| |
| |||||||
Log-Analyse und Auswertung: (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682}Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.09.2012, 14:42
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Wenn das Log so groß ist, bitte vorher zippen und dann hier anhängen Grundsätzlich sollen die Logs aber direkt gepostet werden
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.09.2012, 17:16
| #17 |
 | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Sry.
__________________Müsste jetzt im Anhang sein. |
|
17.09.2012, 19:02
| #18 |
| |  (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Folgendes:
__________________Es hat sich herausgestellt, dass C:\Schrott doch wichtiger ist als gedacht. Dort sind nämlich noch wichtige Dateien (Startmenü) vorhanden, wie ich festgestellt habe. Da ich ja mit der Ausführung vom benutzerdefinierten Fix von OTL die Löschung von C:\Schrott beantragt hab, ist klar, warum das Startmenü fast nicht mehr vorhanden ist bzw. auch noch andere Daten fehlen. Wie kann man die Aktion rückgängig machen, oder geht das überhaupt? Die Daten sind ja nur verschoben und unter C:\_OTL zu finden. Dann kann ich nochmal von vorne anfangen zu fixen außer dass der gesamte Ordner C:\Schrott gelöscht wird. (Sondern nur die einzelnen Dateien, die Probleme machen) meischbacher |
|
18.09.2012, 14:00
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Ja, hätten wir den Schrott mal nicht als Schrott betrachtet  Einfach den Ordner "Schrott" wieder nach C (direkt) verschieben.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 14:23
| #20 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Hm. Naja verschieben hat jetzt nicht wirklich was gebracht. Startmenü ist immer noch fast leer. Task-Manager startet nach der Anmeldung immer noch sofort. Wäre eine Systemwiederherstellung eine Alternative? Also bis vor dem Fix? |
|
19.09.2012, 12:54
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Wir sind hier ja auch noch nicht fertig! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} |
|
19.09.2012, 16:15
| #22 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Okay. Da war ich ein bisschen voreilig, Entschuldigung Das Log: Code:
ATTFilter 17:10:35.0470 0320 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:10:35.0673 0320 ============================================================
17:10:35.0673 0320 Current date / time: 2012/09/19 17:10:35.0673
17:10:35.0673 0320 SystemInfo:
17:10:35.0673 0320
17:10:35.0673 0320 OS Version: 6.1.7601 ServicePack: 1.0
17:10:35.0673 0320 Product type: Workstation
17:10:35.0673 0320 ComputerName: HUPFER1_PC
17:10:35.0673 0320 UserName: Alex
17:10:35.0673 0320 Windows directory: C:\Windows
17:10:35.0673 0320 System windows directory: C:\Windows
17:10:35.0673 0320 Processor architecture: Intel x86
17:10:35.0673 0320 Number of processors: 4
17:10:35.0673 0320 Page size: 0x1000
17:10:35.0673 0320 Boot type: Normal boot
17:10:35.0673 0320 ============================================================
17:10:37.0298 0320 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:10:37.0330 0320 ============================================================
17:10:37.0330 0320 \Device\Harddisk0\DR0:
17:10:37.0330 0320 MBR partitions:
17:10:37.0330 0320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800
17:10:37.0330 0320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
17:10:37.0330 0320 ============================================================
17:10:37.0376 0320 C: <-> \Device\Harddisk0\DR0\Partition1
17:10:37.0408 0320 D: <-> \Device\Harddisk0\DR0\Partition2
17:10:37.0408 0320 ============================================================
17:10:37.0408 0320 Initialize success
17:10:37.0408 0320 ============================================================
17:11:31.0798 3780 ============================================================
17:11:31.0798 3780 Scan started
17:11:31.0798 3780 Mode: Manual; SigCheck; TDLFS;
17:11:31.0798 3780 ============================================================
17:11:32.0298 3780 ================ Scan services =============================
17:11:32.0392 3780 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:11:32.0486 3780 1394ohci - ok
17:11:32.0517 3780 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:11:32.0533 3780 ACPI - ok
17:11:32.0548 3780 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:11:32.0595 3780 AcpiPmi - ok
17:11:32.0736 3780 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:11:32.0736 3780 AdobeARMservice - ok
17:11:32.0814 3780 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:11:32.0830 3780 AdobeFlashPlayerUpdateSvc - ok
17:11:32.0876 3780 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:11:32.0892 3780 adp94xx - ok
17:11:32.0923 3780 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:11:32.0939 3780 adpahci - ok
17:11:32.0955 3780 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:11:32.0970 3780 adpu320 - ok
17:11:33.0001 3780 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:11:33.0048 3780 AeLookupSvc - ok
17:11:33.0080 3780 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:11:33.0126 3780 AFD - ok
17:11:33.0142 3780 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:11:33.0158 3780 agp440 - ok
17:11:33.0189 3780 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:11:33.0205 3780 aic78xx - ok
17:11:33.0220 3780 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:11:33.0267 3780 ALG - ok
17:11:33.0298 3780 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:11:33.0314 3780 aliide - ok
17:11:33.0345 3780 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:11:33.0361 3780 amdagp - ok
17:11:33.0376 3780 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:11:33.0392 3780 amdide - ok
17:11:33.0408 3780 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:11:33.0439 3780 AmdK8 - ok
17:11:33.0455 3780 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:11:33.0486 3780 AmdPPM - ok
17:11:33.0501 3780 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:11:33.0517 3780 amdsata - ok
17:11:33.0533 3780 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:11:33.0548 3780 amdsbs - ok
17:11:33.0564 3780 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:11:33.0580 3780 amdxata - ok
17:11:33.0642 3780 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:11:33.0658 3780 AntiVirSchedulerService - ok
17:11:33.0720 3780 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:11:33.0736 3780 AntiVirService - ok
17:11:33.0783 3780 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:11:33.0908 3780 AppID - ok
17:11:33.0939 3780 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:11:34.0001 3780 AppIDSvc - ok
17:11:34.0033 3780 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:11:34.0095 3780 Appinfo - ok
17:11:34.0158 3780 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:11:34.0158 3780 Apple Mobile Device - ok
17:11:34.0189 3780 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:11:34.0205 3780 arc - ok
17:11:34.0205 3780 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:11:34.0220 3780 arcsas - ok
17:11:34.0220 3780 ASPI32 - ok
17:11:34.0236 3780 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:11:34.0314 3780 AsyncMac - ok
17:11:34.0345 3780 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:11:34.0345 3780 atapi - ok
17:11:34.0376 3780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:11:34.0408 3780 AudioEndpointBuilder - ok
17:11:34.0439 3780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:11:34.0470 3780 Audiosrv - ok
17:11:34.0501 3780 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:11:34.0548 3780 avgntflt - ok
17:11:34.0611 3780 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:11:34.0626 3780 avipbb - ok
