| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner.Agent: Ich habe mir wohl etwas eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2012, 15:17
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner.Agent: Ich habe mir wohl etwas eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.09.2012, 20:07
| #17 |
 | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus,
__________________hier das Logfile: Code:
ATTFilter 20:58:37.0322 7004 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:58:37.0540 7004 ============================================================
20:58:37.0540 7004 Current date / time: 2012/09/29 20:58:37.0540
20:58:37.0540 7004 SystemInfo:
20:58:37.0540 7004
20:58:37.0540 7004 OS Version: 6.1.7601 ServicePack: 1.0
20:58:37.0540 7004 Product type: Workstation
20:58:37.0540 7004 ComputerName: ***-PC
20:58:37.0540 7004 UserName: ***
20:58:37.0540 7004 Windows directory: C:\Windows
20:58:37.0540 7004 System windows directory: C:\Windows
20:58:37.0540 7004 Running under WOW64
20:58:37.0540 7004 Processor architecture: Intel x64
20:58:37.0540 7004 Number of processors: 8
20:58:37.0540 7004 Page size: 0x1000
20:58:37.0540 7004 Boot type: Normal boot
20:58:37.0540 7004 ============================================================
20:58:37.0993 7004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:58:38.0008 7004 ============================================================
20:58:38.0008 7004 \Device\Harddisk0\DR0:
20:58:38.0008 7004 MBR partitions:
20:58:38.0008 7004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
20:58:38.0008 7004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x6C7DE5B0
20:58:38.0055 7004 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6EF23000, BlocksNum 0x57E3000
20:58:38.0055 7004 ============================================================
20:58:38.0180 7004 C: <-> \Device\Harddisk0\DR0\Partition2
20:58:38.0227 7004 E: <-> \Device\Harddisk0\DR0\Partition3
20:58:38.0227 7004 ============================================================
20:58:38.0227 7004 Initialize success
20:58:38.0227 7004 ============================================================
20:59:59.0441 3024 ============================================================
20:59:59.0441 3024 Scan started
20:59:59.0441 3024 Mode: Manual; SigCheck; TDLFS;
20:59:59.0441 3024 ============================================================
20:59:59.0737 3024 ================ Scan system memory ========================
20:59:59.0737 3024 System memory - ok
20:59:59.0737 3024 ================ Scan services =============================
21:00:01.0079 3024 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:00:01.0235 3024 1394ohci - ok
21:00:01.0266 3024 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:00:01.0313 3024 ACPI - ok
21:00:01.0344 3024 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:00:01.0437 3024 AcpiPmi - ok
21:00:01.0609 3024 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:00:01.0640 3024 AdobeARMservice - ok
21:00:02.0654 3024 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:02.0685 3024 AdobeFlashPlayerUpdateSvc - ok
21:00:02.0748 3024 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:00:02.0779 3024 adp94xx - ok
21:00:02.0826 3024 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:00:02.0873 3024 adpahci - ok
21:00:02.0904 3024 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:00:02.0951 3024 adpu320 - ok
21:00:02.0982 3024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:00:03.0169 3024 AeLookupSvc - ok
21:00:03.0309 3024 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:00:03.0325 3024 AERTFilters - ok
21:00:03.0419 3024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:00:03.0512 3024 AFD - ok
21:00:03.0559 3024 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:00:03.0606 3024 agp440 - ok
21:00:03.0637 3024 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:00:03.0699 3024 ALG - ok
21:00:03.0731 3024 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:00:03.0762 3024 aliide - ok
21:00:03.0762 3024 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:00:03.0762 3024 amdide - ok
21:00:03.0762 3024 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:00:03.0809 3024 AmdK8 - ok
21:00:03.0824 3024 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:00:03.0840 3024 AmdPPM - ok
21:00:03.0887 3024 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:00:03.0918 3024 amdsata - ok
21:00:03.0918 3024 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:00:03.0933 3024 amdsbs - ok
21:00:03.0933 3024 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:00:03.0933 3024 amdxata - ok
21:00:03.0980 3024 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
21:00:04.0058 3024 AMPPAL - ok
21:00:04.0074 3024 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
21:00:04.0089 3024 AMPPALP - ok
21:00:04.0230 3024 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:00:04.0245 3024 AMPPALR3 - ok
21:00:04.0292 3024 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:00:04.0308 3024 ApfiltrService - ok
21:00:04.0370 3024 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:00:04.0589 3024 AppID - ok
21:00:04.0620 3024 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:00:04.0698 3024 AppIDSvc - ok
21:00:04.0729 3024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:00:04.0791 3024 Appinfo - ok
21:00:05.0025 3024 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:00:05.0057 3024 Apple Mobile Device - ok
21:00:05.0103 3024 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:00:05.0119 3024 arc - ok
21:00:05.0135 3024 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:00:05.0150 3024 arcsas - ok
21:00:05.0509 3024 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:00:05.0556 3024 aspnet_state - ok
21:00:05.0587 3024 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:05.0649 3024 AsyncMac - ok
21:00:05.0712 3024 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:00:05.0727 3024 atapi - ok
21:00:05.0790 3024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:00:05.0868 3024 AudioEndpointBuilder - ok
21:00:05.0883 3024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:00:05.0915 3024 AudioSrv - ok
21:00:05.0961 3024 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:00:06.0024 3024 AxInstSV - ok
21:00:06.0071 3024 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:00:06.0133 3024 b06bdrv - ok
21:00:06.0195 3024 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:00:06.0227 3024 b57nd60a - ok
21:00:06.0273 3024 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:00:06.0320 3024 BDESVC - ok
21:00:06.0336 3024 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:00:06.0367 3024 Beep - ok
21:00:06.0414 3024 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:00:06.0476 3024 BFE - ok
21:00:06.0695 3024 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:00:06.0788 3024 BITS - ok
21:00:06.0835 3024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:00:06.0866 3024 blbdrive - ok
21:00:07.0209 3024 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:00:07.0241 3024 Bluetooth Device Monitor - ok
21:00:07.0334 3024 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:00:07.0365 3024 Bluetooth Media Service - ok
21:00:07.0412 3024 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:00:07.0428 3024 Bluetooth OBEX Service - ok
21:00:07.0693 3024 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:00:07.0755 3024 Bonjour Service - ok
