| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.09.2012, 14:31
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei Trojaner Windows Vista Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
DRV - (uxddrv) -- G:\uxddrv86.sys File not found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.07.30 15:42:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.18 16:29:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com
[2010.03.15 20:44:04 | 000,001,840 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml
[2012.09.23 15:12:04 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml
[2011.03.24 22:00:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml
[2011.05.05 08:41:29 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml
[2011.06.30 15:53:50 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml
[2011.08.24 18:22:55 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml
[2011.10.13 19:42:37 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml
[2011.11.09 19:06:18 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml
[2011.11.26 13:11:08 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml
[2012.01.13 19:19:06 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml
[2012.01.22 12:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml
[2010.06.26 11:44:43 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml
[2010.07.24 20:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml
[2010.09.09 14:04:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml
[2010.09.20 08:51:21 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml
[2010.10.28 15:24:07 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml
[2010.11.12 16:37:23 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml
[2010.12.12 12:30:35 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml
[2011.02.24 18:03:27 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml
[2010.03.26 14:51:05 | 000,000,955 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml
[2012.09.13 21:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.13 21:07:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O3 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found
O4 - HKU\S-1-5-18..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found
O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [Facebook Update] C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [gwvwfwtwgvvvxey] C:\ProgramData\gwvwfwtw.exe ()
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2009.07.04 12:00:54 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs
:Files
C:\Program Files\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\plugin@yontoo.com
C:\ProgramData\*.exe
C:\ProgramData\*.pad
C:\ProgramData\*.dat
C:\ProgramData\vtlwnbxqgoouocj
C:\Users\All Users\vtlwnbxqgoouocj
C:\ProgramData\abfvcizfgbxvbpr
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.09.2012, 15:10
| #17 |
 | Bundespolizei Trojaner Windows Vista Hier wiederum das neue Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Service uxddrv stopped successfully!
Service uxddrv deleted successfully!
File G:\uxddrv86.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Folder C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com\ not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MSxmlHpr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MSxmlHpr not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
File C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gwvwfwtwgvvvxey deleted successfully.
File C:\ProgramData\gwvwfwtw.exe not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\Windows\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File D:\autoexec.bat not found.
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca509cf-2beb-11df-9de9-001f1618750a}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs not found.
========== FILES ==========
File\Folder C:\Program Files\Yontoo not found.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\plugin@yontoo.com not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.pad not found.
File\Folder C:\ProgramData\*.dat not found.
File\Folder C:\ProgramData\vtlwnbxqgoouocj not found.
File\Folder C:\Users\All Users\vtlwnbxqgoouocj not found.
File\Folder C:\ProgramData\abfvcizfgbxvbpr not found.
File\Folder C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sarah
->Temp folder emptied: 5816923302 bytes
->Temporary Internet Files folder emptied: 231244674 bytes
->Java cache emptied: 18708868 bytes
->FireFox cache emptied: 1064283348 bytes
->Google Chrome cache emptied: 414010977 bytes
->Apple Safari cache emptied: 522240 bytes
->Flash cache emptied: 2946192 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 356157270 bytes
RecycleBin emptied: 49721230 bytes
Total Files Cleaned = 7.586,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.68.0 log created on 09262012_154500
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Vielen Dank. Geändert von chelito (26.09.2012 um 15:16 Uhr) |
|
26.09.2012, 16:14
