| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Rechner gesperrt -Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 15:22
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner - Rechner gesperrt - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2012, 16:18
| #17 |
 | GVU Trojaner - Rechner gesperrt -Code:
ATTFilter
17:15:24.0947 2912 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:15:25.0136 2912 ============================================================
17:15:25.0136 2912 Current date / time: 2012/09/06 17:15:25.0136
17:15:25.0136 2912 SystemInfo:
17:15:25.0136 2912
17:15:25.0136 2912 OS Version: 6.1.7601 ServicePack: 1.0
17:15:25.0136 2912 Product type: Workstation
17:15:25.0136 2912 ComputerName: *****
17:15:25.0137 2912 UserName: *****
17:15:25.0137 2912 Windows directory: C:\Windows
17:15:25.0137 2912 System windows directory: C:\Windows
17:15:25.0137 2912 Running under WOW64
17:15:25.0137 2912 Processor architecture: Intel x64
17:15:25.0137 2912 Number of processors: 2
17:15:25.0137 2912 Page size: 0x1000
17:15:25.0137 2912 Boot type: Normal boot
17:15:25.0137 2912 ============================================================
17:15:26.0437 2912 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:15:26.0441 2912 ============================================================
17:15:26.0441 2912 \Device\Harddisk0\DR0:
17:15:26.0441 2912 MBR partitions:
17:15:26.0441 2912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:15:26.0441 2912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30A1000
17:15:26.0456 2912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x1A0EC9CE
17:15:26.0456 2912 ============================================================
17:15:26.0607 2912 C: <-> \Device\Harddisk0\DR0\Partition2
17:15:26.0977 2912 D: <-> \Device\Harddisk0\DR0\Partition3
17:15:26.0999 2912 ============================================================
17:15:27.0000 2912 Initialize success
17:15:27.0000 2912 ============================================================
17:16:50.0322 3204 ============================================================
17:16:50.0323 3204 Scan started
17:16:50.0323 3204 Mode: Manual; SigCheck; TDLFS;
17:16:50.0323 3204 ============================================================
17:16:50.0623 3204 ================ Scan system memory ========================
17:16:50.0624 3204 System memory - ok
17:16:50.0624 3204 ================ Scan services =============================
17:16:50.0765 3204 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:16:50.0856 3204 1394ohci - ok
17:16:50.0898 3204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:16:50.0916 3204 ACPI - ok
17:16:50.0938 3204 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:16:50.0973 3204 AcpiPmi - ok
17:16:51.0079 3204 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:16:51.0091 3204 AdobeFlashPlayerUpdateSvc - ok
17:16:51.0146 3204 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:16:51.0168 3204 adp94xx - ok
17:16:51.0204 3204 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:16:51.0223 3204 adpahci - ok
17:16:51.0245 3204 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:16:51.0259 3204 adpu320 - ok
17:16:51.0286 3204 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:16:51.0327 3204 AeLookupSvc - ok
17:16:51.0370 3204 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:16:51.0408 3204 AFD - ok
17:16:51.0439 3204 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:16:51.0452 3204 agp440 - ok
17:16:51.0470 3204 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:16:51.0560 3204 ALG - ok
17:16:51.0589 3204 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:16:51.0601 3204 aliide - ok
17:16:51.0611 3204 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:16:51.0622 3204 amdide - ok
17:16:51.0659 3204 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:16:51.0695 3204 AmdK8 - ok
17:16:51.0708 3204 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:16:51.0744 3204 AmdPPM - ok
17:16:51.0753 3204 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:16:51.0768 3204 amdsata - ok
17:16:51.0787 3204 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:16:51.0801 3204 amdsbs - ok
17:16:51.0818 3204 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:16:51.0830 3204 amdxata - ok
17:16:51.0867 3204 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
17:16:51.0888 3204 anodlwf - ok
17:16:51.0958 3204 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:16:51.0970 3204 AntiVirSchedulerService - ok
17:16:52.0000 3204 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:16:52.0009 3204 AntiVirService - ok
17:16:52.0031 3204 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:16:52.0048 3204 AntiVirWebService - ok
17:16:52.0097 3204 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:16:52.0146 3204 AppID - ok
17:16:52.0164 3204 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:16:52.0215 3204 AppIDSvc - ok
17:16:52.0250 3204 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:16:52.0327 3204 Appinfo - ok
17:16:52.0360 3204 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:16:52.0373 3204 arc - ok
17:16:52.0387 3204 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:16:52.0400 3204 arcsas - ok
17:16:52.0453 3204 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:16:53.0005 3204 AsIO - ok
17:16:53.0035 3204 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:53.0094 3204 AsyncMac - ok
17:16:53.0129 3204 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:16:53.0141 3204 atapi - ok
17:16:53.0182 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:16:53.0249 3204 AudioEndpointBuilder - ok
17:16:53.0263 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:16:53.0303 3204 AudioSrv - ok
17:16:53.0347 3204 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:16:53.0360 3204 avgntflt - ok
17:16:53.0399 3204 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:16:53.0412 3204 avipbb - ok
17:16:53.0421 3204 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:16:53.0432 3204 avkmgr - ok
17:16:53.0473 3204 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:16:53.0537 3204 AxInstSV - ok