21:00:07.0787 3024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:00:07.0818 3024 bowser - ok
21:00:07.0865 3024 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:00:07.0911 3024 BrFiltLo - ok
21:00:07.0927 3024 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:00:07.0943 3024 BrFiltUp - ok
21:00:07.0989 3024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:00:08.0052 3024 Browser - ok
21:00:08.0067 3024 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:00:08.0130 3024 Brserid - ok
21:00:08.0145 3024 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:00:08.0192 3024 BrSerWdm - ok
21:00:08.0223 3024 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:00:08.0270 3024 BrUsbMdm - ok
21:00:08.0270 3024 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:00:08.0301 3024 BrUsbSer - ok
21:00:08.0348 3024 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:00:08.0411 3024 BthEnum - ok
21:00:08.0442 3024 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:00:08.0489 3024 BTHMODEM - ok
21:00:08.0520 3024 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:00:08.0567 3024 BthPan - ok
21:00:08.0613 3024 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:00:08.0691 3024 BTHPORT - ok
21:00:08.0754 3024 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:00:08.0801 3024 bthserv - ok
21:00:08.0863 3024 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:00:08.0894 3024 BTHSSecurityMgr - ok
21:00:08.0941 3024 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:00:08.0988 3024 BTHUSB - ok
21:00:09.0050 3024 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:00:09.0081 3024 btmaux - ok
21:00:09.0097 3024 [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:00:09.0144 3024 btmhsf - ok
21:00:09.0191 3024 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:00:09.0269 3024 cdfs - ok
21:00:09.0300 3024 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:00:09.0300 3024 cdrom - ok
21:00:09.0331 3024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:00:09.0409 3024 CertPropSvc - ok
21:00:09.0440 3024 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:00:09.0487 3024 circlass - ok
21:00:09.0518 3024 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:00:09.0549 3024 CLFS - ok
21:00:09.0815 3024 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:09.0846 3024 clr_optimization_v2.0.50727_32 - ok
21:00:09.0939 3024 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:00:09.0971 3024 clr_optimization_v2.0.50727_64 - ok
21:00:10.0361 3024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:00:10.0392 3024 clr_optimization_v4.0.30319_32 - ok
21:00:10.0423 3024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:00:10.0454 3024 clr_optimization_v4.0.30319_64 - ok
21:00:10.0501 3024 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:10.0532 3024 CmBatt - ok
21:00:10.0548 3024 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:00:10.0548 3024 cmdide - ok
21:00:10.0610 3024 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:00:10.0641 3024 CNG - ok
21:00:10.0688 3024 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:00:10.0719 3024 Compbatt - ok
21:00:10.0751 3024 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:00:10.0782 3024 CompositeBus - ok
21:00:10.0782 3024 COMSysApp - ok
21:00:10.0782 3024 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:00:10.0797 3024 crcdisk - ok
21:00:10.0844 3024 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:00:10.0907 3024 CryptSvc - ok
21:00:11.0000 3024 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:00:11.0063 3024 CtClsFlt - ok
21:00:11.0219 3024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:00:11.0297 3024 DcomLaunch - ok
21:00:11.0343 3024 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:00:11.0406 3024 defragsvc - ok
21:00:11.0468 3024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:00:11.0562 3024 DfsC - ok
21:00:11.0593 3024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:00:11.0655 3024 Dhcp - ok
21:00:11.0671 3024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:00:11.0718 3024 discache - ok
21:00:11.0765 3024 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:00:11.0796 3024 Disk - ok
21:00:11.0843 3024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:00:11.0905 3024 Dnscache - ok
21:00:11.0967 3024 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:00:12.0030 3024 dot3svc - ok
21:00:12.0061 3024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:00:12.0139 3024 DPS - ok
21:00:12.0186 3024 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:00:12.0233 3024 drmkaud - ok
21:00:12.0279 3024 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:00:12.0311 3024 DXGKrnl - ok
21:00:12.0357 3024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:00:12.0467 3024 EapHost - ok
21:00:12.0919 3024 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:00:13.0122 3024 ebdrv - ok
21:00:13.0153 3024 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:00:13.0200 3024 EFS - ok
21:00:13.0481 3024 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:00:13.0559 3024 ehRecvr - ok
21:00:13.0590 3024 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:00:13.0621 3024 ehSched - ok
21:00:13.0683 3024 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:00:13.0730 3024 elxstor - ok
21:00:13.0730 3024 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:00:13.0761 3024 ErrDev - ok
21:00:13.0855 3024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:00:13.0933 3024 EventSystem - ok
21:00:14.0261 3024 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:00:14.0292 3024 EvtEng - ok
21:00:14.0339 3024 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:00:14.0401 3024 exfat - ok
21:00:14.0495 3024 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:00:14.0557 3024 fastfat - ok
21:00:14.0619 3024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:00:14.0666 3024 Fax - ok
21:00:14.0697 3024 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:00:14.0744 3024 fdc - ok
21:00:14.0791 3024 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:00:14.0869 3024 fdPHost - ok
21:00:14.0900 3024 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:00:14.0947 3024 FDResPub - ok
21:00:14.0994 3024 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:00:14.0994 3024 FileInfo - ok
21:00:14.0994 3024 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:00:15.0072 3024 Filetrace - ok
21:00:15.0087 3024 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:00:15.0119 3024 flpydisk - ok
21:00:15.0165 3024 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:00:15.0197 3024 FltMgr - ok
21:00:15.0462 3024 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:00:15.0524 3024 FontCache - ok
21:00:15.0571 3024 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:00:15.0587 3024 FontCache3.0.0.0 - ok
21:00:15.0711 3024 FreemakeVideoCapture - ok
21:00:15.0758 3024 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:00:15.0805 3024 FsDepends - ok
21:00:15.0852 3024 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:00:15.0867 3024 Fs_Rec - ok
21:00:15.0914 3024 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:00:15.0945 3024 fvevol - ok
21:00:15.0977 3024 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:00:16.0008 3024 gagp30kx - ok
21:00:16.0055 3024 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:16.0086 3024 GEARAspiWDM - ok
