786 2560 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:17:26.0856 2560 ProfSvc - ok
22:17:26.0916 2560 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:26.0966 2560 ProtectedStorage - ok
22:17:27.0046 2560 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:17:27.0136 2560 Psched - ok
22:17:27.0456 2560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:17:27.0616 2560 ql2300 - ok
22:17:27.0866 2560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:17:27.0926 2560 ql40xx - ok
22:17:27.0986 2560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:17:28.0056 2560 QWAVE - ok
22:17:28.0066 2560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:17:28.0116 2560 QWAVEdrv - ok
22:17:28.0146 2560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:28.0226 2560 RasAcd - ok
22:17:28.0256 2560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:17:28.0326 2560 RasAgileVpn - ok
22:17:28.0346 2560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:17:28.0536 2560 RasAuto - ok
22:17:28.0606 2560 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:28.0686 2560 Rasl2tp - ok
22:17:28.0836 2560 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:17:28.0926 2560 RasMan - ok
22:17:28.0976 2560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:29.0046 2560 RasPppoe - ok
22:17:29.0076 2560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:29.0146 2560 RasSstp - ok
22:17:29.0276 2560 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:29.0376 2560 rdbss - ok
22:17:29.0396 2560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:17:29.0446 2560 rdpbus - ok
22:17:29.0456 2560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:29.0526 2560 RDPCDD - ok
22:17:29.0626 2560 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:17:29.0696 2560 RDPDR - ok
22:17:29.0706 2560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:17:29.0786 2560 RDPENCDD - ok
22:17:29.0806 2560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:17:29.0876 2560 RDPREFMP - ok
22:17:29.0956 2560 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:17:30.0026 2560 RDPWD - ok
22:17:30.0146 2560 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:17:30.0206 2560 rdyboost - ok
22:17:30.0246 2560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:17:30.0326 2560 RemoteAccess - ok
22:17:30.0376 2560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:17:30.0476 2560 RemoteRegistry - ok
22:17:30.0516 2560 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:17:30.0566 2560 RFCOMM - ok
22:17:30.0596 2560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:17:30.0676 2560 RpcEptMapper - ok
22:17:30.0706 2560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:17:30.0756 2560 RpcLocator - ok
22:17:30.0936 2560 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:17:30.0996 2560 RpcSs - ok
22:17:31.0026 2560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:31.0106 2560 rspndr - ok
22:17:31.0156 2560 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:17:31.0196 2560 RTL8167 - ok
22:17:31.0246 2560 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:17:31.0296 2560 s3cap - ok
22:17:31.0356 2560 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:31.0386 2560 SamSs - ok
22:17:31.0426 2560 SANDRA - ok
22:17:31.0666 2560 SAVAdminService (ecc98e6458d8250f834c42bb5928b1d2) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:17:31.0726 2560 SAVAdminService - ok
22:17:31.0856 2560 SAVOnAccess (2192ae4d310adb821b38595150f5a384) C:\Windows\system32\DRIVERS\savonaccess.sys
22:17:31.0906 2560 SAVOnAccess - ok
22:17:31.0986 2560 SAVService (b8a272d4e91efb366e16bea0fa42d7ee) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:17:32.0036 2560 SAVService - ok
22:17:32.0106 2560 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:17:32.0146 2560 sbp2port - ok
22:17:32.0196 2560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:17:32.0286 2560 SCardSvr - ok
22:17:32.0336 2560 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:17:32.0426 2560 scfilter - ok
22:17:32.0676 2560 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:17:32.0806 2560 Schedule - ok
22:17:32.0876 2560 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:17:32.0926 2560 SCPolicySvc - ok
22:17:33.0016 2560 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:17:33.0086 2560 sdbus - ok
22:17:33.0156 2560 sdcfilter (7d67aeabeb597c602edb5b3ae316e96a) C:\Windows\system32\DRIVERS\sdcfilter.sys
22:17:33.0196 2560 sdcfilter - ok
22:17:33.0296 2560 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:17:33.0356 2560 SDRSVC - ok
22:17:33.0386 2560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:17:33.0456 2560 secdrv - ok
22:17:33.0496 2560 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:17:33.0586 2560 seclogon - ok
22:17:33.0606 2560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:17:33.0676 2560 SENS - ok
22:17:33.0686 2560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:17:33.0726 2560 SensrSvc - ok
22:17:33.0756 2560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:17:33.0796 2560 Serenum - ok
22:17:33.0826 2560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:17:33.0876 2560 Serial - ok
22:17:33.0926 2560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:17:33.0966 2560 sermouse - ok
22:17:34.0176 2560 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
22:17:34.0296 2560 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:17:34.0296 2560 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:17:34.0376 2560 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:17:34.0476 2560 SessionEnv - ok