17:16:53.0581 3204 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:16:53.0617 3204 b06bdrv - ok
17:16:53.0649 3204 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:53.0686 3204 b57nd60a - ok
17:16:53.0745 3204 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:16:53.0785 3204 BDESVC - ok
17:16:53.0799 3204 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:16:53.0855 3204 Beep - ok
17:16:53.0908 3204 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:16:53.0956 3204 BFE - ok
17:16:54.0006 3204 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:16:54.0077 3204 BITS - ok
17:16:54.0102 3204 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:54.0118 3204 blbdrive - ok
17:16:54.0136 3204 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:16:54.0157 3204 bowser - ok
17:16:54.0185 3204 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:16:54.0214 3204 BrFiltLo - ok
17:16:54.0220 3204 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:16:54.0234 3204 BrFiltUp - ok
17:16:54.0259 3204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:16:54.0277 3204 Browser - ok
17:16:54.0300 3204 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:16:54.0351 3204 Brserid - ok
17:16:54.0367 3204 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:54.0386 3204 BrSerWdm - ok
17:16:54.0397 3204 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:54.0411 3204 BrUsbMdm - ok
17:16:54.0417 3204 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:54.0446 3204 BrUsbSer - ok
17:16:54.0461 3204 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:16:54.0485 3204 BTHMODEM - ok
17:16:54.0519 3204 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:16:54.0593 3204 bthserv - ok
17:16:54.0611 3204 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:16:54.0656 3204 cdfs - ok
17:16:54.0693 3204 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:16:54.0732 3204 cdrom - ok
17:16:54.0769 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:16:54.0804 3204 CertPropSvc - ok
17:16:54.0835 3204 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:16:54.0867 3204 circlass - ok
17:16:54.0894 3204 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:16:54.0913 3204 CLFS - ok
17:16:54.0947 3204 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:54.0960 3204 clr_optimization_v2.0.50727_32 - ok
17:16:55.0003 3204 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:55.0017 3204 clr_optimization_v2.0.50727_64 - ok
17:16:55.0087 3204 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:55.0124 3204 clr_optimization_v4.0.30319_32 - ok
17:16:55.0146 3204 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:55.0159 3204 clr_optimization_v4.0.30319_64 - ok
17:16:55.0188 3204 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:55.0208 3204 CmBatt - ok
17:16:55.0237 3204 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:16:55.0249 3204 cmdide - ok
17:16:55.0284 3204 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:16:55.0349 3204 CNG - ok
17:16:55.0372 3204 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:16:55.0383 3204 Compbatt - ok
17:16:55.0411 3204 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:16:55.0434 3204 CompositeBus - ok
17:16:55.0444 3204 COMSysApp - ok
17:16:55.0461 3204 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:16:55.0473 3204 crcdisk - ok
17:16:55.0519 3204 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:16:55.0543 3204 CryptSvc - ok
17:16:55.0584 3204 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
17:16:55.0594 3204 CVirtA - ok
17:16:55.0662 3204 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:16:55.0706 3204 CVPND - ok
17:16:55.0733 3204 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
17:16:55.0750 3204 CVPNDRVA - ok
17:16:55.0795 3204 [ C062A2B158ED9C643D24F8E33A607C9F ] D-Link Wireless N DWA-140_WPS C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
17:16:55.0811 3204 D-Link Wireless N DWA-140_WPS ( UnsignedFile.Multi.Generic ) - warning
17:16:55.0811 3204 D-Link Wireless N DWA-140_WPS - detected UnsignedFile.Multi.Generic (1)
17:16:55.0866 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:16:55.0917 3204 DcomLaunch - ok
17:16:55.0943 3204 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:16:55.0999 3204 defragsvc - ok
17:16:56.0037 3204 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:16:56.0079 3204 DfsC - ok
17:16:56.0098 3204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:16:56.0149 3204 Dhcp - ok
17:16:56.0171 3204 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:16:56.0211 3204 discache - ok
17:16:56.0242 3204 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:16:56.0253 3204 Disk - ok
17:16:56.0301 3204 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
17:16:56.0311 3204 DNE - ok
17:16:56.0337 3204 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:16:56.0378 3204 Dnscache - ok
17:16:56.0406 3204 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:16:56.0455 3204 dot3svc - ok
17:16:56.0500 3204 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:16:56.0533 3204 Dot4 - ok
17:16:56.0583 3204 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:16:56.0619 3204 Dot4Print - ok
17:16:56.0641 3204 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:16:56.0661 3204 dot4usb - ok
17:16:56.0693 3204 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:16:56.0737 3204 DPS - ok
17:16:56.0772 3204 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:16:56.0803 3204 drmkaud - ok
17:16:56.0864 3204 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:16:56.0897 3204 DXGKrnl - ok
17:16:56.0928 3204 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:16:56.0981 3204 EapHost - ok
17:16:57.0092 3204 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:16:57.0178 3204 ebdrv - ok
17:16:57.0200 3204 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:16:57.0243 3204 EFS - ok
17:16:57.0298 3204 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:16:57.0336 3204 ehRecvr - ok
17:16:57.0363 3204 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:16:57.0400 3204 ehSched - ok
17:16:57.0436 3204 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:16:57.0459 3204 elxstor - ok
