| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/TDss.abx und TR/Alureon, Dateien wegWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.09.2012, 10:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun
O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe
:Files
C:\Users\Chrissi\Desktop\File_Recovery.lnk
C:\ProgramData\-r9VEbHteCG314Gr
C:\ProgramData\-r9VEbHteCG314G
C:\ProgramData\r9VEbHteCG314G
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.09.2012, 14:29
| #17 |
 | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Oh oh - der Laptop hat sich währenddessen aufgehängt... "Keine Rückmeldung"
__________________Auf dem Bildschirm ist nur das geöffnete OTL-Programm zu sehen, ansonsten ist im Hintergrund ein Windows-Hintergrundbild, aber keine Icons... Und nun??  Jetzt stand da gerade: Das Programm wird nicht richtig ausgeführt. Das Programm wird geschlossen. Und nun ist alles weg.... ?!?! Nur noch ein türkisblauer Windows-Hintergrund und der Mauspfeil sind noch da... Geändert von ChristinaXXX (25.09.2012 um 14:56 Uhr) |
|
25.09.2012, 15:07
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________
__________________ |
|
25.09.2012, 15:25
| #19 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Ok. Das kann aber ein Weilchen dauern, er installiert gerade Update 1 von 64! So, nachdem der Laptop jetzt alle Updates installiert hat und ich ihn neu hochgefahren habe (im abgesicherten Modus mit Netzwerktreibern) stand da nun Folgendes: Code:
ATTFilter
Files\Folders moved on Reboot...
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_BB01CACA-2267-47EE-991C-01BDDFBA7721.0\3A55CDE6. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_B4E1D178-D07F-40EE-B6BA-C2E1E959F2AA.0\81A8421. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_7360CF61-5058-404E-924F-C5611F39455A.0\246E4431. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_42ECA27C-F6CB-4C64-9EC0-782A156A2C37.0\CA253CDA. not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Ist das nun schon fertig oder muss ich den OTL-Fix nochmal machen? |
|
25.09.2012, 18:23
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Sieht aus, als hättest du mein Fixscript nicht komplett bzw. 1:1 kopiert oder du hast das Log unvollständig gepostet!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 20:04
| #21 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Nee, also der Log ist komplett so, mehr stand da nicht. Soll ich das einfach nochmal machen alles?? |
|
26.09.2012, 11:07
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Dann wiederhol den Fix bitte!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 15:25
| #23 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien wegCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\ not found.
File F:\Startme.exe not found.
========== FILES ==========
File\Folder C:\Users\Chrissi\Desktop\File_Recovery.lnk not found.
File\Folder C:\ProgramData\-r9VEbHteCG314Gr not found.
File\Folder C:\ProgramData\-r9VEbHteCG314G not found.
File\Folder C:\ProgramData\r9VEbHteCG314G not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Chrissi\Desktop\cmd.bat deleted successfully.
C:\Users\Chrissi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chrissi
->Temp folder emptied: 356119 bytes
->Temporary Internet Files folder emptied: 48235627 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 628 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Schule
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 221052430 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 257,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.66.2 log created on 09262012_161649
Files\Folders moved on Reboot...
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_BB01CACA-2267-47EE-991C-01BDDFBA7721.0\3A55CDE6. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_B4E1D178-D07F-40EE-B6BA-C2E1E959F2AA.0\81A8421. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_7360CF61-5058-404E-924F-C5611F39455A.0\246E4431. not found!
File\Folder C:\Users\Chrissi\AppData\Local\Temp\OICE_42ECA27C-F6CB-4C64-9EC0-782A156A2C37.0\CA253CDA. not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
26.09.2012, 16:23
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 17:58
| #25 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien wegCode:
ATTFilter 18:54:31.0333 6128 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:54:31.0473 6128 ============================================================
18:54:31.0473 6128 Current date / time: 2012/09/26 18:54:31.0473
18:54:31.0473 6128 SystemInfo:
18:54:31.0474 6128
18:54:31.0474 6128 OS Version: 6.0.6002 ServicePack: 2.0
18:54:31.0474 6128 Product type: Workstation
18:54:31.0474 6128 ComputerName: CHRISSI-PC
18:54:31.0474 6128 UserName: Chrissi
18:54:31.0474 6128 Windows directory: C:\Windows
18:54:31.0474 6128 System windows directory: C:\Windows
18:54:31.0474 6128 Processor architecture: Intel x86
18:54:31.0474 6128 Number of processors: 2
18:54:31.0474 6128 Page size: 0x1000
18:54:31.0474 6128 Boot type: Normal boot
18:54:31.0474 6128 ============================================================
18:54:32.0023 6128 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:32.0039 6128 ============================================================
18:54:32.0039 6128 \Device\Harddisk0\DR0:
18:54:32.0039 6128 MBR partitions:
18:54:32.0158 6128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x226D3F70, BlocksNum 0x2D59751
18:54:32.0158 6128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2
18:54:32.0158 6128 ============================================================
18:54:32.0227 6128 C: <-> \Device\Harddisk0\DR0\Partition2
18:54:32.0227 6128 D: <-> \Device\Harddisk0\DR0\Partition1
18:54:32.0227 6128 ============================================================
18:54:32.0227 6128 Initialize success
18:54:32.0227 6128 ============================================================
18:55:09.0255 5744 ============================================================
18:55:09.0255 5744 Scan started
18:55:09.0255 5744 Mode: Manual; SigCheck; TDLFS;
18:55:09.0255 5744 ============================================================
18:55:10.0182 5744 ================ Scan system memory ========================
18:55:10.0182 5744 System memory - ok
18:55:10.0182 5744 ================ Scan services =============================
18:55:10.0396 5744 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:55:10.0597 5744 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:55:10.0810 5744 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:55:10.0831 5744 ACPI - ok
18:55:10.0922 5744 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:55:10.0937 5744 AdobeFlashPlayerUpdateSvc - ok
18:55:10.0981 5744 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:55:11.0009 5744 adp94xx - ok
18:55:11.0041 5744 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:55:11.0062 5744 adpahci - ok
18:55:11.0091 5744 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:55:11.0107 5744 adpu160m - ok
18:55:11.0131 5744 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:55:11.0145 5744 adpu320 - ok
18:55:11.0206 5744 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:55:11.0353 5744 AeLookupSvc - ok
18:55:11.0426 5744 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:55:11.0491 5744 AFD - ok
18:55:11.0583 5744 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:55:11.0603 5744 agp440 - ok
18:55:11.0653 5744 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:55:11.0675 5744 aic78xx - ok
18:55:11.0708 5744 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:55:11.0851 5744 ALG - ok
18:55:11.0900 5744 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:55:11.0913 5744 aliide - ok
18:55:11.0942 5744 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:55:11.0956 5744 amdagp - ok
18:55:11.0980 5744 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:55:11.0993 5744 amdide - ok
18:55:12.0019 5744 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:55:12.0072 5744 AmdK7 - ok
