| |
| |||||||
Log-Analyse und Auswertung: Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2012, 19:07
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 21:36
| #17 |
 | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Hier das Log vom TDSSKiller, nix gelöscht, nur gepostet:
__________________Code:
ATTFilter 22:29:51.0831 6148 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:29:52.0041 6148 ============================================================
22:29:52.0041 6148 Current date / time: 2012/08/13 22:29:52.0041
22:29:52.0041 6148 SystemInfo:
22:29:52.0041 6148
22:29:52.0041 6148 OS Version: 6.1.7601 ServicePack: 1.0
22:29:52.0041 6148 Product type: Workstation
22:29:52.0041 6148 ComputerName: MICHAELA-PC
22:29:52.0041 6148 UserName: Michaela
22:29:52.0041 6148 Windows directory: C:\Windows
22:29:52.0041 6148 System windows directory: C:\Windows
22:29:52.0041 6148 Running under WOW64
22:29:52.0041 6148 Processor architecture: Intel x64
22:29:52.0041 6148 Number of processors: 4
22:29:52.0041 6148 Page size: 0x1000
22:29:52.0041 6148 Boot type: Normal boot
22:29:52.0041 6148 ============================================================
22:29:53.0812 6148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:53.0822 6148 ============================================================
22:29:53.0822 6148 \Device\Harddisk0\DR0:
22:29:53.0862 6148 MBR partitions:
22:29:53.0862 6148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
22:29:53.0862 6148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
22:29:53.0862 6148 ============================================================
22:29:54.0002 6148 C: <-> \Device\Harddisk0\DR0\Partition1
22:29:54.0002 6148 ============================================================
22:29:54.0002 6148 Initialize success
22:29:54.0002 6148 ============================================================
22:31:22.0212 6088 ============================================================
22:31:22.0212 6088 Scan started
22:31:22.0212 6088 Mode: Manual; SigCheck; TDLFS;
22:31:22.0212 6088 ============================================================
22:31:23.0117 6088 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:31:23.0273 6088 1394ohci - ok
22:31:23.0351 6088 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
22:31:23.0366 6088 Acceler - ok
22:31:23.0444 6088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:31:23.0475 6088 ACPI - ok
22:31:23.0522 6088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:31:23.0616 6088 AcpiPmi - ok
22:31:23.0819 6088 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:31:23.0834 6088 AdobeARMservice - ok
22:31:24.0021 6088 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:31:24.0037 6088 AdobeFlashPlayerUpdateSvc - ok
22:31:24.0146 6088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:24.0177 6088 adp94xx - ok
22:31:24.0240 6088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:31:24.0271 6088 adpahci - ok
22:31:24.0333 6088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:31:24.0349 6088 adpu320 - ok
22:31:24.0380 6088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:31:24.0536 6088 AeLookupSvc - ok
22:31:24.0723 6088 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe
22:31:24.0817 6088 AESTFilters - ok
22:31:24.0911 6088 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:31:25.0004 6088 AFD - ok
22:31:25.0082 6088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:31:25.0113 6088 agp440 - ok
22:31:25.0176 6088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:31:25.0269 6088 ALG - ok
22:31:25.0301 6088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:31:25.0332 6088 aliide - ok
22:31:25.0394 6088 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
22:31:25.0488 6088 AMD External Events Utility - ok
22:31:25.0519 6088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:31:25.0535 6088 amdide - ok
22:31:25.0597 6088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:31:25.0644 6088 AmdK8 - ok
22:31:25.0675 6088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:31:25.0737 6088 AmdPPM - ok
22:31:25.0815 6088 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:31:25.0831 6088 amdsata - ok
22:31:25.0878 6088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:25.0878 6088 amdsbs - ok
22:31:25.0909 6088 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:31:25.0925 6088 amdxata - ok
22:31:26.0081 6088 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:31:26.0096 6088 AntiVirSchedulerService - ok
22:31:26.0159 6088 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:31:26.0190 6088 AntiVirService - ok
22:31:26.0237 6088 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:31:26.0408 6088 AppID - ok
22:31:26.0424 6088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:31:26.0517 6088 AppIDSvc - ok
22:31:26.0595 6088 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:31:26.0658 6088 Appinfo - ok
22:31:26.0876 6088 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:31:26.0892 6088 Apple Mobile Device - ok
22:31:26.0954 6088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:31:26.0970 6088 arc - ok
22:31:27.0001 6088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:31:27.0017 6088 arcsas - ok
22:31:27.0063 6088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:27.0141 6088 AsyncMac - ok
22:31:27.0188 6088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:31:27.0204 6088 atapi - ok
22:31:27.0251 6088 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
22:31:27.0282 6088 AtiHdmiService - ok
22:31:27.0719 6088 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:27.0921 6088 atikmdag - ok
22:31:28.0171 6088 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:31:28.0249 6088 AudioEndpointBuilder - ok
22:31:28.0265 6088 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:31:28.0311 6088 AudioSrv - ok
22:31:28.0405 6088 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:31:28.0436 6088 avgntflt - ok
22:31:28.0483 6088 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:31:28.0514 6088 avipbb - ok
22:31:28.0545 6088 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:31:28.0577 6088 avkmgr - ok
22:31:28.0639 6088 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:31:28.0764 6088 AxInstSV - ok
22:31:28.0842 6088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:31:28.0904 6088 b06bdrv - ok
22:31:28.0982 6088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:31:29.0045 6088 b57nd60a - ok
22:31:29.0091 6088 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
22:31:29.0107 6088 BCM42RLY - ok
22:31:29.0357 6088 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:31:29.0403 6088 BCM43XX - ok
22:31:29.0622 6088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:31:29.0684 6088 BDESVC - ok
22:31:29.0793 6088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:31:29.0887 6088 Beep - ok
22:31:29.0903 6088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:29.0949 6088 blbdrive - ok
22:31:30.0105 6088 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:31:30.0137 6088 Bonjour Service - ok
22:31:30.0183 6088 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:31:30.0230 6088 bowser - ok
22:31:30.0277 6088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:30.0339 6088 BrFiltLo - ok
22:31:30.0355 6088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:30.0402 6088 BrFiltUp - ok
22:31:30.0480 6088 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:31:30.0558 6088 Browser - ok
22:31:30.0605 6088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:31:30.0667 6088 Brserid - ok
22:31:30.0683 6088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:30.0761 6088 BrSerWdm - ok
22:31:30.0776 6088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:30.0792 6088 BrUsbMdm - ok
22:31:30.0823 6088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:30.0870 6088 BrUsbSer - ok
22:31:30.0901 6088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:30.0948 6088 BTHMODEM - ok
22:31:31.0010 6088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:31:31.0088 6088 bthserv - ok
22:31:31.0135 6088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:31.0197 6088 cdfs - ok
22:31:31.0260 6088 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:31:31.0291 6088 cdrom - ok
22:31:31.0338 6088 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:31:31.0431 6088 CertPropSvc - ok
22:31:31.0494 6088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:31:31.0572 6088 circlass - ok
22:31:31.0650 6088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:31:31.0681 6088 CLFS - ok
22:31:31.0806 6088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:31.0821 6088 clr_optimization_v2.0.50727_32 - ok