22:17:34.0526 2560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:17:34.0596 2560 sffdisk - ok
22:17:34.0616 2560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:17:34.0666 2560 sffp_mmc - ok
22:17:34.0686 2560 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:17:34.0736 2560 sffp_sd - ok
22:17:34.0776 2560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:17:34.0826 2560 sfloppy - ok
22:17:34.0886 2560 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:17:35.0826 2560 SharedAccess - ok
22:17:35.0936 2560 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:17:36.0036 2560 ShellHWDetection - ok
22:17:36.0076 2560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:17:36.0136 2560 SiSRaid2 - ok
22:17:36.0146 2560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:17:36.0196 2560 SiSRaid4 - ok
22:17:36.0236 2560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:17:36.0306 2560 Smb - ok
22:17:36.0376 2560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:17:36.0426 2560 SNMPTRAP - ok
22:17:36.0616 2560 Sophos AutoUpdate Service (6067896db061a2169688980ada2ddc30) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:17:36.0656 2560 Sophos AutoUpdate Service - ok
22:17:36.0836 2560 Sophos Web Control Service (bd03374253f79ce7a716a870dc85bd84) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
22:17:36.0916 2560 Sophos Web Control Service - ok
22:17:36.0986 2560 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:17:37.0036 2560 SophosBootDriver - ok
22:17:37.0186 2560 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
22:17:37.0236 2560 speedfan - ok
22:17:37.0276 2560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:17:37.0316 2560 spldr - ok
22:17:37.0486 2560 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:17:37.0576 2560 Spooler - ok
22:17:38.0396 2560 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:17:38.0706 2560 sppsvc - ok
22:17:38.0916 2560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:17:38.0986 2560 sppuinotify - ok
22:17:39.0106 2560 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:17:39.0186 2560 srv - ok
22:17:39.0216 2560 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:17:39.0266 2560 srv2 - ok
22:17:39.0296 2560 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:39.0346 2560 srvnet - ok
22:17:39.0386 2560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:17:39.0466 2560 SSDPSRV - ok
22:17:39.0476 2560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:17:39.0546 2560 SstpSvc - ok
22:17:39.0776 2560 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
22:17:39.0866 2560 STacSV - ok
22:17:39.0966 2560 Steam Client Service - ok
22:17:40.0016 2560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:17:40.0086 2560 stexstor - ok
22:17:40.0196 2560 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
22:17:40.0286 2560 STHDA - ok
22:17:40.0396 2560 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:17:40.0476 2560 stisvc - ok
22:17:40.0546 2560 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:17:40.0616 2560 storflt - ok
22:17:40.0626 2560 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:17:40.0666 2560 StorSvc - ok
22:17:40.0686 2560 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:17:40.0716 2560 storvsc - ok
22:17:40.0746 2560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:17:40.0776 2560 swenum - ok
22:17:41.0746 2560 swi_service (4f1b0bdb039a0719da55fb490114df0f) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:17:42.0516 2560 swi_service - ok
22:17:43.0076 2560 swi_update_64 (f31244e493863ca1edc856e4f24284b5) C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:17:43.0256 2560 swi_update_64 - ok
22:17:43.0426 2560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:17:43.0556 2560 swprv - ok
22:17:43.0756 2560 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
22:17:43.0826 2560 SynTP - ok
22:17:44.0296 2560 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:17:44.0456 2560 SysMain - ok
22:17:44.0656 2560 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:17:44.0726 2560 TabletInputService - ok
22:17:44.0816 2560 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:17:44.0906 2560 TapiSrv - ok
22:17:44.0936 2560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:17:44.0996 2560 TBS - ok
22:17:45.0506 2560 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:17:45.0626 2560 Tcpip - ok
22:17:46.0416 2560 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:46.0496 2560 TCPIP6 - ok
22:17:46.0826 2560 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:17:46.0896 2560 tcpipreg - ok
22:17:46.0966 2560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:17:47.0046 2560 TDPIPE - ok
22:17:47.0116 2560 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:17:47.0176 2560 TDTCP - ok
22:17:47.0276 2560 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:17:47.0366 2560 tdx - ok
22:17:47.0436 2560 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:17:47.0506 2560 TermDD - ok
22:17:47.0786 2560 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:17:47.0946 2560 TermService - ok
22:17:48.0036 2560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:17:48.0106 2560 Themes - ok
22:17:48.0156 2560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:48.0226 2560 THREADORDER - ok
22:17:48.0286 2560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:17:48.0376 2560 TrkWks - ok