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
26.09.2012, 17:21
| #19 |
| | Bundespolizei Trojaner Windows Vista Das TDSSKiller-Log: Code:
ATTFilter 18:19:03.0259 5816 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:19:03.0375 5816 ============================================================
18:19:03.0375 5816 Current date / time: 2012/09/26 18:19:03.0375
18:19:03.0375 5816 SystemInfo:
18:19:03.0375 5816
18:19:03.0375 5816 OS Version: 6.0.6002 ServicePack: 2.0
18:19:03.0375 5816 Product type: Workstation
18:19:03.0375 5816 ComputerName: SARAH-PC
18:19:03.0375 5816 UserName: Sarah
18:19:03.0375 5816 Windows directory: C:\Windows
18:19:03.0375 5816 System windows directory: C:\Windows
18:19:03.0375 5816 Processor architecture: Intel x86
18:19:03.0375 5816 Number of processors: 2
18:19:03.0375 5816 Page size: 0x1000
18:19:03.0375 5816 Boot type: Normal boot
18:19:03.0375 5816 ============================================================
18:19:05.0828 5816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:05.0840 5816 ============================================================
18:19:05.0841 5816 \Device\Harddisk0\DR0:
18:19:05.0841 5816 MBR partitions:
18:19:05.0841 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x370BE000
18:19:05.0841 5816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x370BE800, BlocksNum 0x32C6800
18:19:05.0841 5816 ============================================================
18:19:05.0875 5816 C: <-> \Device\Harddisk0\DR0\Partition1
18:19:05.0901 5816 D: <-> \Device\Harddisk0\DR0\Partition2
18:19:05.0901 5816 ============================================================
18:19:05.0901 5816 Initialize success
18:19:05.0901 5816 ============================================================
18:19:33.0893 4148 ============================================================
18:19:33.0893 4148 Scan started
18:19:33.0893 4148 Mode: Manual; SigCheck; TDLFS;
18:19:33.0893 4148 ============================================================
18:19:34.0729 4148 ================ Scan system memory ========================
18:19:34.0729 4148 System memory - ok
18:19:34.0730 4148 ================ Scan services =============================
18:19:35.0103 4148 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:19:35.0210 4148 ACPI - ok
18:19:35.0292 4148 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
18:19:35.0303 4148 adfs - ok
18:19:35.0405 4148 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:35.0417 4148 AdobeFlashPlayerUpdateSvc - ok
18:19:35.0487 4148 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:19:35.0511 4148 adp94xx - ok
18:19:35.0547 4148 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:19:35.0566 4148 adpahci - ok
18:19:35.0607 4148 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:19:35.0621 4148 adpu160m - ok
18:19:35.0638 4148 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:19:35.0653 4148 adpu320 - ok
18:19:35.0702 4148 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:19:35.0842 4148 AeLookupSvc - ok
18:19:35.0907 4148 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:19:35.0943 4148 AFD - ok
18:19:36.0003 4148 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:19:36.0016 4148 agp440 - ok
18:19:36.0053 4148 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:19:36.0067 4148 aic78xx - ok
18:19:36.0264 4148 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
18:19:36.0264 4148 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
18:19:36.0275 4148 Akamai ( HiddenFile.Multi.Generic ) - warning
18:19:36.0275 4148 Akamai - detected HiddenFile.Multi.Generic (1)
18:19:36.0295 4148 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:19:36.0405 4148 ALG - ok
18:19:36.0440 4148 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:19:36.0452 4148 aliide - ok
18:19:36.0491 4148 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:19:36.0505 4148 amdagp - ok
18:19:36.0522 4148 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:19:36.0534 4148 amdide - ok
18:19:36.0552 4148 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:19:36.0588 4148 AmdK7 - ok
18:19:36.0609 4148 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:19:36.0672 4148 AmdK8 - ok
18:19:36.0775 4148 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:19:36.0787 4148 AntiVirSchedulerService - ok
18:19:36.0805 4148 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:19:36.0815 4148 AntiVirService - ok
18:19:36.0889 4148 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:19:36.0925 4148 Appinfo - ok
18:19:37.0000 4148 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:19:37.0010 4148 Apple Mobile Device - ok
18:19:37.0056 4148 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:19:37.0069 4148 arc - ok
18:19:37.0108 4148 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:19:37.0121 4148 arcsas - ok
18:19:37.0160 4148 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:37.0199 4148 AsyncMac - ok
18:19:37.0241 4148 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:19:37.0253 4148 atapi - ok