17:11:34.0658 3780 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:11:34.0658 3780 avkmgr - ok
17:11:34.0705 3780 [ 06C3528E0686A58701367749B0145A4A ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
17:11:34.0720 3780 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
17:11:34.0720 3780 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
17:11:34.0736 3780 [ 5685E9F471135E6675D981D5D45C9935 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
17:11:34.0783 3780 AVMCOWAN - ok
17:11:34.0830 3780 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys
17:11:34.0923 3780 avmeject ( UnsignedFile.Multi.Generic ) - warning
17:11:34.0923 3780 avmeject - detected UnsignedFile.Multi.Generic (1)
17:11:35.0064 3780 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:11:35.0126 3780 AxInstSV - ok
17:11:35.0189 3780 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:11:35.0236 3780 b06bdrv - ok
17:11:35.0251 3780 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:11:35.0283 3780 b57nd60x - ok
17:11:35.0298 3780 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:11:35.0330 3780 BDESVC - ok
17:11:35.0345 3780 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:11:35.0392 3780 Beep - ok
17:11:35.0423 3780 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:11:35.0470 3780 BFE - ok
17:11:35.0517 3780 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:11:35.0564 3780 BITS - ok
17:11:35.0580 3780 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:11:35.0611 3780 blbdrive - ok
17:11:35.0642 3780 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:11:35.0673 3780 bowser - ok
17:11:35.0689 3780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:11:35.0751 3780 BrFiltLo - ok
17:11:35.0767 3780 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:11:35.0798 3780 BrFiltUp - ok
17:11:35.0830 3780 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:11:35.0861 3780 Browser - ok
17:11:35.0876 3780 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:11:35.0923 3780 Brserid - ok
17:11:35.0939 3780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:11:35.0970 3780 BrSerWdm - ok
17:11:35.0970 3780 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:11:36.0001 3780 BrUsbMdm - ok
17:11:36.0017 3780 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:11:36.0048 3780 BrUsbSer - ok
17:11:36.0064 3780 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:11:36.0095 3780 BTHMODEM - ok
17:11:36.0111 3780 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:11:36.0158 3780 bthserv - ok
17:11:36.0173 3780 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:11:36.0189 3780 cdfs - ok
17:11:36.0220 3780 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:11:36.0236 3780 cdrom - ok
17:11:36.0267 3780 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:11:36.0314 3780 CertPropSvc - ok
17:11:36.0392 3780 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
17:11:36.0486 3780 CGVPNCliSrvc - ok
17:11:36.0517 3780 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:11:36.0517 3780 circlass - ok
17:11:36.0548 3780 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:11:36.0564 3780 CLFS - ok
17:11:36.0611 3780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:11:36.0626 3780 clr_optimization_v2.0.50727_32 - ok
17:11:36.0673 3780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:11:36.0705 3780 clr_optimization_v4.0.30319_32 - ok
17:11:36.0720 3780 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:11:36.0736 3780 CmBatt - ok
17:11:36.0751 3780 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:11:36.0767 3780 cmdide - ok
17:11:36.0767 3780 cmnsusbser - ok
17:11:36.0798 3780 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:11:36.0830 3780 CNG - ok
17:11:36.0845 3780 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:11:36.0861 3780 Compbatt - ok
17:11:36.0876 3780 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:11:36.0892 3780 CompositeBus - ok
17:11:36.0892 3780 COMSysApp - ok
17:11:36.0908 3780 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:11:36.0908 3780 crcdisk - ok
17:11:36.0939 3780 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:11:36.0970 3780 CryptSvc - ok
17:11:37.0001 3780 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:11:37.0033 3780 DcomLaunch - ok
17:11:37.0048 3780 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:11:37.0095 3780 defragsvc - ok
17:11:37.0126 3780 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:11:37.0158 3780 DfsC - ok
17:11:37.0173 3780 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
17:11:37.0189 3780 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
17:11:37.0189 3780 DgiVecp - detected UnsignedFile.Multi.Generic (1)
17:11:37.0220 3780 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:11:37.0267 3780 Dhcp - ok
17:11:37.0283 3780 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:11:37.0314 3780 discache - ok
17:11:37.0330 3780 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:11:37.0330 3780 Disk - ok
17:11:37.0392 3780 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:11:37.0439 3780 Dnscache - ok
17:11:37.0455 3780 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:11:37.0501 3780 dot3svc - ok
17:11:37.0517 3780 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:11:37.0548 3780 DPS - ok
17:11:37.0564 3780 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:11:37.0580 3780 drmkaud - ok
17:11:37.0611 3780 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:11:37.0642 3780 DXGKrnl - ok
17:11:37.0673 3780 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:11:37.0705 3780 EapHost - ok
17:11:37.0783 3780 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:11:37.0908 3780 ebdrv - ok
17:11:37.0923 3780 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:11:37.0970 3780 EFS - ok
17:11:38.0001 3780 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:11:38.0064 3780 ehRecvr - ok
17:11:38.0080 3780 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:11:38.0126 3780 ehSched - ok
17:11:38.0142 3780 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:11:38.0173 3780 elxstor - ok
17:11:38.0189 3780 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:11:38.0205 3780 ErrDev - ok
17:11:38.0251 3780 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:11:38.0283 3780 EventSystem - ok
17:11:38.0298 3780 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:11:38.0330 3780 exfat - ok
17:11:38.0345 3780 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:11:38.0376 3780 fastfat - ok
17:11:38.0423 3780 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:11:38.0470 3780 Fax - ok
17:11:38.0486 3780 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:11:38.0517 3780 fdc - ok
17:11:38.0533 3780 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:11:38.0580 3780 fdPHost - ok
17:11:38.0595 3780 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:11:38.0626 3780 FDResPub - ok
17:11:38.0642 3780 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:11:38.0658 3780 FileInfo - ok
17:11:38.0658 3780 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:11:38.0689 3780 Filetrace - ok
17:11:38.0705 3780 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:11:38.0720 3780 flpydisk - ok
17:11:38.0720 3780 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:11:38.0736 3780 FltMgr - ok
17:11:38.0783 3780 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:11:38.0845 3780 FontCache - ok
17:11:38.0892 3780 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:11:38.0908 3780 FontCache3.0.0.0 - ok
17:11:38.0923 3780 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:11:38.0939 3780 FsDepends - ok
17:11:38.0955 3780 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:11:38.0970 3780 Fs_Rec - ok