17:16:57.0487 3204 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:16:57.0510 3204 ErrDev - ok
17:16:57.0559 3204 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:16:57.0624 3204 EventSystem - ok
17:16:57.0642 3204 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:16:57.0691 3204 exfat - ok
17:16:57.0715 3204 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:16:57.0764 3204 fastfat - ok
17:16:57.0816 3204 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:16:57.0875 3204 Fax - ok
17:16:57.0901 3204 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:16:57.0913 3204 fdc - ok
17:16:57.0940 3204 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:16:57.0987 3204 fdPHost - ok
17:16:58.0002 3204 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:16:58.0086 3204 FDResPub - ok
17:16:58.0109 3204 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:16:58.0126 3204 FileInfo - ok
17:16:58.0159 3204 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:16:58.0249 3204 Filetrace - ok
17:16:58.0271 3204 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:58.0283 3204 flpydisk - ok
17:16:58.0329 3204 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:16:58.0347 3204 FltMgr - ok
17:16:58.0398 3204 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:16:58.0444 3204 FontCache - ok
17:16:58.0492 3204 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:16:58.0502 3204 FontCache3.0.0.0 - ok
17:16:58.0521 3204 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:16:58.0533 3204 FsDepends - ok
17:16:58.0550 3204 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:16:58.0561 3204 Fs_Rec - ok
17:16:58.0598 3204 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:16:58.0617 3204 fvevol - ok
17:16:58.0640 3204 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:16:58.0652 3204 gagp30kx - ok
17:16:58.0692 3204 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:16:58.0746 3204 gpsvc - ok
17:16:58.0791 3204 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:16:58.0834 3204 hcw85cir - ok
17:16:58.0880 3204 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:16:58.0915 3204 HdAudAddService - ok
17:16:58.0931 3204 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:16:58.0964 3204 HDAudBus - ok
17:16:58.0988 3204 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:16:59.0014 3204 HidBatt - ok
17:16:59.0036 3204 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:16:59.0052 3204 HidBth - ok
17:16:59.0066 3204 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:16:59.0090 3204 HidIr - ok
17:16:59.0115 3204 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:16:59.0165 3204 hidserv - ok
17:16:59.0194 3204 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:16:59.0206 3204 HidUsb - ok
17:16:59.0242 3204 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:16:59.0277 3204 hkmsvc - ok
17:16:59.0308 3204 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:16:59.0335 3204 HomeGroupListener - ok
17:16:59.0372 3204 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:16:59.0395 3204 HomeGroupProvider - ok
17:16:59.0426 3204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:16:59.0440 3204 HpSAMD - ok
17:16:59.0556 3204 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:16:59.0602 3204 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:16:59.0602 3204 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:16:59.0660 3204 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:16:59.0711 3204 HTTP - ok
17:16:59.0738 3204 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:16:59.0749 3204 hwpolicy - ok
17:16:59.0785 3204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:16:59.0798 3204 i8042prt - ok
17:16:59.0830 3204 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:16:59.0851 3204 iaStorV - ok
17:16:59.0906 3204 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:16:59.0935 3204 idsvc - ok
17:16:59.0960 3204 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:16:59.0973 3204 iirsp - ok
17:17:00.0017 3204 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:17:00.0078 3204 IKEEXT - ok
17:17:00.0097 3204 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:17:00.0109 3204 intelide - ok
17:17:00.0135 3204 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:17:00.0153 3204 intelppm - ok
17:17:00.0185 3204 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:17:00.0234 3204 IPBusEnum - ok
17:17:00.0270 3204 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:00.0303 3204 IpFilterDriver - ok
17:17:00.0334 3204 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:17:00.0385 3204 iphlpsvc - ok
17:17:00.0412 3204 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:17:00.0425 3204 IPMIDRV - ok
17:17:00.0442 3204 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:17:00.0490 3204 IPNAT - ok
17:17:00.0521 3204 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:17:00.0557 3204 IRENUM - ok
17:17:00.0600 3204 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:17:00.0612 3204 isapnp - ok
17:17:00.0637 3204 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:17:00.0655 3204 iScsiPrt - ok
17:17:00.0682 3204 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:17:00.0695 3204 kbdclass - ok
17:17:00.0720 3204 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:17:00.0749 3204 kbdhid - ok
17:17:00.0766 3204 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:17:00.0778 3204 KeyIso - ok
17:17:00.0807 3204 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:17:00.0820 3204 KSecDD - ok
17:17:00.0838 3204 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:17:00.0854 3204 KSecPkg - ok
17:17:00.0871 3204 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:17:00.0919 3204 ksthunk - ok
17:17:00.0946 3204 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:17:00.0998 3204 KtmRm - ok
17:17:01.0031 3204 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:17:01.0085 3204 LanmanServer - ok
17:17:01.0116 3204 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:17:01.0162 3204 LanmanWorkstation - ok
17:17:01.0198 3204 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:17:01.0252 3204 lltdio - ok
17:17:01.0284 3204 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:17:01.0332 3204 lltdsvc - ok