22:31:32.0071 6088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:31:32.0087 6088 clr_optimization_v2.0.50727_64 - ok
22:31:32.0211 6088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:32.0243 6088 clr_optimization_v4.0.30319_32 - ok
22:31:32.0321 6088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:31:32.0352 6088 clr_optimization_v4.0.30319_64 - ok
22:31:32.0399 6088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:32.0430 6088 CmBatt - ok
22:31:32.0477 6088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:31:32.0492 6088 cmdide - ok
22:31:32.0586 6088 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:31:32.0633 6088 CNG - ok
22:31:32.0648 6088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:32.0664 6088 Compbatt - ok
22:31:32.0711 6088 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:31:32.0757 6088 CompositeBus - ok
22:31:32.0789 6088 COMSysApp - ok
22:31:32.0804 6088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:32.0835 6088 crcdisk - ok
22:31:32.0898 6088 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:31:32.0960 6088 CryptSvc - ok
22:31:33.0007 6088 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:31:33.0101 6088 CtClsFlt - ok
22:31:33.0210 6088 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:31:33.0319 6088 DcomLaunch - ok
22:31:33.0381 6088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:31:33.0459 6088 defragsvc - ok
22:31:33.0537 6088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:31:33.0600 6088 DfsC - ok
22:31:33.0631 6088 dgderdrv - ok
22:31:33.0693 6088 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
22:31:33.0725 6088 dg_ssudbus - ok
22:31:33.0803 6088 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:31:33.0896 6088 Dhcp - ok
22:31:33.0959 6088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:31:34.0021 6088 discache - ok
22:31:34.0099 6088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:31:34.0115 6088 Disk - ok
22:31:34.0177 6088 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:31:34.0255 6088 Dnscache - ok
22:31:34.0364 6088 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
22:31:34.0380 6088 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
22:31:34.0380 6088 DockLoginService - detected UnsignedFile.Multi.Generic (1)
22:31:34.0442 6088 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:31:34.0505 6088 dot3svc - ok
22:31:34.0583 6088 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:31:34.0629 6088 Dot4 - ok
22:31:34.0707 6088 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
22:31:34.0754 6088 Dot4Print - ok
22:31:34.0785 6088 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:31:34.0848 6088 dot4usb - ok
22:31:34.0895 6088 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:31:34.0973 6088 DPS - ok
22:31:35.0004 6088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:31:35.0035 6088 drmkaud - ok
22:31:35.0144 6088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:35.0191 6088 DXGKrnl - ok
22:31:35.0253 6088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:31:35.0331 6088 EapHost - ok
22:31:35.0597 6088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:31:35.0706 6088 ebdrv - ok
22:31:35.0893 6088 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:31:35.0987 6088 EFS - ok
22:31:36.0111 6088 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:31:36.0221 6088 ehRecvr - ok
22:31:36.0267 6088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:31:36.0314 6088 ehSched - ok
22:31:36.0439 6088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:31:36.0470 6088 elxstor - ok
22:31:36.0501 6088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:31:36.0548 6088 ErrDev - ok
22:31:36.0626 6088 esgiguard - ok
22:31:36.0689 6088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:31:36.0767 6088 EventSystem - ok
22:31:36.0829 6088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:36.0907 6088 exfat - ok
22:31:36.0954 6088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:37.0001 6088 fastfat - ok
22:31:37.0141 6088 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:31:37.0219 6088 Fax - ok
22:31:37.0266 6088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:31:37.0281 6088 fdc - ok
22:31:37.0344 6088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:31:37.0422 6088 fdPHost - ok
22:31:37.0453 6088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:31:37.0515 6088 FDResPub - ok
22:31:37.0531 6088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:37.0547 6088 FileInfo - ok
22:31:37.0547 6088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:37.0640 6088 Filetrace - ok
22:31:37.0812 6088 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:31:37.0859 6088 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:31:37.0859 6088 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:31:37.0890 6088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:37.0937 6088 flpydisk - ok
22:31:37.0983 6088 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:31:38.0015 6088 FltMgr - ok
22:31:38.0139 6088 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:31:38.0217 6088 FontCache - ok
22:31:38.0373 6088 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:31:38.0389 6088 FontCache3.0.0.0 - ok
22:31:38.0483 6088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:38.0498 6088 FsDepends - ok
22:31:38.0545 6088 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:38.0561 6088 Fs_Rec - ok
22:31:38.0639 6088 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:38.0670 6088 fvevol - ok
22:31:38.0717 6088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:38.0732 6088 gagp30kx - ok
22:31:38.0795 6088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:38.0810 6088 GEARAspiWDM - ok
22:31:38.0982 6088 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
22:31:38.0997 6088 GoogleDesktopManager-051210-111108 - ok
22:31:39.0075 6088 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:31:39.0169 6088 gpsvc - ok
22:31:39.0294 6088 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:39.0309 6088 gupdate - ok
22:31:39.0341 6088 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:39.0341 6088 gupdatem - ok
22:31:39.0387 6088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:39.0450 6088 hcw85cir - ok
22:31:39.0512 6088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:31:39.0575 6088 HDAudBus - ok
22:31:39.0637 6088 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:31:39.0653 6088 HECIx64 - ok
22:31:39.0668 6088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:39.0715 6088 HidBatt - ok
22:31:39.0746 6088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:31:39.0777 6088 HidBth - ok
22:31:39.0840 6088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:31:39.0887 6088 HidIr - ok
22:31:39.0933 6088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:31:40.0011 6088 hidserv - ok
22:31:40.0089 6088 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:40.0105 6088 HidUsb - ok
22:31:40.0152 6088 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:31:40.0230 6088 hkmsvc - ok
22:31:40.0292 6088 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:31:40.0355 6088 HomeGroupListener - ok
22:31:40.0401 6088 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:31:40.0448 6088 HomeGroupProvider - ok
22:31:40.0620 6088 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:31:40.0651 6088 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:31:40.0651 6088 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:31:40.0682 6088 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:31:40.0698 6088 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:31:40.0698 6088 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:31:40.0745 6088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:31:40.0776 6088 HpSAMD - ok
22:31:40.0916 6088 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:31:40.0947 6088 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:31:40.0947 6088 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:31:41.0057 6088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:31:41.0150 6088 HTTP - ok
22:31:41.0181 6088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:31:41.0197 6088 hwpolicy - ok
22:31:41.0259 6088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:31:41.0275 6088 i8042prt - ok
22:31:41.0353 6088 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:31:41.0400 6088 iaStorV - ok
22:31:41.0525 6088 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:31:41.0540 6088 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:31:41.0540 6088 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:31:41.0743 6088 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:41.0790 6088 idsvc - ok