17:11:39.0001 3780 [ 3569C1CD52C0A4AA14243E03FBAA724F ] FUS2BASE C:\Windows\system32\DRIVERS\fus2base.sys
17:11:39.0033 3780 FUS2BASE - ok
17:11:39.0048 3780 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:11:39.0064 3780 fvevol - ok
17:11:39.0111 3780 [ FC06A5BE1AB381CD47AF3D69006E88F0 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
17:11:39.0142 3780 fwlanusbn - ok
17:11:39.0173 3780 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:11:39.0189 3780 gagp30kx - ok
17:11:39.0205 3780 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
17:11:39.0220 3780 GearAspiWDM - ok
17:11:39.0236 3780 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
17:11:39.0251 3780 ggflt - ok
17:11:39.0251 3780 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
17:11:39.0267 3780 ggsemc - ok
17:11:39.0314 3780 [ 551C836A722E5386F0209AC42D5ECC5A ] gogoTunnelDevice C:\Windows\system32\DRIVERS\gogotun.sys
17:11:39.0330 3780 gogoTunnelDevice - ok
17:11:39.0361 3780 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:11:39.0423 3780 gpsvc - ok
17:11:39.0501 3780 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:11:39.0501 3780 gupdate - ok
17:11:39.0548 3780 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:11:39.0548 3780 gupdatem - ok
17:11:39.0580 3780 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:11:39.0611 3780 hcw85cir - ok
17:11:39.0642 3780 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:11:39.0673 3780 HdAudAddService - ok
17:11:39.0705 3780 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:11:39.0720 3780 HDAudBus - ok
17:11:39.0736 3780 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:11:39.0767 3780 HidBatt - ok
17:11:39.0783 3780 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:11:39.0814 3780 HidBth - ok
17:11:39.0830 3780 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:11:39.0861 3780 HidIr - ok
17:11:39.0876 3780 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:11:39.0908 3780 hidserv - ok
17:11:39.0923 3780 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:11:39.0939 3780 HidUsb - ok
17:11:39.0955 3780 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:11:39.0986 3780 hkmsvc - ok
17:11:40.0017 3780 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:11:40.0048 3780 HomeGroupListener - ok
17:11:40.0064 3780 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:11:40.0111 3780 HomeGroupProvider - ok
17:11:40.0189 3780 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:11:40.0236 3780 HpSAMD - ok
17:11:40.0330 3780 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:11:40.0361 3780 HTTP - ok
17:11:40.0392 3780 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:11:40.0408 3780 hwpolicy - ok
17:11:40.0470 3780 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:11:40.0501 3780 i8042prt - ok
17:11:40.0533 3780 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:11:40.0548 3780 iaStorV - ok
17:11:40.0595 3780 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:11:40.0626 3780 idsvc - ok
17:11:40.0658 3780 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:11:40.0658 3780 iirsp - ok
17:11:40.0705 3780 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:11:40.0767 3780 IKEEXT - ok
17:11:40.0783 3780 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:11:40.0798 3780 intelide - ok
17:11:40.0814 3780 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:11:40.0830 3780 intelppm - ok
17:11:40.0845 3780 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:11:40.0876 3780 IPBusEnum - ok
17:11:40.0908 3780 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:11:40.0955 3780 IpFilterDriver - ok
17:11:40.0970 3780 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:11:41.0017 3780 iphlpsvc - ok
17:11:41.0048 3780 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:11:41.0080 3780 IPMIDRV - ok
17:11:41.0095 3780 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:11:41.0142 3780 IPNAT - ok
17:11:41.0189 3780 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:11:41.0220 3780 iPod Service - ok
17:11:41.0236 3780 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:11:41.0267 3780 IRENUM - ok
17:11:41.0283 3780 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:11:41.0298 3780 isapnp - ok
17:11:41.0314 3780 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:11:41.0330 3780 iScsiPrt - ok
17:11:41.0345 3780 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:11:41.0361 3780 kbdclass - ok
17:11:41.0376 3780 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:11:41.0392 3780 kbdhid - ok
17:11:41.0408 3780 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:11:41.0408 3780 KeyIso - ok
17:11:41.0439 3780 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:11:41.0439 3780 KSecDD - ok
17:11:41.0470 3780 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:11:41.0486 3780 KSecPkg - ok
17:11:41.0517 3780 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:11:41.0548 3780 KtmRm - ok
17:11:41.0580 3780 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:11:41.0611 3780 LanmanServer - ok
17:11:41.0626 3780 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:11:41.0658 3780 LanmanWorkstation - ok
17:11:41.0689 3780 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:11:41.0720 3780 lltdio - ok
17:11:41.0736 3780 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:11:41.0783 3780 lltdsvc - ok
17:11:41.0783 3780 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:11:41.0814 3780 lmhosts - ok
17:11:41.0830 3780 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:11:41.0830 3780 LSI_FC - ok
17:11:41.0861 3780 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:11:41.0876 3780 LSI_SAS - ok
17:11:41.0892 3780 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:11:41.0908 3780 LSI_SAS2 - ok
17:11:41.0908 3780 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:11:41.0923 3780 LSI_SCSI - ok
17:11:41.0939 3780 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:11:41.0955 3780 luafv - ok
17:11:41.0986 3780 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:11:42.0001 3780 Mcx2Svc - ok
17:11:42.0017 3780 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:11:42.0033 3780 megasas - ok
17:11:42.0048 3780 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:11:42.0064 3780 MegaSR - ok
17:11:42.0080 3780 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:11:42.0111 3780 MMCSS - ok
17:11:42.0126 3780 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:11:42.0158 3780 Modem - ok
17:11:42.0158 3780 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:11:42.0189 3780 monitor - ok
17:11:42.0220 3780 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:11:42.0220 3780 mouclass - ok
17:11:42.0236 3780 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:11:42.0251 3780 mouhid - ok
17:11:42.0283 3780 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:11:42.0298 3780 mountmgr - ok
17:11:42.0361 3780 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:11:42.0376 3780 MozillaMaintenance - ok
17:11:42.0392 3780 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:11:42.0423 3780 mpio - ok
17:11:42.0423 3780 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:11:42.0455 3780 mpsdrv - ok
17:11:42.0486 3780 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:11:42.0533 3780 MpsSvc - ok
17:11:42.0564 3780 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:11:42.0580 3780 MRxDAV - ok
17:11:42.0611 3780 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:11:42.0658 3780 mrxsmb - ok
17:11:42.0689 3780 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:11:42.0720 3780 mrxsmb10 - ok
17:11:42.0720 3780 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:11:42.0751 3780 mrxsmb20 - ok
17:11:42.0767 3780 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:11:42.0783 3780 msahci - ok