21:00:16.0133 3024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:00:16.0195 3024 gpsvc - ok
21:00:16.0211 3024 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:00:16.0257 3024 hcw85cir - ok
21:00:16.0289 3024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:16.0335 3024 HDAudBus - ok
21:00:16.0335 3024 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:00:16.0351 3024 HidBatt - ok
21:00:16.0367 3024 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:00:16.0413 3024 HidBth - ok
21:00:16.0445 3024 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:00:16.0460 3024 HidIr - ok
21:00:16.0476 3024 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:00:16.0538 3024 hidserv - ok
21:00:16.0554 3024 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:00:16.0569 3024 HidUsb - ok
21:00:16.0585 3024 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:00:16.0663 3024 hkmsvc - ok
21:00:16.0694 3024 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:00:16.0741 3024 HomeGroupListener - ok
21:00:16.0788 3024 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:00:16.0835 3024 HomeGroupProvider - ok
21:00:16.0881 3024 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:00:16.0897 3024 HpSAMD - ok
21:00:16.0944 3024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:00:17.0022 3024 HTTP - ok
21:00:17.0022 3024 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:00:17.0022 3024 hwpolicy - ok
21:00:17.0037 3024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:17.0069 3024 i8042prt - ok
21:00:17.0131 3024 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:00:17.0162 3024 iaStor - ok
21:00:17.0225 3024 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:00:17.0256 3024 iaStorV - ok
21:00:17.0271 3024 [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:00:17.0287 3024 iBtFltCoex - ok
21:00:17.0349 3024 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:00:17.0381 3024 idsvc - ok
21:00:18.0972 3024 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:00:19.0284 3024 igfx - ok
21:00:19.0331 3024 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:00:19.0362 3024 iirsp - ok
21:00:19.0424 3024 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:00:19.0518 3024 IKEEXT - ok
21:00:19.0596 3024 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
21:00:19.0643 3024 Impcd - ok
21:00:19.0721 3024 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:00:19.0736 3024 intaud_WaveExtensible - ok
21:00:19.0845 3024 [ 1B491F385EE96F9D9EE4CB430C8CD29E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:00:19.0877 3024 IntcAzAudAddService - ok
21:00:19.0923 3024 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:00:19.0955 3024 intelide - ok
21:00:20.0001 3024 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:00:20.0048 3024 intelppm - ok
21:00:20.0079 3024 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:00:20.0142 3024 IPBusEnum - ok
21:00:20.0157 3024 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:20.0189 3024 IpFilterDriver - ok
21:00:20.0235 3024 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:00:20.0298 3024 iphlpsvc - ok
21:00:20.0313 3024 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:00:20.0360 3024 IPMIDRV - ok
21:00:20.0360 3024 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:00:20.0407 3024 IPNAT - ok
21:00:20.0501 3024 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:00:20.0532 3024 iPod Service - ok
21:00:20.0563 3024 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:00:20.0594 3024 IRENUM - ok
21:00:20.0625 3024 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:00:20.0641 3024 isapnp - ok
21:00:20.0719 3024 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:00:20.0766 3024 iScsiPrt - ok
21:00:20.0813 3024 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:00:20.0828 3024 iwdbus - ok
21:00:20.0844 3024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:20.0859 3024 kbdclass - ok
21:00:20.0859 3024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:00:20.0906 3024 kbdhid - ok
21:00:20.0922 3024 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:00:20.0937 3024 KeyIso - ok
21:00:20.0969 3024 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:00:20.0984 3024 KSecDD - ok
21:00:21.0015 3024 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:00:21.0031 3024 KSecPkg - ok
21:00:21.0062 3024 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:00:21.0140 3024 ksthunk - ok
21:00:21.0171 3024 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:00:21.0249 3024 KtmRm - ok
21:00:21.0312 3024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:00:21.0374 3024 LanmanServer - ok
21:00:21.0405 3024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:00:21.0468 3024 LanmanWorkstation - ok
21:00:21.0515 3024 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:00:21.0561 3024 lltdio - ok
21:00:21.0639 3024 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:00:21.0733 3024 lltdsvc - ok
21:00:21.0764 3024 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:00:21.0795 3024 lmhosts - ok
21:00:21.0842 3024 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:00:21.0858 3024 LMS - ok
21:00:21.0905 3024 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:00:21.0936 3024 LSI_FC - ok
21:00:21.0967 3024 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:00:21.0998 3024 LSI_SAS - ok
21:00:21.0998 3024 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:00:21.0998 3024 LSI_SAS2 - ok
21:00:22.0014 3024 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:00:22.0029 3024 LSI_SCSI - ok
21:00:22.0045 3024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:00:22.0061 3024 luafv - ok
21:00:22.0092 3024 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:00:22.0139 3024 Mcx2Svc - ok
21:00:22.0154 3024 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:00:22.0170 3024 megasas - ok
21:00:22.0217 3024 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:00:22.0248 3024 MegaSR - ok
21:00:22.0279 3024 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:00:22.0295 3024 MEIx64 - ok
21:00:22.0326 3024 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:00:22.0373 3024 MMCSS - ok
21:00:22.0373 3024 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:00:22.0404 3024 Modem - ok
21:00:22.0419 3024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:00:22.0435 3024 monitor - ok
21:00:22.0451 3024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:00:22.0451 3024 mouclass - ok
21:00:22.0466 3024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:00:22.0482 3024 mouhid - ok
21:00:22.0513 3024 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:00:22.0513 3024 mountmgr - ok
21:00:22.0607 3024 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:00:22.0638 3024 MozillaMaintenance - ok
21:00:22.0638 3024 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:00:22.0653 3024 mpio - ok
21:00:22.0653 3024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:00:22.0685 3024 mpsdrv - ok
21:00:22.0919 3024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:00:23.0012 3024 MpsSvc - ok
21:00:23.0043 3024 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:00:23.0121 3024 MRxDAV - ok
21:00:23.0153 3024 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:23.0199 3024 mrxsmb - ok
21:00:23.0231 3024 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:23.0277 3024 mrxsmb10 - ok
21:00:23.0293 3024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:23.0309 3024 mrxsmb20 - ok