22:31:41.0977 6088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:31:41.0993 6088 iirsp - ok
22:31:42.0258 6088 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:31:42.0320 6088 IKEEXT - ok
22:31:42.0414 6088 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
22:31:42.0476 6088 Impcd - ok
22:31:42.0585 6088 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
22:31:42.0617 6088 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
22:31:42.0617 6088 InstallFilterService - detected UnsignedFile.Multi.Generic (1)
22:31:42.0679 6088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:31:42.0695 6088 intelide - ok
22:31:42.0741 6088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:42.0773 6088 intelppm - ok
22:31:42.0819 6088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:31:42.0897 6088 IPBusEnum - ok
22:31:42.0960 6088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:43.0053 6088 IpFilterDriver - ok
22:31:43.0100 6088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:31:43.0116 6088 IPMIDRV - ok
22:31:43.0178 6088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:43.0256 6088 IPNAT - ok
22:31:43.0459 6088 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:31:43.0490 6088 iPod Service - ok
22:31:43.0537 6088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:43.0584 6088 IRENUM - ok
22:31:43.0615 6088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:31:43.0631 6088 isapnp - ok
22:31:43.0677 6088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:31:43.0709 6088 iScsiPrt - ok
22:31:43.0740 6088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:31:43.0771 6088 kbdclass - ok
22:31:43.0802 6088 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:31:43.0849 6088 kbdhid - ok
22:31:43.0911 6088 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:31:43.0927 6088 KeyIso - ok
22:31:43.0958 6088 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:31:43.0989 6088 KSecDD - ok
22:31:44.0036 6088 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:44.0052 6088 KSecPkg - ok
22:31:44.0114 6088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:44.0177 6088 ksthunk - ok
22:31:44.0270 6088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:31:44.0333 6088 KtmRm - ok
22:31:44.0426 6088 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:31:44.0489 6088 LanmanServer - ok
22:31:44.0535 6088 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:31:44.0613 6088 LanmanWorkstation - ok
22:31:44.0691 6088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:44.0769 6088 lltdio - ok
22:31:44.0847 6088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:31:44.0925 6088 lltdsvc - ok
22:31:44.0941 6088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:31:44.0972 6088 lmhosts - ok
22:31:45.0003 6088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:45.0035 6088 LSI_FC - ok
22:31:45.0081 6088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:45.0097 6088 LSI_SAS - ok
22:31:45.0113 6088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:45.0128 6088 LSI_SAS2 - ok
22:31:45.0175 6088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:45.0191 6088 LSI_SCSI - ok
22:31:45.0237 6088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:45.0315 6088 luafv - ok
22:31:45.0409 6088 Macromedia Licensing Service (04d3a71875699098af856ee5f9f72ac3) C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:31:45.0409 6088 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:31:45.0409 6088 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:31:45.0487 6088 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
22:31:45.0534 6088 massfilter - ok
22:31:45.0596 6088 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:31:45.0612 6088 MBAMProtector - ok
22:31:45.0721 6088 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:31:45.0752 6088 MBAMService - ok
22:31:45.0799 6088 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:31:45.0846 6088 Mcx2Svc - ok
22:31:45.0877 6088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:31:45.0893 6088 megasas - ok
22:31:45.0939 6088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:45.0955 6088 MegaSR - ok
22:31:46.0049 6088 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:31:46.0080 6088 Microsoft Office Groove Audit Service - ok
22:31:46.0111 6088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:31:46.0189 6088 MMCSS - ok
22:31:46.0220 6088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:46.0298 6088 Modem - ok
22:31:46.0314 6088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:46.0345 6088 monitor - ok
22:31:46.0392 6088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:46.0407 6088 mouclass - ok
22:31:46.0454 6088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:46.0470 6088 mouhid - ok
22:31:46.0517 6088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:31:46.0532 6088 mountmgr - ok
22:31:46.0641 6088 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:31:46.0657 6088 MozillaMaintenance - ok
22:31:46.0704 6088 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:31:46.0735 6088 mpio - ok
22:31:46.0782 6088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:46.0860 6088 mpsdrv - ok
22:31:46.0907 6088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:31:46.0953 6088 MRxDAV - ok
22:31:47.0000 6088 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:47.0063 6088 mrxsmb - ok
22:31:47.0109 6088 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:47.0156 6088 mrxsmb10 - ok
22:31:47.0203 6088 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:47.0219 6088 mrxsmb20 - ok
22:31:47.0265 6088 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:31:47.0312 6088 msahci - ok
22:31:47.0375 6088 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:31:47.0390 6088 msdsm - ok
22:31:47.0437 6088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:31:47.0468 6088 MSDTC - ok
22:31:47.0515 6088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:47.0562 6088 Msfs - ok
22:31:47.0593 6088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:47.0624 6088 mshidkmdf - ok
22:31:47.0655 6088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:31:47.0671 6088 msisadrv - ok
22:31:47.0718 6088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:31:47.0811 6088 MSiSCSI - ok
22:31:47.0811 6088 msiserver - ok
22:31:47.0843 6088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:47.0905 6088 MSKSSRV - ok
22:31:47.0952 6088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:48.0030 6088 MSPCLOCK - ok
22:31:48.0061 6088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:48.0123 6088 MSPQM - ok
22:31:48.0201 6088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:31:48.0233 6088 MsRPC - ok
22:31:48.0264 6088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:31:48.0295 6088 mssmbios - ok
22:31:48.0357 6088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:48.0435 6088 MSTEE - ok
22:31:48.0451 6088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:48.0482 6088 MTConfig - ok
22:31:48.0498 6088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:48.0529 6088 Mup - ok
22:31:48.0591 6088 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:31:48.0685 6088 napagent - ok
22:31:48.0779 6088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:48.0841 6088 NativeWifiP - ok
22:31:48.0935 6088 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:31:48.0981 6088 NDIS - ok
22:31:49.0013 6088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:49.0075 6088 NdisCap - ok
22:31:49.0122 6088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:49.0169 6088 NdisTapi - ok
22:31:49.0231 6088 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:49.0293 6088 Ndisuio - ok
22:31:49.0356 6088 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:49.0434 6088 NdisWan - ok
22:31:49.0465 6088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:31:49.0543 6088 NDProxy - ok
22:31:49.0605 6088 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:31:49.0621 6088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:31:49.0621 6088 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:31:49.0683 6088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:49.0761 6088 NetBIOS - ok
22:31:49.0824 6088 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:31:49.0871 6088 NetBT - ok
22:31:49.0902 6088 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:31:49.0917 6088 Netlogon - ok
22:31:49.0995 6088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:31:50.0089 6088 Netman - ok
22:31:50.0136 6088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:31:50.0214 6088 netprofm - ok