18:55:12.0090 5744 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:55:12.0143 5744 AmdK8 - ok
18:55:12.0224 5744 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:55:12.0239 5744 AntiVirSchedulerService - ok
18:55:12.0298 5744 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:55:12.0311 5744 AntiVirService - ok
18:55:12.0345 5744 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:55:12.0402 5744 Appinfo - ok
18:55:12.0538 5744 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:55:12.0552 5744 Apple Mobile Device - ok
18:55:12.0612 5744 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:55:12.0634 5744 arc - ok
18:55:12.0699 5744 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:55:12.0720 5744 arcsas - ok
18:55:12.0745 5744 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:12.0829 5744 AsyncMac - ok
18:55:12.0934 5744 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:55:12.0948 5744 atapi - ok
18:55:12.0997 5744 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
18:55:13.0016 5744 ATSWPDRV - ok
18:55:13.0104 5744 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:55:13.0161 5744 AudioEndpointBuilder - ok
18:55:13.0170 5744 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:55:13.0198 5744 Audiosrv - ok
18:55:13.0249 5744 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:55:13.0264 5744 avgntflt - ok
18:55:13.0346 5744 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:55:13.0362 5744 avipbb - ok
18:55:13.0445 5744 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:55:13.0461 5744 avkmgr - ok
18:55:13.0518 5744 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:55:13.0577 5744 Beep - ok
18:55:13.0691 5744 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:55:13.0745 5744 BFE - ok
18:55:13.0813 5744 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:55:13.0902 5744 BITS - ok
18:55:13.0945 5744 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:55:14.0007 5744 blbdrive - ok
18:55:14.0076 5744 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:55:14.0104 5744 Bonjour Service - ok
18:55:14.0154 5744 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:55:14.0215 5744 bowser - ok
18:55:14.0247 5744 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:55:14.0342 5744 BrFiltLo - ok
18:55:14.0396 5744 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:55:14.0454 5744 BrFiltUp - ok
18:55:14.0516 5744 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:55:14.0612 5744 Browser - ok
18:55:14.0643 5744 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:55:14.0897 5744 Brserid - ok
18:55:14.0928 5744 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:55:15.0057 5744 BrSerWdm - ok
18:55:15.0122 5744 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:55:15.0253 5744 BrUsbMdm - ok
18:55:15.0272 5744 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:55:15.0376 5744 BrUsbSer - ok
18:55:15.0458 5744 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:55:15.0577 5744 BTHMODEM - ok
18:55:15.0704 5744 [ 48F64A84054771B2FEF55606ADF57557 ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys
18:55:15.0750 5744 Cam5607 - ok
18:55:15.0789 5744 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:55:15.0873 5744 cdfs - ok
18:55:15.0913 5744 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:55:15.0999 5744 cdrom - ok
18:55:16.0048 5744 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:55:16.0132 5744 CertPropSvc - ok
18:55:16.0201 5744 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:55:16.0250 5744 circlass - ok
18:55:16.0364 5744 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:55:16.0399 5744 CLFS - ok
18:55:16.0519 5744 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:16.0545 5744 clr_optimization_v2.0.50727_32 - ok
18:55:16.0686 5744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:16.0711 5744 clr_optimization_v4.0.30319_32 - ok
18:55:16.0778 5744 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:16.0850 5744 CmBatt - ok
18:55:16.0907 5744 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:55:16.0932 5744 cmdide - ok
18:55:16.0968 5744 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:55:16.0993 5744 Compbatt - ok
18:55:17.0005 5744 COMSysApp - ok
18:55:17.0068 5744 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:55:17.0093 5744 crcdisk - ok
18:55:17.0111 5744 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:55:17.0189 5744 Crusoe - ok
18:55:17.0233 5744 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:55:17.0313 5744 CryptSvc - ok
18:55:17.0391 5744 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:55:17.0474 5744 DcomLaunch - ok
18:55:17.0533 5744 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:55:17.0620 5744 DfsC - ok
18:55:17.0767 5744 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:55:17.0934 5744 DFSR - ok
18:55:17.0976 5744 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:55:18.0014 5744 Dhcp - ok
18:55:18.0083 5744 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:55:18.0097 5744 disk - ok
18:55:18.0213 5744 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:55:18.0270 5744 Dnscache - ok
18:55:18.0311 5744 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:55:18.0350 5744 dot3svc - ok
18:55:18.0417 5744 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:55:18.0479 5744 DPS - ok
18:55:18.0539 5744 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:55:18.0580 5744 drmkaud - ok
18:55:18.0748 5744 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:55:18.0795 5744 DXGKrnl - ok
18:55:18.0919 5744 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:55:18.0993 5744 E1G60 - ok
18:55:19.0028 5744 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:55:19.0086 5744 EapHost - ok
18:55:19.0139 5744 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:55:19.0157 5744 Ecache - ok
18:55:19.0319 5744 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:55:19.0366 5744 ehRecvr - ok
18:55:19.0389 5744 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:55:19.0439 5744 ehSched - ok
18:55:19.0450 5744 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:55:19.0476 5744 ehstart - ok
18:55:19.0604 5744 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:55:19.0666 5744 elxstor - ok
18:55:19.0741 5744 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:55:19.0835 5744 EMDMgmt - ok
18:55:19.0958 5744 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
18:55:19.0964 5744 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
18:55:19.0964 5744 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
18:55:20.0153 5744 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:55:20.0216 5744 ErrDev - ok
18:55:20.0313 5744 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:55:20.0360 5744 EventSystem - ok
18:55:20.0545 5744 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:55:20.0619 5744 exfat - ok
18:55:20.0696 5744 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:55:20.0739 5744 fastfat - ok
18:55:20.0805 5744 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:55:20.0845 5744 fdc - ok
18:55:20.0885 5744 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:55:20.0927 5744 fdPHost - ok
18:55:20.0951 5744 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:55:21.0032 5744 FDResPub - ok
18:55:21.0067 5744 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:55:21.0082 5744 FileInfo - ok
18:55:21.0103 5744 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:55:21.0144 5744 Filetrace - ok
18:55:21.0163 5744 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:55:21.0206 5744 flpydisk - ok
18:55:21.0253 5744 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:55:21.0271 5744 FltMgr - ok
18:55:21.0397 5744 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:55:21.0462 5744 FontCache - ok
18:55:21.0609 5744 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:21.0626 5744 FontCache3.0.0.0 - ok