21:00:23.0340 3024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:00:23.0355 3024 msahci - ok
21:00:23.0402 3024 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:00:23.0433 3024 msdsm - ok
21:00:23.0496 3024 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:00:23.0558 3024 MSDTC - ok
21:00:23.0574 3024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:00:23.0605 3024 Msfs - ok
21:00:23.0621 3024 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:00:23.0683 3024 mshidkmdf - ok
21:00:23.0714 3024 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:00:23.0730 3024 msisadrv - ok
21:00:23.0777 3024 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:00:23.0839 3024 MSiSCSI - ok
21:00:23.0839 3024 msiserver - ok
21:00:23.0870 3024 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:00:23.0948 3024 MSKSSRV - ok
21:00:23.0964 3024 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:24.0011 3024 MSPCLOCK - ok
21:00:24.0011 3024 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:00:24.0042 3024 MSPQM - ok
21:00:24.0073 3024 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:00:24.0089 3024 MsRPC - ok
21:00:24.0104 3024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:24.0104 3024 mssmbios - ok
21:00:24.0104 3024 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:00:24.0151 3024 MSTEE - ok
21:00:24.0151 3024 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:00:24.0151 3024 MTConfig - ok
21:00:24.0151 3024 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:00:24.0167 3024 Mup - ok
21:00:24.0229 3024 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:00:24.0260 3024 MyWiFiDHCPDNS - ok
21:00:24.0291 3024 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:00:24.0354 3024 napagent - ok
21:00:24.0432 3024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:00:24.0494 3024 NativeWifiP - ok
21:00:24.0603 3024 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:00:24.0650 3024 NAUpdate - ok
21:00:24.0713 3024 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:00:24.0759 3024 NDIS - ok
21:00:24.0791 3024 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:24.0853 3024 NdisCap - ok
21:00:24.0869 3024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:24.0900 3024 NdisTapi - ok
21:00:24.0915 3024 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:24.0978 3024 Ndisuio - ok
21:00:24.0978 3024 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:25.0009 3024 NdisWan - ok
21:00:25.0025 3024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:00:25.0056 3024 NDProxy - ok
21:00:25.0071 3024 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:00:25.0118 3024 NetBIOS - ok
21:00:25.0134 3024 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:00:25.0165 3024 NetBT - ok
21:00:25.0196 3024 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:00:25.0196 3024 Netlogon - ok
21:00:25.0259 3024 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:00:25.0337 3024 Netman - ok
21:00:25.0383 3024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:25.0415 3024 NetMsmqActivator - ok
21:00:25.0415 3024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:25.0430 3024 NetPipeActivator - ok
21:00:25.0446 3024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:00:25.0493 3024 netprofm - ok
21:00:25.0493 3024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:25.0493 3024 NetTcpActivator - ok
21:00:25.0493 3024 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:25.0508 3024 NetTcpPortSharing - ok
21:00:25.0711 3024 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:00:25.0898 3024 NETwNs64 - ok
21:00:25.0961 3024 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:00:25.0992 3024 nfrd960 - ok
21:00:26.0039 3024 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:00:26.0117 3024 NlaSvc - ok
21:00:26.0241 3024 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
21:00:26.0257 3024 npf - ok
21:00:26.0288 3024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:00:26.0351 3024 Npfs - ok
21:00:26.0366 3024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:00:26.0397 3024 nsi - ok
21:00:26.0413 3024 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:00:26.0475 3024 nsiproxy - ok
21:00:26.0569 3024 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:00:26.0600 3024 Ntfs - ok
21:00:26.0631 3024 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:00:26.0725 3024 Null - ok
21:00:26.0772 3024 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:00:26.0819 3024 nusb3hub - ok
21:00:26.0850 3024 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:00:26.0897 3024 nusb3xhc - ok
21:00:28.0581 3024 [ 573B0941A37AEBEE96085D56A103F57B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:00:28.0722 3024 nvlddmkm - ok
21:00:28.0753 3024 [ 43AF7EBEAC2AB623468E32CADDCB61A4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
21:00:28.0769 3024 nvpciflt - ok
21:00:28.0831 3024 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:00:28.0862 3024 nvraid - ok
21:00:28.0909 3024 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:00:28.0940 3024 nvstor - ok
21:00:29.0159 3024 [ C500760572C6059918FB0C960967695B ] NVSvc C:\Windows\system32\nvvsvc.exe
21:00:29.0205 3024 NVSvc - ok
21:00:29.0689 3024 [ F28169A7ADF7B41809CF92D369E744F0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:00:29.0814 3024 nvUpdatusService - ok
21:00:29.0829 3024 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:00:29.0845 3024 nv_agp - ok
21:00:30.0079 3024 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:00:30.0110 3024 odserv - ok
21:00:30.0126 3024 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:00:30.0188 3024 ohci1394 - ok
21:00:30.0235 3024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:00:30.0266 3024 ose - ok
21:00:30.0297 3024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:00:30.0360 3024 p2pimsvc - ok
21:00:30.0391 3024 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:00:30.0391 3024 p2psvc - ok
21:00:30.0422 3024 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:00:30.0453 3024 Parport - ok
21:00:30.0500 3024 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:00:30.0531 3024 partmgr - ok
21:00:30.0547 3024 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:00:30.0563 3024 PcaSvc - ok
21:00:30.0609 3024 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:00:30.0641 3024 pci - ok
21:00:30.0656 3024 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:00:30.0687 3024 pciide - ok
21:00:30.0719 3024 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:00:30.0750 3024 pcmcia - ok
21:00:30.0750 3024 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:00:30.0765 3024 pcw - ok
21:00:30.0781 3024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:00:30.0828 3024 PEAUTH - ok
21:00:32.0403 3024 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:00:32.0466 3024 PerfHost - ok
21:00:32.0903 3024 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:00:33.0012 3024 pla - ok
21:00:33.0090 3024 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:00:33.0152 3024 PlugPlay - ok
21:00:33.0168 3024 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:00:33.0199 3024 PNRPAutoReg - ok
21:00:33.0230 3024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:00:33.0246 3024 PNRPsvc - ok
21:00:33.0402 3024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:00:33.0495 3024 PolicyAgent - ok