22:31:50.0370 6088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:31:50.0385 6088 NetTcpPortSharing - ok
22:31:50.0432 6088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:50.0463 6088 nfrd960 - ok
22:31:50.0526 6088 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:31:50.0604 6088 NlaSvc - ok
22:31:50.0635 6088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:50.0666 6088 Npfs - ok
22:31:50.0713 6088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:31:50.0791 6088 nsi - ok
22:31:50.0853 6088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:50.0916 6088 nsiproxy - ok
22:31:51.0119 6088 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:31:51.0212 6088 Ntfs - ok
22:31:51.0431 6088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:51.0477 6088 Null - ok
22:31:51.0540 6088 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:31:51.0571 6088 nvraid - ok
22:31:51.0587 6088 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:31:51.0602 6088 nvstor - ok
22:31:51.0649 6088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:31:51.0665 6088 nv_agp - ok
22:31:51.0805 6088 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:31:51.0836 6088 odserv - ok
22:31:51.0883 6088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:31:51.0914 6088 ohci1394 - ok
22:31:52.0008 6088 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:52.0023 6088 ose - ok
22:31:52.0616 6088 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:31:52.0741 6088 osppsvc - ok
22:31:52.0944 6088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:31:52.0991 6088 p2pimsvc - ok
22:31:53.0037 6088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:31:53.0100 6088 p2psvc - ok
22:31:53.0131 6088 PARLDR2K - ok
22:31:53.0178 6088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:31:53.0209 6088 Parport - ok
22:31:53.0256 6088 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:31:53.0271 6088 partmgr - ok
22:31:53.0318 6088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:31:53.0365 6088 PcaSvc - ok
22:31:53.0412 6088 pccsmcfd - ok
22:31:53.0459 6088 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:31:53.0490 6088 pci - ok
22:31:53.0505 6088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:31:53.0505 6088 pciide - ok
22:31:53.0568 6088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:53.0599 6088 pcmcia - ok
22:31:53.0615 6088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:53.0630 6088 pcw - ok
22:31:53.0693 6088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:53.0771 6088 PEAUTH - ok
22:31:53.0880 6088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:31:53.0927 6088 PerfHost - ok
22:31:54.0067 6088 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:31:54.0176 6088 pla - ok
22:31:54.0270 6088 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:31:54.0317 6088 PlugPlay - ok
22:31:54.0395 6088 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:31:54.0410 6088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:31:54.0410 6088 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:31:54.0457 6088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:31:54.0504 6088 PNRPAutoReg - ok
22:31:54.0551 6088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:31:54.0582 6088 PNRPsvc - ok
22:31:54.0691 6088 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:31:54.0691 6088 Point64 - ok
22:31:54.0785 6088 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:31:54.0863 6088 PolicyAgent - ok
22:31:54.0925 6088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:31:55.0003 6088 Power - ok
22:31:55.0081 6088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:55.0128 6088 PptpMiniport - ok
22:31:55.0159 6088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:31:55.0206 6088 Processor - ok
22:31:55.0268 6088 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:31:55.0331 6088 ProfSvc - ok
22:31:55.0377 6088 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:31:55.0409 6088 ProtectedStorage - ok
22:31:55.0471 6088 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:31:55.0533 6088 Psched - ok
22:31:55.0596 6088 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:31:55.0611 6088 PxHlpa64 - ok
22:31:55.0752 6088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:31:55.0845 6088 ql2300 - ok
22:32:01.0025 6088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:32:01.0056 6088 ql40xx - ok
22:32:02.0460 6088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:32:02.0538 6088 QWAVE - ok
22:32:02.0725 6088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:32:02.0834 6088 QWAVEdrv - ok
22:32:02.0928 6088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:32:03.0021 6088 RasAcd - ok
22:32:03.0396 6088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:32:03.0474 6088 RasAgileVpn - ok
22:32:03.0770 6088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:32:03.0879 6088 RasAuto - ok
22:32:04.0675 6088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:04.0784 6088 Rasl2tp - ok
22:32:06.0672 6088 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:32:06.0781 6088 RasMan - ok
22:32:07.0155 6088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:07.0249 6088 RasPppoe - ok
22:32:07.0670 6088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:32:07.0748 6088 RasSstp - ok
22:32:09.0339 6088 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:32:09.0449 6088 rdbss - ok
22:32:09.0589 6088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:32:09.0636 6088 rdpbus - ok
22:32:09.0745 6088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:09.0823 6088 RDPCDD - ok
22:32:09.0963 6088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:32:10.0041 6088 RDPENCDD - ok
22:32:10.0119 6088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:32:10.0166 6088 RDPREFMP - ok
22:32:11.0055 6088 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:32:11.0196 6088 RDPWD - ok
22:32:12.0381 6088 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:32:12.0397 6088 rdyboost - ok
22:32:12.0740 6088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:32:12.0818 6088 RemoteAccess - ok
22:32:13.0614 6088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:32:13.0676 6088 RemoteRegistry - ok
22:32:13.0801 6088 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:32:13.0863 6088 rimmptsk - ok
22:32:14.0097 6088 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
22:32:14.0191 6088 rimspci - ok
22:32:14.0425 6088 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
22:32:14.0519 6088 rimsptsk - ok
22:32:14.0659 6088 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
22:32:14.0721 6088 risdpcie - ok
22:32:14.0768 6088 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:32:14.0799 6088 rismxdp - ok
22:32:14.0815 6088 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
22:32:14.0862 6088 rixdpcie - ok
22:32:14.0909 6088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:32:14.0987 6088 RpcEptMapper - ok
22:32:15.0018 6088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:32:15.0049 6088 RpcLocator - ok
22:32:15.0127 6088 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:32:15.0174 6088 RpcSs - ok
22:32:15.0236 6088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:32:15.0283 6088 rspndr - ok
22:32:15.0345 6088 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:32:15.0408 6088 RTL8167 - ok
22:32:15.0486 6088 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
22:32:15.0501 6088 s0016bus - ok
22:32:15.0579 6088 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
22:32:15.0595 6088 s0017bus - ok
22:32:15.0642 6088 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
22:32:15.0657 6088 s0017mdfl - ok
22:32:15.0704 6088 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
22:32:15.0735 6088 s0017mdm - ok
22:32:15.0782 6088 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
22:32:15.0798 6088 s0017mgmt - ok
22:32:15.0860 6088 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
22:32:15.0876 6088 s0017nd5 - ok
22:32:15.0938 6088 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
22:32:15.0954 6088 s0017obex - ok
22:32:15.0985 6088 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
22:32:16.0001 6088 s0017unic - ok
22:32:16.0032 6088 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:32:16.0047 6088 SamSs - ok
22:32:16.0094 6088 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:32:16.0125 6088 sbp2port - ok
22:32:16.0188 6088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:32:16.0266 6088 SCardSvr - ok
22:32:16.0313 6088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:32:16.0406 6088 scfilter - ok
