| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2012, 16:14
| #16 |
 |  TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Hey, ich hab das Log doch gepostet... Wollte nur fragen ob es okay war, dass ich den Virenscanner wieder eingeschaltet hab und, dass sonst alles beim alten ist ;-) |
|
14.08.2012, 17:00
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Ja das OTL-Fix-Log aber nicht das dein Virenscanner wieder neulich ausgespuckt hat
__________________
__________________ |
|
14.08.2012, 17:17
| #18 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Ich finde ehrlich gesagt keine Logfiles von Avast.
__________________ Aber es hat sich ja auch nichts verändert. Der Virenscanner meldet immer wieder: Name: 00000001.@ Virus: Win32:Malware-gen Ort: C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U |
|
14.08.2012, 17:40
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Genau diesen Kram sollten wir aber mit OTL plattgemacht haben Ich schalge vor wir wiederholen den OTL-Fix aber wenden ihn nur auf die typischen ZeroAccess Objekte an: Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!) Code:
ATTFilter :Files
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n
C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@
C:\ProgramData\FullRemove.exe
C:\Users\D\AppData\Roaming\Qatuox
C:\Users\D\AppData\Roaming\Buwa
C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.08.2012, 19:36
| #20 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750Code:
ATTFilter All processes killed
========== FILES ==========
C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U folder moved successfully.
File\Folder C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L not found.
File\Folder C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n not found.
File move failed. C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ scheduled to be moved on reboot.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\U not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\L not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\n not found.
File\Folder C:\Users\D\AppData\Local\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ not found.
File\Folder C:\ProgramData\FullRemove.exe not found.
File\Folder C:\Users\D\AppData\Roaming\Qatuox not found.
File\Folder C:\Users\D\AppData\Roaming\Buwa not found.
File\Folder C:\Users\D\AppData\LocalLow\Sun\Java\Deployment\cache not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: D
->Temp folder emptied: 51287 bytes
->Temporary Internet Files folder emptied: 69559 bytes
->FireFox cache emptied: 87024038 bytes
->Flash cache emptied: 1626 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 83.00 mb
[EMPTYFLASH]
User: All Users
User: D
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_190110
Files\Folders moved on Reboot...
File move failed. C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ scheduled to be moved on reboot.
C:\Users\D\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () C:\Windows\Installer\{9e4b5208-9c3a-d94d-9700-6fb7f9d8ccee}\@ : Unable to obtain MD5
File C:\Users\D\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Aber: die Firewall lässt sich noch nicht aktivieren (gleicher Fehlercode wie oben) Edit: scheiße jetzt hat's doch gebimmelt. Genau das gleiche wie oben wieder gefunden... :-( Geändert von Over (14.08.2012 um 19:57 Uhr) |
|
15.08.2012, 19:09
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 |
|
16.08.2012, 10:09
| #22 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Hey arne, bin jetzt gerade im Urlaub. bin aber Samstag schon wider am Rechner dann mach ich das. nur bitte nicht aus deinem Abo löschen. danke! |
|
16.08.2012, 11:51
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Ich lösch nichts aus meinen Abos, auch abgeschlossene Fälle nicht 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2012, 12:06
| #24 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 So, da bin ich wieder anbei das LogCode:
ATTFilter 13:01:47.0856 7576 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:01:48.0028 7576 ============================================================
13:01:48.0028 7576 Current date / time: 2012/08/19 13:01:48.0028
13:01:48.0028 7576 SystemInfo:
13:01:48.0028 7576
13:01:48.0028 7576 OS Version: 6.1.7601 ServicePack: 1.0
13:01:48.0028 7576 Product type: Workstation
13:01:48.0028 7576 ComputerName: D-PC
13:01:48.0028 7576 UserName: D
13:01:48.0028 7576 Windows directory: C:\Windows
13:01:48.0028 7576 System windows directory: C:\Windows
13:01:48.0028 7576 Running under WOW64
13:01:48.0028 7576 Processor architecture: Intel x64
13:01:48.0028 7576 Number of processors: 2
13:01:48.0028 7576 Page size: 0x1000
13:01:48.0028 7576 Boot type: Normal boot
13:01:48.0028 7576 ============================================================
13:01:49.0213 7576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:01:49.0229 7576 ============================================================
13:01:49.0229 7576 \Device\Harddisk0\DR0:
13:01:49.0229 7576 MBR partitions:
13:01:49.0229 7576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x74701B0
13:01:49.0229 7576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91BB367, BlocksNum 0x1400921A
13:01:49.0229 7576 ============================================================
13:01:49.0260 7576 C: <-> \Device\Harddisk0\DR0\Partition1
13:01:49.0291 7576 D: <-> \Device\Harddisk0\DR0\Partition2
13:01:49.0291 7576 ============================================================
13:01:49.0291 7576 Initialize success
13:01:49.0291 7576 ============================================================
13:02:28.0026 7680 ============================================================
13:02:28.0026 7680 Scan started
13:02:28.0026 7680 Mode: Manual; SigCheck; TDLFS;
13:02:28.0026 7680 ============================================================
13:02:30.0382 7680 ================ Scan services =============================
13:02:30.0569 7680 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:02:30.0740 7680 1394ohci - ok
13:02:30.0772 7680 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:02:30.0803 7680 ACPI - ok
13:02:30.0834 7680 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:02:30.0881 7680 AcpiPmi - ok
13:02:30.0974 7680 [ 8b46d5a1d3ef08232c04d0eafb871fb2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:02:31.0021 7680 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:02:31.0021 7680 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:02:31.0162 7680 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:31.0193 7680 AdobeFlashPlayerUpdateSvc - ok
13:02:31.0255 7680 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:31.0286 7680 adp94xx - ok
13:02:31.0318 7680 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:02:31.0349 7680 adpahci - ok
13:02:31.0380 7680 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:02:31.0396 7680 adpu320 - ok
13:02:31.0427 7680 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:02:31.0505 7680 AeLookupSvc - ok
13:02:31.0567 7680 [ fb2be0bae9b3f248080cdbf91ef16c7f ] AFBAgent C:\Windows\system32\FBAgent.exe
13:02:31.0614 7680 AFBAgent - ok
13:02:31.0661 7680 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:02:31.0754 7680 AFD - ok
13:02:31.0817 7680 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:02:31.0848 7680 agp440 - ok
13:02:31.0879 7680 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
13:02:31.0926 7680 ALG - ok
13:02:31.0988 7680 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:02:32.0051 7680 aliide - ok
13:02:32.0129 7680 [ f238be4fa4e55eb67f17281fadf69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:02:32.0222 7680 AMD External Events Utility - ok
13:02:32.0254 7680 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
13:02:32.0285 7680 amdide - ok
13:02:32.0332 7680 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:02:32.0410 7680 AmdK8 - ok
13:02:32.0456 7680 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:02:32.0534 7680 AmdPPM - ok
13:02:32.0566 7680 [ 8818a2ab90189b7ff60a24c0847f9a6b ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
13:02:32.0612 7680 amdsata - ok
13:02:32.0644 7680 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:32.0675 7680 amdsbs - ok
13:02:32.0690 7680 [ 3c430969f097dee18d13010d678069cd ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
13:02:32.0706 7680 amdxata - ok
13:02:32.0768 7680 [ 391887990cdaa83de5c56c3fde966da1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
13:02:32.0831 7680 AmUStor - ok
13:02:32.0878 7680 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
13:02:32.0971 7680 AppID - ok
13:02:33.0018 7680 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:02:33.0112 7680 AppIDSvc - ok
13:02:33.0174 7680 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:02:33.0221 7680 Appinfo - ok
13:02:33.0283 7680 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
13:02:33.0314 7680 arc - ok
13:02:33.0346 7680 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:02:33.0361 7680 arcsas - ok
13:02:33.0424 7680 [ 18e5c2f937f9deb8c282df66a3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:02:33.0486 7680 ASLDRService - ok
13:02:33.0548 7680 [ 2db34edd17d3a8da7105a19c95a3dd68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:02:33.0595 7680 ASMMAP64 - ok
13:02:33.0642 7680 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:02:33.0673 7680 aswFsBlk - ok
13:02:33.0704 7680 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:02:33.0736 7680 aswMonFlt - ok
13:02:33.0782 7680 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:02:33.0814 7680 aswRdr - ok
13:02:33.0860 7680 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:02:33.0907 7680 aswSnx - ok
13:02:33.0938 7680 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:02:33.0954 7680 aswSP - ok
13:02:33.0970 7680 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:02:34.0001 7680 aswTdi - ok
13:02:34.0016 7680 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:34.0094 7680 AsyncMac - ok
13:02:34.0126 7680 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
13:02:34.0157 7680 atapi - ok
13:02:34.0219 7680 [ 0acc06fcf46f64ed4f11e57ee461c1f4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:02:34.0328 7680 athr - ok
13:02:34.0375 7680 [ 3b9014fb7ce9e20fd726321c7db7d8b0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:02:34.0391 7680 AtiHdmiService - ok
13:02:34.0562 7680 [ 2db9047aac9d981f59ce06d04d70c4d8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:02:34.0843 7680 atikmdag - ok
13:02:34.0890 7680 [ 7c5d273e29dcc5505469b299c6f29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:02:34.0906 7680 AtiPcie - ok
13:02:34.0921 7680 [ 7c157574a181b19b9dcf5f339e25337e ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:02:34.0952 7680 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
13:02:34.0952 7680 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
13:02:35.0015 7680 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:35.0140 7680 AudioEndpointBuilder - ok
13:02:35.0171 7680 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:02:35.0233 7680 AudioSrv - ok
13:02:35.0296 7680 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:02:35.0327 7680 avast! Antivirus - ok
13:02:35.0374 7680 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:02:35.0483 7680 AxInstSV - ok
13:02:35.0530 7680 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:02:35.0576 7680 b06bdrv - ok
13:02:35.0608 7680 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:02:35.0654 7680 b57nd60a - ok
13:02:35.0701 7680 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:02:35.0732 7680 BDESVC - ok
13:02:35.0779 7680 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:02:35.0904 7680 Beep - ok
13:02:35.0920 7680 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:35.0966 7680 blbdrive - ok
13:02:35.0998 7680 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:02:36.0029 7680 bowser - ok
13:02:36.0076 7680 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:36.0138 7680 BrFiltLo - ok
13:02:36.0169 7680 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:36.0216 7680 BrFiltUp - ok
13:02:36.0247 7680 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
13:02:36.0341 7680 Browser - ok
13:02:36.0388 7680 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:36.0419 7680 Brserid - ok
13:02:36.0450 7680 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:36.0481 7680 BrSerWdm - ok
13:02:36.0512 7680 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:36.0544 7680 BrUsbMdm - ok
13:02:36.0559 7680 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:36.0590 7680 BrUsbSer - ok
13:02:36.0606 7680 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:36.0637 7680 BTHMODEM - ok
13:02:36.0684 7680 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
13:02:36.0778 7680 bthserv - ok
13:02:36.0809 7680 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:37.0027 7680 cdfs - ok
13:02:37.0074 7680 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:02:37.0152 7680 cdrom - ok
13:02:37.0183 7680 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:37.0261 7680 CertPropSvc - ok
13:02:37.0308 7680 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:37.0339 7680 circlass - ok
13:02:37.0386 7680 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
13:02:37.0448 7680 CLFS - ok
13:02:37.0511 7680 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:37.0558 7680 clr_optimization_v2.0.50727_32 - ok
13:02:37.0620 7680 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:02:37.0651 7680 clr_optimization_v2.0.50727_64 - ok