21:00:33.0542 3024 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:00:33.0589 3024 Power - ok
21:00:33.0620 3024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:00:33.0667 3024 PptpMiniport - ok
21:00:33.0683 3024 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:00:33.0714 3024 Processor - ok
21:00:33.0745 3024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:00:33.0792 3024 ProfSvc - ok
21:00:33.0823 3024 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:00:33.0839 3024 ProtectedStorage - ok
21:00:33.0870 3024 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:00:33.0917 3024 Psched - ok
21:00:33.0963 3024 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:00:33.0963 3024 PxHlpa64 - ok
21:00:34.0041 3024 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:00:34.0073 3024 ql2300 - ok
21:00:34.0088 3024 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:00:34.0088 3024 ql40xx - ok
21:00:34.0119 3024 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:00:34.0151 3024 QWAVE - ok
21:00:34.0182 3024 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:00:34.0260 3024 QWAVEdrv - ok
21:00:34.0307 3024 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:00:34.0369 3024 RasAcd - ok
21:00:34.0400 3024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:00:34.0478 3024 RasAgileVpn - ok
21:00:34.0525 3024 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:00:34.0619 3024 RasAuto - ok
21:00:34.0650 3024 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:34.0759 3024 Rasl2tp - ok
21:00:34.0806 3024 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:00:34.0853 3024 RasMan - ok
21:00:34.0868 3024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:34.0962 3024 RasPppoe - ok
21:00:34.0993 3024 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:00:35.0055 3024 RasSstp - ok
21:00:35.0071 3024 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:00:35.0102 3024 rdbss - ok
21:00:35.0102 3024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:00:35.0118 3024 rdpbus - ok
21:00:35.0133 3024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:35.0149 3024 RDPCDD - ok
21:00:35.0149 3024 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:00:35.0196 3024 RDPENCDD - ok
21:00:35.0196 3024 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:00:35.0227 3024 RDPREFMP - ok
21:00:35.0258 3024 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:00:35.0305 3024 RDPWD - ok
21:00:35.0336 3024 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:00:35.0367 3024 rdyboost - ok
21:00:35.0601 3024 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:00:35.0664 3024 RegSrvc - ok
21:00:35.0711 3024 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:00:35.0804 3024 RemoteAccess - ok
21:00:35.0882 3024 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:00:35.0945 3024 RemoteRegistry - ok
21:00:35.0976 3024 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:00:36.0038 3024 RFCOMM - ok
21:00:36.0069 3024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:00:36.0163 3024 RpcEptMapper - ok
21:00:36.0210 3024 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:00:36.0257 3024 RpcLocator - ok
21:00:36.0288 3024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:00:36.0335 3024 RpcSs - ok
21:00:36.0366 3024 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:00:36.0428 3024 rspndr - ok
21:00:36.0491 3024 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:00:36.0522 3024 RSUSBSTOR - ok
21:00:36.0537 3024 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:00:36.0569 3024 RTL8167 - ok
21:00:36.0584 3024 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:00:36.0584 3024 SamSs - ok
21:00:36.0631 3024 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:00:36.0662 3024 sbp2port - ok
21:00:36.0709 3024 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:00:36.0787 3024 SCardSvr - ok
21:00:36.0803 3024 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:00:36.0849 3024 scfilter - ok
21:00:36.0881 3024 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:00:36.0943 3024 Schedule - ok
21:00:36.0990 3024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:00:37.0037 3024 SCPolicySvc - ok
21:00:37.0161 3024 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:00:37.0208 3024 SDRSVC - ok
21:00:37.0255 3024 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:00:37.0333 3024 secdrv - ok
21:00:37.0349 3024 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:00:37.0380 3024 seclogon - ok
21:00:37.0411 3024 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:00:37.0473 3024 SENS - ok
21:00:37.0473 3024 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:00:37.0536 3024 SensrSvc - ok
21:00:37.0583 3024 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:00:37.0629 3024 Serenum - ok
21:00:37.0645 3024 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:00:37.0692 3024 Serial - ok
21:00:37.0707 3024 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:00:37.0739 3024 sermouse - ok
21:00:37.0770 3024 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:00:37.0817 3024 SessionEnv - ok
21:00:37.0832 3024 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:00:37.0832 3024 sffdisk - ok
21:00:37.0832 3024 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:00:37.0848 3024 sffp_mmc - ok
21:00:37.0863 3024 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:00:37.0863 3024 sffp_sd - ok
21:00:37.0895 3024 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:00:37.0926 3024 sfloppy - ok
21:00:38.0846 3024 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:00:38.0940 3024 SftService - ok
21:00:39.0018 3024 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:00:39.0096 3024 SharedAccess - ok
21:00:39.0189 3024 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:00:39.0283 3024 ShellHWDetection - ok
21:00:39.0314 3024 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:00:39.0314 3024 SiSRaid2 - ok
21:00:39.0345 3024 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:00:39.0361 3024 SiSRaid4 - ok
21:00:39.0470 3024 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:00:39.0486 3024 SkypeUpdate - ok
21:00:39.0517 3024 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:00:39.0611 3024 Smb - ok
21:00:39.0657 3024 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:00:39.0704 3024 SNMPTRAP - ok
21:00:39.0735 3024 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:00:39.0767 3024 spldr - ok
21:00:39.0969 3024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:00:40.0001 3024 Spooler - ok
21:00:40.0157 3024 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:00:40.0250 3024 sppsvc - ok
21:00:40.0266 3024 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:00:40.0328 3024 sppuinotify - ok
21:00:40.0437 3024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:00:40.0500 3024 srv - ok
21:00:40.0515 3024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:00:40.0562 3024 srv2 - ok
21:00:40.0578 3024 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:00:40.0593 3024 srvnet - ok
21:00:40.0671 3024 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:00:40.0718 3024 SSDPSRV - ok
21:00:40.0749 3024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:00:40.0812 3024 SstpSvc - ok
21:00:40.0937 3024 [ 0683504BBB3FFC0A73D9D217B63DD0E0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:00:40.0968 3024 Stereo Service - ok
21:00:40.0999 3024 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:00:41.0015 3024 stexstor - ok