17:17:01.0346 3204 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:17:01.0383 3204 lmhosts - ok
17:17:01.0408 3204 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:01.0421 3204 LSI_FC - ok
17:17:01.0438 3204 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:01.0452 3204 LSI_SAS - ok
17:17:01.0465 3204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:01.0478 3204 LSI_SAS2 - ok
17:17:01.0495 3204 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:01.0509 3204 LSI_SCSI - ok
17:17:01.0530 3204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:17:01.0566 3204 luafv - ok
17:17:01.0603 3204 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:17:01.0625 3204 Mcx2Svc - ok
17:17:01.0644 3204 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:17:01.0656 3204 megasas - ok
17:17:01.0672 3204 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:17:01.0691 3204 MegaSR - ok
17:17:01.0721 3204 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:17:01.0769 3204 MMCSS - ok
17:17:01.0787 3204 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:17:01.0827 3204 Modem - ok
17:17:01.0843 3204 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:17:01.0865 3204 monitor - ok
17:17:01.0895 3204 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:17:01.0907 3204 mouclass - ok
17:17:01.0933 3204 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:17:01.0958 3204 mouhid - ok
17:17:01.0992 3204 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:17:02.0003 3204 mountmgr - ok
17:17:02.0036 3204 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:17:02.0050 3204 mpio - ok
17:17:02.0061 3204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:17:02.0108 3204 mpsdrv - ok
17:17:02.0152 3204 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:17:02.0208 3204 MpsSvc - ok
17:17:02.0233 3204 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:17:02.0263 3204 MRxDAV - ok
17:17:02.0289 3204 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:02.0313 3204 mrxsmb - ok
17:17:02.0334 3204 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:02.0361 3204 mrxsmb10 - ok
17:17:02.0383 3204 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:02.0397 3204 mrxsmb20 - ok
17:17:02.0428 3204 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:17:02.0440 3204 msahci - ok
17:17:02.0469 3204 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:17:02.0483 3204 msdsm - ok
17:17:02.0499 3204 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:17:02.0522 3204 MSDTC - ok
17:17:02.0559 3204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:17:02.0593 3204 Msfs - ok
17:17:02.0621 3204 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:17:02.0661 3204 mshidkmdf - ok
17:17:02.0679 3204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:17:02.0690 3204 msisadrv - ok
17:17:02.0714 3204 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:17:02.0766 3204 MSiSCSI - ok
17:17:02.0772 3204 msiserver - ok
17:17:02.0788 3204 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:17:02.0834 3204 MSKSSRV - ok
17:17:02.0846 3204 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:02.0890 3204 MSPCLOCK - ok
17:17:02.0897 3204 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:17:02.0937 3204 MSPQM - ok
17:17:02.0974 3204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:17:02.0994 3204 MsRPC - ok
17:17:03.0012 3204 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:17:03.0023 3204 mssmbios - ok
17:17:03.0040 3204 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:17:03.0082 3204 MSTEE - ok
17:17:03.0088 3204 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:17:03.0100 3204 MTConfig - ok
17:17:03.0130 3204 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:17:03.0139 3204 MTsensor - ok
17:17:03.0166 3204 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:17:03.0179 3204 Mup - ok
17:17:03.0217 3204 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:17:03.0278 3204 napagent - ok
17:17:03.0396 3204 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:17:03.0430 3204 NativeWifiP - ok
17:17:03.0460 3204 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:17:03.0493 3204 NDIS - ok
17:17:03.0517 3204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:03.0562 3204 NdisCap - ok
17:17:03.0578 3204 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:03.0618 3204 NdisTapi - ok
17:17:03.0652 3204 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:03.0697 3204 Ndisuio - ok
17:17:03.0721 3204 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:03.0767 3204 NdisWan - ok
17:17:03.0793 3204 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:17:03.0835 3204 NDProxy - ok
17:17:03.0877 3204 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:17:03.0899 3204 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:17:03.0899 3204 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:17:03.0925 3204 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:17:03.0969 3204 NetBIOS - ok
17:17:04.0009 3204 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:17:04.0058 3204 NetBT - ok
17:17:04.0076 3204 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:17:04.0086 3204 Netlogon - ok
17:17:04.0136 3204 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:17:04.0195 3204 Netman - ok
17:17:04.0216 3204 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:17:04.0272 3204 netprofm - ok
17:17:04.0316 3204 [ FAD5127B44A089BB420BD0DB48F2075F ] netr28ux C:\Windows\system32\DRIVERS\Dnetr28ux.sys
17:17:04.0349 3204 netr28ux - ok
17:17:04.0378 3204 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:17:04.0390 3204 NetTcpPortSharing - ok
17:17:04.0423 3204 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:17:04.0435 3204 nfrd960 - ok
17:17:04.0473 3204 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:17:04.0534 3204 NlaSvc - ok
17:17:04.0550 3204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:17:04.0585 3204 Npfs - ok
17:17:04.0605 3204 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:17:04.0641 3204 nsi - ok
17:17:04.0653 3204 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:17:04.0694 3204 nsiproxy - ok