13:02:37.0714 7680 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:02:37.0792 7680 clr_optimization_v4.0.30319_32 - ok
13:02:37.0838 7680 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:02:37.0870 7680 clr_optimization_v4.0.30319_64 - ok
13:02:37.0916 7680 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:37.0948 7680 CmBatt - ok
13:02:37.0994 7680 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:02:38.0041 7680 cmdide - ok
13:02:38.0072 7680 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:38.0182 7680 CNG - ok
13:02:38.0228 7680 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:38.0244 7680 Compbatt - ok
13:02:38.0275 7680 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:02:38.0338 7680 CompositeBus - ok
13:02:38.0369 7680 COMSysApp - ok
13:02:38.0384 7680 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:38.0400 7680 crcdisk - ok
13:02:38.0431 7680 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:38.0478 7680 CryptSvc - ok
13:02:38.0540 7680 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:38.0665 7680 DcomLaunch - ok
13:02:38.0696 7680 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:38.0790 7680 defragsvc - ok
13:02:38.0821 7680 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:38.0946 7680 DfsC - ok
13:02:38.0993 7680 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:39.0149 7680 Dhcp - ok
13:02:39.0196 7680 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
13:02:39.0258 7680 discache - ok
13:02:39.0274 7680 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:39.0289 7680 Disk - ok
13:02:39.0352 7680 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:39.0398 7680 Dnscache - ok
13:02:39.0445 7680 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:39.0508 7680 dot3svc - ok
13:02:39.0539 7680 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
13:02:39.0648 7680 DPS - ok
13:02:39.0679 7680 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:39.0726 7680 drmkaud - ok
13:02:39.0788 7680 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:39.0866 7680 DXGKrnl - ok
13:02:39.0913 7680 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:02:40.0054 7680 EapHost - ok
13:02:40.0178 7680 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:02:40.0366 7680 ebdrv - ok
13:02:40.0397 7680 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
13:02:40.0459 7680 EFS - ok
13:02:40.0553 7680 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:40.0615 7680 ehRecvr - ok
13:02:40.0662 7680 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
13:02:40.0740 7680 ehSched - ok
13:02:40.0802 7680 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:40.0912 7680 elxstor - ok
13:02:40.0958 7680 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:02:41.0021 7680 ErrDev - ok
13:02:41.0083 7680 [ 1299d1ea00b7a4bf69c5869dca31e0f6 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
13:02:41.0146 7680 ETD - ok
13:02:41.0208 7680 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
13:02:41.0317 7680 EventSystem - ok
13:02:41.0348 7680 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:41.0426 7680 exfat - ok
13:02:41.0442 7680 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:41.0520 7680 fastfat - ok
13:02:41.0582 7680 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
13:02:41.0645 7680 Fax - ok
13:02:41.0676 7680 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:41.0707 7680 fdc - ok
13:02:41.0754 7680 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:41.0832 7680 fdPHost - ok
13:02:41.0863 7680 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:41.0910 7680 FDResPub - ok
13:02:41.0957 7680 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:41.0988 7680 FileInfo - ok
13:02:42.0004 7680 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:42.0113 7680 Filetrace - ok
13:02:42.0144 7680 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:42.0191 7680 flpydisk - ok
13:02:42.0238 7680 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:42.0253 7680 FltMgr - ok
13:02:42.0331 7680 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
13:02:42.0425 7680 FontCache - ok
13:02:42.0487 7680 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:02:42.0518 7680 FontCache3.0.0.0 - ok
13:02:42.0550 7680 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:42.0565 7680 FsDepends - ok
13:02:42.0628 7680 [ 5814011b2f6e088e29d689b5fcd49b8f ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:02:42.0674 7680 fssfltr - ok
13:02:42.0737 7680 [ f6717211c1ec2cddaa81b97b0727c2e9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:02:42.0815 7680 fsssvc - ok
13:02:42.0862 7680 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:42.0877 7680 Fs_Rec - ok
13:02:42.0924 7680 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:42.0940 7680 fvevol - ok
13:02:42.0986 7680 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:43.0002 7680 gagp30kx - ok
13:02:43.0064 7680 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:43.0174 7680 gpsvc - ok
13:02:43.0236 7680 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:43.0283 7680 gupdate - ok
13:02:43.0298 7680 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:02:43.0314 7680 gupdatem - ok
13:02:43.0345 7680 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:43.0376 7680 hcw85cir - ok
13:02:43.0454 7680 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:43.0548 7680 HdAudAddService - ok
13:02:43.0579 7680 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:02:43.0657 7680 HDAudBus - ok
13:02:43.0704 7680 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:43.0735 7680 HidBatt - ok
13:02:43.0766 7680 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:43.0829 7680 HidBth - ok
13:02:43.0860 7680 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:43.0938 7680 HidIr - ok
13:02:43.0985 7680 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
13:02:44.0047 7680 hidserv - ok
13:02:44.0094 7680 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:02:44.0141 7680 HidUsb - ok
13:02:44.0172 7680 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:44.0312 7680 hkmsvc - ok
13:02:44.0344 7680 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:44.0390 7680 HomeGroupListener - ok
13:02:44.0422 7680 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:44.0453 7680 HomeGroupProvider - ok
13:02:44.0515 7680 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:02:44.0562 7680 HpSAMD - ok
13:02:44.0609 7680 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:44.0765 7680 HTTP - ok
13:02:44.0796 7680 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:44.0812 7680 hwpolicy - ok
13:02:44.0843 7680 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:02:44.0874 7680 i8042prt - ok
13:02:44.0921 7680 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:02:44.0936 7680 iaStorV - ok
13:02:45.0030 7680 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:02:45.0092 7680 idsvc - ok
13:02:45.0186 7680 [ e28602c9e17b0ddce9f5deb3b3e2a635 ] IGDCTRL D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE
13:02:45.0217 7680 IGDCTRL - ok
13:02:45.0264 7680 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:45.0280 7680 iirsp - ok
13:02:45.0326 7680 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:45.0420 7680 IKEEXT - ok
13:02:45.0451 7680 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
13:02:45.0482 7680 intelide - ok
13:02:45.0529 7680 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:45.0576 7680 intelppm - ok
13:02:45.0607 7680 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:02:45.0716 7680 IPBusEnum - ok
13:02:45.0763 7680 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:45.0826 7680 IpFilterDriver - ok
13:02:45.0872 7680 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:02:45.0904 7680 IPMIDRV - ok
13:02:45.0966 7680 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:46.0028 7680 IPNAT - ok
13:02:46.0091 7680 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:46.0138 7680 IRENUM - ok
13:02:46.0169 7680 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:02:46.0184 7680 isapnp - ok
13:02:46.0231 7680 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:02:46.0247 7680 iScsiPrt - ok
13:02:46.0278 7680 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:02:46.0294 7680 kbdclass - ok
13:02:46.0340 7680 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:02:46.0403 7680 kbdhid - ok
13:02:46.0450 7680 [ e63ef8c3271d014f14e2469ce75fecb4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
13:02:46.0481 7680 kbfiltr - ok
13:02:46.0528 7680 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
13:02:46.0543 7680 KeyIso - ok
13:02:46.0574 7680 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:46.0590 7680 KSecDD - ok
13:02:46.0621 7680 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:46.0652 7680 KSecPkg - ok
13:02:46.0684 7680 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:02:46.0762 7680 ksthunk - ok
13:02:46.0793 7680 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:46.0871 7680 KtmRm - ok
13:02:46.0902 7680 [ 1541d77d3eb41177bd7026d49948aa95 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
13:02:46.0933 7680 L1E - ok
13:02:46.0964 7680 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:02:47.0042 7680 LanmanServer - ok
13:02:47.0089 7680 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:47.0198 7680 LanmanWorkstation - ok
13:02:47.0214 7680 Lbd - ok
13:02:47.0292 7680 [ 88e52495b47c67126b510af53fdb0bc7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
13:02:47.0354 7680 LBTServ - ok
13:02:47.0401 7680 [ b6552d382ff070b4ed34cbd6737277c0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:02:47.0432 7680 LHidFilt - ok
13:02:47.0448 7680 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:47.0526 7680 lltdio - ok
13:02:47.0573 7680 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:47.0651 7680 lltdsvc - ok
13:02:47.0682 7680 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:47.0744 7680 lmhosts - ok
13:02:47.0791 7680 [ 73c1f563ab73d459dffe682d66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:02:47.0807 7680 LMouFilt - ok
13:02:47.0838 7680 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:47.0854 7680 LSI_FC - ok
13:02:47.0869 7680 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:47.0885 7680 LSI_SAS - ok
13:02:47.0916 7680 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:47.0932 7680 LSI_SAS2 - ok
13:02:47.0947 7680 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:47.0963 7680 LSI_SCSI - ok
13:02:48.0010 7680 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:48.0119 7680 luafv - ok
13:02:48.0150 7680 [ 9d9714e78eac9e5368208649489c920e ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
13:02:48.0181 7680 LUsbFilt - ok
13:02:48.0212 7680 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:48.0244 7680 Mcx2Svc - ok
13:02:48.0259 7680 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:48.0275 7680 megasas - ok
13:02:48.0306 7680 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:48.0337 7680 MegaSR - ok
13:02:48.0400 7680 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:02:48.0446 7680 Microsoft Office Groove Audit Service - ok
13:02:48.0493 7680 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
13:02:48.0587 7680 MMCSS - ok
13:02:48.0602 7680 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:02:48.0665 7680 Modem - ok
13:02:48.0712 7680 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:48.0727 7680 monitor - ok
13:02:48.0758 7680 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:02:48.0774 7680 mouclass - ok
13:02:48.0790 7680 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:48.0836 7680 mouhid - ok
13:02:48.0868 7680 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:48.0899 7680 mountmgr - ok
13:02:48.0930 7680 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:02:48.0961 7680 mpio - ok
13:02:48.0977 7680 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:49.0024 7680 mpsdrv - ok
13:02:49.0070 7680 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:49.0133 7680 MRxDAV - ok
13:02:49.0180 7680 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:49.0211 7680 mrxsmb - ok
13:02:49.0258 7680 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:49.0289 7680 mrxsmb10 - ok
13:02:49.0320 7680 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:49.0367 7680 mrxsmb20 - ok
13:02:49.0414 7680 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:02:49.0429 7680 msahci - ok
13:02:49.0460 7680 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:02:49.0476 7680 msdsm - ok
13:02:49.0492 7680 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:49.0570 7680 MSDTC - ok
13:02:49.0632 7680 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:49.0694 7680 Msfs - ok
13:02:49.0726 7680 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:49.0788 7680 mshidkmdf - ok
13:02:49.0835 7680 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:02:49.0850 7680 msisadrv - ok
13:02:49.0897 7680 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:49.0960 7680 MSiSCSI - ok
13:02:49.0975 7680 msiserver - ok
13:02:50.0022 7680 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:50.0084 7680 MSKSSRV - ok
13:02:50.0116 7680 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:50.0334 7680 MSPCLOCK - ok
13:02:50.0365 7680 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:50.0428 7680 MSPQM - ok
13:02:50.0474 7680 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:50.0552 7680 MsRPC - ok
13:02:50.0599 7680 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:02:50.0630 7680 mssmbios - ok