18:55:21.0667 5744 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:55:21.0708 5744 Fs_Rec - ok
18:55:21.0753 5744 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:55:21.0773 5744 gagp30kx - ok
18:55:21.0817 5744 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:55:21.0831 5744 GEARAspiWDM - ok
18:55:21.0913 5744 [ 33EFD5039EA1BFA623D8BB9FB787CB0F ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
18:55:21.0921 5744 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
18:55:21.0921 5744 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
18:55:21.0983 5744 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:55:22.0033 5744 gpsvc - ok
18:55:22.0118 5744 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:22.0139 5744 gupdate - ok
18:55:22.0162 5744 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:22.0183 5744 gupdatem - ok
18:55:22.0208 5744 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:55:22.0225 5744 gusvc - ok
18:55:22.0277 5744 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:55:22.0347 5744 HdAudAddService - ok
18:55:22.0391 5744 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:55:22.0448 5744 HDAudBus - ok
18:55:22.0481 5744 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:55:22.0537 5744 HidBth - ok
18:55:22.0557 5744 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:55:22.0625 5744 HidIr - ok
18:55:22.0688 5744 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:55:22.0752 5744 hidserv - ok
18:55:22.0804 5744 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:55:22.0853 5744 HidUsb - ok
18:55:22.0883 5744 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:55:22.0915 5744 hkmsvc - ok
18:55:22.0954 5744 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
18:55:22.0971 5744 Hotkey ( UnsignedFile.Multi.Generic ) - warning
18:55:22.0971 5744 Hotkey - detected UnsignedFile.Multi.Generic (1)
18:55:23.0009 5744 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:55:23.0027 5744 HpCISSs - ok
18:55:23.0082 5744 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:55:23.0134 5744 HTTP - ok
18:55:23.0168 5744 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:55:23.0187 5744 i2omp - ok
18:55:23.0208 5744 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:55:23.0256 5744 i8042prt - ok
18:55:23.0320 5744 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:55:23.0339 5744 IAANTMON - ok
18:55:23.0377 5744 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:55:23.0392 5744 iaStor - ok
18:55:23.0420 5744 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:55:23.0440 5744 iaStorV - ok
18:55:23.0592 5744 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:23.0672 5744 idsvc - ok
18:55:23.0727 5744 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:55:23.0743 5744 iirsp - ok
18:55:23.0800 5744 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:55:23.0917 5744 IKEEXT - ok
18:55:24.0067 5744 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:55:24.0243 5744 IntcAzAudAddService - ok
18:55:24.0308 5744 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:55:24.0327 5744 intelide - ok
18:55:24.0338 5744 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:55:24.0394 5744 intelppm - ok
18:55:24.0428 5744 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:55:24.0521 5744 IPBusEnum - ok
18:55:24.0538 5744 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:24.0588 5744 IpFilterDriver - ok
18:55:24.0649 5744 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:55:24.0765 5744 iphlpsvc - ok
18:55:24.0773 5744 IpInIp - ok
18:55:24.0820 5744 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:55:24.0889 5744 IPMIDRV - ok
18:55:24.0922 5744 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:55:24.0973 5744 IPNAT - ok
18:55:25.0037 5744 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:55:25.0082 5744 iPod Service - ok
18:55:25.0151 5744 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:55:25.0176 5744 IRENUM - ok
18:55:25.0205 5744 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:55:25.0218 5744 isapnp - ok
18:55:25.0268 5744 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:55:25.0284 5744 iScsiPrt - ok
18:55:25.0324 5744 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:55:25.0337 5744 iteatapi - ok
18:55:25.0388 5744 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:55:25.0400 5744 iteraid - ok
18:55:25.0432 5744 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:25.0445 5744 kbdclass - ok
18:55:25.0463 5744 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:55:25.0499 5744 kbdhid - ok
18:55:25.0562 5744 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:55:25.0605 5744 KeyIso - ok
18:55:25.0647 5744 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:55:25.0677 5744 KSecDD - ok
18:55:25.0809 5744 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:55:25.0886 5744 KtmRm - ok
18:55:25.0939 5744 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:55:26.0004 5744 LanmanServer - ok
18:55:26.0070 5744 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:55:26.0173 5744 LanmanWorkstation - ok
18:55:26.0222 5744 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:55:26.0301 5744 lltdio - ok
18:55:26.0342 5744 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:55:26.0418 5744 lltdsvc - ok
18:55:26.0438 5744 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:55:26.0521 5744 lmhosts - ok
18:55:26.0552 5744 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:55:26.0567 5744 LSI_FC - ok
18:55:26.0624 5744 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:55:26.0639 5744 LSI_SAS - ok
18:55:26.0661 5744 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:55:26.0676 5744 LSI_SCSI - ok
18:55:26.0700 5744 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:55:26.0742 5744 luafv - ok
18:55:26.0811 5744 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:55:26.0824 5744 MBAMProtector - ok
18:55:26.0904 5744 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:55:26.0924 5744 MBAMScheduler - ok
18:55:27.0005 5744 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:55:27.0034 5744 MBAMService - ok
18:55:27.0120 5744 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:55:27.0138 5744 McComponentHostService - ok
18:55:27.0174 5744 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:55:27.0206 5744 Mcx2Svc - ok
18:55:27.0284 5744 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:55:27.0297 5744 megasas - ok
18:55:27.0324 5744 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:55:27.0349 5744 MegaSR - ok
18:55:27.0379 5744 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:55:27.0420 5744 MMCSS - ok
18:55:27.0552 5744 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:55:27.0596 5744 Modem - ok
18:55:27.0675 5744 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:55:27.0706 5744 monitor - ok
18:55:27.0758 5744 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:55:27.0773 5744 mouclass - ok
18:55:27.0788 5744 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:55:27.0836 5744 mouhid - ok
18:55:27.0855 5744 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:55:27.0874 5744 MountMgr - ok
18:55:28.0043 5744 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:55:28.0064 5744 mpio - ok
18:55:28.0094 5744 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:55:28.0129 5744 mpsdrv - ok
18:55:28.0181 5744 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:55:28.0270 5744 MpsSvc - ok
18:55:28.0314 5744 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:55:28.0338 5744 Mraid35x - ok
18:55:28.0394 5744 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:55:28.0435 5744 MRxDAV - ok
18:55:28.0535 5744 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:28.0583 5744 mrxsmb - ok
18:55:28.0641 5744 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:28.0677 5744 mrxsmb10 - ok
18:55:28.0724 5744 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:28.0752 5744 mrxsmb20 - ok
18:55:28.0823 5744 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