22:32:16.0515 6088 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:32:16.0593 6088 Schedule - ok
22:32:16.0640 6088 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:32:16.0687 6088 SCPolicySvc - ok
22:32:16.0734 6088 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:32:16.0796 6088 SDRSVC - ok
22:32:16.0890 6088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:32:16.0952 6088 secdrv - ok
22:32:16.0999 6088 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:32:17.0077 6088 seclogon - ok
22:32:17.0124 6088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:32:17.0202 6088 SENS - ok
22:32:17.0217 6088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:32:17.0249 6088 SensrSvc - ok
22:32:17.0264 6088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:32:17.0280 6088 Serenum - ok
22:32:17.0327 6088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:32:17.0373 6088 Serial - ok
22:32:17.0451 6088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:32:17.0483 6088 sermouse - ok
22:32:17.0529 6088 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:32:17.0607 6088 SessionEnv - ok
22:32:17.0639 6088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:32:17.0685 6088 sffdisk - ok
22:32:17.0701 6088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:32:17.0748 6088 sffp_mmc - ok
22:32:17.0763 6088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:32:17.0810 6088 sffp_sd - ok
22:32:17.0841 6088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:32:17.0888 6088 sfloppy - ok
22:32:18.0091 6088 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:32:18.0138 6088 SftService - ok
22:32:18.0325 6088 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:32:18.0387 6088 ShellHWDetection - ok
22:32:18.0465 6088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:32:18.0497 6088 SiSRaid2 - ok
22:32:18.0512 6088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:32:18.0528 6088 SiSRaid4 - ok
22:32:18.0871 6088 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:32:18.0949 6088 Skype C2C Service - ok
22:32:19.0058 6088 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:32:19.0089 6088 SkypeUpdate - ok
22:32:19.0277 6088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:32:19.0339 6088 Smb - ok
22:32:19.0386 6088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:32:19.0433 6088 SNMPTRAP - ok
22:32:19.0448 6088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:32:19.0479 6088 spldr - ok
22:32:19.0557 6088 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:32:19.0620 6088 Spooler - ok
22:32:19.0901 6088 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:32:19.0979 6088 sppsvc - ok
22:32:20.0150 6088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:32:20.0213 6088 sppuinotify - ok
22:32:20.0384 6088 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
22:32:20.0400 6088 sprtsvc_DellSupportCenter - ok
22:32:20.0571 6088 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
22:32:20.0571 6088 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
22:32:20.0571 6088 sptd ( LockedFile.Multi.Generic ) - warning
22:32:20.0571 6088 sptd - detected LockedFile.Multi.Generic (1)
22:32:20.0634 6088 Spyder3 (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys
22:32:20.0649 6088 Spyder3 - ok
22:32:20.0712 6088 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:32:20.0790 6088 srv - ok
22:32:20.0837 6088 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:32:20.0883 6088 srv2 - ok
22:32:20.0915 6088 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:32:20.0946 6088 srvnet - ok
22:32:21.0086 6088 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
22:32:21.0149 6088 ssadbus - ok
22:32:21.0258 6088 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:32:21.0305 6088 ssadmdfl - ok
22:32:21.0492 6088 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
22:32:21.0523 6088 ssadmdm - ok
22:32:21.0695 6088 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
22:32:21.0726 6088 sscdbus - ok
22:32:21.0819 6088 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:32:21.0835 6088 sscdmdfl - ok
22:32:21.0975 6088 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
22:32:21.0991 6088 sscdmdm - ok
22:32:22.0100 6088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:32:22.0163 6088 SSDPSRV - ok
22:32:22.0288 6088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:32:22.0334 6088 SstpSvc - ok
22:32:23.0052 6088 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:32:23.0114 6088 ssudmdm - ok
22:32:23.0348 6088 STacSV (7aa12db4bb2cb414c3525e1c02da911f) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe
22:32:23.0395 6088 STacSV - ok
22:32:23.0458 6088 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
22:32:23.0458 6088 stdflt - ok
22:32:23.0504 6088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:32:23.0520 6088 stexstor - ok
22:32:23.0598 6088 STHDA (2d7c3ca0fdb0f438671c89fa1804674f) C:\Windows\system32\DRIVERS\stwrt64.sys
22:32:23.0645 6088 STHDA - ok
22:32:23.0692 6088 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:32:23.0738 6088 StillCam - ok
22:32:23.0816 6088 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:32:23.0848 6088 stisvc - ok
22:32:23.0894 6088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:32:23.0894 6088 swenum - ok
22:32:23.0988 6088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:32:24.0035 6088 swprv - ok
22:32:24.0113 6088 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
22:32:24.0144 6088 SynTP - ok
22:32:24.0316 6088 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:32:24.0378 6088 SysMain - ok
22:32:24.0534 6088 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:32:24.0581 6088 TabletInputService - ok
22:32:24.0612 6088 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:32:24.0690 6088 TapiSrv - ok
22:32:24.0721 6088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:32:24.0784 6088 TBS - ok
22:32:25.0142 6088 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:32:25.0267 6088 Tcpip - ok
22:32:25.0610 6088 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:32:25.0720 6088 TCPIP6 - ok
22:32:25.0922 6088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:32:25.0969 6088 tcpipreg - ok
22:32:26.0032 6088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:32:26.0063 6088 TDPIPE - ok
22:32:26.0110 6088 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:32:26.0141 6088 TDTCP - ok
22:32:26.0188 6088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:32:26.0266 6088 tdx - ok
22:32:26.0328 6088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:32:26.0359 6088 TermDD - ok
22:32:26.0453 6088 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:32:26.0515 6088 TermService - ok
22:32:26.0578 6088 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:32:26.0624 6088 Themes - ok
22:32:26.0671 6088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:32:26.0718 6088 THREADORDER - ok
22:32:26.0749 6088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:32:26.0812 6088 TrkWks - ok
22:32:26.0905 6088 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:32:26.0983 6088 TrustedInstaller - ok
22:32:27.0046 6088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:27.0108 6088 tssecsrv - ok
22:32:27.0170 6088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:32:27.0233 6088 TsUsbFlt - ok
22:32:27.0280 6088 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:32:27.0358 6088 tunnel - ok
22:32:27.0529 6088 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files (x86)\TightVNC\tvnserver.exe
22:32:27.0560 6088 tvnserver - ok
22:32:27.0607 6088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:32:27.0607 6088 uagp35 - ok
22:32:27.0685 6088 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:32:27.0763 6088 udfs - ok
22:32:27.0872 6088 UI Assistant Service (30b78a6296127b7a793cf42ca61b29b0) C:\Program Files (x86)\Join Air\AssistantServices.exe
22:32:27.0888 6088 UI Assistant Service - ok
22:32:27.0919 6088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:32:27.0950 6088 UI0Detect - ok
22:32:28.0013 6088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:32:28.0028 6088 uliagpkx - ok
22:32:28.0060 6088 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:32:28.0106 6088 umbus - ok
22:32:28.0138 6088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:32:28.0169 6088 UmPass - ok
22:32:28.0247 6088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:32:28.0325 6088 upnphost - ok
22:32:28.0356 6088 upperdev - ok
22:32:28.0403 6088 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:32:28.0465 6088 USBAAPL64 - ok
22:32:28.0496 6088 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:28.0559 6088 usbccgp - ok