22:17:48.0496 2560 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:17:48.0606 2560 TrustedInstaller - ok
22:17:48.0656 2560 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:48.0746 2560 tssecsrv - ok
22:17:48.0816 2560 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:17:48.0876 2560 TsUsbFlt - ok
22:17:49.0226 2560 TuneUp.Defrag (e376fe305de0246589169fce4b240509) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:17:49.0346 2560 TuneUp.Defrag - ok
22:17:49.0806 2560 TuneUp.UtilitiesSvc (141a16073e1729a5cffa4aecf71654e4) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:17:49.0976 2560 TuneUp.UtilitiesSvc - ok
22:17:50.0046 2560 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:17:50.0126 2560 TuneUpUtilitiesDrv - ok
22:17:50.0396 2560 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:50.0496 2560 tunnel - ok
22:17:50.0516 2560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:17:50.0556 2560 uagp35 - ok
22:17:50.0646 2560 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:17:50.0746 2560 udfs - ok
22:17:50.0796 2560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:17:50.0846 2560 UI0Detect - ok
22:17:50.0906 2560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:17:50.0956 2560 uliagpkx - ok
22:17:51.0016 2560 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:17:51.0086 2560 umbus - ok
22:17:51.0106 2560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:17:51.0146 2560 UmPass - ok
22:17:51.0276 2560 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:17:51.0396 2560 UmRdpService - ok
22:17:51.0576 2560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:17:51.0796 2560 upnphost - ok
22:17:51.0886 2560 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:51.0936 2560 usbccgp - ok
22:17:52.0026 2560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:17:52.0106 2560 usbcir - ok
22:17:52.0156 2560 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:17:52.0236 2560 usbehci - ok
22:17:52.0286 2560 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:52.0356 2560 usbhub - ok
22:17:52.0406 2560 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:17:52.0476 2560 usbohci - ok
22:17:52.0526 2560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:17:52.0596 2560 usbprint - ok
22:17:52.0666 2560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:17:52.0726 2560 usbscan - ok
22:17:52.0796 2560 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:52.0876 2560 USBSTOR - ok
22:17:52.0926 2560 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:17:52.0976 2560 usbuhci - ok
22:17:53.0026 2560 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:17:53.0086 2560 usbvideo - ok
22:17:53.0106 2560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:17:53.0176 2560 UxSms - ok
22:17:53.0276 2560 UxTuneUp (997a15ed9d6ccf558abeae691ff2bec5) C:\Windows\System32\uxtuneup.dll
22:17:53.0336 2560 UxTuneUp - ok
22:17:53.0416 2560 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:53.0456 2560 VaultSvc - ok
22:17:53.0496 2560 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
22:17:53.0546 2560 VClone - ok
22:17:53.0596 2560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:17:53.0636 2560 vdrvroot - ok
22:17:53.0806 2560 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:17:53.0936 2560 vds - ok
22:17:53.0966 2560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:54.0016 2560 vga - ok
22:17:54.0046 2560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:17:54.0116 2560 VgaSave - ok
22:17:54.0236 2560 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:17:54.0306 2560 vhdmp - ok
22:17:54.0356 2560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:17:54.0406 2560 viaide - ok
22:17:54.0436 2560 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:17:54.0486 2560 vmbus - ok
22:17:54.0556 2560 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:17:54.0596 2560 VMBusHID - ok
22:17:54.0646 2560 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:17:54.0696 2560 volmgr - ok
22:17:54.0796 2560 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:17:54.0856 2560 volmgrx - ok
22:17:54.0956 2560 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:17:55.0016 2560 volsnap - ok
22:17:55.0296 2560 vpnagent (18507bdc6c15bd464de9ab18b6af1c23) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:17:55.0366 2560 vpnagent - ok
22:17:55.0456 2560 vpnva (be7fe15ac90b9f02cbe011ae2426dd0f) C:\Windows\system32\DRIVERS\vpnva64.sys
22:17:55.0526 2560 vpnva - ok
22:17:55.0566 2560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:17:55.0626 2560 vsmraid - ok
22:17:56.0006 2560 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:17:56.0196 2560 VSS - ok
22:17:56.0536 2560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:17:56.0616 2560 vwifibus - ok
22:17:56.0646 2560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:17:56.0736 2560 vwififlt - ok
22:17:56.0766 2560 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:17:56.0806 2560 vwifimp - ok
22:17:56.0946 2560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:17:57.0026 2560 W32Time - ok
22:17:57.0076 2560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:17:57.0126 2560 WacomPen - ok
22:17:57.0206 2560 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:57.0296 2560 WANARP - ok
22:17:57.0296 2560 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:57.0356 2560 Wanarpv6 - ok
22:17:57.0746 2560 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:17:57.0916 2560 wbengine - ok
22:17:58.0226 2560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:17:58.0306 2560 WbioSrvc - ok