18:55:28.0839 5744 msahci - ok
18:55:28.0881 5744 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:55:28.0898 5744 msdsm - ok
18:55:29.0095 5744 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:55:29.0196 5744 MSDTC - ok
18:55:29.0219 5744 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:55:29.0276 5744 Msfs - ok
18:55:29.0308 5744 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:55:29.0327 5744 msisadrv - ok
18:55:29.0373 5744 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:55:29.0438 5744 MSiSCSI - ok
18:55:29.0447 5744 msiserver - ok
18:55:29.0474 5744 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:55:29.0526 5744 MSKSSRV - ok
18:55:29.0545 5744 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:29.0587 5744 MSPCLOCK - ok
18:55:29.0609 5744 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:55:29.0635 5744 MSPQM - ok
18:55:29.0743 5744 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:55:29.0760 5744 MsRPC - ok
18:55:29.0833 5744 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:29.0845 5744 mssmbios - ok
18:55:29.0981 5744 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:55:30.0012 5744 MSTEE - ok
18:55:30.0050 5744 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:55:30.0066 5744 Mup - ok
18:55:30.0171 5744 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:55:30.0214 5744 napagent - ok
18:55:30.0285 5744 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:55:30.0307 5744 NativeWifiP - ok
18:55:30.0484 5744 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:55:30.0519 5744 NDIS - ok
18:55:30.0579 5744 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:30.0635 5744 NdisTapi - ok
18:55:30.0684 5744 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:30.0732 5744 Ndisuio - ok
18:55:30.0811 5744 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:30.0898 5744 NdisWan - ok
18:55:30.0939 5744 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:55:30.0978 5744 NDProxy - ok
18:55:31.0181 5744 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:55:31.0268 5744 Nero BackItUp Scheduler 3 - ok
18:55:31.0300 5744 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:55:31.0364 5744 NetBIOS - ok
18:55:31.0419 5744 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:55:31.0462 5744 netbt - ok
18:55:31.0499 5744 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:55:31.0527 5744 Netlogon - ok
18:55:31.0591 5744 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:55:31.0682 5744 Netman - ok
18:55:31.0707 5744 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:55:31.0794 5744 netprofm - ok
18:55:31.0853 5744 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:31.0866 5744 NetTcpPortSharing - ok
18:55:31.0968 5744 [ 4547B8AEDD8119FCC127FDC7F282E983 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
18:55:32.0147 5744 NETw4v32 - ok
18:55:32.0301 5744 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:55:32.0316 5744 nfrd960 - ok
18:55:32.0355 5744 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:55:32.0388 5744 NlaSvc - ok
18:55:32.0471 5744 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:55:32.0494 5744 NMIndexingService - ok
18:55:32.0534 5744 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:55:32.0558 5744 Npfs - ok
18:55:32.0568 5744 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:55:32.0647 5744 nsi - ok
18:55:32.0690 5744 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:55:32.0742 5744 nsiproxy - ok
18:55:32.0879 5744 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:55:32.0989 5744 Ntfs - ok
18:55:33.0055 5744 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:55:33.0127 5744 ntrigdigi - ok
18:55:33.0164 5744 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:55:33.0211 5744 Null - ok
18:55:33.0450 5744 [ B0CC8B78A9F0C6D9C8909B9BF874A4DE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:55:33.0981 5744 nvlddmkm - ok
18:55:34.0033 5744 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:55:34.0053 5744 nvraid - ok
18:55:34.0077 5744 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:55:34.0097 5744 nvstor - ok
18:55:34.0146 5744 [ 1F3671DC1060477E6262E41F9EFD46F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:55:34.0176 5744 nvsvc - ok
18:55:34.0203 5744 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:55:34.0219 5744 nv_agp - ok
18:55:34.0226 5744 NwlnkFlt - ok
18:55:34.0234 5744 NwlnkFwd - ok
18:55:34.0266 5744 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:55:34.0391 5744 ohci1394 - ok
18:55:34.0434 5744 [ 27915BDFF44CA08E85DA3D1DDB7B6ECD ] omniserv C:\Program Files\Softex\OmniPass\OmniServ.exe
18:55:34.0475 5744 omniserv ( UnsignedFile.Multi.Generic ) - warning
18:55:34.0475 5744 omniserv - detected UnsignedFile.Multi.Generic (1)
18:55:34.0581 5744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:34.0595 5744 ose - ok
18:55:34.0833 5744 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:35.0139 5744 osppsvc - ok
18:55:35.0201 5744 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:55:35.0337 5744 p2pimsvc - ok
18:55:35.0361 5744 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:55:35.0420 5744 p2psvc - ok
18:55:35.0449 5744 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:55:35.0495 5744 Parport - ok
18:55:35.0617 5744 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:55:35.0632 5744 partmgr - ok
18:55:35.0690 5744 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:55:35.0749 5744 Parvdm - ok
18:55:35.0774 5744 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:55:35.0842 5744 PcaSvc - ok
18:55:35.0881 5744 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:55:35.0899 5744 pci - ok
18:55:35.0913 5744 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:55:35.0929 5744 pciide - ok
18:55:35.0952 5744 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:55:35.0970 5744 pcmcia - ok
18:55:36.0016 5744 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:55:36.0113 5744 PEAUTH - ok
18:55:36.0242 5744 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:55:36.0349 5744 pla - ok
18:55:36.0389 5744 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
18:55:36.0426 5744 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:55:36.0426 5744 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:55:36.0470 5744 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:55:36.0541 5744 PlugPlay - ok
18:55:36.0601 5744 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:55:36.0636 5744 PNRPAutoReg - ok
18:55:36.0651 5744 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:55:36.0774 5744 PNRPsvc - ok
18:55:36.0874 5744 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:55:37.0033 5744 PolicyAgent - ok
18:55:37.0081 5744 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:55:37.0157 5744 PptpMiniport - ok
18:55:37.0293 5744 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:55:37.0343 5744 Processor - ok
18:55:37.0408 5744 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:55:37.0489 5744 ProfSvc - ok
18:55:37.0514 5744 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:37.0541 5744 ProtectedStorage - ok
18:55:37.0578 5744 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:55:37.0627 5744 PSched - ok
18:55:37.0835 5744 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:55:38.0052 5744 ql2300 - ok
18:55:38.0148 5744 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:55:38.0164 5744 ql40xx - ok
18:55:38.0211 5744 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:55:38.0266 5744 QWAVE - ok
18:55:38.0348 5744 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:55:38.0427 5744 QWAVEdrv - ok
18:55:38.0452 5744 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:55:38.0499 5744 RasAcd - ok
18:55:38.0526 5744 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:55:38.0586 5744 RasAuto - ok
18:55:38.0674 5744 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:38.0725 5744 Rasl2tp - ok