13:02:50.0662 7680 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:50.0724 7680 MSTEE - ok
13:02:50.0740 7680 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:50.0771 7680 MTConfig - ok
13:02:50.0818 7680 [ 032d35c996f21d19a205a7c8f0b76f3c ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:02:50.0833 7680 MTsensor - ok
13:02:50.0849 7680 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:50.0864 7680 Mup - ok
13:02:50.0911 7680 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
13:02:50.0989 7680 napagent - ok
13:02:51.0020 7680 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:51.0067 7680 NativeWifiP - ok
13:02:51.0192 7680 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:51.0254 7680 NDIS - ok
13:02:51.0286 7680 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:51.0410 7680 NdisCap - ok
13:02:51.0457 7680 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:51.0551 7680 NdisTapi - ok
13:02:51.0582 7680 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:51.0644 7680 Ndisuio - ok
13:02:51.0676 7680 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:51.0738 7680 NdisWan - ok
13:02:51.0785 7680 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:51.0832 7680 NDProxy - ok
13:02:51.0941 7680 [ b90e093e7a7250906f1054418b5339c0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:02:52.0019 7680 Nero BackItUp Scheduler 4.0 - ok
13:02:52.0050 7680 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:52.0112 7680 NetBIOS - ok
13:02:52.0159 7680 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:52.0237 7680 NetBT - ok
13:02:52.0268 7680 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
13:02:52.0284 7680 Netlogon - ok
13:02:52.0315 7680 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
13:02:52.0409 7680 Netman - ok
13:02:52.0440 7680 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
13:02:52.0502 7680 netprofm - ok
13:02:52.0549 7680 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:52.0580 7680 NetTcpPortSharing - ok
13:02:52.0627 7680 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:52.0643 7680 nfrd960 - ok
13:02:52.0674 7680 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:52.0752 7680 NlaSvc - ok
13:02:52.0783 7680 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:52.0861 7680 Npfs - ok
13:02:52.0892 7680 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:02:52.0955 7680 nsi - ok
13:02:52.0986 7680 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:53.0048 7680 nsiproxy - ok
13:02:53.0158 7680 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:53.0267 7680 Ntfs - ok
13:02:53.0298 7680 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
13:02:53.0376 7680 Null - ok
13:02:53.0407 7680 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:02:53.0438 7680 nvraid - ok
13:02:53.0454 7680 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:02:53.0485 7680 nvstor - ok
13:02:53.0501 7680 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:02:53.0516 7680 nv_agp - ok
13:02:53.0594 7680 [ 649791f5b905e6a8ecced15ad8efd436 ] OberonGameConsoleService C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
13:02:53.0626 7680 OberonGameConsoleService - ok
13:02:53.0704 7680 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:02:53.0782 7680 odserv - ok
13:02:53.0813 7680 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:02:53.0844 7680 ohci1394 - ok
13:02:53.0875 7680 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:53.0906 7680 ose - ok
13:02:53.0953 7680 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:54.0047 7680 p2pimsvc - ok
13:02:54.0078 7680 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:54.0156 7680 p2psvc - ok
13:02:54.0203 7680 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:54.0265 7680 Parport - ok
13:02:54.0296 7680 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:54.0359 7680 partmgr - ok
13:02:54.0390 7680 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:54.0437 7680 PcaSvc - ok
13:02:54.0468 7680 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
13:02:54.0499 7680 pci - ok
13:02:54.0530 7680 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
13:02:54.0546 7680 pciide - ok
13:02:54.0593 7680 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:54.0640 7680 pcmcia - ok
13:02:54.0671 7680 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:54.0718 7680 pcw - ok
13:02:54.0749 7680 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:54.0827 7680 PEAUTH - ok
13:02:54.0920 7680 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:02:54.0998 7680 PerfHost - ok
13:02:55.0092 7680 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
13:02:55.0217 7680 pla - ok
13:02:55.0264 7680 [ e406a33046228bd89f0c2db5c172f19c ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
13:02:55.0279 7680 PLFlash DeviceIoControl Service - ok
13:02:55.0326 7680 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:02:55.0373 7680 PlugPlay - ok
13:02:55.0404 7680 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:55.0435 7680 PNRPAutoReg - ok
13:02:55.0451 7680 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:02:55.0482 7680 PNRPsvc - ok
13:02:55.0529 7680 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:55.0591 7680 PolicyAgent - ok
13:02:55.0622 7680 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
13:02:55.0700 7680 Power - ok
13:02:55.0732 7680 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:55.0794 7680 PptpMiniport - ok
13:02:55.0841 7680 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:55.0903 7680 Processor - ok
13:02:55.0950 7680 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:55.0997 7680 ProfSvc - ok
13:02:56.0012 7680 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:56.0044 7680 ProtectedStorage - ok
13:02:56.0075 7680 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:56.0168 7680 Psched - ok
13:02:56.0215 7680 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:56.0371 7680 ql2300 - ok
13:02:56.0418 7680 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:56.0449 7680 ql40xx - ok
13:02:56.0480 7680 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
13:02:56.0512 7680 QWAVE - ok
13:02:56.0527 7680 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:56.0574 7680 QWAVEdrv - ok
13:02:56.0605 7680 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:56.0668 7680 RasAcd - ok
13:02:56.0714 7680 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:56.0777 7680 RasAgileVpn - ok
13:02:56.0824 7680 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:56.0886 7680 RasAuto - ok
13:02:56.0917 7680 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:56.0995 7680 Rasl2tp - ok
13:02:57.0042 7680 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
13:02:57.0198 7680 RasMan - ok
13:02:57.0245 7680 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:57.0338 7680 RasPppoe - ok
13:02:57.0370 7680 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:57.0416 7680 RasSstp - ok
13:02:57.0463 7680 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:57.0541 7680 rdbss - ok
13:02:57.0572 7680 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:57.0604 7680 rdpbus - ok
13:02:57.0619 7680 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:57.0682 7680 RDPCDD - ok
13:02:57.0728 7680 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:57.0806 7680 RDPENCDD - ok
13:02:57.0838 7680 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:57.0900 7680 RDPREFMP - ok
13:02:57.0931 7680 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:57.0994 7680 RDPWD - ok
13:02:58.0040 7680 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:58.0056 7680 rdyboost - ok
13:02:58.0103 7680 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:58.0228 7680 RemoteAccess - ok
13:02:58.0274 7680 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:58.0352 7680 RemoteRegistry - ok
13:02:58.0368 7680 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:58.0477 7680 RpcEptMapper - ok
13:02:58.0508 7680 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
13:02:58.0540 7680 RpcLocator - ok
13:02:58.0586 7680 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
13:02:58.0633 7680 RpcSs - ok
13:02:58.0680 7680 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:58.0742 7680 rspndr - ok
13:02:58.0774 7680 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
13:02:58.0789 7680 SamSs - ok
13:02:58.0805 7680 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:02:58.0836 7680 sbp2port - ok
13:02:58.0852 7680 SBRE - ok
13:02:58.0883 7680 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:58.0930 7680 SCardSvr - ok
13:02:58.0976 7680 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:59.0039 7680 scfilter - ok
13:02:59.0101 7680 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
13:02:59.0210 7680 Schedule - ok
13:02:59.0242 7680 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:59.0288 7680 SCPolicySvc - ok
13:02:59.0320 7680 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:59.0366 7680 SDRSVC - ok
13:02:59.0398 7680 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:59.0460 7680 secdrv - ok
13:02:59.0507 7680 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
13:02:59.0616 7680 seclogon - ok
13:02:59.0663 7680 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
13:02:59.0725 7680 SENS - ok
13:02:59.0756 7680 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:02:59.0788 7680 SensrSvc - ok
13:02:59.0819 7680 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:59.0850 7680 Serenum - ok
13:02:59.0866 7680 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:59.0912 7680 Serial - ok
13:02:59.0944 7680 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:03:00.0006 7680 sermouse - ok
13:03:00.0068 7680 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:03:00.0178 7680 SessionEnv - ok
13:03:00.0193 7680 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:03:00.0240 7680 sffdisk - ok
13:03:00.0256 7680 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:03:00.0302 7680 sffp_mmc - ok
13:03:00.0318 7680 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:03:00.0349 7680 sffp_sd - ok
13:03:00.0380 7680 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:03:00.0443 7680 sfloppy - ok
13:03:00.0505 7680 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:03:00.0568 7680 ShellHWDetection - ok
13:03:00.0614 7680 [ 1bc348cf6baa90ec8e533ef6e6a69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
13:03:00.0646 7680 SiSGbeLH - ok
13:03:00.0677 7680 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:00.0708 7680 SiSRaid2 - ok
13:03:00.0739 7680 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:00.0770 7680 SiSRaid4 - ok
13:03:00.0802 7680 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:03:00.0895 7680 Smb - ok
13:03:00.0958 7680 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:03:00.0989 7680 SNMPTRAP - ok
13:03:01.0098 7680 [ 1d8474722cdffbb8fca5fa12c50a05a2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:03:01.0223 7680 SNP2UVC - ok
13:03:01.0238 7680 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:03:01.0254 7680 spldr - ok
13:03:01.0285 7680 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
13:03:01.0363 7680 Spooler - ok
13:03:01.0488 7680 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
13:03:01.0738 7680 sppsvc - ok
13:03:01.0784 7680 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:03:01.0847 7680 sppuinotify - ok
13:03:01.0925 7680 [ 602884696850c86434530790b110e8eb ] sptd C:\Windows\system32\Drivers\sptd.sys
13:03:01.0925 7680 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
13:03:01.0940 7680 sptd ( LockedFile.Multi.Generic ) - warning
13:03:01.0940 7680 sptd - detected LockedFile.Multi.Generic (1)
13:03:01.0987 7680 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
13:03:02.0050 7680 srv - ok
13:03:02.0112 7680 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:03:02.0190 7680 srv2 - ok
13:03:02.0221 7680 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:03:02.0268 7680 srvnet - ok
13:03:02.0299 7680 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:03:02.0393 7680 SSDPSRV - ok
13:03:02.0424 7680 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:03:02.0549 7680 SstpSvc - ok
13:03:02.0580 7680 StarOpen - ok
13:03:02.0611 7680 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:03:02.0642 7680 stexstor - ok
13:03:02.0705 7680 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
13:03:02.0798 7680 stisvc - ok
13:03:02.0814 7680 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:03:02.0830 7680 swenum - ok
13:03:02.0876 7680 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
13:03:02.0954 7680 swprv - ok
13:03:03.0032 7680 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
13:03:03.0220 7680 SysMain - ok
13:03:03.0251 7680 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:03:03.0282 7680 TabletInputService - ok
13:03:03.0313 7680 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:03:03.0376 7680 TapiSrv - ok
13:03:03.0407 7680 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
13:03:03.0532 7680 TBS - ok
13:03:03.0641 7680 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:03:03.0750 7680 Tcpip - ok
13:03:03.0812 7680 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:03:03.0859 7680 TCPIP6 - ok
13:03:03.0906 7680 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:03:03.0984 7680 tcpipreg - ok
13:03:04.0031 7680 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:03:04.0078 7680 TDPIPE - ok
13:03:04.0109 7680 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:03:04.0140 7680 TDTCP - ok