22:32:28.0574 6088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:32:28.0606 6088 usbcir - ok
22:32:28.0621 6088 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:32:28.0684 6088 usbehci - ok
22:32:28.0730 6088 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:32:28.0762 6088 usbhub - ok
22:32:28.0808 6088 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:32:28.0855 6088 usbohci - ok
22:32:28.0918 6088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:32:28.0964 6088 usbprint - ok
22:32:28.0996 6088 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:32:29.0042 6088 usbscan - ok
22:32:29.0074 6088 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:29.0120 6088 USBSTOR - ok
22:32:29.0136 6088 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:32:29.0167 6088 usbuhci - ok
22:32:29.0245 6088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:32:29.0276 6088 usbvideo - ok
22:32:29.0308 6088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:32:29.0386 6088 UxSms - ok
22:32:29.0401 6088 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:32:29.0417 6088 VaultSvc - ok
22:32:29.0479 6088 VBoxNetAdp (c9f86aeb504355541ec9820e3155e253) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:32:29.0495 6088 VBoxNetAdp - ok
22:32:29.0510 6088 VBoxNetFlt - ok
22:32:29.0557 6088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:32:29.0588 6088 vdrvroot - ok
22:32:29.0666 6088 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:32:29.0760 6088 vds - ok
22:32:29.0807 6088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:29.0838 6088 vga - ok
22:32:29.0838 6088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:32:29.0916 6088 VgaSave - ok
22:32:29.0947 6088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:32:29.0994 6088 vhdmp - ok
22:32:30.0041 6088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:32:30.0056 6088 viaide - ok
22:32:30.0103 6088 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:32:30.0119 6088 volmgr - ok
22:32:30.0181 6088 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:32:30.0212 6088 volmgrx - ok
22:32:30.0275 6088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:32:30.0306 6088 volsnap - ok
22:32:30.0368 6088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:32:30.0384 6088 vsmraid - ok
22:32:30.0556 6088 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:32:30.0634 6088 VSS - ok
22:32:30.0821 6088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:30.0852 6088 vwifibus - ok
22:32:30.0883 6088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:30.0946 6088 vwififlt - ok
22:32:30.0977 6088 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:32:31.0008 6088 vwifimp - ok
22:32:31.0070 6088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:32:31.0117 6088 W32Time - ok
22:32:31.0164 6088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:32:31.0195 6088 WacomPen - ok
22:32:31.0273 6088 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:32:31.0336 6088 WANARP - ok
22:32:31.0336 6088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:32:31.0367 6088 Wanarpv6 - ok
22:32:31.0523 6088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:32:31.0570 6088 WatAdminSvc - ok
22:32:31.0726 6088 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:32:31.0835 6088 wbengine - ok
22:32:32.0006 6088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:32:32.0053 6088 WbioSrvc - ok
22:32:32.0116 6088 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:32:32.0178 6088 wcncsvc - ok
22:32:32.0209 6088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:32:32.0240 6088 WcsPlugInService - ok
22:32:32.0318 6088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:32:32.0334 6088 Wd - ok
22:32:32.0412 6088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:32:32.0443 6088 Wdf01000 - ok
22:32:32.0474 6088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:32:32.0552 6088 WdiServiceHost - ok
22:32:32.0552 6088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:32:32.0568 6088 WdiSystemHost - ok
22:32:32.0630 6088 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:32:32.0677 6088 WebClient - ok
22:32:32.0740 6088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:32:32.0818 6088 Wecsvc - ok
22:32:32.0864 6088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:32:32.0911 6088 wercplsupport - ok
22:32:32.0989 6088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:32:33.0067 6088 WerSvc - ok
22:32:33.0145 6088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:33.0192 6088 WfpLwf - ok
22:32:33.0629 6088 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:32:33.0660 6088 WimFltr - ok
22:32:33.0676 6088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:32:33.0676 6088 WIMMount - ok
22:32:33.0816 6088 WindowBlinds (8258726d076c8fff994f468712ddfbab) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
22:32:33.0832 6088 WindowBlinds - ok
22:32:33.0832 6088 WinHttpAutoProxySvc - ok
22:32:33.0925 6088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:32:33.0972 6088 Winmgmt - ok
22:32:34.0159 6088 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:32:34.0222 6088 WinRM - ok
22:32:34.0440 6088 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:32:34.0487 6088 WinUsb - ok
22:32:34.0596 6088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:32:34.0658 6088 Wlansvc - ok
22:32:34.0721 6088 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
22:32:34.0736 6088 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
22:32:34.0736 6088 wltrysvc - detected UnsignedFile.Multi.Generic (1)
22:32:34.0799 6088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:32:34.0830 6088 WmiAcpi - ok
22:32:34.0924 6088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:32:34.0955 6088 wmiApSrv - ok
22:32:35.0033 6088 WMPNetworkSvc - ok
22:32:35.0095 6088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:32:35.0126 6088 WPCSvc - ok
22:32:35.0173 6088 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:32:35.0204 6088 WPDBusEnum - ok
22:32:35.0251 6088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:32:35.0298 6088 ws2ifsl - ok
22:32:35.0345 6088 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:32:35.0376 6088 WSDPrintDevice - ok
22:32:35.0392 6088 WSearch - ok
22:32:35.0438 6088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:32:35.0501 6088 WudfPf - ok
22:32:35.0548 6088 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:35.0594 6088 WUDFRd - ok
22:32:35.0641 6088 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:32:35.0688 6088 wudfsvc - ok
22:32:35.0750 6088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:32:35.0813 6088 WwanSvc - ok
22:32:35.0922 6088 WysePocketCloud (3d47152cfbe400b1d2b9945164e0255d) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
22:32:35.0938 6088 WysePocketCloud - ok
22:32:36.0016 6088 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:32:36.0062 6088 ZTEusbmdm6k - ok
22:32:36.0109 6088 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:32:36.0125 6088 ZTEusbnmea - ok
22:32:36.0140 6088 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:32:36.0140 6088 ZTEusbser6k - ok
22:32:36.0187 6088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:32:36.0546 6088 \Device\Harddisk0\DR0 - ok
22:32:36.0546 6088 Boot (0x1200) (275b0b884e271347fdcb1d9b3129432f) \Device\Harddisk0\DR0\Partition0
22:32:36.0546 6088 \Device\Harddisk0\DR0\Partition0 - ok
22:32:36.0593 6088 Boot (0x1200) (716aa11c7e09f2aafa763a07e35e0d55) \Device\Harddisk0\DR0\Partition1
22:32:36.0593 6088 \Device\Harddisk0\DR0\Partition1 - ok
22:32:36.0593 6088 ============================================================
22:32:36.0593 6088 Scan finished
22:32:36.0593 6088 ============================================================
22:32:36.0608 4988 Detected object count: 12
22:32:36.0608 4988 Actual detected object count: 12
22:34:07.0905 4988 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0905 4988 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0905 4988 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0905 4988 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0905 4988 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0905 4988 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0905 4988 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0905 4988 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:34:07.0915 4988 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:07.0915 4988 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Michaela |
|
14.08.2012, 14:50
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Das Log vom TDSS-Killer ist ok
__________________Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
14.08.2012, 17:41