21:00:41.0077 3024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:00:41.0124 3024 stisvc - ok
21:00:41.0124 3024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:00:41.0124 3024 swenum - ok
21:00:41.0202 3024 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:00:41.0264 3024 swprv - ok
21:00:41.0327 3024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:00:41.0358 3024 SysMain - ok
21:00:41.0389 3024 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:00:41.0436 3024 TabletInputService - ok
21:00:41.0451 3024 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:00:41.0545 3024 TapiSrv - ok
21:00:41.0576 3024 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:00:41.0607 3024 TBS - ok
21:00:41.0685 3024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:00:41.0717 3024 Tcpip - ok
21:00:41.0763 3024 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:00:41.0795 3024 TCPIP6 - ok
21:00:41.0826 3024 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:00:41.0888 3024 tcpipreg - ok
21:00:41.0888 3024 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:00:41.0919 3024 TDPIPE - ok
21:00:41.0951 3024 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:00:41.0966 3024 TDTCP - ok
21:00:41.0982 3024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:00:42.0029 3024 tdx - ok
21:00:42.0044 3024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:00:42.0044 3024 TermDD - ok
21:00:42.0091 3024 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:00:42.0153 3024 TermService - ok
21:00:42.0169 3024 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:00:42.0216 3024 Themes - ok
21:00:42.0247 3024 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:00:42.0294 3024 THREADORDER - ok
21:00:42.0356 3024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:00:42.0434 3024 TrkWks - ok
21:00:42.0637 3024 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:00:42.0715 3024 TrustedInstaller - ok
21:00:42.0746 3024 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:42.0793 3024 tssecsrv - ok
21:00:42.0871 3024 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:00:42.0933 3024 TsUsbFlt - ok
21:00:42.0933 3024 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:00:42.0965 3024 TsUsbGD - ok
21:00:42.0980 3024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:00:43.0011 3024 tunnel - ok
21:00:43.0074 3024 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
21:00:43.0089 3024 TurboB - ok
21:00:43.0261 3024 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:00:43.0292 3024 TurboBoost - ok
21:00:43.0323 3024 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:00:43.0323 3024 uagp35 - ok
21:00:43.0386 3024 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:00:43.0448 3024 udfs - ok
21:00:43.0479 3024 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:00:43.0542 3024 UI0Detect - ok
21:00:43.0557 3024 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:00:43.0573 3024 uliagpkx - ok
21:00:43.0620 3024 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:00:43.0667 3024 umbus - ok
21:00:43.0682 3024 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:00:43.0713 3024 UmPass - ok
21:00:44.0415 3024 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:00:44.0493 3024 UNS - ok
21:00:44.0587 3024 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:00:44.0681 3024 upnphost - ok
21:00:44.0743 3024 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:00:44.0805 3024 USBAAPL64 - ok
21:00:44.0852 3024 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:44.0915 3024 usbccgp - ok
21:00:44.0930 3024 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:00:44.0946 3024 usbcir - ok
21:00:44.0961 3024 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:00:44.0993 3024 usbehci - ok
21:00:45.0055 3024 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:00:45.0086 3024 usbhub - ok
21:00:45.0117 3024 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:00:45.0164 3024 usbohci - ok
21:00:45.0242 3024 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:00:45.0320 3024 usbprint - ok
21:00:45.0336 3024 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:45.0414 3024 USBSTOR - ok
21:00:45.0461 3024 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:00:45.0507 3024 usbuhci - ok
21:00:45.0523 3024 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:00:45.0539 3024 usbvideo - ok
21:00:45.0570 3024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:00:45.0648 3024 UxSms - ok
21:00:45.0679 3024 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:00:45.0679 3024 VaultSvc - ok
21:00:45.0710 3024 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:00:45.0741 3024 vdrvroot - ok
21:00:45.0773 3024 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:00:45.0851 3024 vds - ok
21:00:45.0851 3024 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:45.0866 3024 vga - ok
21:00:45.0866 3024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:00:45.0897 3024 VgaSave - ok
21:00:45.0929 3024 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:00:45.0960 3024 vhdmp - ok
21:00:45.0975 3024 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:00:46.0007 3024 viaide - ok
21:00:46.0022 3024 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:00:46.0022 3024 volmgr - ok
21:00:46.0038 3024 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:00:46.0053 3024 volmgrx - ok
21:00:46.0100 3024 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:00:46.0147 3024 volsnap - ok
21:00:46.0178 3024 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:00:46.0209 3024 vsmraid - ok
21:00:46.0537 3024 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:00:46.0599 3024 VSS - ok
21:00:46.0615 3024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:00:46.0631 3024 vwifibus - ok
21:00:46.0662 3024 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:00:46.0724 3024 vwififlt - ok
21:00:46.0740 3024 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:00:46.0802 3024 vwifimp - ok
21:00:46.0849 3024 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:00:46.0896 3024 W32Time - ok
21:00:46.0911 3024 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:00:46.0943 3024 WacomPen - ok
21:00:46.0989 3024 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:00:47.0052 3024 WANARP - ok
21:00:47.0067 3024 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:00:47.0083 3024 Wanarpv6 - ok
21:00:47.0130 3024 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:00:47.0208 3024 wbengine - ok
21:00:47.0239 3024 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:00:47.0286 3024 WbioSrvc - ok
21:00:47.0301 3024 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:00:47.0333 3024 wcncsvc - ok
21:00:47.0348 3024 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:00:47.0364 3024 WcsPlugInService - ok
21:00:47.0395 3024 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:00:47.0411 3024 Wd - ok
21:00:47.0442 3024 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:00:47.0473 3024 Wdf01000 - ok
21:00:47.0489 3024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:00:47.0598 3024 WdiServiceHost - ok
21:00:47.0598 3024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:00:47.0613 3024 WdiSystemHost - ok
21:00:47.0645 3024 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:00:47.0691 3024 WebClient - ok
21:00:47.0723 3024 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:00:47.0785 3024 Wecsvc - ok