18:19:37.0308 4148 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:19:37.0346 4148 AudioEndpointBuilder - ok
18:19:37.0353 4148 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:19:37.0373 4148 Audiosrv - ok
18:19:37.0438 4148 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:37.0452 4148 avgntflt - ok
18:19:37.0480 4148 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:19:37.0493 4148 avipbb - ok
18:19:37.0504 4148 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:19:37.0514 4148 avkmgr - ok
18:19:37.0577 4148 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:19:37.0616 4148 Beep - ok
18:19:37.0680 4148 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:19:37.0767 4148 BFE - ok
18:19:37.0835 4148 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:19:37.0887 4148 BITS - ok
18:19:37.0945 4148 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:19:37.0977 4148 blbdrive - ok
18:19:38.0098 4148 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:19:38.0114 4148 Bonjour Service - ok
18:19:38.0143 4148 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:19:38.0200 4148 bowser - ok
18:19:38.0256 4148 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:19:38.0293 4148 BrFiltLo - ok
18:19:38.0319 4148 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:19:38.0365 4148 BrFiltUp - ok
18:19:38.0402 4148 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:19:38.0455 4148 Browser - ok
18:19:38.0508 4148 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:19:38.0646 4148 Brserid - ok
18:19:38.0686 4148 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:19:38.0744 4148 BrSerWdm - ok
18:19:38.0767 4148 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:19:38.0820 4148 BrUsbMdm - ok
18:19:38.0840 4148 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:19:38.0897 4148 BrUsbSer - ok
18:19:38.0929 4148 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:19:38.0992 4148 BTHMODEM - ok
18:19:39.0056 4148 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:19:39.0101 4148 cdfs - ok
18:19:39.0143 4148 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:19:39.0180 4148 cdrom - ok
18:19:39.0230 4148 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:19:39.0264 4148 CertPropSvc - ok
18:19:39.0292 4148 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:19:39.0333 4148 circlass - ok
18:19:39.0363 4148 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:19:39.0381 4148 CLFS - ok
18:19:39.0426 4148 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:39.0439 4148 clr_optimization_v2.0.50727_32 - ok
18:19:39.0520 4148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:39.0532 4148 clr_optimization_v4.0.30319_32 - ok
18:19:39.0587 4148 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:39.0637 4148 CmBatt - ok
18:19:39.0678 4148 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:19:39.0690 4148 cmdide - ok
18:19:39.0709 4148 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:19:39.0721 4148 Compbatt - ok
18:19:39.0726 4148 COMSysApp - ok
18:19:39.0732 4148 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:19:39.0744 4148 crcdisk - ok
18:19:39.0771 4148 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:19:39.0820 4148 Crusoe - ok
18:19:39.0884 4148 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:19:39.0911 4148 CryptSvc - ok
18:19:39.0991 4148 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:19:40.0124 4148 DcomLaunch - ok
18:19:40.0134 4148 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:19:40.0179 4148 DfsC - ok
18:19:40.0270 4148 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:19:40.0530 4148 DFSR - ok
18:19:40.0603 4148 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:19:40.0641 4148 Dhcp - ok
18:19:40.0673 4148 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:19:40.0686 4148 disk - ok
18:19:40.0753 4148 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:19:40.0802 4148 Dnscache - ok
18:19:40.0834 4148 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:19:40.0854 4148 dot3svc - ok
18:19:40.0913 4148 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:19:40.0952 4148 DPS - ok
18:19:41.0015 4148 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:19:41.0041 4148 drmkaud - ok
18:19:41.0087 4148 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:19:41.0136 4148 DXGKrnl - ok
18:19:41.0198 4148 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:19:41.0222 4148 E1G60 - ok
18:19:41.0300 4148 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:19:41.0334 4148 EapHost - ok
18:19:41.0395 4148 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:19:41.0411 4148 Ecache - ok
18:19:41.0441 4148 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:19:41.0469 4148 ehRecvr - ok
18:19:41.0488 4148 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:19:41.0512 4148 ehSched - ok
18:19:41.0524 4148 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:19:41.0557 4148 ehstart - ok