17:17:04.0774 3204 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:17:04.0824 3204 Ntfs - ok
17:17:04.0831 3204 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:17:04.0865 3204 Null - ok
17:17:04.0910 3204 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:17:04.0941 3204 NVENETFD - ok
17:17:05.0232 3204 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:17:05.0593 3204 nvlddmkm - ok
17:17:05.0621 3204 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:17:05.0636 3204 nvraid - ok
17:17:05.0670 3204 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:17:05.0683 3204 nvstor - ok
17:17:05.0708 3204 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:17:05.0721 3204 nv_agp - ok
17:17:05.0733 3204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:17:05.0759 3204 ohci1394 - ok
17:17:05.0800 3204 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:05.0813 3204 ose - ok
17:17:05.0974 3204 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:17:06.0100 3204 osppsvc - ok
17:17:06.0143 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:17:06.0175 3204 p2pimsvc - ok
17:17:06.0203 3204 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:17:06.0224 3204 p2psvc - ok
17:17:06.0271 3204 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:17:06.0285 3204 Parport - ok
17:17:06.0307 3204 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:17:06.0320 3204 partmgr - ok
17:17:06.0341 3204 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:17:06.0375 3204 PcaSvc - ok
17:17:06.0391 3204 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:17:06.0407 3204 pci - ok
17:17:06.0438 3204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:17:06.0449 3204 pciide - ok
17:17:06.0470 3204 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:17:06.0486 3204 pcmcia - ok
17:17:06.0502 3204 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:17:06.0515 3204 pcw - ok
17:17:06.0542 3204 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:17:06.0599 3204 PEAUTH - ok
17:17:06.0678 3204 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:17:06.0697 3204 PerfHost - ok
17:17:06.0769 3204 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:17:06.0841 3204 pla - ok
17:17:06.0874 3204 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:17:06.0904 3204 PlugPlay - ok
17:17:06.0945 3204 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:17:06.0958 3204 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:17:06.0958 3204 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:17:06.0983 3204 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:17:07.0007 3204 PNRPAutoReg - ok
17:17:07.0031 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:17:07.0045 3204 PNRPsvc - ok
17:17:07.0083 3204 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:17:07.0133 3204 PolicyAgent - ok
17:17:07.0163 3204 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:17:07.0208 3204 Power - ok
17:17:07.0235 3204 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:17:07.0270 3204 PptpMiniport - ok
17:17:07.0288 3204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:17:07.0309 3204 Processor - ok
17:17:07.0364 3204 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:17:07.0397 3204 ProfSvc - ok
17:17:07.0410 3204 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:17:07.0421 3204 ProtectedStorage - ok
17:17:07.0456 3204 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:17:07.0500 3204 Psched - ok
17:17:07.0541 3204 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:17:07.0588 3204 ql2300 - ok
17:17:07.0608 3204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:17:07.0626 3204 ql40xx - ok
17:17:07.0652 3204 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:17:07.0689 3204 QWAVE - ok
17:17:07.0706 3204 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:17:07.0731 3204 QWAVEdrv - ok
17:17:07.0745 3204 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:17:07.0787 3204 RasAcd - ok
17:17:07.0820 3204 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:17:07.0855 3204 RasAgileVpn - ok
17:17:07.0867 3204 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:17:07.0916 3204 RasAuto - ok
17:17:07.0947 3204 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:17:07.0998 3204 Rasl2tp - ok
17:17:08.0084 3204 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:17:08.0133 3204 RasMan - ok
17:17:08.0153 3204 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:17:08.0201 3204 RasPppoe - ok
17:17:08.0216 3204 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:17:08.0258 3204 RasSstp - ok
17:17:08.0292 3204 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:17:08.0337 3204 rdbss - ok
17:17:08.0354 3204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:17:08.0384 3204 rdpbus - ok
17:17:08.0395 3204 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:17:08.0430 3204 RDPCDD - ok
17:17:08.0457 3204 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:17:08.0501 3204 RDPENCDD - ok
17:17:08.0511 3204 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:17:08.0546 3204 RDPREFMP - ok
17:17:08.0573 3204 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:17:08.0612 3204 RDPWD - ok
17:17:08.0651 3204 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:17:08.0666 3204 rdyboost - ok
17:17:08.0683 3204 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:17:08.0726 3204 RemoteAccess - ok
17:17:08.0743 3204 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:17:08.0787 3204 RemoteRegistry - ok
17:17:08.0811 3204 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:17:08.0858 3204 RpcEptMapper - ok
17:17:08.0888 3204 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:17:08.0910 3204 RpcLocator - ok
17:17:08.0954 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:17:08.0993 3204 RpcSs - ok
17:17:09.0023 3204 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:17:09.0095 3204 rspndr - ok
17:17:09.0126 3204 [ 4F55BC63DCA859A6DEDC1106E0062135 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
17:17:09.0148 3204 S3XXx64 - ok
17:17:09.0160 3204 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:17:09.0171 3204 SamSs - ok
17:17:09.0206 3204 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:17:09.0219 3204 sbp2port - ok