18:55:38.0782 5744 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:55:38.0892 5744 RasMan - ok
18:55:38.0943 5744 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:38.0983 5744 RasPppoe - ok
18:55:39.0024 5744 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:55:39.0065 5744 RasSstp - ok
18:55:39.0108 5744 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:55:39.0153 5744 rdbss - ok
18:55:39.0188 5744 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:39.0250 5744 RDPCDD - ok
18:55:39.0298 5744 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:55:39.0353 5744 rdpdr - ok
18:55:39.0362 5744 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:55:39.0431 5744 RDPENCDD - ok
18:55:39.0499 5744 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:55:39.0535 5744 RDPWD - ok
18:55:39.0577 5744 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:55:39.0607 5744 RemoteAccess - ok
18:55:39.0656 5744 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:55:39.0686 5744 RemoteRegistry - ok
18:55:39.0868 5744 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:55:39.0882 5744 RichVideo - ok
18:55:39.0936 5744 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:55:40.0007 5744 RpcLocator - ok
18:55:40.0046 5744 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:55:40.0081 5744 RpcSs - ok
18:55:40.0128 5744 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:55:40.0159 5744 rspndr - ok
18:55:40.0221 5744 [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:55:40.0273 5744 RTL8169 - ok
18:55:40.0332 5744 [ 0D1C1B0DE2819FE1EA25098183130B64 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
18:55:40.0402 5744 RTSTOR - ok
18:55:40.0449 5744 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:55:40.0483 5744 SamSs - ok
18:55:40.0541 5744 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:55:40.0555 5744 sbp2port - ok
18:55:40.0601 5744 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:55:40.0641 5744 SCardSvr - ok
18:55:40.0754 5744 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:55:40.0832 5744 Schedule - ok
18:55:40.0973 5744 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:55:40.0999 5744 SCPolicySvc - ok
18:55:41.0037 5744 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:55:41.0092 5744 SDRSVC - ok
18:55:41.0142 5744 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:55:41.0228 5744 secdrv - ok
18:55:41.0275 5744 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:55:41.0319 5744 seclogon - ok
18:55:41.0342 5744 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:55:41.0392 5744 SENS - ok
18:55:41.0476 5744 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:55:41.0541 5744 Serenum - ok
18:55:41.0564 5744 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:55:41.0634 5744 Serial - ok
18:55:41.0658 5744 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:55:41.0685 5744 sermouse - ok
18:55:41.0723 5744 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:55:41.0753 5744 SessionEnv - ok
18:55:41.0776 5744 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:55:41.0796 5744 sffdisk - ok
18:55:41.0859 5744 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:55:41.0907 5744 sffp_mmc - ok
18:55:41.0929 5744 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:55:41.0964 5744 sffp_sd - ok
18:55:42.0145 5744 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:42.0189 5744 sfloppy - ok
18:55:42.0226 5744 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:55:42.0281 5744 SharedAccess - ok
18:55:42.0328 5744 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:42.0390 5744 ShellHWDetection - ok
18:55:42.0427 5744 [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
18:55:42.0442 5744 Si3531 - ok
18:55:42.0551 5744 [ E853C341BBF4AC0007A8DB0858DBB09D ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
18:55:42.0562 5744 SiFilter - ok
18:55:42.0752 5744 [ D80E6F142EB4963E82A8537DD745F51B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
18:55:42.0762 5744 SiRemFil - ok
18:55:42.0804 5744 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:55:42.0819 5744 sisagp - ok
18:55:42.0849 5744 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:55:42.0864 5744 SiSRaid2 - ok
18:55:42.0893 5744 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:55:42.0908 5744 SiSRaid4 - ok
18:55:42.0970 5744 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:55:42.0983 5744 SkypeUpdate - ok
18:55:43.0256 5744 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:55:43.0641 5744 slsvc - ok
18:55:43.0742 5744 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:55:43.0792 5744 SLUINotify - ok
18:55:43.0828 5744 [ 63A8BC2EF084BA9F1DE28DAC078DA7B3 ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
18:55:43.0838 5744 SMARTMouseFilterx86 - ok
18:55:43.0898 5744 [ D1BED532D69788E3EE646FCF20E66561 ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
18:55:43.0908 5744 SMARTVHidMini2000x86 - ok
18:55:43.0927 5744 [ 2E8B61503AB9B4E29593A4BAEBA1BD81 ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
18:55:43.0937 5744 SMARTVTabletPCx86 - ok
18:55:44.0047 5744 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:55:44.0069 5744 Smb - ok
18:55:44.0119 5744 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:55:44.0152 5744 SNMPTRAP - ok
18:55:44.0249 5744 [ 913D2CE973ED904FE54DE9DB38FCEFF2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:55:44.0484 5744 SNP2UVC - ok
18:55:44.0628 5744 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
18:55:44.0644 5744 Sony PC Companion - ok
18:55:44.0673 5744 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:55:44.0693 5744 spldr - ok
18:55:44.0732 5744 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:55:44.0817 5744 Spooler - ok
18:55:45.0043 5744 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:55:45.0096 5744 srv - ok
18:55:45.0167 5744 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:55:45.0207 5744 srv2 - ok
18:55:45.0296 5744 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:55:45.0333 5744 srvnet - ok
18:55:45.0403 5744 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:55:45.0474 5744 SSDPSRV - ok
18:55:45.0512 5744 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:55:45.0530 5744 ssmdrv - ok
18:55:45.0570 5744 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:55:45.0601 5744 SstpSvc - ok
18:55:45.0664 5744 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:55:45.0736 5744 stisvc - ok
18:55:45.0768 5744 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:55:45.0792 5744 swenum - ok
18:55:45.0836 5744 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:55:45.0901 5744 swprv - ok
18:55:45.0958 5744 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:55:45.0982 5744 Symc8xx - ok
18:55:46.0028 5744 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:55:46.0051 5744 Sym_hi - ok
18:55:46.0082 5744 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:55:46.0106 5744 Sym_u3 - ok
18:55:46.0163 5744 [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:55:46.0189 5744 SynTP - ok
18:55:46.0253 5744 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:55:46.0345 5744 SysMain - ok
18:55:46.0385 5744 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:46.0418 5744 TabletInputService - ok
18:55:46.0523 5744 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:55:46.0606 5744 TapiSrv - ok
18:55:46.0634 5744 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:55:46.0688 5744 TBS - ok
18:55:46.0768 5744 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:55:46.0869 5744 Tcpip - ok
18:55:46.0961 5744 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:55:47.0070 5744 Tcpip6 - ok
18:55:47.0221 5744 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:55:47.0307 5744 tcpipreg - ok
18:55:47.0347 5744 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:55:47.0397 5744 TDPIPE - ok
18:55:47.0454 5744 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:55:47.0504 5744 TDTCP - ok