17:11:42.0798 3780 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:11:42.0814 3780 msdsm - ok
17:11:42.0830 3780 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:11:42.0861 3780 MSDTC - ok
17:11:42.0892 3780 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:11:42.0923 3780 Msfs - ok
17:11:42.0923 3780 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:11:42.0955 3780 mshidkmdf - ok
17:11:42.0970 3780 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:11:42.0986 3780 msisadrv - ok
17:11:43.0001 3780 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:11:43.0048 3780 MSiSCSI - ok
17:11:43.0048 3780 msiserver - ok
17:11:43.0064 3780 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:11:43.0095 3780 MSKSSRV - ok
17:11:43.0111 3780 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:11:43.0142 3780 MSPCLOCK - ok
17:11:43.0158 3780 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:11:43.0189 3780 MSPQM - ok
17:11:43.0205 3780 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:11:43.0220 3780 MsRPC - ok
17:11:43.0236 3780 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:11:43.0236 3780 mssmbios - ok
17:11:43.0251 3780 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:11:43.0267 3780 MSTEE - ok
17:11:43.0283 3780 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:11:43.0298 3780 MTConfig - ok
17:11:43.0314 3780 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:11:43.0314 3780 Mup - ok
17:11:43.0361 3780 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:11:43.0392 3780 napagent - ok
17:11:43.0423 3780 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:11:43.0439 3780 NativeWifiP - ok
17:11:43.0470 3780 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:11:43.0486 3780 NDIS - ok
17:11:43.0501 3780 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:11:43.0533 3780 NdisCap - ok
17:11:43.0548 3780 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:11:43.0580 3780 NdisTapi - ok
17:11:43.0611 3780 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:11:43.0626 3780 Ndisuio - ok
17:11:43.0642 3780 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:11:43.0673 3780 NdisWan - ok
17:11:43.0689 3780 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:11:43.0720 3780 NDProxy - ok
17:11:43.0751 3780 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:11:43.0783 3780 NetBIOS - ok
17:11:43.0814 3780 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:11:43.0845 3780 NetBT - ok
17:11:43.0845 3780 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:11:43.0861 3780 Netlogon - ok
17:11:43.0892 3780 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:11:43.0939 3780 Netman - ok
17:11:43.0955 3780 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:11:43.0986 3780 netprofm - ok
17:11:44.0017 3780 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:11:44.0017 3780 NetTcpPortSharing - ok
17:11:44.0048 3780 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:11:44.0064 3780 nfrd960 - ok
17:11:44.0095 3780 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:11:44.0126 3780 NlaSvc - ok
17:11:44.0142 3780 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:11:44.0158 3780 Npfs - ok
17:11:44.0189 3780 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:11:44.0205 3780 nsi - ok
17:11:44.0220 3780 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:11:44.0251 3780 nsiproxy - ok
17:11:44.0314 3780 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:11:44.0376 3780 Ntfs - ok
17:11:44.0392 3780 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:11:44.0423 3780 Null - ok
17:11:44.0673 3780 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:11:44.0986 3780 nvlddmkm - ok
17:11:45.0017 3780 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:11:45.0033 3780 nvraid - ok
17:11:45.0048 3780 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:11:45.0064 3780 nvstor - ok
17:11:45.0095 3780 [ 7C732AFF202DCD06C3D262966D71604C ] nvsvc C:\Windows\system32\nvvsvc.exe
17:11:45.0111 3780 nvsvc - ok
17:11:45.0220 3780 [ 262D2FBF211A88DCB84249DF0F6EF6E7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:11:45.0298 3780 nvUpdatusService - ok
17:11:45.0314 3780 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:11:45.0330 3780 nv_agp - ok
17:11:45.0392 3780 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:11:45.0486 3780 ohci1394 - ok
17:11:45.0548 3780 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:11:45.0564 3780 ose - ok
17:11:45.0720 3780 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:11:45.0876 3780 osppsvc - ok
17:11:45.0923 3780 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:11:45.0955 3780 p2pimsvc - ok
17:11:46.0017 3780 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:11:46.0048 3780 p2psvc - ok
17:11:46.0095 3780 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:11:46.0126 3780 Parport - ok
17:11:46.0142 3780 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:11:46.0158 3780 partmgr - ok
17:11:46.0173 3780 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:11:46.0189 3780 Parvdm - ok
17:11:46.0220 3780 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:11:46.0236 3780 PcaSvc - ok
17:11:46.0251 3780 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:11:46.0267 3780 pci - ok
17:11:46.0283 3780 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:11:46.0283 3780 pciide - ok
17:11:46.0314 3780 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:11:46.0330 3780 pcmcia - ok
17:11:46.0345 3780 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
17:11:46.0376 3780 pcouffin - ok
17:11:46.0376 3780 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:11:46.0392 3780 pcw - ok
17:11:46.0408 3780 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:11:46.0455 3780 PEAUTH - ok
17:11:46.0517 3780 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:11:46.0595 3780 pla - ok
17:11:46.0642 3780 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:11:46.0673 3780 PlugPlay - ok
17:11:46.0689 3780 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:11:46.0720 3780 PNRPAutoReg - ok
17:11:46.0736 3780 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:11:46.0751 3780 PNRPsvc - ok
17:11:46.0783 3780 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:11:46.0798 3780 PolicyAgent - ok
17:11:46.0830 3780 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:11:46.0845 3780 Power - ok
17:11:46.0861 3780 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:11:46.0908 3780 PptpMiniport - ok
17:11:46.0923 3780 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:11:46.0955 3780 Processor - ok
17:11:46.0970 3780 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:11:47.0001 3780 ProfSvc - ok
17:11:47.0001 3780 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:11:47.0033 3780 ProtectedStorage - ok
17:11:47.0048 3780 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:11:47.0080 3780 Psched - ok
17:11:47.0126 3780 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:11:47.0189 3780 ql2300 - ok
17:11:47.0205 3780 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:11:47.0220 3780 ql40xx - ok
17:11:47.0236 3780 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:11:47.0251 3780 QWAVE - ok
17:11:47.0267 3780 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:11:47.0283 3780 QWAVEdrv - ok
17:11:47.0298 3780 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:11:47.0314 3780 RasAcd - ok
17:11:47.0330 3780 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:11:47.0376 3780 RasAgileVpn - ok
17:11:47.0376 3780 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:11:47.0408 3780 RasAuto - ok
17:11:47.0408 3780 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:11:47.0439 3780 Rasl2tp - ok