21:00:47.0801 3024 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:00:47.0863 3024 wercplsupport - ok
21:00:47.0894 3024 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:00:47.0925 3024 WerSvc - ok
21:00:47.0957 3024 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:48.0019 3024 WfpLwf - ok
21:00:48.0066 3024 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:00:48.0097 3024 WimFltr - ok
21:00:48.0097 3024 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:00:48.0097 3024 WIMMount - ok
21:00:48.0128 3024 WinDefend - ok
21:00:48.0144 3024 WinHttpAutoProxySvc - ok
21:00:48.0503 3024 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:00:48.0549 3024 Winmgmt - ok
21:00:48.0971 3024 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:00:49.0017 3024 WinRM - ok
21:00:49.0080 3024 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:00:49.0142 3024 WinUsb - ok
21:00:49.0189 3024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:00:49.0267 3024 Wlansvc - ok
21:00:49.0329 3024 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:00:49.0376 3024 wlcrasvc - ok
21:00:49.0673 3024 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:00:49.0719 3024 wlidsvc - ok
21:00:49.0751 3024 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:00:49.0782 3024 WmiAcpi - ok
21:00:49.0860 3024 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:00:49.0922 3024 wmiApSrv - ok
21:00:49.0953 3024 WMPNetworkSvc - ok
21:00:49.0985 3024 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:00:50.0031 3024 WPCSvc - ok
21:00:50.0047 3024 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:00:50.0078 3024 WPDBusEnum - ok
21:00:50.0109 3024 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:00:50.0172 3024 ws2ifsl - ok
21:00:50.0203 3024 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:00:50.0234 3024 wscsvc - ok
21:00:50.0234 3024 WSearch - ok
21:00:50.0328 3024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:00:50.0406 3024 wuauserv - ok
21:00:50.0453 3024 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:00:50.0531 3024 WudfPf - ok
21:00:50.0577 3024 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:50.0655 3024 WUDFRd - ok
21:00:50.0687 3024 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:00:50.0733 3024 wudfsvc - ok
21:00:50.0733 3024 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:00:50.0780 3024 WwanSvc - ok
21:00:50.0811 3024 ================ Scan global ===============================
21:00:50.0843 3024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:00:50.0874 3024 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:00:50.0889 3024 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:00:50.0921 3024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:00:50.0952 3024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:00:50.0983 3024 [Global] - ok
21:00:50.0983 3024 ================ Scan MBR ==================================
21:00:50.0999 3024 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:00:54.0836 3024 \Device\Harddisk0\DR0 - ok
21:00:54.0852 3024 ================ Scan VBR ==================================
21:00:54.0852 3024 [ 2A244DC023890B0AB663EAF096DAEC8B ] \Device\Harddisk0\DR0\Partition1
21:00:54.0852 3024 \Device\Harddisk0\DR0\Partition1 - ok
21:00:54.0883 3024 [ 50BD90137798F9B2C3C8FBEB898CDE2B ] \Device\Harddisk0\DR0\Partition2
21:00:54.0899 3024 \Device\Harddisk0\DR0\Partition2 - ok
21:00:54.0930 3024 [ 7A47F0550DEDDADB9BBBF91E7C238B27 ] \Device\Harddisk0\DR0\Partition3
21:00:54.0930 3024 \Device\Harddisk0\DR0\Partition3 - ok
21:00:54.0930 3024 ============================================================
21:00:54.0930 3024 Scan finished
21:00:54.0930 3024 ============================================================
21:00:54.0945 3112 Detected object count: 0
21:00:54.0945 3112 Actual detected object count: 0
|
|
01.10.2012, 12:09
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
01.10.2012, 19:41
| #19 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus, hier das Logfile von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-30.03 - *** 01.10.2012 20:20:32.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.6366 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 ))))))))))))))))))))))))))))))
.
.
2012-09-29 18:57 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11AF56E2-0BFF-44D2-9B33-BDE69738F6B8}\mpengine.dll
2012-09-26 17:58 . 2012-09-26 17:58 -------- d-----w- C:\_OTL
2012-09-25 21:33 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-18 21:30 . 2012-09-18 21:30 -------- d-----w- c:\program files (x86)\ESET
2012-09-13 19:34 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 19:34 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 19:34 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 19:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 19:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 19:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 19:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:05 . 2012-09-11 21:05 -------- d-----w- c:\users\Gast\AppData\Roaming\dvdcss
2012-09-11 20:57 . 2012-09-11 21:00 -------- d-----w- c:\users\Gast\AppData\Roaming\PhotoScape
2012-09-11 20:55 . 2012-09-11 20:56 -------- d-----w- c:\users\***\AppData\Roaming\PhotoScape
2012-09-11 20:30 . 2012-09-11 20:44 -------- d-----w- c:\users\Gast\AppData\Roaming\XnView
2012-09-08 14:21 . 2012-09-08 14:22 -------- d-----w- c:\users\Gast\AppData\Roaming\Skype
2012-09-08 14:21 . 2012-09-08 14:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-08 14:21 . 2012-09-08 14:21 -------- d-----r- c:\program files (x86)\Skype
2012-09-02 20:22 . 2012-09-02 20:22 2295408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-02 20:22 . 2012-09-02 20:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 18:06 . 2012-08-08 18:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-25 21:29 . 2012-05-02 19:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 21:29 . 2012-02-13 20:58 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 20:59 . 2012-05-01 10:15 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2012-05-20 18:26 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 18:01 . 2012-08-08 18:01 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-08 18:00 . 2012-08-08 18:00 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-08 17:29 . 2003-03-19 02:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-08 17:29 . 2003-02-21 10:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-18 18:15 . 2012-08-22 07:46 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-23 14:33 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-22 07:46 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-22 07:46 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-22 07:46 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-22 07:46 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-08-08 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 250288]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-21 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 21:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2lnrwk99.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-01 20:30:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-01 18:30
.
Vor Suchlauf: 12 Verzeichnis(se), 853.228.191.744 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 852.896.690.176 Bytes frei
.