13:03:04.0187 7680 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:03:04.0265 7680 tdx - ok
13:03:04.0296 7680 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:03:04.0343 7680 TermDD - ok
13:03:04.0374 7680 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
13:03:04.0468 7680 TermService - ok
13:03:04.0499 7680 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
13:03:04.0546 7680 Themes - ok
13:03:04.0577 7680 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
13:03:04.0624 7680 THREADORDER - ok
13:03:04.0670 7680 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
13:03:04.0733 7680 TrkWks - ok
13:03:04.0795 7680 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:03:04.0889 7680 TrustedInstaller - ok
13:03:04.0936 7680 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:04.0998 7680 tssecsrv - ok
13:03:05.0029 7680 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:03:05.0060 7680 TsUsbFlt - ok
13:03:05.0123 7680 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:03:05.0185 7680 tunnel - ok
13:03:05.0216 7680 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:03:05.0248 7680 uagp35 - ok
13:03:05.0294 7680 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:03:05.0372 7680 udfs - ok
13:03:05.0419 7680 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:03:05.0466 7680 UI0Detect - ok
13:03:05.0482 7680 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:03:05.0497 7680 uliagpkx - ok
13:03:05.0528 7680 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:03:05.0560 7680 umbus - ok
13:03:05.0591 7680 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:03:05.0622 7680 UmPass - ok
13:03:05.0653 7680 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
13:03:05.0716 7680 upnphost - ok
13:03:05.0747 7680 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:05.0762 7680 usbccgp - ok
13:03:05.0794 7680 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:03:05.0825 7680 usbcir - ok
13:03:05.0840 7680 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:03:05.0887 7680 usbehci - ok
13:03:05.0918 7680 [ 6648c6d7323a2ce0c4776c36cefbcb14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
13:03:05.0950 7680 usbfilter - ok
13:03:05.0981 7680 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:03:06.0028 7680 usbhub - ok
13:03:06.0059 7680 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:03:06.0074 7680 usbohci - ok
13:03:06.0106 7680 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:03:06.0137 7680 usbprint - ok
13:03:06.0168 7680 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:06.0199 7680 USBSTOR - ok
13:03:06.0215 7680 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:03:06.0246 7680 usbuhci - ok
13:03:06.0293 7680 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:03:06.0324 7680 usbvideo - ok
13:03:06.0355 7680 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
13:03:06.0418 7680 UxSms - ok
13:03:06.0449 7680 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
13:03:06.0464 7680 VaultSvc - ok
13:03:06.0496 7680 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:03:06.0527 7680 vdrvroot - ok
13:03:06.0574 7680 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
13:03:06.0698 7680 vds - ok
13:03:06.0730 7680 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:06.0761 7680 vga - ok
13:03:06.0776 7680 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
13:03:06.0823 7680 VgaSave - ok
13:03:06.0870 7680 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:03:06.0901 7680 vhdmp - ok
13:03:06.0979 7680 [ fe595d1a1b781190bb483444b62cc607 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:03:07.0057 7680 VIAHdAudAddService - ok
13:03:07.0088 7680 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:03:07.0104 7680 viaide - ok
13:03:07.0120 7680 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:03:07.0135 7680 volmgr - ok
13:03:07.0166 7680 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:03:07.0198 7680 volmgrx - ok
13:03:07.0213 7680 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:03:07.0244 7680 volsnap - ok
13:03:07.0291 7680 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:07.0307 7680 vsmraid - ok
13:03:07.0400 7680 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
13:03:07.0541 7680 VSS - ok
13:03:07.0588 7680 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:03:07.0619 7680 vwifibus - ok
13:03:07.0634 7680 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:03:07.0681 7680 vwififlt - ok
13:03:07.0728 7680 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
13:03:07.0822 7680 W32Time - ok
13:03:07.0853 7680 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:03:07.0884 7680 WacomPen - ok
13:03:07.0931 7680 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:03:08.0009 7680 WANARP - ok
13:03:08.0024 7680 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:03:08.0134 7680 Wanarpv6 - ok
13:03:08.0212 7680 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
13:03:08.0352 7680 wbengine - ok
13:03:08.0383 7680 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:03:08.0430 7680 WbioSrvc - ok
13:03:08.0461 7680 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:03:08.0539 7680 wcncsvc - ok
13:03:08.0570 7680 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:03:08.0648 7680 WcsPlugInService - ok
13:03:08.0695 7680 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:03:08.0711 7680 Wd - ok
13:03:08.0758 7680 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:03:08.0836 7680 Wdf01000 - ok
13:03:08.0867 7680 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:03:08.0960 7680 WdiServiceHost - ok
13:03:08.0976 7680 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:03:09.0007 7680 WdiSystemHost - ok
13:03:09.0038 7680 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:03:09.0085 7680 WebClient - ok
13:03:09.0101 7680 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:03:09.0194 7680 Wecsvc - ok
13:03:09.0226 7680 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:03:09.0288 7680 wercplsupport - ok
13:03:09.0319 7680 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:03:09.0382 7680 WerSvc - ok
13:03:09.0428 7680 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:09.0475 7680 WfpLwf - ok
13:03:09.0538 7680 [ 52ded146e4797e6ccf94799e8e22bb2a ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:03:09.0553 7680 WimFltr - ok
13:03:09.0584 7680 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:03:09.0600 7680 WIMMount - ok
13:03:09.0616 7680 WinHttpAutoProxySvc - ok
13:03:09.0678 7680 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:03:09.0787 7680 Winmgmt - ok
13:03:09.0896 7680 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
13:03:10.0068 7680 WinRM - ok
13:03:10.0130 7680 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
13:03:10.0208 7680 Wlansvc - ok
13:03:10.0380 7680 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:03:10.0489 7680 wlidsvc - ok
13:03:10.0536 7680 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:03:10.0567 7680 WmiAcpi - ok
13:03:10.0614 7680 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:03:10.0661 7680 wmiApSrv - ok
13:03:10.0692 7680 WMPNetworkSvc - ok
13:03:10.0723 7680 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:03:10.0754 7680 WPCSvc - ok
13:03:10.0786 7680 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:03:10.0817 7680 WPDBusEnum - ok
13:03:10.0848 7680 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:03:10.0895 7680 ws2ifsl - ok
13:03:10.0910 7680 WSearch - ok
13:03:10.0942 7680 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:03:10.0988 7680 WudfPf - ok
13:03:11.0035 7680 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:11.0082 7680 WUDFRd - ok
13:03:11.0113 7680 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:03:11.0176 7680 wudfsvc - ok
13:03:11.0207 7680 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
13:03:11.0254 7680 WwanSvc - ok
13:03:11.0285 7680 ================ Scan global ===============================
13:03:11.0316 7680 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
13:03:11.0347 7680 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:03:11.0363 7680 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:03:11.0394 7680 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
13:03:11.0425 7680 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe
13:03:11.0441 7680 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
13:03:11.0441 7680 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
13:03:11.0441 7680 ================ Scan MBR ==================================
13:03:11.0472 7680 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:03:12.0174 7680 \Device\Harddisk0\DR0 - ok
13:03:12.0174 7680 ================ Scan VBR ==================================
13:03:12.0190 7680 Boot (0x1200) (4f86c15403ac3d811325aea1415ca36f) \Device\Harddisk0\DR0\Partition1
13:03:12.0190 7680 \Device\Harddisk0\DR0\Partition1 - ok
13:03:12.0205 7680 Boot (0x1200) (9a2791439d13ab158aa1afe5ecc34ac7) \Device\Harddisk0\DR0\Partition2
13:03:12.0221 7680 \Device\Harddisk0\DR0\Partition2 - ok
13:03:12.0221 7680 ============================================================
13:03:12.0221 7680 Scan finished
13:03:12.0221 7680 ============================================================
13:03:12.0252 5684 Detected object count: 4
13:03:12.0252 5684 Actual detected object count: 4
13:03:37.0586 5684 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:37.0586 5684 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:37.0602 5684 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:37.0602 5684 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:37.0602 5684 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:03:37.0602 5684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:03:37.0602 5684 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
13:03:37.0602 5684 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
13:03:52.0953 7516 Deinitialize success
|
|
20.08.2012, 17:11
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750Code:
ATTFilter C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
Danach Windows neu starten und einen neuen Scan mit dem TDSS-Killer machen und posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 20:19
| #26 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Das erste Log (vom Scan mit Löschung) hab ich jetzt nicht mit dran, der Text war zu lang.... Beim zweiten Sacn (nach der Löschung) hatt ich nur noch 3 statt 4 Funde, der Virenscanner ist jetzt aber auch echt leise. Danke Aber: Die Firewall geht immer noch nicht an, gleicher Fehlercode.... Code:
ATTFilter 21:12:03.0595 4516 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
21:12:03.0689 4516 ============================================================
21:12:03.0689 4516 Current date / time: 2012/08/20 21:12:03.0689
21:12:03.0689 4516 SystemInfo:
21:12:03.0689 4516
21:12:03.0689 4516 OS Version: 6.1.7601 ServicePack: 1.0
21:12:03.0689 4516 Product type: Workstation
21:12:03.0689 4516 ComputerName: D-PC
21:12:03.0689 4516 UserName: D
21:12:03.0689 4516 Windows directory: C:\Windows
21:12:03.0689 4516 System windows directory: C:\Windows
21:12:03.0689 4516 Running under WOW64
21:12:03.0689 4516 Processor architecture: Intel x64
21:12:03.0689 4516 Number of processors: 2
21:12:03.0689 4516 Page size: 0x1000
21:12:03.0689 4516 Boot type: Normal boot
21:12:03.0689 4516 ============================================================
21:12:06.0559 4516 BG loaded
21:12:07.0433 4516 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:12:07.0448 4516 ============================================================
21:12:07.0448 4516 \Device\Harddisk0\DR0:
21:12:07.0464 4516 MBR partitions:
21:12:07.0464 4516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x74701B0
21:12:07.0479 4516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x91BB367, BlocksNum 0x1400921A
21:12:07.0479 4516 ============================================================
21:12:07.0557 4516 C: <-> \Device\Harddisk0\DR0\Partition1
21:12:07.0635 4516 D: <-> \Device\Harddisk0\DR0\Partition2
21:12:07.0635 4516 ============================================================
21:12:07.0635 4516 Initialize success
21:12:07.0635 4516 ============================================================
21:12:16.0512 4980 ============================================================
21:12:16.0512 4980 Scan started
21:12:16.0512 4980 Mode: Manual; SigCheck; TDLFS;
21:12:16.0512 4980 ============================================================
21:12:18.0150 4980 ================ Scan services =============================
21:12:18.0743 4980 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:12:18.0930 4980 1394ohci - ok
21:12:19.0023 4980 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:12:19.0070 4980 ACPI - ok
21:12:19.0117 4980 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:12:19.0881 4980 AcpiPmi - ok
21:12:20.0287 4980 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:12:20.0381 4980 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:12:20.0381 4980 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:12:21.0363 4980 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:12:21.0395 4980 AdobeFlashPlayerUpdateSvc - ok
21:12:21.0644 4980 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:12:21.0691 4980 adp94xx - ok
21:12:21.0800 4980 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:12:21.0847 4980 adpahci - ok
21:12:21.0941 4980 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:12:21.0987 4980 adpu320 - ok
21:12:22.0097 4980 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:12:22.0986 4980 AeLookupSvc - ok