17:11:47.0470 3780 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:11:47.0517 3780 RasMan - ok
17:11:47.0517 3780 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:11:47.0548 3780 RasPppoe - ok
17:11:47.0564 3780 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:11:47.0595 3780 RasSstp - ok
17:11:47.0626 3780 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:11:47.0642 3780 rdbss - ok
17:11:47.0658 3780 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:11:47.0689 3780 rdpbus - ok
17:11:47.0705 3780 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:11:47.0736 3780 RDPCDD - ok
17:11:47.0751 3780 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:11:47.0798 3780 RDPENCDD - ok
17:11:47.0814 3780 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:11:47.0845 3780 RDPREFMP - ok
17:11:47.0861 3780 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:11:47.0892 3780 RDPWD - ok
17:11:47.0923 3780 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:11:47.0939 3780 rdyboost - ok
17:11:47.0986 3780 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:11:48.0017 3780 RemoteAccess - ok
17:11:48.0033 3780 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:11:48.0080 3780 RemoteRegistry - ok
17:11:48.0095 3780 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:11:48.0126 3780 ROOTMODEM - ok
17:11:48.0142 3780 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:11:48.0173 3780 RpcEptMapper - ok
17:11:48.0189 3780 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:11:48.0205 3780 RpcLocator - ok
17:11:48.0220 3780 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:11:48.0251 3780 RpcSs - ok
17:11:48.0251 3780 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:11:48.0283 3780 rspndr - ok
17:11:48.0314 3780 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:11:48.0330 3780 RTL8167 - ok
17:11:48.0361 3780 [ D0EEDC88876B20D42157CDCCA3E647F3 ] s1039bus C:\Windows\system32\DRIVERS\s1039bus.sys
17:11:48.0361 3780 s1039bus - ok
17:11:48.0392 3780 [ 7B35091A7BB597C86262C589B0B57D06 ] s1039mdfl C:\Windows\system32\DRIVERS\s1039mdfl.sys
17:11:48.0392 3780 s1039mdfl - ok
17:11:48.0408 3780 [ 4CB1AB13C9813CBF3E4C6406F8043EC2 ] s1039mdm C:\Windows\system32\DRIVERS\s1039mdm.sys
17:11:48.0423 3780 s1039mdm - ok
17:11:48.0439 3780 [ 2649CA09585A7531126DCC116AD1F88C ] s1039mgmt C:\Windows\system32\DRIVERS\s1039mgmt.sys
17:11:48.0455 3780 s1039mgmt - ok
17:11:48.0486 3780 [ 6D3F549EFD6DAEDD7D12F3DE2175053F ] s1039nd5 C:\Windows\system32\DRIVERS\s1039nd5.sys
17:11:48.0486 3780 s1039nd5 - ok
17:11:48.0501 3780 [ 305E3E3ACA0037AF2E2C1B50A383C91B ] s1039obex C:\Windows\system32\DRIVERS\s1039obex.sys
17:11:48.0517 3780 s1039obex - ok
17:11:48.0533 3780 [ 7DD02A58277C84C043442561589914F4 ] s1039unic C:\Windows\system32\DRIVERS\s1039unic.sys
17:11:48.0548 3780 s1039unic - ok
17:11:48.0564 3780 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:11:48.0564 3780 SamSs - ok
17:11:48.0595 3780 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:11:48.0611 3780 sbp2port - ok
17:11:48.0642 3780 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:11:48.0673 3780 SCardSvr - ok
17:11:48.0689 3780 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:11:48.0720 3780 scfilter - ok
17:11:48.0751 3780 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:11:48.0798 3780 Schedule - ok
17:11:48.0814 3780 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:11:48.0845 3780 SCPolicySvc - ok
17:11:48.0861 3780 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:11:48.0892 3780 SDRSVC - ok
17:11:48.0923 3780 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:11:48.0939 3780 secdrv - ok
17:11:48.0955 3780 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:11:48.0986 3780 seclogon - ok
17:11:49.0001 3780 seehcri - ok
17:11:49.0001 3780 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:11:49.0033 3780 SENS - ok
17:11:49.0048 3780 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:11:49.0080 3780 SensrSvc - ok
17:11:49.0095 3780 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:11:49.0126 3780 Serenum - ok
17:11:49.0142 3780 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:11:49.0173 3780 Serial - ok
17:11:49.0189 3780 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:11:49.0205 3780 sermouse - ok
17:11:49.0236 3780 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:11:49.0267 3780 SessionEnv - ok
17:11:49.0283 3780 [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a C:\Windows\system32\drivers\sfdrv01a.sys
17:11:49.0283 3780 sfdrv01a - ok
17:11:49.0298 3780 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:11:49.0330 3780 sffdisk - ok
17:11:49.0345 3780 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:11:49.0376 3780 sffp_mmc - ok
17:11:49.0376 3780 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:11:49.0392 3780 sffp_sd - ok
17:11:49.0408 3780 [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
17:11:49.0423 3780 sfhlp02 - ok
17:11:49.0439 3780 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:11:49.0455 3780 sfloppy - ok
17:11:49.0470 3780 [ 6DC03269F4C71E4AB313C3597F42A340 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
17:11:49.0470 3780 sfsync02 - ok
17:11:49.0501 3780 [ 107B772690050D3B19CBC637AD8FD96E ] sfvfs02 C:\Windows\system32\drivers\sfvfs02.sys
17:11:49.0501 3780 sfvfs02 - ok
17:11:49.0548 3780 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:11:49.0611 3780 SharedAccess - ok
17:11:49.0642 3780 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:11:49.0673 3780 ShellHWDetection - ok
17:11:49.0689 3780 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:11:49.0705 3780 sisagp - ok
17:11:49.0705 3780 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:11:49.0720 3780 SiSRaid2 - ok
17:11:49.0736 3780 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:11:49.0736 3780 SiSRaid4 - ok
17:11:49.0751 3780 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:11:49.0783 3780 Smb - ok
17:11:49.0814 3780 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:11:49.0830 3780 SNMPTRAP - ok
17:11:49.0830 3780 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:11:49.0845 3780 spldr - ok
17:11:49.0876 3780 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:11:49.0908 3780 Spooler - ok
17:11:49.0986 3780 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:11:50.0080 3780 sppsvc - ok
17:11:50.0111 3780 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:11:50.0158 3780 sppuinotify - ok
17:11:50.0189 3780 [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd C:\Windows\system32\Drivers\sptd.sys
17:11:50.0189 3780 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: C4BB8A12843D9CBB65F5FF617F389BBD
17:11:50.0189 3780 sptd ( LockedFile.Multi.Generic ) - warning
17:11:50.0189 3780 sptd - detected LockedFile.Multi.Generic (1)
17:11:50.0220 3780 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:11:50.0267 3780 srv - ok
17:11:50.0298 3780 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:11:50.0314 3780 srv2 - ok
17:11:50.0330 3780 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:11:50.0345 3780 srvnet - ok
17:11:50.0376 3780 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:11:50.0408 3780 SSDPSRV - ok
17:11:50.0455 3780 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:11:50.0470 3780 ssmdrv - ok
17:11:50.0486 3780 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
17:11:50.0501 3780 SSPORT ( UnsignedFile.Multi.Generic ) - warning
17:11:50.0501 3780 SSPORT - detected UnsignedFile.Multi.Generic (1)
17:11:50.0517 3780 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:11:50.0580 3780 SstpSvc - ok
17:11:50.0814 3780 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
17:11:50.0830 3780 StarMoney 7.0 OnlineUpdate - ok