22:17:58.0446 2560 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:17:58.0526 2560 wcncsvc - ok
22:17:58.0546 2560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:17:58.0576 2560 WcsPlugInService - ok
22:17:58.0626 2560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:17:58.0676 2560 Wd - ok
22:17:58.0796 2560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:17:58.0876 2560 Wdf01000 - ok
22:17:58.0896 2560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:58.0996 2560 WdiServiceHost - ok
22:17:58.0996 2560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:59.0026 2560 WdiSystemHost - ok
22:17:59.0136 2560 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:17:59.0226 2560 WebClient - ok
22:17:59.0266 2560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:17:59.0346 2560 Wecsvc - ok
22:17:59.0376 2560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:17:59.0476 2560 wercplsupport - ok
22:17:59.0496 2560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:17:59.0576 2560 WerSvc - ok
22:17:59.0626 2560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:17:59.0686 2560 WfpLwf - ok
22:17:59.0716 2560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:17:59.0756 2560 WIMMount - ok
22:17:59.0896 2560 WinDefend - ok
22:17:59.0936 2560 WinHttpAutoProxySvc - ok
22:18:00.0106 2560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:18:00.0206 2560 Winmgmt - ok
22:18:00.0526 2560 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:18:00.0686 2560 WinRM - ok
22:18:00.0926 2560 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:18:00.0986 2560 WinUsb - ok
22:18:01.0086 2560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:18:01.0146 2560 Wlansvc - ok
22:18:01.0516 2560 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:01.0756 2560 wlidsvc - ok
22:18:01.0926 2560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:18:01.0976 2560 WmiAcpi - ok
22:18:02.0066 2560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:18:02.0126 2560 wmiApSrv - ok
22:18:02.0176 2560 WMPNetworkSvc - ok
22:18:02.0196 2560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:18:02.0236 2560 WPCSvc - ok
22:18:02.0376 2560 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:18:02.0416 2560 WPDBusEnum - ok
22:18:02.0456 2560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:02.0526 2560 ws2ifsl - ok
22:18:02.0576 2560 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:18:02.0666 2560 wscsvc - ok
22:18:02.0676 2560 WSearch - ok
22:18:03.0566 2560 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:18:03.0656 2560 wuauserv - ok
22:18:03.0866 2560 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:18:03.0966 2560 WudfPf - ok
22:18:04.0026 2560 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:04.0106 2560 WUDFRd - ok
22:18:04.0186 2560 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:18:04.0286 2560 wudfsvc - ok
22:18:04.0336 2560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:18:04.0396 2560 WwanSvc - ok
22:18:04.0556 2560 zlportio - ok
22:18:04.0886 2560 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
22:18:04.0946 2560 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
22:18:05.0286 2560 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
22:18:05.0356 2560 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
22:18:05.0406 2560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:18:06.0846 2560 \Device\Harddisk0\DR0 - ok
22:18:07.0186 2560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:18:07.0306 2560 \Device\Harddisk1\DR1 - ok
22:18:07.0316 2560 Boot (0x1200) (82e6f9c0010a3c49b04c75b55432ccda) \Device\Harddisk0\DR0\Partition0
22:18:07.0316 2560 \Device\Harddisk0\DR0\Partition0 - ok
22:18:07.0346 2560 Boot (0x1200) (b9198f42cb736db5886f6a7b5dc5d9fa) \Device\Harddisk0\DR0\Partition1
22:18:07.0376 2560 \Device\Harddisk0\DR0\Partition1 - ok
22:18:07.0376 2560 Boot (0x1200) (6e42331d263e7726d9be3cfab5bf31d8) \Device\Harddisk1\DR1\Partition0
22:18:07.0386 2560 \Device\Harddisk1\DR1\Partition0 - ok
22:18:07.0386 2560 ============================================================
22:18:07.0386 2560 Scan finished
22:18:07.0386 2560 ============================================================
22:18:07.0456 1188 Detected object count: 4
22:18:07.0456 1188 Actual detected object count: 4
22:18:43.0466 1188 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:43.0466 1188 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:43.0466 1188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:43.0466 1188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:43.0466 1188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:43.0466 1188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:43.0466 1188 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:43.0466 1188 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:47.0736 1908 Deinitialize success
|
|
07.08.2012, 20:47
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 19:17
| #21 |
| | Computer infiziert?Code:
ATTFilter ComboFix 12-08-09.01 - **** 09.08.2012 19:27:53.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4093.2702 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml1A14.tmp
c:\programdata\xml227E.tmp
c:\programdata\xml228F.tmp
c:\programdata\xml22BF.tmp
c:\programdata\xml3E28.tmp
c:\programdata\xml40E7.tmp
c:\programdata\xml4155.tmp
c:\programdata\xml479E.tmp
c:\programdata\xml481B.tmp
c:\programdata\xml48B8.tmp
c:\programdata\xml7290.tmp