18:55:47.0774 5744 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:55:47.0864 5744 tdx - ok
18:55:47.0898 5744 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:55:47.0925 5744 TermDD - ok
18:55:47.0967 5744 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:55:48.0054 5744 TermService - ok
18:55:48.0087 5744 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:55:48.0118 5744 Themes - ok
18:55:48.0145 5744 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:55:48.0172 5744 THREADORDER - ok
18:55:48.0216 5744 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:55:48.0279 5744 TrkWks - ok
18:55:48.0391 5744 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:48.0412 5744 TrustedInstaller - ok
18:55:48.0483 5744 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:48.0520 5744 tssecsrv - ok
18:55:48.0550 5744 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:55:48.0586 5744 tunmp - ok
18:55:48.0634 5744 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:55:48.0650 5744 tunnel - ok
18:55:48.0677 5744 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:55:48.0693 5744 uagp35 - ok
18:55:48.0748 5744 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:55:48.0774 5744 udfs - ok
18:55:49.0048 5744 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:55:49.0116 5744 UI0Detect - ok
18:55:49.0163 5744 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:55:49.0189 5744 uliagpkx - ok
18:55:49.0224 5744 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:55:49.0259 5744 uliahci - ok
18:55:49.0299 5744 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:55:49.0325 5744 UlSata - ok
18:55:49.0359 5744 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:55:49.0386 5744 ulsata2 - ok
18:55:49.0412 5744 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:55:49.0495 5744 umbus - ok
18:55:49.0534 5744 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:55:49.0599 5744 upnphost - ok
18:55:49.0644 5744 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:55:49.0678 5744 USBAAPL - ok
18:55:49.0712 5744 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:49.0734 5744 usbccgp - ok
18:55:49.0752 5744 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:55:49.0824 5744 usbcir - ok
18:55:49.0885 5744 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:55:49.0930 5744 usbehci - ok
18:55:49.0986 5744 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:55:50.0011 5744 usbhub - ok
18:55:50.0046 5744 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:55:50.0098 5744 usbohci - ok
18:55:50.0124 5744 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:55:50.0155 5744 usbprint - ok
18:55:50.0214 5744 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:55:50.0285 5744 usbscan - ok
18:55:50.0318 5744 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:50.0359 5744 USBSTOR - ok
18:55:50.0388 5744 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:55:50.0425 5744 usbuhci - ok
18:55:50.0465 5744 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:55:50.0520 5744 usbvideo - ok
18:55:50.0588 5744 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Program Files\Windows Live\Messenger\usnsvc.exe
18:55:50.0604 5744 usnjsvc - ok
18:55:50.0646 5744 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:55:50.0688 5744 UxSms - ok
18:55:50.0752 5744 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:55:50.0795 5744 vds - ok
18:55:50.0838 5744 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:50.0875 5744 vga - ok
18:55:50.0901 5744 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:55:50.0950 5744 VgaSave - ok
18:55:50.0972 5744 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:55:50.0992 5744 viaagp - ok
18:55:51.0008 5744 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:55:51.0060 5744 ViaC7 - ok
18:55:51.0090 5744 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:55:51.0116 5744 viaide - ok
18:55:51.0137 5744 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:55:51.0163 5744 volmgr - ok
18:55:51.0219 5744 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:55:51.0254 5744 volmgrx - ok
18:55:51.0387 5744 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:55:51.0422 5744 volsnap - ok
18:55:51.0458 5744 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:55:51.0490 5744 vsmraid - ok
18:55:51.0601 5744 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:55:51.0735 5744 VSS - ok
18:55:51.0811 5744 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:55:51.0840 5744 W32Time - ok
18:55:51.0896 5744 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:55:52.0022 5744 WacomPen - ok
18:55:52.0051 5744 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:55:52.0072 5744 Wanarp - ok
18:55:52.0105 5744 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:55:52.0126 5744 Wanarpv6 - ok
18:55:52.0190 5744 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:55:52.0218 5744 wcncsvc - ok
18:55:52.0251 5744 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:55:52.0301 5744 WcsPlugInService - ok
18:55:52.0349 5744 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:55:52.0364 5744 Wd - ok
18:55:52.0403 5744 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:55:52.0434 5744 Wdf01000 - ok
18:55:52.0470 5744 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:55:52.0543 5744 WdiServiceHost - ok
18:55:52.0549 5744 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:55:52.0591 5744 WdiSystemHost - ok
18:55:52.0766 5744 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:55:52.0841 5744 WebClient - ok
18:55:52.0884 5744 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:55:52.0970 5744 Wecsvc - ok
18:55:53.0006 5744 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:55:53.0082 5744 wercplsupport - ok
18:55:53.0189 5744 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:55:53.0232 5744 WerSvc - ok
18:55:53.0300 5744 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:55:53.0333 5744 WinDefend - ok
18:55:53.0345 5744 WinHttpAutoProxySvc - ok
18:55:53.0433 5744 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:55:53.0474 5744 Winmgmt - ok
18:55:53.0560 5744 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:55:53.0746 5744 WinRM - ok
18:55:53.0872 5744 [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
18:55:53.0881 5744 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
18:55:53.0881 5744 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
18:55:53.0999 5744 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:55:54.0085 5744 Wlansvc - ok
18:55:54.0175 5744 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:55:54.0231 5744 WLSetupSvc - ok
18:55:54.0274 5744 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:55:54.0314 5744 WmiAcpi - ok
18:55:54.0495 5744 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:55:54.0570 5744 wmiApSrv - ok
18:55:54.0762 5744 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:55:54.0940 5744 WMPNetworkSvc - ok
18:55:55.0006 5744 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:55:55.0082 5744 WPCSvc - ok
18:55:55.0136 5744 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:55:55.0196 5744 WPDBusEnum - ok
18:55:55.0227 5744 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:55:55.0253 5744 WpdUsb - ok
18:55:55.0495 5744 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:55:55.0541 5744 WPFFontCache_v0400 - ok
18:55:55.0579 5744 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:55:55.0701 5744 ws2ifsl - ok
18:55:55.0754 5744 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:55:55.0806 5744 wscsvc - ok
18:55:55.0820 5744 WSearch - ok
18:55:55.0930 5744 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:55:56.0032 5744 wuauserv - ok
18:55:56.0083 5744 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:56.0145 5744 WUDFRd - ok
18:55:56.0240 5744 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:55:56.0274 5744 wudfsvc - ok
18:55:56.0312 5744 ================ Scan global ===============================