| #19 |
| | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Hier das CF-Log: Code:
ATTFilter ComboFix 12-08-13.01 - Michaela 14.08.12 17:04:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2493 [GMT 2:00]
ausgeführt von:: c:\users\Michaela\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{08ca8e43-e080-7b7c-d119-895f63bdff09}\@
c:\windows\Installer\{08ca8e43-e080-7b7c-d119-895f63bdff09}\U\00000001.@
c:\windows\Installer\{08ca8e43-e080-7b7c-d119-895f63bdff09}\U\80000000.@
c:\windows\Installer\{08ca8e43-e080-7b7c-d119-895f63bdff09}\U\800000cb.@
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-14 15:16 . 2012-08-14 15:16 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-14 15:16 . 2012-08-14 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 16:10 . 2012-08-13 16:10 -------- d-----w- C:\_OTL
2012-08-12 15:20 . 2012-08-12 15:20 -------- d-----w- C:\Roxio
2012-08-07 10:21 . 2012-08-07 10:21 -------- d-----w- c:\program files (x86)\ESET
2012-08-02 09:46 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 09:46 . 2012-08-02 09:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 18:53 . 2012-08-01 18:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-01 18:52 . 2012-08-01 18:52 -------- d-----w- c:\program files\Enigma Software Group
2012-08-01 18:51 . 2012-08-01 18:51 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-31 07:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4644513-82EF-4FD1-83BD-A006C46011D9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 15:09 . 2012-04-18 20:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 15:09 . 2011-07-15 09:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 01:19 . 2010-04-06 07:45 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-23 12:56 . 2010-07-15 12:45 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-23 12:55 . 2010-07-15 12:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-23 12:55 . 2010-06-11 18:36 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-19 01:31 . 2010-06-11 18:46 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-19 01:21 . 2010-06-11 18:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-19 01:21 . 2010-06-16 11:26 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-12 03:08 . 2012-07-11 01:28 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 22:07 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 22:07 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 22:07 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 22:07 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 22:07 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 22:07 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 22:07 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 07:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 07:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 01:08 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 01:08 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 01:08 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 01:08 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 01:08 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 01:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 01:08 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 01:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 01:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 01:08 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 01:08 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 01:08 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 01:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 01:08 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 01:08 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 01:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 01:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 01:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 01:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 22:07 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 22:07 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 22:07 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 22:07 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 22:07 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 22:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 22:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 22:07 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 22:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-02-23 16:11 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2008-3-19 6333954]
TSS Instrument API Tray Utility.lnk - c:\program files (x86)\Common Files\Nokia\Tss\Instrument API\bin\tray.exe [2007-12-7 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 135664]
R2 PARLDR2K;PARLDR2K;c:\windows\system32\drivers\parldr2k.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 250056]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2007-12-12 15360]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-24 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-27 30192]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-11 828912]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-05-11 177056]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 15:09]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 15:36]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-05-11 883104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.115.250:3128
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0D9D189C-A7A0-412F-AFCE-96625682ABEF} - hxxps://extranet.gazprom-germania.de/PWA/_layouts/pwa/objects/1031/pjcintl.cab
DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxps://extranet.gazprom-germania.de/PWA/_layouts/pwa/objects/pjclient.cab
FF - ProfilePath - c:\users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\fdgw4qyx.default\
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP Color LaserJet CM1312 MFP Series Fax - c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PI2917_HPR_Projco - c:\windows\IsUn0407.exe
AddRemove-XMind - c:\users\Michaela\Desktop\Lara\XMind\uninstall.exe
.
.
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-14 18:29:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-14 16:28
.
Vor Suchlauf: 21 Verzeichnis(se), 312.743.903.232 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 312.263.065.600 Bytes frei
.
- - End Of File - - 726E3F64D5D923E42AD538F1490616DF
Michaela |
|
14.08.2012, 18:03
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 20:17
| #21 |
| | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Hey, zuerst das GMER-Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 21:15:43
Windows 6.1.7601 Service Pack 1
Running: i5ukbbl1.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
... und hier das OSAM-Log (mannomann, und da blickst du durch? Respekt!!!) Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:24:31 on 14.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "ParLdr2k" (PARLDR2K) - ? - C:\Windows\system32\drivers\parldr2k.sys (File not found) "PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfdx64.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys (File not found) "VirtualBox Bridged Networking Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys (File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files (x86)\Audible\Bin\AudibleExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files (x86)\Audible\Bin\AudibleExt.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise Projects" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} "Macromedia FTP & RDS" - "Macromedia, Inc." - C:\Windows\SysWow64\CfShellFtpRds.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\OLKFSTUB.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files (x86)\WinZip\wzshlstb.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- Garmin Communicator Plug-In "Garmin Communicator Plug-In" - ? - (File not found | COM-object registry key not found) / https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {0D9D189C-A7A0-412F-AFCE-96625682ABEF} "PJ12deuC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\PJ12deuC.dll / https://extranet.gazprom-germania.de/PWA/_layouts/pwa/objects/1031/pjcintl.cab {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} "PjAdoInfo4 Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\PJQUERY12.ocx / https://extranet.gazprom-germania.de/PWA/_layouts/pwa/objects/pjclient.