c:\programdata\xmlB9A6.tmp
c:\programdata\xmlBB0E.tmp
c:\programdata\xmlBB6C.tmp
c:\programdata\xmlD7F6.tmp
c:\programdata\xmlD8F1.tmp
c:\programdata\xmlF150.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-09 bis 2012-08-09 ))))))))))))))))))))))))))))))
.
.
2012-08-09 17:41 . 2012-08-09 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 16:22 . 2012-08-05 16:22 -------- d-----w- C:\_OTL
2012-07-27 19:27 . 2012-07-27 19:27 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2012-07-27 19:27 . 2012-07-27 19:27 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 19:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 19:26 . 2012-07-27 19:27 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2012-07-27 11:58 . 2012-07-27 11:58 388096 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-26 17:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 16:48 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-26 16:47 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-26 16:47 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-26 16:47 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-26 16:47 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-26 16:47 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-26 16:47 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-26 16:47 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-26 16:47 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-26 16:47 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-23 22:29 . 2012-07-26 16:42 -------- d-----w- c:\users\****\ipod
2012-07-23 09:56 . 2012-07-23 09:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-23 09:56 . 2012-07-23 09:56 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-23 09:56 . 2012-07-23 09:56 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-20 09:06 . 2012-07-20 09:06 -------- d-----w- c:\users\****\AppData\Roaming\Fatshark
2012-07-10 19:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-10 19:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-10 19:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-10 19:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-10 19:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-10 19:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-10 19:56 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 19:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-10 19:56 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-10 19:56 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-10 19:56 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-10 19:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 16:54 . 2009-10-18 13:14 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-04 15:23 . 2012-07-04 13:47 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-07-04 15:23 . 2012-07-04 13:50 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-06-12 11:59 . 2012-04-08 22:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 11:59 . 2011-05-20 08:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 07:35 . 2012-06-07 07:35 145912 ----a-w- c:\windows\SysWow64\vpnweb.ocx
2012-06-07 07:35 . 2012-06-07 07:35 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-06-07 07:35 . 2012-06-07 07:35 33272 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-06-07 07:25 . 2012-06-07 07:25 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-06-07 07:24 . 2012-06-07 07:24 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-06-02 22:19 . 2012-06-22 15:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 15:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 15:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 15:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 15:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 15:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-23 206392]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-10-23 900120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-07-07 2009152]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 132608]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D182.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-03-31 5430272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-10-01 36640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
R3 zlportio;zlportio;c:\users\****\ultrastar\zlportio.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-02-08 83240]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-02-01 75048]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2012-02-01 292136]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-08-25 25608]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-11-19 1403200]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys [2007-06-04 24824]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-07-04 144672]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/10 19:39];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2012-02-08 13:33 148976]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-02-08 75248]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-07-04 216600]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-07-07 139840]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-07-04 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-07-07 2862656]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 64000]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-20 145496]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 12:37]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 12:37]
.