18:55:56.0341 5744 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:55:56.0414 5744 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:55:56.0436 5744 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:55:56.0512 5744 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:55:56.0517 5744 [Global] - ok
18:55:56.0517 5744 ================ Scan MBR ==================================
18:55:56.0558 5744 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:55:57.0245 5744 \Device\Harddisk0\DR0 - ok
18:55:57.0246 5744 ================ Scan VBR ==================================
18:55:57.0261 5744 [ 275336F7B51D0029EF0C93E1D29CF4C5 ] \Device\Harddisk0\DR0\Partition1
18:55:57.0262 5744 \Device\Harddisk0\DR0\Partition1 - ok
18:55:57.0267 5744 [ 0F66965CE083CE3A9D3720CF0CA37BFE ] \Device\Harddisk0\DR0\Partition2
18:55:57.0268 5744 \Device\Harddisk0\DR0\Partition2 - ok
18:55:57.0269 5744 ============================================================
18:55:57.0269 5744 Scan finished
18:55:57.0269 5744 ============================================================
18:55:57.0283 5952 Detected object count: 6
18:55:57.0283 5952 Actual detected object count: 6
18:56:21.0949 5952 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0949 5952 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:21.0953 5952 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0954 5952 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:21.0957 5952 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0957 5952 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:21.0959 5952 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0959 5952 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:21.0965 5952 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0965 5952 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:21.0970 5952 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:21.0970 5952 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.09.2012, 13:26
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2012, 19:19
| #27 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-27.03 - Chrissi 27.09.2012 19:35:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1369 [GMT 2:00]
ausgeführt von:: c:\users\Chrissi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chrissi\Documents\~WRL1243.tmp
c:\users\Chrissi\epson373062eu.exe
c:\users\Chrissi\epson373282eu.exe
c:\users\Chrissi\setup_dm_Fotowelt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-27 bis 2012-09-27 ))))))))))))))))))))))))))))))
.
.
2012-09-26 13:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-26 13:00 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-09-26 13:00 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-26 13:00 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-09-26 13:00 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-09-26 13:00 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-09-25 15:42 . 2012-09-25 15:42 -------- d-----w- c:\program files\Windows Portable Devices
2012-09-25 15:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-09-25 15:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-09-25 15:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-09-25 15:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-09-25 15:09 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-09-25 15:09 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-09-25 15:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-25 15:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-09-25 15:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-25 15:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-25 14:51 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-25 14:48 . 2012-09-25 14:48 98816 ----a-w- c:\windows\system32\mfps.dll
2012-09-25 14:47 . 2012-09-25 14:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-09-25 14:47 . 2012-09-25 14:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-09-25 14:47 . 2012-09-25 14:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-09-25 14:47 . 2012-09-25 14:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-09-25 14:47 . 2012-09-25 14:47 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-09-25 14:47 . 2012-09-25 14:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-09-25 14:47 . 2012-09-25 14:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-09-25 13:22 . 2012-09-25 13:22 -------- d-----w- C:\_OTL
2012-09-25 13:07 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-09-25 13:07 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-25 13:07 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-25 13:07 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-25 13:07 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-25 13:07 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-09-25 13:07 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-09-25 13:07 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-09-25 13:07 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-09-25 13:07 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-09-25 13:07 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-09-25 13:05 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-09-25 13:00 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-09-25 13:00 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-09-25 13:00 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-09-25 12:59 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-09-25 12:59 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-09-25 12:59 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-09-25 12:55 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{023BE9D9-C0CE-4F59-98F8-8A8EC8007338}\mpengine.dll
2012-09-25 12:51 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-09-25 12:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-25 12:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-25 12:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-25 12:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-25 12:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-25 12:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-25 12:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-25 12:36 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-25 12:36 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-24 05:22 . 2012-09-24 05:23 -------- d-----w- c:\windows\system32\ca-ES
2012-09-24 05:22 . 2012-09-24 05:23 -------- d-----w- c:\windows\system32\eu-ES
2012-09-24 05:22 . 2012-09-24 05:23 -------- d-----w- c:\windows\system32\vi-VN
2012-09-23 12:14 . 2012-09-23 12:14 -------- d-----w- c:\windows\system32\EventProviders
2012-09-22 16:51 . 2012-09-22 16:51 -------- d-----w- c:\program files\ESET
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\users\Chrissi\AppData\Roaming\Malwarebytes
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-22 11:09 . 2012-09-22 11:09 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 11:09 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 07:14 . 2012-09-22 16:39 -------- d-----w- c:\windows\Microsoft Antimalware
2012-09-14 04:26 . 2012-09-14 04:26 -------- d-----w- c:\program files\Common Files\Skype
2012-09-14 04:26 . 2012-09-14 04:26 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 14:47 . 2012-09-25 14:47 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-09-25 14:47 . 2012-09-25 14:47 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-09-20 19:01 . 2012-08-12 16:08 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 19:01 . 2011-08-20 14:02 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-21 185872]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2011-07-13 1761136]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WiseUpdt.lnk - c:\program files\Schroedel\KlassenManager 3.0\WiseUpdt.exe [2011-8-17 194853]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 19:01]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 07:38]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 07:38]
.