17:17:09.0245 3204 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:17:09.0305 3204 SCardSvr - ok
17:17:09.0331 3204 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:17:09.0370 3204 scfilter - ok
17:17:09.0418 3204 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:17:09.0490 3204 Schedule - ok
17:17:09.0524 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:17:09.0557 3204 SCPolicySvc - ok
17:17:09.0591 3204 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:17:09.0636 3204 SDRSVC - ok
17:17:09.0672 3204 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:17:09.0723 3204 secdrv - ok
17:17:09.0758 3204 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:17:09.0807 3204 seclogon - ok
17:17:09.0829 3204 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:17:09.0865 3204 SENS - ok
17:17:09.0878 3204 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:17:09.0906 3204 SensrSvc - ok
17:17:09.0932 3204 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:17:09.0954 3204 Serenum - ok
17:17:09.0975 3204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:17:09.0989 3204 Serial - ok
17:17:10.0004 3204 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:17:10.0032 3204 sermouse - ok
17:17:10.0066 3204 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:17:10.0114 3204 SessionEnv - ok
17:17:10.0139 3204 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:17:10.0173 3204 sffdisk - ok
17:17:10.0190 3204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:17:10.0208 3204 sffp_mmc - ok
17:17:10.0230 3204 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:17:10.0250 3204 sffp_sd - ok
17:17:10.0266 3204 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:17:10.0288 3204 sfloppy - ok
17:17:10.0315 3204 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:17:10.0366 3204 SharedAccess - ok
17:17:10.0408 3204 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:17:10.0458 3204 ShellHWDetection - ok
17:17:10.0479 3204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:17:10.0491 3204 SiSRaid2 - ok
17:17:10.0503 3204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:17:10.0516 3204 SiSRaid4 - ok
17:17:10.0537 3204 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:17:10.0575 3204 Smb - ok
17:17:10.0613 3204 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:17:10.0627 3204 SNMPTRAP - ok
17:17:10.0641 3204 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:17:10.0653 3204 spldr - ok
17:17:10.0692 3204 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:17:10.0740 3204 Spooler - ok
17:17:10.0840 3204 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:17:10.0955 3204 sppsvc - ok
17:17:10.0975 3204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:17:11.0028 3204 sppuinotify - ok
17:17:11.0061 3204 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:17:11.0093 3204 srv - ok
17:17:11.0117 3204 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:17:11.0149 3204 srv2 - ok
17:17:11.0170 3204 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:17:11.0190 3204 srvnet - ok
17:17:11.0219 3204 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:17:11.0282 3204 SSDPSRV - ok
17:17:11.0297 3204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:17:11.0333 3204 SstpSvc - ok
17:17:11.0357 3204 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:17:11.0369 3204 stexstor - ok
17:17:11.0423 3204 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:17:11.0467 3204 stisvc - ok
17:17:11.0491 3204 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:17:11.0501 3204 swenum - ok
17:17:11.0536 3204 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:17:11.0592 3204 swprv - ok
17:17:11.0656 3204 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:17:11.0717 3204 SysMain - ok
17:17:11.0750 3204 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:17:11.0783 3204 TabletInputService - ok
17:17:11.0794 3204 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:17:11.0843 3204 TapiSrv - ok
17:17:11.0864 3204 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:17:11.0900 3204 TBS - ok
17:17:11.0976 3204 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:17:12.0032 3204 Tcpip - ok
17:17:12.0075 3204 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:17:12.0115 3204 TCPIP6 - ok
17:17:12.0150 3204 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:17:12.0197 3204 tcpipreg - ok
17:17:12.0228 3204 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:17:12.0251 3204 TDPIPE - ok
17:17:12.0277 3204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:17:12.0292 3204 TDTCP - ok
17:17:12.0328 3204 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:17:12.0363 3204 tdx - ok
17:17:12.0391 3204 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:17:12.0404 3204 TermDD - ok
17:17:12.0439 3204 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:17:12.0494 3204 TermService - ok
17:17:12.0514 3204 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:17:12.0542 3204 Themes - ok
17:17:12.0562 3204 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:17:12.0597 3204 THREADORDER - ok
17:17:12.0612 3204 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:17:12.0658 3204 TrkWks - ok
17:17:12.0704 3204 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:17:12.0745 3204 TrustedInstaller - ok
17:17:12.0784 3204 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:12.0817 3204 tssecsrv - ok
17:17:12.0853 3204 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:17:12.0876 3204 TsUsbFlt - ok
17:17:12.0919 3204 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:17:12.0964 3204 tunnel - ok
17:17:12.0987 3204 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:17:13.0000 3204 uagp35 - ok
17:17:13.0030 3204 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:17:13.0079 3204 udfs - ok
17:17:13.0114 3204 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:17:13.0127 3204 UI0Detect - ok
17:17:13.0156 3204 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:17:13.0168 3204 uliagpkx - ok
17:17:13.0193 3204 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:17:13.0212 3204 umbus - ok
17:17:13.0231 3204 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:17:13.0243 3204 UmPass - ok