2012-08-09 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-09 01:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hi0m9ke5.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D182.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-09 19:53:10
ComboFix-quarantined-files.txt 2012-08-09 17:53
.
Vor Suchlauf: 9 Verzeichnis(se), 40.842.096.640 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 40.663.191.552 Bytes frei
.
- - End Of File - - 3FC923FF04AED8F1F94B75C596F59354
|
|
10.08.2012, 21:11
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 17:57
| #23 |
| | Computer infiziert? GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-12 18:25:32
Windows 6.1.7601 Service Pack 1
Running: GMER.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021868a71de
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021868a71de@000eed60e812 0x53 0xD2 0xE3 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021868a71de (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021868a71de@000eed60e812 0x53 0xD2 0xE3 0xEC ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:34:22 on 12.08.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Sophos Limited" - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "MATLAB R2012a Startup Accelerator.job" - ? - C:\Program Files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock64.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "CyberLink InstantBurn UDF Filesystem" (CLBUDF) - "CyberLink Corporation." - C:\Windows\system32\drivers\CLBUDF.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\D182.tmp (File not found) "ntk_PowerDVD" (ntk_PowerDVD) - "Cyberlink Corp." - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys "Power Control [2012/03/10 19:39:18]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) - ? - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl "SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\Sandra.sys (File not found) "SAVOnAccess" (SAVOnAccess) - "Sophos Limited" - C:\Windows\System32\DRIVERS\savonaccess.sys "sdcfilter" (sdcfilter) - "Sophos Limited" - C:\Windows\System32\DRIVERS\sdcfilter.sys "speedfan" (speedfan) - "Windows (R) Server 2003 DDK provider" - C:\Windows\SysWOW64\speedfan.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys "zlportio" (zlportio) - ? - C:\Users\*****\ultrastar\zlportio.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Limited" - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExt.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\SDShelEx-win32.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {538793D5-659C-4639-A56C-A179AD87ED44} "Cisco AnyConnect Secure Mobility Client Web Control" - "Cisco Systems, Inc." - C:\Windows\SysWOW64\vpnweb.ocx / vpnweb.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll "ICQ7.4" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.4\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL "Senden an Bluetooth" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "Sophos AutoUpdate Monitor" - "Sophos Limited" - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL "HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe "Sophos Anti-Virus" (SAVService) - "Sophos Limited" - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Limited" - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Limited" - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe "Sophos Web Control Service" (Sophos Web Control Service) - "Sophos Limited" - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe "Sophos Web Intelligence Service" (swi_service) - "Sophos Limited" - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe "Sophos Web Intelligence Update" (swi_update_64) - "Sophos Limited" - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "Sophos Web Intelligence IFSLSP" - "Sophos Limited" - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 18:50:08
-----------------------------
18:50:08.803 OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:08.803 Number of processors: 2 586 0x1706
18:50:08.803 ComputerName: T-2000 UserName: *****
18:50:10.036 Initialize success
18:50:16.151 AVAST engine defs: 12081200
18:51:03.797 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:51:03.807 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
18:51:03.807 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:51:03.807 Disk 1 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
18:51:03.837 Disk 0 MBR read successfully
18:51:03.837 Disk 0 MBR scan
18:51:03.847 Disk 0 Windows 7 default MBR code