2012-09-05 c:\windows\Tasks\Norton Security Scan for Chrissi.job
- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-06 00:45]
.
2012-09-26 c:\windows\Tasks\ReclaimerResumeInstall_Chrissi.job
- c:\users\Chrissi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 16:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://www.netcologne.de
mWindow Title = Internet Explorer bereitgestellt von NetCologne
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-SjaPfXBKSlE.exe - c:\programdata\SjaPfXBKSlE.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-27 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,2a,1f,a8,98,b3,13,53,b6,0b,c2,7b,ed,34,72,08,87,1c,66,18,18,49,e1,
a8,11,ce,f7,99,3e,cb,3e,5a,24,7b,88,e1,2d,43,bc,df,b3,d9,6f,de,6b,54,99,81,\
"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12
.
[HKEY_USERS\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\SecuROM\License information*]
"datasecu"=hex:32,d2,8f,c1,4f,43,f4,46,bb,d1,08,35,e7,42,c7,ff,03,58,a9,a8,95,
db,09,19,8b,bc,cd,f7,89,77,ee,e9,dc,4b,7f,09,c1,97,e5,e3,ae,56,5d,88,dc,85,\
"rkeysecu"=hex:be,88,e9,bb,d3,91,37,d0,d7,02,b1,3f,34,29,b9,f2
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(908)
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\WisLMSvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-27 20:17:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-27 18:17
.
Vor Suchlauf: 13 Verzeichnis(se), 174.625.062.912 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 174.487.957.504 Bytes frei
.
- - End Of File - - 0143C7A6157BB2018BF8BDA3F851626D
|
|
27.09.2012, 20:49
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 14:35
| #29 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg GMER ging tatsächlich nicht, ist 2x abgestürzt. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:32:49 on 28.09.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Norton Security Scan for Chrissi.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe "ReclaimerResumeInstall_Chrissi.job" - "RealNetworks, Inc." - C:\Users\Chrissi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\Education Software\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "Bison Webcam" (Cam5607) - "Bison Electronics. Inc. " - C:\Windows\System32\Drivers\BisonC07.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "fxliafod" (fxliafod) - ? - C:\Users\Chrissi\AppData\Local\Temp\fxliafod.sys (Hidden registry entry, rootkit activity | File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} "Sprint.ExplorerIntegration.9" - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) "WiseUpdt.lnk" - ? - C:\Program Files\Schroedel\KlassenManager 3.0\WiseUpdt.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "Sony PC Companion" - "Sony" - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SMART Board Service" - "SMART Technologies" - "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" "Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\enppmon.dll "SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 16:01:16
-----------------------------
16:01:16.995 OS Version: Windows 6.0.6002 Service Pack 2
16:01:16.995 Number of processors: 2 586 0xF0D
16:01:16.995 ComputerName: CHRISSI-PC UserName: Chrissi
16:01:43.700 Initialize success
16:01:58.598 AVAST engine defs: 12092800
16:03:14.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:03:14.599 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:03:14.614 Disk 0 MBR read successfully
16:03:14.614 Disk 0 MBR scan
16:03:14.630 Disk 0 Windows VISTA default MBR code
16:03:14.630 Disk 0 Partition - 00 0F Extended LBA 23218 MB offset 577584945
16:03:14.630 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 282023 MB offset 63
16:03:14.661 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 23218 MB offset 577585008
16:03:14.677 Disk 0 scanning sectors +625137345
16:03:14.739 Disk 0 scanning C:\Windows\system32\drivers
16:03:34.348 Service scanning
16:03:59.979 Modules scanning
16:04:12.459 Disk 0 trace - called modules:
16:04:12.475 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:04:12.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867bc8a8]
16:04:12.490 3 CLASSPNP.SYS[8ada28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8592f028]
16:04:12.490 Scan finished successfully
16:07:01.735 Disk 0 MBR has been saved successfully to "C:\Users\Chrissi\Desktop\MBR.dat"
16:07:01.750 The log file has been saved successfully to "C:\Users\Chrissi\Desktop\aswMBR.txt"
|
|
28.09.2012, 15:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner TR/TDss.abx und TR/Alureon, Dateien weg |
| antivir, bonjour, browser, conduit, dateien weg, demokratie, downloader, flash player, homepage, hotkey.sys, install.exe, intranet, launch, ntdll.dll, plug-in, pum.hijack.startmenu, realtek, security, senden, softonic deutsch toolbar, software, svchost.exe, tr/tdss.abx, trojan.fakealert, trojan.foury, trojaner, win32/adware.hddrescue.ab, win32/kryptik.amdf, win32/toolbar.asksbar, xperia |
Linear-Darstellung