21:12:23.0157 4980 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe
21:12:23.0189 4980 AFBAgent - ok
21:12:23.0313 4980 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:12:23.0423 4980 AFD - ok
21:12:23.0469 4980 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:12:23.0485 4980 agp440 - ok
21:12:23.0532 4980 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:12:23.0625 4980 ALG - ok
21:12:23.0688 4980 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:12:23.0703 4980 aliide - ok
21:12:23.0750 4980 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:12:23.0844 4980 AMD External Events Utility - ok
21:12:23.0875 4980 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:12:23.0906 4980 amdide - ok
21:12:23.0937 4980 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:12:24.0031 4980 AmdK8 - ok
21:12:24.0078 4980 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:12:24.0140 4980 AmdPPM - ok
21:12:24.0171 4980 [ 8818A2AB90189B7FF60A24C0847F9A6B ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:12:24.0187 4980 amdsata - ok
21:12:24.0234 4980 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:12:24.0281 4980 amdsbs - ok
21:12:24.0312 4980 [ 3C430969F097DEE18D13010D678069CD ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:12:24.0343 4980 amdxata - ok
21:12:24.0405 4980 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
21:12:24.0515 4980 AmUStor - ok
21:12:24.0561 4980 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:12:24.0811 4980 AppID - ok
21:12:24.0858 4980 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:12:24.0983 4980 AppIDSvc - ok
21:12:25.0029 4980 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:12:25.0123 4980 Appinfo - ok
21:12:25.0170 4980 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:12:25.0201 4980 arc - ok
21:12:25.0248 4980 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:12:25.0310 4980 arcsas - ok
21:12:25.0373 4980 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
21:12:25.0419 4980 ASLDRService - ok
21:12:25.0482 4980 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
21:12:25.0513 4980 ASMMAP64 - ok
21:12:25.0560 4980 [ DF59B8E8DF0BD2E0E303778A3806A17D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:12:25.0607 4980 aswFsBlk - ok
21:12:25.0622 4980 [ F8E6AB4F876FEFF69250F2E0C29EF004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:12:25.0653 4980 aswMonFlt - ok
21:12:25.0685 4980 [ AA92BC4BCBA40CA3AA3FFD1BE24F0C09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
21:12:25.0716 4980 aswRdr - ok
21:12:25.0825 4980 [ F06E230E1E8CA9437A6474B7B551CD37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:12:25.0872 4980 aswSnx - ok
21:12:25.0903 4980 [ 3610CA74A69E380424F0452DEC5C1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:12:25.0919 4980 aswSP - ok
21:12:25.0934 4980 [ 87DE3E31CB0091D22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:12:25.0950 4980 aswTdi - ok
21:12:25.0981 4980 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:26.0059 4980 AsyncMac - ok
21:12:26.0090 4980 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:12:26.0106 4980 atapi - ok
21:12:26.0184 4980 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:12:26.0277 4980 athr - ok
21:12:26.0340 4980 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:12:26.0371 4980 AtiHdmiService - ok
21:12:26.0621 4980 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:12:26.0777 4980 atikmdag - ok
21:12:26.0823 4980 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:12:26.0839 4980 AtiPcie - ok
21:12:26.0855 4980 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:12:26.0901 4980 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
21:12:26.0901 4980 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
21:12:26.0979 4980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:12:27.0089 4980 AudioEndpointBuilder - ok
21:12:27.0120 4980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:12:27.0182 4980 AudioSrv - ok
21:12:27.0245 4980 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:12:27.0291 4980 avast! Antivirus - ok
21:12:27.0338 4980 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:12:27.0463 4980 AxInstSV - ok
21:12:27.0525 4980 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:12:27.0588 4980 b06bdrv - ok
21:12:27.0603 4980 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:12:27.0650 4980 b57nd60a - ok
21:12:27.0697 4980 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:12:27.0759 4980 BDESVC - ok
21:12:27.0791 4980 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:12:27.0900 4980 Beep - ok
21:12:27.0915 4980 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:12:27.0962 4980 blbdrive - ok
21:12:28.0009 4980 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:12:28.0087 4980 bowser - ok
21:12:28.0118 4980 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:12:28.0227 4980 BrFiltLo - ok
21:12:28.0243 4980 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:12:28.0290 4980 BrFiltUp - ok
21:12:28.0337 4980 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
21:12:28.0430 4980 Browser - ok
21:12:28.0477 4980 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:12:28.0555 4980 Brserid - ok
21:12:28.0571 4980 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:12:28.0617 4980 BrSerWdm - ok
21:12:28.0649 4980 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:12:28.0695 4980 BrUsbMdm - ok
21:12:28.0727 4980 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:12:28.0758 4980 BrUsbSer - ok
21:12:28.0773 4980 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:12:28.0820 4980 BTHMODEM - ok
21:12:28.0867 4980 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:12:28.0992 4980 bthserv - ok
21:12:29.0023 4980 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:12:29.0085 4980 cdfs - ok
21:12:29.0132 4980 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:12:29.0179 4980 cdrom - ok
21:12:29.0226 4980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:12:29.0335 4980 CertPropSvc - ok
21:12:29.0366 4980 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:12:29.0397 4980 circlass - ok
21:12:29.0444 4980 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:12:29.0491 4980 CLFS - ok
21:12:29.0600 4980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:12:29.0631 4980 clr_optimization_v2.0.50727_32 - ok
21:12:29.0678 4980 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:12:29.0694 4980 clr_optimization_v2.0.50727_64 - ok
21:12:29.0741 4980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:12:29.0865 4980 clr_optimization_v4.0.30319_32 - ok
21:12:29.0928 4980 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:12:29.0959 4980 clr_optimization_v4.0.30319_64 - ok
21:12:30.0021 4980 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:12:30.0068 4980 CmBatt - ok
21:12:30.0084 4980 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:12:30.0099 4980 cmdide - ok
21:12:30.0177 4980 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:12:30.0240 4980 CNG - ok
21:12:30.0287 4980 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:12:30.0349 4980 Compbatt - ok
21:12:30.0380 4980 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:12:30.0427 4980 CompositeBus - ok
21:12:30.0443 4980 COMSysApp - ok
21:12:30.0458 4980 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:12:30.0474 4980 crcdisk - ok
21:12:30.0521 4980 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:12:30.0583 4980 CryptSvc - ok
21:12:30.0661 4980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:12:30.0739 4980 DcomLaunch - ok
21:12:30.0786 4980 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:12:30.0864 4980 defragsvc - ok
21:12:30.0879 4980 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:12:30.0957 4980 DfsC - ok
21:12:31.0020 4980 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:12:31.0098 4980 Dhcp - ok
21:12:31.0113 4980 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:12:31.0160 4980 discache - ok
21:12:31.0207 4980 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:12:31.0223 4980 Disk - ok
21:12:31.0269 4980 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:12:31.0347 4980 Dnscache - ok
21:12:31.0379 4980 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:12:31.0441 4980 dot3svc - ok
21:12:31.0488 4980 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:12:31.0613 4980 DPS - ok
21:12:31.0644 4980 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:12:31.0722 4980 drmkaud - ok
21:12:31.0831 4980 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:12:31.0862 4980 DXGKrnl - ok
21:12:31.0893 4980 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:12:31.0956 4980 EapHost - ok
21:12:32.0174 4980 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:12:32.0346 4980 ebdrv - ok
21:12:32.0377 4980 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:12:32.0439 4980 EFS - ok
21:12:32.0595 4980 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:12:32.0720 4980 ehRecvr - ok
21:12:32.0783 4980 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:12:32.0876 4980 ehSched - ok
21:12:32.0954 4980 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:12:33.0017 4980 elxstor - ok
21:12:33.0079 4980 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:12:33.0173 4980 ErrDev - ok
21:12:33.0219 4980 [ 1299D1EA00B7A4BF69C5869DCA31E0F6 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:12:33.0297 4980 ETD - ok
21:12:33.0360 4980 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:12:33.0485 4980 EventSystem - ok
21:12:33.0516 4980 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:12:33.0609 4980 exfat - ok
21:12:33.0625 4980 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:12:33.0734 4980 fastfat - ok
21:12:33.0797 4980 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:12:33.0859 4980 Fax - ok
21:12:33.0875 4980 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:12:33.0921 4980 fdc - ok
21:12:33.0968 4980 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:12:34.0062 4980 fdPHost - ok
21:12:34.0077 4980 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:12:34.0140 4980 FDResPub - ok
21:12:34.0171 4980 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:12:34.0187 4980 FileInfo - ok
21:12:34.0218 4980 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:12:34.0296 4980 Filetrace - ok
21:12:34.0343 4980 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:34.0374 4980 flpydisk - ok
21:12:34.0421 4980 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:12:34.0467 4980 FltMgr - ok
21:12:34.0655 4980 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:12:34.0795 4980 FontCache - ok
21:12:34.0873 4980 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:12:34.0935 4980 FontCache3.0.0.0 - ok
21:12:34.0967 4980 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:12:34.0998 4980 FsDepends - ok
21:12:35.0045 4980 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:12:35.0091 4980 fssfltr - ok
21:12:35.0201 4980 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:12:35.0263 4980 fsssvc - ok
21:12:35.0325 4980 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:12:35.0388 4980 Fs_Rec - ok
21:12:35.0435 4980 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:12:35.0481 4980 fvevol - ok
21:12:35.0544 4980 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:12:35.0559 4980 gagp30kx - ok
21:12:35.0747 4980 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:12:35.0840 4980 gpsvc - ok
21:12:35.0934 4980 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:35.0965 4980 gupdate - ok
21:12:35.0981 4980 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:35.0996 4980 gupdatem - ok
21:12:36.0027 4980 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:12:36.0105 4980 hcw85cir - ok
21:12:36.0152 4980 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:12:36.0199 4980 HdAudAddService - ok
21:12:36.0215 4980 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:12:36.0246 4980 HDAudBus - ok
21:12:36.0277 4980 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:12:36.0308 4980 HidBatt - ok
21:12:36.0339 4980 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:12:36.0386 4980 HidBth - ok
21:12:36.0417 4980 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:12:36.0495 4980 HidIr - ok
21:12:36.0527 4980 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:12:36.0605 4980 hidserv - ok
21:12:36.0667 4980 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:12:36.0714 4980 HidUsb - ok
21:12:36.0761 4980 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:12:36.0885 4980 hkmsvc - ok
21:12:36.0932 4980 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:12:36.0995 4980 HomeGroupListener - ok
21:12:37.0041 4980 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:12:37.0119 4980 HomeGroupProvider - ok
21:12:37.0151 4980 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:12:37.0197 4980 HpSAMD - ok
21:12:37.0307 4980 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:12:37.0385 4980 HTTP - ok
21:12:37.0416 4980 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:12:37.0447 4980 hwpolicy - ok
21:12:37.0478 4980 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:12:37.0509 4980 i8042prt - ok
21:12:37.0572 4980 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:12:37.0619 4980 iaStorV - ok
21:12:37.0681 4980 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:12:37.0728 4980 idsvc - ok
21:12:37.0821 4980 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE
21:12:37.0868 4980 IGDCTRL - ok
21:12:37.0915 4980 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:12:37.0931 4980 iirsp - ok