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll Locked "Locked" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acrobat Assistant.lnk" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Spyder3Utility.lnk" - ? - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe (Shortcut exists | File exists) "TSS Instrument API Tray Utility.lnk" - "Nokia" - C:\Program Files (x86)\Common Files\Nokia\Tss\Instrument API\bin\tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Gadwin PrintScreen" - "Gadwin Systems, Inc" - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash "MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 "Desktop Disc Tool" - ? - "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" "Google Desktop Search" - "Google" - "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "tvncontrol" - "GlavSoft LLC." - "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave "UIExec" - ? - "C:\Program Files (x86)\Join Air\UIExec.exe" (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- ""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"" - "Dell" - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dock Login Service" (DockLoginService) - "Stardock Corporation" - C:\Program Files\Dell\DellDock\DockLogin.exe "FF Install Filter Service" (InstallFilterService) - ? - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (File found, but it contains no detailed information) "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "SoftThinks Agent Service" (SftService) - "SoftThinks SAS" - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE "Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe "SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe "TightVNC Server" (tvnserver) - "GlavSoft LLC." - C:\Program Files (x86)\TightVNC\tvnserver.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files (x86)\Join Air\AssistantServices.exe (File found, but it contains no detailed information) "Wyse PocketCloud" (WysePocketCloud) - ? - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 21:39:46
-----------------------------
21:39:46.994 OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:46.994 Number of processors: 4 586 0x2502
21:39:46.994 ComputerName: MICHAELA-PC UserName: Michaela
21:39:49.864 Initialize success
21:39:54.154 AVAST engine defs: 12081400
21:40:12.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:40:12.219 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
21:40:12.235 Disk 0 MBR read successfully
21:40:12.250 Disk 0 MBR scan
21:40:12.250 Disk 0 Windows VISTA default MBR code
21:40:12.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:40:12.266 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
21:40:12.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
21:40:12.328 Disk 0 scanning C:\Windows\system32\drivers
21:40:30.051 Service scanning
21:41:00.861 Modules scanning
21:41:00.861 Disk 0 trace - called modules:
21:41:00.892 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa800486d2c0]<<spre.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:41:01.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7a060]
21:41:01.407 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004b18ce0]
21:41:01.423 5 stdflt.sys[fffff88001b8fa4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049b7060]
21:41:01.423 \Driver\atapi[0xfffffa800499e2c0] -> IRP_MJ_CREATE -> 0xfffffa800486d2c0
21:41:01.423 Scan finished successfully
21:41:26.742 Disk 0 MBR has been saved successfully to "C:\Users\Michaela\Desktop\MBR.dat"
21:41:26.742 The log file has been saved successfully to "C:\Users\Michaela\Desktop\aswMBR.txt"
Geändert von miciba (14.08.2012 um 20:44 Uhr) |
|
15.08.2012, 19:23
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 19:56
| #23 |
| | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Na, das lässt ja hoffen! Die Avira-Antivir-Meldungen sind auch weg. Der Malwarebyte-Log hat mir keine Infizierung mehr gemeldet. Ich schicke dir trotzdem das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.15.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michaela :: MICHAELA-PC [Administrator] Schutz: Aktiviert 15.08.12 22:57:25 mbam-log-2012-08-15 (22-57-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 778511 Laufzeit: 3 Stunde(n), 28 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 11:15 AM
Application Version : 5.5.1012
Core Rules Database Version : 9066
Trace Rules Database Version: 6878
Scan type : Complete Scan
Total Scan Time : 02:23:41
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 838
Memory threats detected : 0
Registry items scanned : 71058
Registry threats detected : 0
File items scanned : 307795
File threats detected : 20
Adware.Tracking Cookie
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\michaela@doubleclick[2].txt [ /doubleclick ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\KHQW25L1.txt [ /zanox.com ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\6KGSLHN9.txt [ /atdmt.com ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\A4N0ANPL.txt [ /mediaplex.com ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\TV6AAM0U.txt [ /fastclick.net ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\6MH29OBN.txt [ /apmebf.com ]
C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Cookies\ML062EK2.txt [ /ad.zanox.com ]
C:\USERS\MICHAELA\Cookies\KHQW25L1.txt [ Cookie:michaela@zanox.com/ ]
C:\USERS\MICHAELA\Cookies\6KGSLHN9.txt [ Cookie:michaela@atdmt.com/ ]
C:\USERS\MICHAELA\Cookies\A4N0ANPL.txt [ Cookie:michaela@mediaplex.com/ ]
C:\USERS\MICHAELA\Cookies\TV6AAM0U.txt [ Cookie:michaela@fastclick.net/ ]
C:\USERS\MICHAELA\Cookies\6MH29OBN.txt [ Cookie:michaela@apmebf.com/ ]
C:\USERS\MICHAELA\Cookies\ML062EK2.txt [ Cookie:michaela@ad.zanox.com/ ]
.winzip.122.2o7.net [ C:\USERS\MICHAELA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MICHAELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDGW4QYX.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MICHAELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDGW4QYX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MICHAELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDGW4QYX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MICHAELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDGW4QYX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\MICHAELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDGW4QYX.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86RW6V47.DEFAULT\COOKIES.SQLITE ]
|
|
17.08.2012, 19:26
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 21:45
| #25 |
| | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 Ja, das sind gute Tips, was die Cookies angeht. Werde mich mal durchsuchen. Ist mein Rechner jetzt echt sauber? Mann, das ist ja sooooo große Klasse - du bist mein Held des Tages! Was mache ich denn jetzt mit den ganzen Programmen und Logfiles, die auf meinem Desktop rumliegen? Liegen lassen, teilweise wg. der Quarantäne oder löschen??? Und noch eine ganz wichtige Frage an einen kompetenten Menschen: Wie schütze ich meinen Rechner und meinen Laptop vernünftig? Bisher habe ich nur Avira Antivir die Freeversion laufen - aber das reicht ja wohl nicht bei so hartnäckigen Teilen. Ich bin auch gern bereit, etwas Geld zu investieren, falls es irgendein Tool gibt, dass mein Equipment absichert, denn ich brauche meinen Rechner zum arbeiten. Kennst du Sophos? Hat ein Bekannter von mir. Ist das eine Alternative? Noch mal ganz, ganz vielen Dank für deine Hilfe - ich werde dich weiterempfehlen! Michaela |
|
18.08.2012, 13:07
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2Zitat:
Die Frage - welcher Virenscanner oder ob der installierte reicht - taucht ständig auf. Der Virenscanner - egal welcher - kann und wird niemals 100% Schutz bieten können. Neue/unbekannte Schädlinge können immer durch die Lappen gehen. Geld ausgeben muss man nicht für einen Scanner, sowas wie Avast oder Microsoft Security Essentials sind für die privaten Gebrauch völlig ausreichend. Abgesehen davon nutzen verschiedene Virenscanner unterschiedliche Signaturen und Techniken, das führt dazu, dass zB Scanner1 Schädling X entdeckt, aber Schädling Y übersieht. Scanner2 erkennt Schädling Y, dafür aber Schädling X nicht... Wichtiger ist, dass du dich an Regeln hälst. Der beste Virenscanner bringt nichts, wenn du dich falsch verhälst und fahrlässig/unvorsichtig bist. Airbag und Sicherheitsgurt im Auto sind ja auch keine Gründe dafür auf die Verkehrsregeln zu pfeifen. Halte Dich am besten grob an diese Regeln:
Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Zuerst Live Security Platinum, dann TR/ATRAPS.GEN2 |
| aktion, anti-malware, appdata, aufsetzen, autostart, code, dateien, explorer, files, laptop, live, log, malwarebytes, microsoft, neu, neu aufsetzen, platinum, problem, security, service, software, speicher, temporary, tr/atraps.gen, version |
Linear-Darstellung