17:11:51.0048 3780 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
17:11:51.0080 3780 StarMoney 8.0 OnlineUpdate - ok
17:11:51.0126 3780 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
17:11:51.0158 3780 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
17:11:51.0158 3780 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
17:11:51.0173 3780 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:11:51.0189 3780 stexstor - ok
17:11:51.0267 3780 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:11:51.0314 3780 StiSvc - ok
17:11:51.0330 3780 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:11:51.0345 3780 swenum - ok
17:11:51.0376 3780 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:11:51.0408 3780 swprv - ok
17:11:51.0439 3780 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:11:51.0486 3780 SysMain - ok
17:11:51.0501 3780 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:11:51.0517 3780 TabletInputService - ok
17:11:51.0533 3780 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:11:51.0564 3780 tap0901 - ok
17:11:51.0595 3780 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:11:51.0626 3780 TapiSrv - ok
17:11:51.0658 3780 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:11:51.0689 3780 TBS - ok
17:11:51.0736 3780 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:11:51.0798 3780 Tcpip - ok
17:11:51.0845 3780 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:11:51.0876 3780 TCPIP6 - ok
17:11:51.0908 3780 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:11:51.0939 3780 tcpipreg - ok
17:11:51.0970 3780 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:11:52.0001 3780 TDPIPE - ok
17:11:52.0033 3780 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:11:52.0048 3780 TDTCP - ok
17:11:52.0064 3780 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:11:52.0111 3780 tdx - ok
17:11:52.0111 3780 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:11:52.0142 3780 TermDD - ok
17:11:52.0173 3780 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:11:52.0220 3780 TermService - ok
17:11:52.0251 3780 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:11:52.0283 3780 Themes - ok
17:11:52.0283 3780 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:11:52.0314 3780 THREADORDER - ok
17:11:52.0330 3780 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:11:52.0361 3780 TrkWks - ok
17:11:52.0392 3780 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:11:52.0439 3780 TrustedInstaller - ok
17:11:52.0470 3780 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:11:52.0501 3780 tssecsrv - ok
17:11:52.0533 3780 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:11:52.0564 3780 TsUsbFlt - ok
17:11:52.0580 3780 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:11:52.0611 3780 tunnel - ok
17:11:52.0642 3780 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:11:52.0642 3780 uagp35 - ok
17:11:52.0673 3780 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:11:52.0705 3780 udfs - ok
17:11:52.0720 3780 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:11:52.0751 3780 UI0Detect - ok
17:11:52.0751 3780 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:11:52.0767 3780 uliagpkx - ok
17:11:52.0798 3780 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:11:52.0798 3780 umbus - ok
17:11:52.0814 3780 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:11:52.0845 3780 UmPass - ok
17:11:52.0876 3780 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:11:52.0892 3780 upnphost - ok
17:11:52.0908 3780 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:11:52.0923 3780 USBAAPL - ok
17:11:52.0955 3780 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
17:11:52.0970 3780 usbccgp - ok
17:11:52.0986 3780 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:11:53.0001 3780 usbcir - ok
17:11:53.0017 3780 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:11:53.0033 3780 usbehci - ok
17:11:53.0048 3780 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:11:53.0080 3780 usbhub - ok
17:11:53.0095 3780 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:11:53.0111 3780 usbohci - ok
17:11:53.0142 3780 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:11:53.0142 3780 usbprint - ok
17:11:53.0173 3780 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:11:53.0189 3780 usbscan - ok
17:11:53.0220 3780 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:11:53.0236 3780 USBSTOR - ok
17:11:53.0251 3780 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:11:53.0283 3780 usbuhci - ok
17:11:53.0298 3780 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:11:53.0345 3780 UxSms - ok
17:11:53.0361 3780 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:11:53.0361 3780 VaultSvc - ok
17:11:53.0376 3780 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:11:53.0392 3780 vdrvroot - ok
17:11:53.0408 3780 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:11:53.0486 3780 vds - ok
17:11:53.0501 3780 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:11:53.0533 3780 vga - ok
17:11:53.0533 3780 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:11:53.0564 3780 VgaSave - ok
17:11:53.0580 3780 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:11:53.0595 3780 vhdmp - ok
17:11:53.0611 3780 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:11:53.0611 3780 viaagp - ok
17:11:53.0626 3780 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:11:53.0642 3780 ViaC7 - ok
17:11:53.0658 3780 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:11:53.0673 3780 viaide - ok
17:11:53.0689 3780 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:11:53.0689 3780 volmgr - ok
17:11:53.0705 3780 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:11:53.0720 3780 volmgrx - ok
17:11:53.0720 3780 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:11:53.0736 3780 volsnap - ok
17:11:53.0751 3780 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:11:53.0767 3780 vsmraid - ok
17:11:53.0798 3780 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:11:53.0861 3780 VSS - ok
17:11:53.0876 3780 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:11:53.0892 3780 vwifibus - ok
17:11:53.0923 3780 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:11:53.0955 3780 W32Time - ok
17:11:53.0986 3780 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:11:54.0001 3780 WacomPen - ok
17:11:54.0017 3780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:11:54.0048 3780 WANARP - ok
17:11:54.0064 3780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:11:54.0080 3780 Wanarpv6 - ok
17:11:54.0126 3780 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:11:54.0189 3780 wbengine - ok
17:11:54.0205 3780 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:11:54.0220 3780 WbioSrvc - ok
17:11:54.0251 3780 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:11:54.0298 3780 wcncsvc - ok
17:11:54.0314 3780 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:11:54.0361 3780 WcsPlugInService - ok
17:11:54.0392 3780 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:11:54.0408 3780 Wd - ok
17:11:54.0423 3780 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:11:54.0439 3780 Wdf01000 - ok
17:11:54.0455 3780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:11:54.0486 3780 WdiServiceHost - ok
17:11:54.0501 3780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:11:54.0517 3780 WdiSystemHost - ok
17:11:54.0533 3780 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:11:54.0564 3780 WebClient - ok
17:11:54.0580 3780 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:11:54.0611 3780 Wecsvc - ok
17:11:54.0626 3780 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:11:54.0642 3780 wercplsupport - ok
17:11:54.0658 3780 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:11:54.0689 3780 WerSvc - ok