21:12:37.0993 4980 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:12:38.0165 4980 IKEEXT - ok
21:12:38.0196 4980 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:12:38.0227 4980 intelide - ok
21:12:38.0274 4980 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:12:38.0321 4980 intelppm - ok
21:12:38.0352 4980 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:12:38.0461 4980 IPBusEnum - ok
21:12:38.0508 4980 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:12:38.0586 4980 IpFilterDriver - ok
21:12:38.0648 4980 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:12:38.0726 4980 IPMIDRV - ok
21:12:38.0789 4980 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:12:38.0945 4980 IPNAT - ok
21:12:38.0991 4980 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:12:39.0116 4980 IRENUM - ok
21:12:39.0147 4980 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:12:39.0163 4980 isapnp - ok
21:12:39.0225 4980 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:12:39.0288 4980 iScsiPrt - ok
21:12:39.0319 4980 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:12:39.0350 4980 kbdclass - ok
21:12:39.0397 4980 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:12:39.0491 4980 kbdhid - ok
21:12:39.0537 4980 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
21:12:39.0553 4980 kbfiltr - ok
21:12:39.0584 4980 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:12:39.0600 4980 KeyIso - ok
21:12:39.0631 4980 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:12:39.0647 4980 KSecDD - ok
21:12:39.0678 4980 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:12:39.0709 4980 KSecPkg - ok
21:12:39.0740 4980 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:12:39.0849 4980 ksthunk - ok
21:12:39.0881 4980 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:12:39.0959 4980 KtmRm - ok
21:12:39.0990 4980 [ 1541D77D3EB41177BD7026D49948AA95 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
21:12:40.0021 4980 L1E - ok
21:12:40.0068 4980 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:12:40.0161 4980 LanmanServer - ok
21:12:40.0208 4980 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:12:40.0271 4980 LanmanWorkstation - ok
21:12:40.0286 4980 Lbd - ok
21:12:40.0458 4980 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:12:40.0489 4980 LBTServ - ok
21:12:40.0536 4980 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:12:40.0551 4980 LHidFilt - ok
21:12:40.0583 4980 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:12:40.0676 4980 lltdio - ok
21:12:40.0739 4980 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:12:40.0848 4980 lltdsvc - ok
21:12:40.0863 4980 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:12:40.0973 4980 lmhosts - ok
21:12:41.0004 4980 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:12:41.0035 4980 LMouFilt - ok
21:12:41.0082 4980 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:12:41.0113 4980 LSI_FC - ok
21:12:41.0144 4980 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:12:41.0175 4980 LSI_SAS - ok
21:12:41.0207 4980 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:12:41.0238 4980 LSI_SAS2 - ok
21:12:41.0269 4980 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:12:41.0285 4980 LSI_SCSI - ok
21:12:41.0316 4980 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:12:41.0378 4980 luafv - ok
21:12:41.0456 4980 [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
21:12:41.0472 4980 LUsbFilt - ok
21:12:41.0519 4980 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:12:41.0565 4980 Mcx2Svc - ok
21:12:41.0597 4980 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:12:41.0628 4980 megasas - ok
21:12:41.0675 4980 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:12:41.0721 4980 MegaSR - ok
21:12:41.0799 4980 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:12:41.0846 4980 Microsoft Office Groove Audit Service - ok
21:12:41.0909 4980 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:12:42.0033 4980 MMCSS - ok
21:12:42.0049 4980 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:12:42.0127 4980 Modem - ok
21:12:42.0174 4980 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:12:42.0205 4980 monitor - ok
21:12:42.0221 4980 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:12:42.0236 4980 mouclass - ok
21:12:42.0267 4980 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:12:42.0299 4980 mouhid - ok
21:12:42.0345 4980 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:12:42.0377 4980 mountmgr - ok
21:12:42.0439 4980 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:12:42.0486 4980 mpio - ok
21:12:42.0533 4980 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:12:42.0595 4980 mpsdrv - ok
21:12:42.0626 4980 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:12:42.0704 4980 MRxDAV - ok
21:12:42.0782 4980 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:12:42.0891 4980 mrxsmb - ok
21:12:42.0923 4980 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:12:42.0954 4980 mrxsmb10 - ok
21:12:43.0001 4980 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:12:43.0047 4980 mrxsmb20 - ok
21:12:43.0094 4980 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:12:43.0125 4980 msahci - ok
21:12:43.0157 4980 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:12:43.0188 4980 msdsm - ok
21:12:43.0219 4980 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:12:43.0313 4980 MSDTC - ok
21:12:43.0359 4980 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:12:43.0406 4980 Msfs - ok
21:12:43.0453 4980 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:12:43.0515 4980 mshidkmdf - ok
21:12:43.0593 4980 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:12:43.0640 4980 msisadrv - ok
21:12:43.0703 4980 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:12:43.0781 4980 MSiSCSI - ok
21:12:43.0796 4980 msiserver - ok
21:12:43.0859 4980 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:12:43.0952 4980 MSKSSRV - ok
21:12:43.0968 4980 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:12:44.0030 4980 MSPCLOCK - ok
21:12:44.0061 4980 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:12:44.0124 4980 MSPQM - ok
21:12:44.0171 4980 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:12:44.0202 4980 MsRPC - ok
21:12:44.0249 4980 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:12:44.0264 4980 mssmbios - ok
21:12:44.0311 4980 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:12:44.0373 4980 MSTEE - ok
21:12:44.0405 4980 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:12:44.0451 4980 MTConfig - ok
21:12:44.0483 4980 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:12:44.0498 4980 MTsensor - ok
21:12:44.0545 4980 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:12:44.0592 4980 Mup - ok
21:12:44.0654 4980 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:12:44.0763 4980 napagent - ok
21:12:44.0810 4980 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:12:44.0873 4980 NativeWifiP - ok
21:12:44.0935 4980 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:12:45.0029 4980 NDIS - ok
21:12:45.0075 4980 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:12:45.0185 4980 NdisCap - ok
21:12:45.0231 4980 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:12:45.0309 4980 NdisTapi - ok
21:12:45.0341 4980 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:12:45.0450 4980 Ndisuio - ok
21:12:45.0497 4980 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:12:45.0606 4980 NdisWan - ok
21:12:45.0637 4980 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:12:45.0684 4980 NDProxy - ok
21:12:45.0918 4980 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:12:45.0996 4980 Nero BackItUp Scheduler 4.0 - ok
21:12:46.0027 4980 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:12:46.0089 4980 NetBIOS - ok
21:12:46.0136 4980 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:12:46.0230 4980 NetBT - ok
21:12:46.0261 4980 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:12:46.0277 4980 Netlogon - ok
21:12:46.0339 4980 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:12:46.0417 4980 Netman - ok
21:12:46.0464 4980 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:12:46.0589 4980 netprofm - ok
21:12:46.0667 4980 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:12:46.0713 4980 NetTcpPortSharing - ok
21:12:46.0760 4980 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:12:46.0791 4980 nfrd960 - ok
21:12:46.0901 4980 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:12:46.0979 4980 NlaSvc - ok
21:12:47.0025 4980 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:12:47.0103 4980 Npfs - ok
21:12:47.0135 4980 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:12:47.0197 4980 nsi - ok
21:12:47.0228 4980 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:12:47.0291 4980 nsiproxy - ok
21:12:47.0587 4980 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:12:47.0712 4980 Ntfs - ok
21:12:47.0821 4980 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:12:47.0930 4980 Null - ok
21:12:48.0008 4980 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:12:48.0024 4980 nvraid - ok
21:12:48.0055 4980 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:12:48.0086 4980 nvstor - ok
21:12:48.0133 4980 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:12:48.0164 4980 nv_agp - ok
21:12:48.0242 4980 [ 649791F5B905E6A8ECCED15AD8EFD436 ] OberonGameConsoleService C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
21:12:48.0273 4980 OberonGameConsoleService - ok
21:12:48.0367 4980 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:12:48.0476 4980 odserv - ok
21:12:48.0523 4980 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:12:48.0570 4980 ohci1394 - ok
21:12:48.0617 4980 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:48.0648 4980 ose - ok
21:12:48.0788 4980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:12:48.0882 4980 p2pimsvc - ok
21:12:48.0913 4980 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:12:48.0975 4980 p2psvc - ok
21:12:49.0007 4980 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:12:49.0069 4980 Parport - ok
21:12:49.0131 4980 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:12:49.0147 4980 partmgr - ok
21:12:49.0178 4980 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:12:49.0256 4980 PcaSvc - ok
21:12:49.0303 4980 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:12:49.0397 4980 pci - ok
21:12:49.0475 4980 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:12:49.0521 4980 pciide - ok
21:12:49.0599 4980 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:12:49.0646 4980 pcmcia - ok
21:12:49.0677 4980 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:12:49.0724 4980 pcw - ok
21:12:50.0005 4980 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:12:50.0083 4980 PEAUTH - ok
21:12:50.0239 4980 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:12:50.0270 4980 PerfHost - ok
21:12:50.0333 4980 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:12:50.0426 4980 pla - ok
21:12:50.0520 4980 [ E406A33046228BD89F0C2DB5C172F19C ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
21:12:50.0535 4980 PLFlash DeviceIoControl Service - ok
21:12:50.0582 4980 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:12:50.0629 4980 PlugPlay - ok
21:12:50.0645 4980 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:12:50.0676 4980 PNRPAutoReg - ok
21:12:50.0691 4980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:12:50.0738 4980 PNRPsvc - ok
21:12:50.0832 4980 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:12:50.0941 4980 PolicyAgent - ok
21:12:51.0035 4980 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:12:51.0113 4980 Power - ok
21:12:51.0144 4980 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:12:51.0222 4980 PptpMiniport - ok
21:12:51.0269 4980 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:12:51.0300 4980 Processor - ok
21:12:51.0362 4980 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:12:51.0425 4980 ProfSvc - ok
21:12:51.0440 4980 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:12:51.0456 4980 ProtectedStorage - ok
21:12:51.0503 4980 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:12:51.0565 4980 Psched - ok
21:12:51.0612 4980 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:12:51.0737 4980 ql2300 - ok
21:12:51.0768 4980 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:12:51.0799 4980 ql40xx - ok
21:12:51.0830 4980 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:12:51.0861 4980 QWAVE - ok
21:12:51.0893 4980 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:12:51.0939 4980 QWAVEdrv - ok
21:12:51.0971 4980 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:12:52.0080 4980 RasAcd - ok
21:12:52.0111 4980 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:12:52.0173 4980 RasAgileVpn - ok
21:12:52.0205 4980 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:12:52.0283 4980 RasAuto - ok
21:12:52.0329 4980 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:52.0392 4980 Rasl2tp - ok
21:12:52.0454 4980 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:12:52.0610 4980 RasMan - ok
21:12:52.0673 4980 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:52.0813 4980 RasPppoe - ok
21:12:52.0875 4980 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:12:52.0953 4980 RasSstp - ok
21:12:53.0063 4980 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:12:53.0125 4980 rdbss - ok
21:12:53.0156 4980 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:12:53.0203 4980 rdpbus - ok
21:12:53.0234 4980 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:53.0297 4980 RDPCDD - ok