- - End Of File - - 3C406CAA4471623B66464E34CF17B7C6
|
|
02.10.2012, 14:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 22:19
| #21 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus, hier das Logfile von Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-03 22:55:42
Windows 6.1.7601 Service Pack 1
Running: k02g1etv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb42015db9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb42015db9 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
[code] Leider habe ich große Probleme OSAM zu entpacken. 7-zip will sich einfach nicht auf meinem Computer installieren lassen um OSAM zu entpacken. Immer wieder will es installiert werden, dabei habe ich es schon 100 Mal installiert. Kann ich mir bei euch das andere Entpackungsprogramm winrar irgendwo sicher runterladen? |
|
04.10.2012, 09:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Ich kann das Problem mit 7zip so überhaupt nicht nachvollziehen! Was lässt sich nicht installieren? Mit so einer Problembeschreibung kann dir niemand helfen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 09:11
| #23 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus, ich habe 7Zip von eurer angegebenen Seite runtergeladen. Dann wollte ich es installieren, ich wurde gefragt, wohin ich es installieren will und ich habe den Speicherort (Desktop) bestimmt. Wenn ich das Programm öffnen möchte, werde ich wieder gefragt, wohin ich es installieren möchte. Ich habe den Installationsvorgang erneut ausgeführt.. und erneut... und erneut. Ich werde also immer wieder gefragt, wohin ich die Software installieren möchte. Dann habe ich OSAM runtergeladen und wollte es mit 7Zip öffnen, ich wurde aber wieder gefragt, wohin ich 7Zip speichern möchte und der Installationsvorgang von 7Zip startet immer wieder erneut. Dann habe ich 7Zip von meinem Desktop gelöscht und es noch einmal heruntergeladen. Ich habe wieder versucht es zu installieren, aber es funktioniert nicht und der Installationsprozess startet immer wieder neu mit der Frage wohin ich es installieren möchte. Auch andere Speicherorte (Laufwerk C -> Programme) funktioniert nicht. Was soll ich also tun? Gruß, Rebecca |
|
07.10.2012, 09:27
| #24 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangenZitat:
Und welche angegebene Seite das angeblich sein soll verrätst du auch nicht Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 10:10
| #25 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus, hier die TB-Seite, die ich als Erste gelesen habe und in der geraten wurde, 7-Zip zu benutzen, um Logfiles zu posten: http://www.trojaner-board.de/69886-a...-beachten.html Hier die Seite, von der ich 7Zip runterladen wollte: hxxp://filepony.de/download-7-zip/ Wie ich in meinem vorherigen Post geschrieben habe, habe ich nicht nur versucht, das Programm auf dem Desktop zu speichern, sondern auch unter Laufwerk C/Programme (x86). Dort gab es die gleichen Probleme, das Programm zu speichern. |
|
07.10.2012, 18:52
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Ach das meinst du, ich hatte gedacht da wäre eine Anleitung als separater Artikel zu da! Dennoch versteh ich diese Probleme mit 7zip bei dir nicht Zitat:
hast du den Browser ganz normal gestartet? Lade 7zip bitte von hier => http://downloads.sourceforge.net/sevenzip/7z920.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 20:27
| #27 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Hallo Cosinus, endlich hat es mit dem Download und Installieren von 7zip von deiner angegebenen Seite funktioniert. Anbei die beiden noch offenen Logfiles. OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:06:34 on 08.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files (x86)\Real\RealPlayer\rpshell.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.1.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Bluetooth Device Monitor" (Bluetooth Device Monitor) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe "Bluetooth Media Service" (Bluetooth Media Service) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe "Bluetooth OBEX Service" (Bluetooth OBEX Service) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FreemakeVideoCapture" (FreemakeVideoCapture) - ? - "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" (File not found) "Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service" (BTHSSecurityMgr) - "Intel(R) Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service" (AMPPALR3) - "Intel Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "SoftThinks Agent Service" (SftService) - "SoftThinks SAS" - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== und das Logfile von aswmbr Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 21:09:26
-----------------------------
21:09:26.153 OS Version: Windows x64 6.1.7601 Service Pack 1
21:09:26.153 Number of processors: 8 586 0x2A07
21:09:26.153 ComputerName: ***-PC UserName: ***
21:09:28.197 Initialize success
21:14:31.066 AVAST engine defs: 12100800
21:14:41.394 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:14:41.409 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3
21:14:41.425 Disk 0 MBR read successfully
21:14:41.425 Disk 0 MBR scan
21:14:41.440 Disk 0 Windows VISTA default MBR code
21:14:41.440 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
21:14:41.472 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
21:14:41.534 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 888764 MB offset 41172992
21:14:41.550 Disk 0 Partition - 00 0F Extended LBA 44999 MB offset 1861363712
21:14:41.596 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 44998 MB offset 1861365760
21:14:41.643 Disk 0 scanning C:\Windows\system32\drivers
21:14:51.019 Service scanning
21:15:15.121 Modules scanning
21:15:15.137 Disk 0 trace - called modules:
21:15:15.168 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:15:15.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095d6790]
21:15:15.199 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007858050]
21:15:17.742 AVAST engine scan C:\Windows
21:15:21.611 AVAST engine scan C:\Windows\system32
21:17:42.760 AVAST engine scan C:\Windows\system32\drivers
21:17:53.087 AVAST engine scan C:\Users\***
21:19:49.525 AVAST engine scan C:\ProgramData
21:20:20.101 Scan finished successfully
21:20:45.966 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:20:45.966 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
RebeccaRosa |
|
09.10.2012, 11:02
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 21:54
| #29 |
| | Trojaner.Agent: Ich habe mir wohl etwas eingefangen Vollscan von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 09.10.2012 20:57:05 mbam-log-2012-10-09 (20-57-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345855 Laufzeit: 27 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier das erste Scan-Logfile: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 10/09/2012 bei 08:54 PM
Version der Applikation : 5.6.1008
Version der Kern-Datenbank : 9369
Version der Spur-Datenbank : 7181
Scan Art : kompletter Scann
Totale Scann-Zeit : 00:42:29
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Gescannte Speicherelemente : 570
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 76425
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 41927
Erfasste Datei-Elemente : 0
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/09/2012 at 10:45 PM
Application Version : 5.6.1008
Core Rules Database Version : 9369
Trace Rules Database Version: 7181
Scan type : Complete Scan
Total Scan Time : 01:19:05
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 76436
Registry threats detected : 0
File items scanned : 117645
File threats detected : 42
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PUCE4O2S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\REBECCA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2LNRWK99.DEFAULT\COOKIES.SQLITE ]
|
|
10.10.2012, 12:21
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner.Agent: Ich habe mir wohl etwas eingefangenCode:
ATTFilter UAC On - Limited User
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner.Agent: Ich habe mir wohl etwas eingefangen |
| adobe, agent, autorun, avg, avg secure search, avg security toolbar, bho, bonjour, cid, converter, defender, error, explorer, firefox, flash player, format, home, logfile, monitor, mozilla, mp3, nvpciflt.sys, plug-in, realtek, registry, safer networking, secure search, security, senden, software, system, trojaner, trojaner-board, trojaner.agent, vtoolbarupdater, wscript.exe, übertragung |
Linear-Darstellung