18:51:03.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229228 MB offset 63
18:51:03.877 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9243 MB offset 469460992
18:51:03.927 Disk 0 scanning C:\Windows\system32\drivers
18:51:27.247 Service scanning
18:52:18.437 Modules scanning
18:52:18.453 Disk 0 trace - called modules:
18:52:19.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:52:19.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005847060]
18:52:19.030 3 CLASSPNP.SYS[fffff88001b8d43f] -> nt!IofCallDriver -> [0xfffffa8004b6db50]
18:52:19.046 5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b6c050]
18:52:19.046 Scan finished successfully
18:52:39.638 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
18:52:39.638 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
|
|
13.08.2012, 15:26
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 17:33
| #25 |
| | Computer infiziert? So, hat ein bisschen länger gedauert, aber hier sind die Logs. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.19.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: T-2000 [Administrator] 19.08.2012 19:28:25 mbam-log-2012-08-19 (19-28-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 766014 Laufzeit: 2 Stunde(n), 57 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/20/2012 at 06:21 PM
Application Version : 5.5.1012
Core Rules Database Version : 9084
Trace Rules Database Version: 6896
Scan type : Complete Scan
Total Scan Time : 06:23:49
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 69192
Registry threats detected : 0
File items scanned : 556424
File threats detected : 23
Adware.Zwangi
D:\SPIELE\STEAM\STEAMAPPS\COMMON\THIEF DEADLY SHADOWS\COLLECTIVE TEXTURE PACK UNINSTALLER.EXE
Trojan.Agent/Gen-Bifrose
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\MULTIPROG50_IMPORT.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\PCWORX60_IMPORT.EXE
Trojan.Agent/Gen-Dropper
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\RSLOGIX5000_IMPORT.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\STEP7_IMPORT_DE.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\STEP7_IMPORT_EN.EXE
Adware.Tracking Cookie
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wakienazodp.stats.esomniture.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
|
|
21.08.2012, 12:09
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert?Code:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2012, 11:23
| #27 |
| | Computer infiziert? Wenn ich mich richtig erinnere hatte es sich vor dem ersten Scan bereits automatisch gestartet. |
|
30.08.2012, 14:18
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Starte es neu aber per Rechtsklick als Administrator
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.09.2012, 10:23
| #29 |
| | Computer infiziert?Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/01/2012 at 09:51 PM
Application Version : 5.5.1012
Core Rules Database Version : 9166
Trace Rules Database Version: 6978
Scan type : Complete Scan
Total Scan Time : 06:18:50
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 69376
Registry threats detected : 0
File items scanned : 546313
File threats detected : 7
Adware.Zwangi
D:\SPIELE\STEAM\STEAMAPPS\COMMON\THIEF DEADLY SHADOWS\COLLECTIVE TEXTURE PACK UNINSTALLER.EXE
Trojan.Agent/Gen-Bifrose
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\MULTIPROG50_IMPORT.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\PCWORX60_IMPORT.EXE
Trojan.Agent/Gen-Dropper
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\RSLOGIX5000_IMPORT.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\STEP7_IMPORT_DE.EXE
C:\PROGRAM FILES\MATLAB\R2012A\TOOLBOX\PLCCODER\TOOLS\SCRIPTS\STEP7_IMPORT_EN.EXE
Adware.Tracking Cookie
.olympiaverlag.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HI0M9KE5.DEFAULT\COOKIES.SQLITE ]
|
|
03.09.2012, 18:54
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer infiziert? Sieht ok aus, da wurden nur ein Cookie gefunden. Das andere sieht für mich nach Fehlalarmen aus. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer infiziert? |
| adblock, anmeldung, booten, c:\windows, computer, daten, document, dr.web, fehlermeldung, festplatte, festplatten, fund, google earth, hewlett packard, infiziert, infiziert?, kaspersky, langs, lsass.exe, meldung, neu, plug-in, scan, scannen, scanner, searchscopes, sophos, speicher, speichern, system32, systemprozess, verbindung, virus, visual studio, windows |
Linear-Darstellung