21:12:53.0343 4980 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:12:53.0406 4980 RDPENCDD - ok
21:12:53.0437 4980 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:12:53.0546 4980 RDPREFMP - ok
21:12:53.0577 4980 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:12:53.0624 4980 RDPWD - ok
21:12:53.0671 4980 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:12:53.0702 4980 rdyboost - ok
21:12:53.0733 4980 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:12:53.0796 4980 RemoteAccess - ok
21:12:53.0843 4980 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:12:53.0936 4980 RemoteRegistry - ok
21:12:53.0952 4980 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:12:54.0030 4980 RpcEptMapper - ok
21:12:54.0092 4980 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:12:54.0155 4980 RpcLocator - ok
21:12:54.0233 4980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:12:54.0311 4980 RpcSs - ok
21:12:54.0357 4980 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:12:54.0404 4980 rspndr - ok
21:12:54.0435 4980 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:12:54.0451 4980 SamSs - ok
21:12:54.0498 4980 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:12:54.0529 4980 sbp2port - ok
21:12:54.0560 4980 SBRE - ok
21:12:54.0607 4980 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:12:54.0685 4980 SCardSvr - ok
21:12:54.0732 4980 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:12:54.0825 4980 scfilter - ok
21:12:54.0872 4980 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:12:54.0950 4980 Schedule - ok
21:12:54.0981 4980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:12:55.0075 4980 SCPolicySvc - ok
21:12:55.0122 4980 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:12:55.0184 4980 SDRSVC - ok
21:12:55.0215 4980 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:12:55.0278 4980 secdrv - ok
21:12:55.0356 4980 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:12:55.0418 4980 seclogon - ok
21:12:55.0465 4980 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:12:55.0559 4980 SENS - ok
21:12:55.0605 4980 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:12:55.0699 4980 SensrSvc - ok
21:12:55.0715 4980 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:12:55.0746 4980 Serenum - ok
21:12:55.0777 4980 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:12:55.0808 4980 Serial - ok
21:12:55.0839 4980 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:12:55.0902 4980 sermouse - ok
21:12:55.0949 4980 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:12:56.0089 4980 SessionEnv - ok
21:12:56.0136 4980 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:12:56.0198 4980 sffdisk - ok
21:12:56.0229 4980 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:12:56.0261 4980 sffp_mmc - ok
21:12:56.0276 4980 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:12:56.0448 4980 sffp_sd - ok
21:12:56.0479 4980 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:12:56.0541 4980 sfloppy - ok
21:12:56.0604 4980 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:12:56.0713 4980 ShellHWDetection - ok
21:12:56.0760 4980 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
21:12:56.0791 4980 SiSGbeLH - ok
21:12:56.0822 4980 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:12:56.0853 4980 SiSRaid2 - ok
21:12:56.0900 4980 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:12:56.0947 4980 SiSRaid4 - ok
21:12:56.0978 4980 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:12:57.0041 4980 Smb - ok
21:12:57.0103 4980 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:12:57.0150 4980 SNMPTRAP - ok
21:12:57.0399 4980 [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
21:12:57.0462 4980 SNP2UVC - ok
21:12:57.0477 4980 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:12:57.0540 4980 spldr - ok
21:12:57.0649 4980 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:12:57.0711 4980 Spooler - ok
21:12:58.0008 4980 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:12:58.0117 4980 sppsvc - ok
21:12:58.0164 4980 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:12:58.0242 4980 sppuinotify - ok
21:12:58.0320 4980 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
21:12:58.0320 4980 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
21:12:58.0320 4980 sptd ( LockedFile.Multi.Generic ) - warning
21:12:58.0320 4980 sptd - detected LockedFile.Multi.Generic (1)
21:12:58.0445 4980 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:12:58.0554 4980 srv - ok
21:12:58.0663 4980 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:12:58.0710 4980 srv2 - ok
21:12:58.0741 4980 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:12:58.0788 4980 srvnet - ok
21:12:58.0819 4980 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:12:58.0897 4980 SSDPSRV - ok
21:12:58.0928 4980 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:12:59.0006 4980 SstpSvc - ok
21:12:59.0037 4980 StarOpen - ok
21:12:59.0084 4980 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:12:59.0147 4980 stexstor - ok
21:12:59.0193 4980 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:12:59.0240 4980 stisvc - ok
21:12:59.0287 4980 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:12:59.0303 4980 swenum - ok
21:12:59.0427 4980 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:12:59.0490 4980 swprv - ok
21:12:59.0599 4980 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:12:59.0661 4980 SysMain - ok
21:12:59.0693 4980 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:12:59.0724 4980 TabletInputService - ok
21:12:59.0755 4980 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:12:59.0849 4980 TapiSrv - ok
21:12:59.0880 4980 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:12:59.0958 4980 TBS - ok
21:13:00.0083 4980 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:13:00.0207 4980 Tcpip - ok
21:13:00.0270 4980 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:13:00.0332 4980 TCPIP6 - ok
21:13:00.0379 4980 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:13:00.0426 4980 tcpipreg - ok
21:13:00.0457 4980 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:13:00.0504 4980 TDPIPE - ok
21:13:00.0535 4980 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:13:00.0566 4980 TDTCP - ok
21:13:00.0629 4980 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:13:00.0675 4980 tdx - ok
21:13:00.0707 4980 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:13:00.0722 4980 TermDD - ok
21:13:00.0785 4980 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:13:00.0941 4980 TermService - ok
21:13:01.0003 4980 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:13:01.0097 4980 Themes - ok
21:13:01.0112 4980 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:13:01.0237 4980 THREADORDER - ok
21:13:01.0299 4980 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:13:01.0393 4980 TrkWks - ok
21:13:01.0549 4980 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:13:01.0627 4980 TrustedInstaller - ok
21:13:01.0658 4980 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:13:01.0721 4980 tssecsrv - ok
21:13:01.0767 4980 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:13:01.0799 4980 TsUsbFlt - ok
21:13:01.0861 4980 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:13:01.0923 4980 tunnel - ok
21:13:01.0986 4980 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:13:02.0001 4980 uagp35 - ok
21:13:02.0126 4980 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:13:02.0282 4980 udfs - ok
21:13:02.0345 4980 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:13:02.0423 4980 UI0Detect - ok
21:13:02.0438 4980 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:13:02.0454 4980 uliagpkx - ok
21:13:02.0485 4980 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:13:02.0501 4980 umbus - ok
21:13:02.0532 4980 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:13:02.0579 4980 UmPass - ok
21:13:02.0625 4980 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:13:02.0703 4980 upnphost - ok
21:13:02.0766 4980 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:13:02.0844 4980 usbccgp - ok
21:13:02.0875 4980 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:13:02.0906 4980 usbcir - ok
21:13:02.0922 4980 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:13:02.0969 4980 usbehci - ok
21:13:03.0000 4980 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:13:03.0047 4980 usbfilter - ok
21:13:03.0093 4980 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:13:03.0140 4980 usbhub - ok
21:13:03.0171 4980 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:13:03.0187 4980 usbohci - ok
21:13:03.0218 4980 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:13:03.0327 4980 usbprint - ok
21:13:03.0343 4980 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:13:03.0390 4980 USBSTOR - ok
21:13:03.0421 4980 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:13:03.0452 4980 usbuhci - ok
21:13:03.0499 4980 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:13:03.0561 4980 usbvideo - ok
21:13:03.0608 4980 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:13:03.0671 4980 UxSms - ok
21:13:03.0702 4980 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:13:03.0733 4980 VaultSvc - ok
21:13:03.0780 4980 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:13:03.0811 4980 vdrvroot - ok
21:13:03.0873 4980 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:13:03.0967 4980 vds - ok
21:13:04.0014 4980 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:13:04.0045 4980 vga - ok
21:13:04.0076 4980 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:13:04.0139 4980 VgaSave - ok
21:13:04.0201 4980 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:13:04.0232 4980 vhdmp - ok
21:13:04.0326 4980 [ FE595D1A1B781190BB483444B62CC607 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:13:04.0388 4980 VIAHdAudAddService - ok
21:13:04.0404 4980 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:13:04.0435 4980 viaide - ok
21:13:04.0451 4980 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:13:04.0482 4980 volmgr - ok
21:13:04.0529 4980 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:13:04.0544 4980 volmgrx - ok
21:13:04.0607 4980 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:13:04.0653 4980 volsnap - ok
21:13:04.0685 4980 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:13:04.0716 4980 vsmraid - ok
21:13:04.0763 4980 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:13:04.0841 4980 VSS - ok
21:13:04.0856 4980 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:13:04.0903 4980 vwifibus - ok
21:13:04.0934 4980 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:13:04.0981 4980 vwififlt - ok
21:13:05.0075 4980 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:13:05.0121 4980 W32Time - ok
21:13:05.0153 4980 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:13:05.0199 4980 WacomPen - ok
21:13:05.0246 4980 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:13:05.0355 4980 WANARP - ok
21:13:05.0371 4980 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:13:05.0433 4980 Wanarpv6 - ok
21:13:05.0605 4980 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:13:05.0714 4980 wbengine - ok
21:13:05.0777 4980 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:13:05.0823 4980 WbioSrvc - ok
21:13:05.0855 4980 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:13:05.0901 4980 wcncsvc - ok
21:13:05.0933 4980 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:13:05.0995 4980 WcsPlugInService - ok
21:13:06.0042 4980 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:13:06.0135 4980 Wd - ok
21:13:06.0260 4980 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:13:06.0323 4980 Wdf01000 - ok
21:13:06.0385 4980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:13:06.0525 4980 WdiServiceHost - ok
21:13:06.0541 4980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:13:06.0572 4980 WdiSystemHost - ok
21:13:06.0603 4980 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:13:06.0650 4980 WebClient - ok
21:13:06.0697 4980 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:13:06.0759 4980 Wecsvc - ok
21:13:06.0791 4980 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:13:06.0853 4980 wercplsupport - ok
21:13:06.0900 4980 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:13:07.0025 4980 WerSvc - ok
21:13:07.0056 4980 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:13:07.0134 4980 WfpLwf - ok
21:13:07.0181 4980 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:13:07.0212 4980 WimFltr - ok
21:13:07.0259 4980 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:13:07.0305 4980 WIMMount - ok
21:13:07.0321 4980 WinHttpAutoProxySvc - ok
21:13:07.0508 4980 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:13:07.0571 4980 Winmgmt - ok
21:13:07.0773 4980 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:13:07.0929 4980 WinRM - ok
21:13:08.0039 4980 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:13:08.0101 4980 Wlansvc - ok
21:13:08.0507 4980 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:13:08.0553 4980 wlidsvc - ok
21:13:08.0600 4980 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:13:08.0647 4980 WmiAcpi - ok
21:13:08.0709 4980 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:13:08.0756 4980 wmiApSrv - ok
21:13:08.0819 4980 WMPNetworkSvc - ok
21:13:08.0897 4980 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:13:09.0021 4980 WPCSvc - ok
21:13:09.0053 4980 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:13:09.0084 4980 WPDBusEnum - ok