17:11:54.0720 3780 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:11:54.0736 3780 WfpLwf - ok
17:11:54.0751 3780 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:11:54.0767 3780 WIMMount - ok
17:11:54.0814 3780 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:11:54.0861 3780 WinDefend - ok
17:11:54.0861 3780 WinHttpAutoProxySvc - ok
17:11:54.0908 3780 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:11:54.0939 3780 Winmgmt - ok
17:11:54.0986 3780 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:11:55.0064 3780 WinRM - ok
17:11:55.0095 3780 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:11:55.0111 3780 WinUsb - ok
17:11:55.0158 3780 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:11:55.0189 3780 Wlansvc - ok
17:11:55.0205 3780 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:11:55.0236 3780 WmiAcpi - ok
17:11:55.0267 3780 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:11:55.0283 3780 wmiApSrv - ok
17:11:55.0330 3780 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:11:55.0376 3780 WMPNetworkSvc - ok
17:11:55.0392 3780 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:11:55.0408 3780 WPCSvc - ok
17:11:55.0423 3780 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:11:55.0455 3780 WPDBusEnum - ok
17:11:55.0470 3780 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:11:55.0517 3780 ws2ifsl - ok
17:11:55.0533 3780 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:11:55.0564 3780 wscsvc - ok
17:11:55.0564 3780 WSearch - ok
17:11:55.0611 3780 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:11:55.0705 3780 wuauserv - ok
17:11:55.0736 3780 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:11:55.0751 3780 WudfPf - ok
17:11:55.0767 3780 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:11:55.0798 3780 WUDFRd - ok
17:11:55.0830 3780 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:11:55.0845 3780 wudfsvc - ok
17:11:55.0876 3780 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:11:55.0908 3780 WwanSvc - ok
17:11:55.0923 3780 ================ Scan global ===============================
17:11:55.0955 3780 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:11:56.0001 3780 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:11:56.0033 3780 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:11:56.0126 3780 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:11:56.0173 3780 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:11:56.0173 3780 [Global] - ok
17:11:56.0173 3780 ================ Scan MBR ==================================
17:11:56.0205 3780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:11:56.0517 3780 \Device\Harddisk0\DR0 - ok
17:11:56.0517 3780 ================ Scan VBR ==================================
17:11:56.0517 3780 [ 4CC2DDC32540F458D894FC1355A56C78 ] \Device\Harddisk0\DR0\Partition1
17:11:56.0517 3780 \Device\Harddisk0\DR0\Partition1 - ok
17:11:56.0533 3780 [ 4609AECC09D7DAEEEB7D678AB9120FDF ] \Device\Harddisk0\DR0\Partition2
17:11:56.0533 3780 \Device\Harddisk0\DR0\Partition2 - ok
17:11:56.0533 3780 ============================================================
17:11:56.0533 3780 Scan finished
17:11:56.0533 3780 ============================================================
17:11:56.0533 2436 Detected object count: 6
17:11:56.0533 2436 Actual detected object count: 6
17:12:12.0064 2436 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:12:12.0064 2436 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:12:12.0064 2436 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
17:12:12.0064 2436 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:12:12.0064 2436 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
17:12:12.0064 2436 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:12:12.0064 2436 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:12:12.0064 2436 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:12:12.0080 2436 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
17:12:12.0080 2436 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:12:12.0080 2436 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
17:12:12.0080 2436 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.09.2012, 19:35
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 11:38
| #24 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.07 - Alex 20.09.2012 12:28:30.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1224 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\ab6iiss7sx7y.cfg
c:\users\Alex\AppData\Roaming\Microsoft\Windows\ab6iiss7sx7y.dat
c:\users\Alex\AppData\Roaming\Microsoft\Windows\ab6iiss7sx7y.xtr
c:\users\Alex\Desktop\Internet Explorer.lnk
c:\windows\IsUn0407.exe
c:\windows\system\MSVCRT40.DLL
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\Alex\AppData\Local\temp
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\Lea\AppData\Local\temp
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\Horst\AppData\Local\temp
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\Hanne\AppData\Local\temp
2012-09-20 10:35 . 2012-09-20 10:35 -------- d-----w- c:\users\Anna\AppData\Local\temp
2012-09-18 17:06 . 2012-09-18 17:12 -------- d-----w- c:\programdata\Microsoft Help
2012-09-18 12:48 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{301FBF5B-21A0-4CDD-96C3-CF4BF6D4ECCD}\mpengine.dll
2012-09-17 11:21 . 2012-09-17 11:21 -------- d-----w- C:\_OTL
2012-09-12 11:47 . 2012-09-12 11:47 -------- d-----w- c:\program files\ESET
2012-09-12 08:01 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:01 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:01 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:01 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:01 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 10:03 . 2012-09-11 10:04 -------- d-----w- c:\program files\Origin Games
2012-09-11 09:48 . 2012-09-11 09:48 -------- d-----w- c:\program files\Common Files\EAInstaller
2012-09-11 08:39 . 2012-09-11 08:43 -------- d-----w- c:\users\Alex\AppData\Roaming\Origin
2012-09-08 10:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-07 15:07 . 2012-09-07 15:07 227328 ----a-w- c:\windows\system32\taskmgr.exe
2012-09-07 14:45 . 2012-09-07 14:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2012-09-07 14:45 . 2012-09-11 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-07 14:45 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 12:18 . 2012-09-02 13:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 10:49 . 2012-09-02 13:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 08:58 . 2012-08-31 09:00 -------- d-----w- c:\users\Alex\AppData\Roaming\WinMedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-07-22 10:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-06-03 13:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:47 . 2012-08-15 14:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 14:19 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 14:19 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-15 15:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 15:24 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 15:24 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 15:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 15:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-07 09:24 . 2012-09-07 09:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-07 74752]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-02-25 1753088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 FUS2BASE;FRITZ!Card USB;c:\windows\system32\DRIVERS\fus2base.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;c:\windows\system32\DRIVERS\AVMCOWAN.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 13:12]
.