17:17:13.0264 3204 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:17:13.0306 3204 upnphost - ok
17:17:13.0339 3204 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:13.0371 3204 usbccgp - ok
17:17:13.0392 3204 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:17:13.0409 3204 usbcir - ok
17:17:13.0435 3204 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:17:13.0456 3204 usbehci - ok
17:17:13.0478 3204 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:17:13.0513 3204 usbhub - ok
17:17:13.0532 3204 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:17:13.0554 3204 usbohci - ok
17:17:13.0607 3204 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:17:13.0644 3204 usbprint - ok
17:17:13.0666 3204 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:17:13.0680 3204 usbscan - ok
17:17:13.0697 3204 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:13.0717 3204 USBSTOR - ok
17:17:13.0733 3204 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:17:13.0751 3204 usbuhci - ok
17:17:13.0777 3204 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:17:13.0822 3204 UxSms - ok
17:17:13.0837 3204 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:17:13.0849 3204 VaultSvc - ok
17:17:13.0881 3204 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:17:13.0893 3204 vdrvroot - ok
17:17:13.0938 3204 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:17:13.0983 3204 vds - ok
17:17:13.0994 3204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:14.0009 3204 vga - ok
17:17:14.0023 3204 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:17:14.0065 3204 VgaSave - ok
17:17:14.0093 3204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:17:14.0110 3204 vhdmp - ok
17:17:14.0138 3204 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:17:14.0150 3204 viaide - ok
17:17:14.0169 3204 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:17:14.0182 3204 volmgr - ok
17:17:14.0244 3204 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:17:14.0267 3204 volmgrx - ok
17:17:14.0288 3204 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:17:14.0306 3204 volsnap - ok
17:17:14.0334 3204 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:17:14.0349 3204 vsmraid - ok
17:17:14.0413 3204 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:17:14.0504 3204 VSS - ok
17:17:14.0520 3204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:17:14.0547 3204 vwifibus - ok
17:17:14.0566 3204 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:17:14.0593 3204 vwififlt - ok
17:17:14.0625 3204 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:17:14.0667 3204 W32Time - ok
17:17:14.0693 3204 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:17:14.0711 3204 WacomPen - ok
17:17:14.0749 3204 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:17:14.0795 3204 WANARP - ok
17:17:14.0801 3204 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:17:14.0834 3204 Wanarpv6 - ok
17:17:14.0889 3204 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:17:14.0938 3204 wbengine - ok
17:17:14.0958 3204 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:17:14.0978 3204 WbioSrvc - ok
17:17:15.0008 3204 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:17:15.0034 3204 wcncsvc - ok
17:17:15.0051 3204 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:17:15.0074 3204 WcsPlugInService - ok
17:17:15.0097 3204 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:17:15.0108 3204 Wd - ok
17:17:15.0138 3204 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:17:15.0166 3204 Wdf01000 - ok
17:17:15.0174 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:17:15.0248 3204 WdiServiceHost - ok
17:17:15.0252 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:17:15.0270 3204 WdiSystemHost - ok
17:17:15.0304 3204 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:17:15.0336 3204 WebClient - ok
17:17:15.0364 3204 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:17:15.0405 3204 Wecsvc - ok
17:17:15.0423 3204 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:17:15.0471 3204 wercplsupport - ok
17:17:15.0492 3204 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:17:15.0529 3204 WerSvc - ok
17:17:15.0550 3204 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:17:15.0585 3204 WfpLwf - ok
17:17:15.0599 3204 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:17:15.0610 3204 WIMMount - ok
17:17:15.0624 3204 WinDefend - ok
17:17:15.0630 3204 WinHttpAutoProxySvc - ok
17:17:15.0677 3204 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:17:15.0723 3204 Winmgmt - ok
17:17:15.0791 3204 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:17:15.0864 3204 WinRM - ok
17:17:15.0920 3204 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:17:15.0935 3204 WinUsb - ok
17:17:15.0980 3204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:17:16.0022 3204 Wlansvc - ok
17:17:16.0053 3204 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:17:16.0076 3204 WmiAcpi - ok
17:17:16.0106 3204 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:17:16.0123 3204 wmiApSrv - ok
17:17:16.0141 3204 WMPNetworkSvc - ok
17:17:16.0158 3204 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:17:16.0178 3204 WPCSvc - ok
17:17:16.0205 3204 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:17:16.0221 3204 WPDBusEnum - ok
17:17:16.0239 3204 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:17:16.0279 3204 ws2ifsl - ok
17:17:16.0299 3204 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:17:16.0325 3204 wscsvc - ok
17:17:16.0331 3204 WSearch - ok
17:17:16.0424 3204 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:17:16.0493 3204 wuauserv - ok
17:17:16.0523 3204 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:17:16.0565 3204 WudfPf - ok
17:17:16.0598 3204 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:16.0640 3204 WUDFRd - ok
17:17:16.0678 3204 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:17:16.0714 3204 wudfsvc - ok
17:17:16.0744 3204 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:17:16.0765 3204 WwanSvc - ok
17:17:16.0795 3204 ================ Scan global ===============================