21:13:09.0146 4980 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:13:09.0255 4980 ws2ifsl - ok
21:13:09.0271 4980 WSearch - ok
21:13:09.0302 4980 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:13:09.0349 4980 WudfPf - ok
21:13:09.0443 4980 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:13:09.0505 4980 WUDFRd - ok
21:13:09.0536 4980 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:13:09.0583 4980 wudfsvc - ok
21:13:09.0677 4980 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:13:09.0770 4980 WwanSvc - ok
21:13:09.0817 4980 ================ Scan global ===============================
21:13:09.0848 4980 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:13:09.0942 4980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:13:09.0957 4980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:13:10.0035 4980 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:13:10.0145 4980 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:13:10.0160 4980 [Global] - ok
21:13:10.0160 4980 ================ Scan MBR ==================================
21:13:10.0207 4980 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:13:11.0034 4980 \Device\Harddisk0\DR0 - ok
21:13:11.0034 4980 ================ Scan VBR ==================================
21:13:11.0065 4980 [ 4F86C15403AC3D811325AEA1415CA36F ] \Device\Harddisk0\DR0\Partition1
21:13:11.0081 4980 \Device\Harddisk0\DR0\Partition1 - ok
21:13:11.0081 4980 [ 9A2791439D13AB158AA1AFE5ECC34AC7 ] \Device\Harddisk0\DR0\Partition2
21:13:11.0081 4980 \Device\Harddisk0\DR0\Partition2 - ok
21:13:11.0081 4980 ============================================================
21:13:11.0081 4980 Scan finished
21:13:11.0081 4980 ============================================================
21:13:11.0096 4972 Detected object count: 3
21:13:11.0096 4972 Actual detected object count: 3
21:13:15.0683 4972 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:15.0683 4972 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:15.0683 4972 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:13:15.0683 4972 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:13:25.0261 4168 Deinitialize success
|
|
21.08.2012, 12:25
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2012, 16:42
| #28 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Hey, die Symbole bleiben wo sie sind und die Firewall ist aktiv. Wahnsinn! CF hat rumgemeckert es würde noch was von Avira laufen, aber Avira hab ich nicht mehrund weder in den Prozessen noch in den Programmen ist noch was von Avira zu finden. Avast hatte ich deaktiviert... Fand ich komisch, hat aber trotzdem scheinbar funktioniert Jetzt das Log Code:
ATTFilter ComboFix 12-08-22.03 - D 23.08.2012 17:05:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2204 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-23 bis 2012-08-23 ))))))))))))))))))))))))))))))
.
.
2012-08-23 15:14 . 2012-08-23 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 19:08 . 2012-08-20 19:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 20:12 . 2012-08-15 20:12 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-10 15:09 . 2012-08-10 15:09 -------- d-----w- c:\program files (x86)\ESET
2012-08-08 17:32 . 2012-08-08 17:32 -------- d-----w- c:\programdata\GFI Software
2012-08-08 12:53 . 2012-08-08 12:53 -------- d-----w- c:\users\D\AppData\Roaming\Malwarebytes
2012-08-08 12:52 . 2012-08-08 12:52 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 12:52 . 2012-08-08 12:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 12:52 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 10:14 . 2012-08-08 10:14 -------- d-----w- c:\users\D\AppData\Local\Downloaded Installations
2012-08-08 09:45 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-08 09:45 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-08 09:45 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-08 09:44 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-08 09:44 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-08 09:44 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-08 09:44 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-08 09:44 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-08 09:44 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-08 09:43 . 2012-08-08 09:43 -------- d-----w- c:\programdata\AVAST Software
2012-08-08 09:43 . 2012-08-08 09:43 -------- d-----w- c:\program files\AVAST Software
2012-08-04 16:21 . 2012-08-04 16:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 15:45 . 2012-08-04 15:45 -------- d-----w- C:\Mozilla
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 19:09 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 20:12 . 2012-05-18 07:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 20:12 . 2011-06-13 19:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 06:36 . 2009-12-25 13:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 06:45 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 17:34 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 17:34 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 17:34 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 17:34 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 17:34 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 17:34 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 17:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 14:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 14:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 06:34 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 06:34 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 06:34 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 06:34 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 06:34 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 06:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 06:34 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 06:34 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 06:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 06:34 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 06:34 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 06:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 06:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 06:34 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 06:34 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 06:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 06:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 06:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 06:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 17:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 17:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 17:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 17:34 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 17:34 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 17:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 17:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 17:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 17:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"GrooveMonitor"="d:\programme (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBAgent"="d:\programme (x86)\Nero\BackIt Up & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"QuickTime Task"="c:\program files (x86)\Panasonic\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-12-2 12862]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-12-21 29184]
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2009-12-25 1207312]
PHOTOfunSTUDIO 6.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-8-21 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-23 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 IGDCTRL;AVM IGD CTRL Service;d:\programme (x86)\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 20:12]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 18:00]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\k37c4983.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
SafeBoot-27299096.sys
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,8a,5c,4c,dc,39,8f,44,ac,08,33,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,8a,5c,4c,dc,39,8f,44,ac,08,33,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-23 17:23:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-23 15:23
.
Vor Suchlauf: 9 Verzeichnis(se), 25.449.267.200 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.272.897.536 Bytes frei
.
- - End Of File - - 897D764C977112FE28878666386BA135
|
|
30.08.2012, 14:21
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.08.2012, 17:11
| #30 |
| | TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 17:09:26
Windows 6.1.7601 Service Pack 1
Running: z065m0x9.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x7B 0x47 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x86 0xEA 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0x5B 0xF0 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x7B 0x47 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x86 0xEA 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0x5B 0xF0 0x51 ...
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:15:05 on 30.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma.cpl "mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "Nero BackItUp and BurnRights" - "Nero AG" - D:\Programme (x86)\Nero\BackIt Up & Burn\Nero BurnRights\NeroBurnRights_bb.cpl "Nero BurnRights" - "Nero AG" - D:\Programme (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\Panasonic\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - ? - C:\Program Files\ATKGFNEX\ASMMAP64.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Lbd" (Lbd) - ? - C:\Windows\System32\DRIVERS\Lbd.sys (File not found) "SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - D:\Programme (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - D:\Programme (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - D:\Programme (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_34.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe (Shortcut exists | File exists) "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - D:\Programme (x86)\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "PHOTOfunSTUDIO 6.0.lnk" - "Panasonic Corporation" - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe "ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "GrooveMonitor" - "Microsoft Corporation" - "D:\Programme (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe "HDAudDeck" - "VIA" - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r "NBAgent" - "Nero AG" - "D:\Programme (x86)\Nero\BackIt Up & Burn\Nero BackItUp\NBAgent.exe" /WinStart "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\Panasonic\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor MP810" - "CANON INC." - C:\Windows\system32\CNMLM8A.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - D:\Programme (x86)\FRITZ!DSL\IGDCTRL.EXE "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Programme (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe "Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\SysWOW64\IoctlSvc.exe "Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 17:17:32
-----------------------------
17:17:32.257 OS Version: Windows x64 6.1.7601 Service Pack 1
17:17:32.257 Number of processors: 2 586 0x301
17:17:32.257 ComputerName: D-PC UserName: D
17:17:33.895 Initialize success
17:17:34.036 AVAST engine defs: 12082901
17:17:52.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:17:52.335 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 11
17:17:52.366 Disk 0 MBR read successfully
17:17:52.366 Disk 0 MBR scan
17:17:52.381 Disk 0 Windows VISTA default MBR code
17:17:52.413 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
17:17:52.444 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 59616 MB offset 30716280
17:17:52.459 Disk 0 Partition - 00 0F Extended LBA 163858 MB offset 152810280
17:17:52.491 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 163858 MB offset 152810343
17:17:52.537 Disk 0 scanning C:\Windows\system32\drivers
17:18:04.830 Service scanning
17:18:23.160 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:18:30.274 Modules scanning
17:18:30.305 Disk 0 trace - called modules:
17:18:30.352 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80034c52c0]<<spew.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:18:30.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003872060]
17:18:30.383 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003805b60]
17:18:30.399 \Driver\amdxata[0xfffffa8003599c90] -> IRP_MJ_CREATE -> 0xfffffa80034c52c0
17:18:30.399 5 amdxata.sys[fffff88000fdc917] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80037ff900]
17:18:30.414 \Driver\amdsata[0xfffffa80035989d0] -> IRP_MJ_CREATE -> 0xfffffa80034c32c0
17:18:31.023 AVAST engine scan C:\Windows
17:18:34.018 AVAST engine scan C:\Windows\system32
17:21:49.954 AVAST engine scan C:\Windows\system32\drivers
17:22:03.495 AVAST engine scan C:\Users\D
17:28:59.907 AVAST engine scan C:\ProgramData
17:30:20.409 Scan finished successfully
18:05:20.341 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
18:05:20.357 The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR.txt"
|
|
| Themen zu TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750 |
| abgesicherten, aufforderung, avira, board, datei, funde, installieren, löschen, melde, modus, namen, natürlich, neu aufgesetzt, neustarten, probleme, programm, quarantäne, rechner, schei, system, tr/atraps.gen, vater, verschieben, win, würde, zusammen |
Linear-Darstellung