2012-09-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-08 19:01]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 20:19]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-14 20:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E139F7E2-691A-45AE-951F-1FB552609D8C}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\939kxd6k.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - facebook.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-Monitortreiber - c:\users\Alex\AppData\Roaming\MyFolder\Monitortreiber.exe
AddRemove-ElsterFormular 13.0.0.8086p - c:\programdata\elsterformular\setup\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2629581111-421628959-914090766-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c3,08,b7,1a,cc,26,b5,9e,ca,3d,10,d4,36,1e,be,ce,2f,cb,e7,82,2d,04,22,
72,c1,aa,fa,dc,74,7d,7e,a9,3c,a6,a0,b1,fb,c4,fe,2c,c5,c1,07,d9,48,9a,92,db,\
"??"=hex:d8,3a,e3,65,98,45,1e,e4,d1,c0,7f,92,95,42,cd,69
.
[HKEY_USERS\S-1-5-21-2629581111-421628959-914090766-1001\Software\SecuROM\License information*]
"datasecu"=hex:ce,7f,46,81,54,b0,d3,ec,60,8c,5a,07,cd,d1,3e,ab,4d,7d,0c,a9,a7,
0d,49,49,27,e3,64,97,aa,52,96,7e,b2,5c,fa,8a,15,1b,00,44,ea,f7,96,c9,6a,01,\
"rkeysecu"=hex:70,99,4c,9d,9e,2d,7b,8e,90,4c,7e,a4,2d,12,92,7b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-20 12:37:43
ComboFix-quarantined-files.txt 2012-09-20 10:37
.
Vor Suchlauf: 16 Verzeichnis(se), 176.697.335.808 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 176.574.836.736 Bytes frei
.
- - End Of File - - 258BF8D7809450268499E9E953052157
|
|
20.09.2012, 15:47
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2012, 13:03
| #26 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} GMER: Code:
ATTFilter GMER Logfile: OSAM: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 12:51:49
-----------------------------
12:51:49.243 OS Version: Windows 6.1.7601 Service Pack 1
12:51:49.243 Number of processors: 4 586 0xF0B
12:51:49.243 ComputerName: HOMEPC UserName: Alex
12:51:49.805 Initialize success
12:51:55.727 AVAST engine defs: 12092100
12:51:58.852 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:51:58.852 Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
12:51:58.883 Disk 0 MBR read successfully
12:51:58.883 Disk 0 MBR scan
12:51:58.883 Disk 0 Windows 7 default MBR code
12:51:58.961 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
12:51:58.977 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 310627 MB offset 24578048
12:51:59.071 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 154311 MB offset 660742144
12:51:59.165 Disk 0 scanning sectors +976771072
12:51:59.774 Disk 0 scanning C:\Windows\system32\drivers
12:54:14.758 Service scanning
12:54:27.399 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:54:32.368 Modules scanning
12:57:27.618 Disk 0 trace - called modules:
12:57:27.711 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85c771f8]<<
12:57:27.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b64030]
12:57:27.727 3 CLASSPNP.SYS[8aa8a59e] -> nt!IofCallDriver -> [0x86a33918]
12:57:27.727 5 ACPI.sys[8a3643d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86a23030]
12:57:27.743 \Driver\atapi[0x869d9890] -> IRP_MJ_CREATE -> 0x85c771f8
12:57:27.743 Scan finished successfully
14:00:20.258 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
14:00:20.274 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
|
|
21.09.2012, 19:44
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2012, 11:52
| #28 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Hier die Logs: SuperAntiSpyware im Anhang. Malwarebytes meldet nachdem ich auf Scannen klicke, dass es nicht mehr funktioniert. Wird dann anschließend geschlossen. 1. Kann ich die Dateien in der Quarantäne von Malwarebytes löschen? 2. Naja des Startmenü ist immernoch fast leer. Kann man da das frühere zurückholen? 3. Anscheinend wurden auch ein paar Produktaktivierungen gelöscht (Microsoft Office verlangt Product Key), kann man die zurückholen? Gruß meischbacher |
|
22.09.2012, 18:15
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Warum im Anhang?! Bitte die Logs direkt posten in CODE-Tags
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2012, 18:30
| #30 |
| | (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} Das Log hat zuviele Zeichen und ist zu groß um es zu posten. (Er hat die Cookies als Spyware erkannt. Sind ca. 1400) Zum Startmenü: Zu 3. Ist in Ordnung. Habe den Product Key erneut eingegeben und hat funktioniert. Zu 2. Ich hab es im Ordner Schrott wieder gefunden. D.h. es ist wieder komplett Gruß meischbacher |
|
| Themen zu (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682} |
| anti-malware, antivirus, avira, backdoor.hmcpol.gen, compu, ergebnis, erkenne, erkennen, folge, folgendes, free, hergestellt, interesse, logdatei, malwarebytes, microsoft, nichts, problem, schädlinge, software, task-manager, troja, version, wenig, windows, wirklich, xtremerat |
Linear-Darstellung