17:17:16.0820 3204 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:17:16.0845 3204 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:17:16.0856 3204 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:17:16.0887 3204 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:17:16.0911 3204 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:17:16.0916 3204 [Global] - ok
17:17:16.0916 3204 ================ Scan MBR ==================================
17:17:16.0929 3204 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:17:17.0248 3204 \Device\Harddisk0\DR0 - ok
17:17:17.0248 3204 ================ Scan VBR ==================================
17:17:17.0275 3204 [ 160F1BAEA8DBD6D497C81A857B23FEF8 ] \Device\Harddisk0\DR0\Partition1
17:17:17.0276 3204 \Device\Harddisk0\DR0\Partition1 - ok
17:17:17.0285 3204 [ D0EF332F36449710C86DDD311559437C ] \Device\Harddisk0\DR0\Partition2
17:17:17.0287 3204 \Device\Harddisk0\DR0\Partition2 - ok
17:17:17.0291 3204 [ 0CB2327DEA60F72AE3484B60D10242ED ] \Device\Harddisk0\DR0\Partition3
17:17:17.0291 3204 \Device\Harddisk0\DR0\Partition3 - ok
17:17:17.0293 3204 ============================================================
17:17:17.0293 3204 Scan finished
17:17:17.0293 3204 ============================================================
17:17:17.0308 3692 Detected object count: 4
17:17:17.0308 3692 Actual detected object count: 4
17:17:41.0693 3692 D-Link Wireless N DWA-140_WPS ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:41.0693 3692 D-Link Wireless N DWA-140_WPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:41.0696 3692 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:41.0696 3692 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:41.0698 3692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:41.0698 3692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:41.0701 3692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:41.0701 3692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.09.2012, 19:43
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Rechner gesperrt - Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
08.09.2012, 07:51
| #19 |
| | GVU Trojaner - Rechner gesperrt - Combofix Logfile: Code:
ATTFilter ComboFix 12-09-07.03 - ***** 08.09.2012 8:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3070.2051 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\nud0repor.pad
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-08 bis 2012-09-08 ))))))))))))))))))))))))))))))
.
.
2012-09-08 06:37 . 2012-09-08 06:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 06:37 . 2012-09-08 06:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E721FDE-F930-4E05-A100-C669B72AEE45}\offreg.dll
2012-09-08 06:19 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E721FDE-F930-4E05-A100-C669B72AEE45}\mpengine.dll
2012-09-06 10:47 . 2012-09-06 10:47 -------- d-----w- C:\_OTL
2012-09-03 20:59 . 2012-09-03 20:59 -------- d-----w- c:\program files (x86)\ESET
2012-09-03 20:06 . 2012-09-03 20:06 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2012-09-03 20:06 . 2012-09-03 20:06 -------- d-----w- c:\programdata\Malwarebytes
2012-09-03 20:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 09:52 . 2012-09-02 09:52 -------- d-----w- c:\users\*****\AppData\Local\ElevatedDiagnostics
2012-08-23 12:50 . 2012-08-23 12:52 -------- d-----w- c:\programdata\Solidshield
2012-08-23 12:25 . 2012-08-23 12:25 -------- d-----w- c:\programdata\Electronic Arts
2012-08-23 12:25 . 2012-08-23 12:25 -------- d-----w- c:\programdata\EA Core
2012-08-23 12:21 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-08-23 06:39 . 2012-08-23 06:39 -------- d-----w- c:\programdata\McAfee
2012-08-15 09:15 . 2012-08-23 06:39 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:15 . 2012-08-23 06:39 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 09:15 . 2012-08-15 09:15 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-15 09:15 . 2012-08-15 09:15 -------- d-----w- c:\windows\system32\Macromed
2012-08-15 06:59 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 06:59 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 06:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 06:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 06:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 06:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 06:58 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 06:58 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 06:58 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 06:58 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 06:58 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 06:58 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 22:03 . 2007-06-01 08:39 765952 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-08-14 22:03 . 2007-06-01 08:39 77824 ----a-w- c:\windows\SysWow64\xvid.ax
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:14 . 2012-04-02 13:43 62134624 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link Wireless N DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2010-06-30 1024000]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [2010-06-03 53248]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2010-05-05 1119072]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:39]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778003709-349896348-923393211-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 10:55]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778003709-349896348-923393211-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 10:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-08 08:40:09
ComboFix-quarantined-files.txt 2012-09-08 06:40
.
Vor Suchlauf: 874.217.472 Bytes frei
Nach Suchlauf: 739.119.104 Bytes frei
.
- - End Of File - - 3DEDB1A39341DAF220EB80B114C18841
|
|
10.09.2012, 14:48
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Rechner gesperrt - Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner - Rechner gesperrt - |
| bereits, bitte um hilfe, gesperrt, guten, gvu trojaner, inter, interne, internet, morgen, paysafecard, rechner, rechner gesperrt, scans, seite, surfe, surfen, troja, trojaner, ukash, vorgehen, weiße, weiße seite, zahlung |
Linear-Darstellung