18:19:41.0599 4148 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:19:41.0619 4148 elxstor - ok
18:19:41.0659 4148 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:19:41.0776 4148 EMDMgmt - ok
18:19:41.0847 4148 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:19:41.0891 4148 ErrDev - ok
18:19:41.0951 4148 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:19:42.0006 4148 EventSystem - ok
18:19:42.0083 4148 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:19:42.0136 4148 exfat - ok
18:19:42.0164 4148 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:19:42.0195 4148 fastfat - ok
18:19:42.0270 4148 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:19:42.0319 4148 fdc - ok
18:19:42.0360 4148 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:19:42.0383 4148 fdPHost - ok
18:19:42.0396 4148 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:19:42.0445 4148 FDResPub - ok
18:19:42.0463 4148 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:19:42.0476 4148 FileInfo - ok
18:19:42.0498 4148 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:19:42.0554 4148 Filetrace - ok
18:19:42.0603 4148 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:19:42.0627 4148 FLEXnet Licensing Service - ok
18:19:42.0661 4148 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:42.0697 4148 flpydisk - ok
18:19:42.0752 4148 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:19:42.0769 4148 FltMgr - ok
18:19:42.0844 4148 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:19:42.0951 4148 FontCache - ok
18:19:43.0016 4148 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:19:43.0026 4148 FontCache3.0.0.0 - ok
18:19:43.0078 4148 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:19:43.0110 4148 Fs_Rec - ok
18:19:43.0166 4148 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:19:43.0179 4148 gagp30kx - ok
18:19:43.0243 4148 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:19:43.0252 4148 GEARAspiWDM - ok
18:19:43.0349 4148 [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
18:19:43.0359 4148 getPlusHelper - ok
18:19:43.0434 4148 [ 6BBC45C590C7166D615670422C2D040A ] geyekrxncpvdiq C:\Windows\system32\drivers\geyekrrieetjvm.sys
18:19:43.0436 4148 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - infected
18:19:43.0436 4148 geyekrxncpvdiq - detected Rootkit.Win32.TDSS.tdl2 (0)
18:19:43.0489 4148 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:19:43.0528 4148 gpsvc - ok
18:19:43.0626 4148 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:19:43.0638 4148 gusvc - ok
18:19:43.0724 4148 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:19:43.0807 4148 HdAudAddService - ok
18:19:43.0845 4148 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:43.0929 4148 HDAudBus - ok
18:19:43.0973 4148 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:19:44.0036 4148 HidBth - ok
18:19:44.0060 4148 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:19:44.0114 4148 HidIr - ok
18:19:44.0141 4148 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:19:44.0202 4148 hidserv - ok
18:19:44.0227 4148 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:19:44.0260 4148 HidUsb - ok
18:19:44.0283 4148 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:19:44.0307 4148 hkmsvc - ok
18:19:44.0346 4148 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:19:44.0358 4148 HpCISSs - ok
18:19:44.0407 4148 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:19:44.0466 4148 HTTP - ok
18:19:44.0499 4148 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:19:44.0512 4148 i2omp - ok
18:19:44.0588 4148 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:44.0624 4148 i8042prt - ok
18:19:44.0649 4148 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:19:44.0665 4148 iaStorV - ok
18:19:44.0750 4148 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:19:44.0774 4148 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:19:44.0774 4148 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:19:44.0844 4148 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:19:44.0875 4148 idsvc - ok
18:19:44.0903 4148 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:19:44.0914 4148 iirsp - ok
18:19:44.0957 4148 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:19:44.0984 4148 IKEEXT - ok
18:19:45.0082 4148 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:19:45.0388 4148 IntcAzAudAddService - ok
18:19:45.0460 4148 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:19:45.0472 4148 intelide - ok
18:19:45.0493 4148 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:19:45.0528 4148 intelppm - ok
18:19:45.0552 4148 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:19:45.0577 4148 IPBusEnum - ok
18:19:45.0598 4148 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:45.0637 4148 IpFilterDriver - ok
18:19:45.0672 4148 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:19:45.0730 4148 iphlpsvc - ok
18:19:45.0735 4148 IpInIp - ok
18:19:45.0770 4148 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:19:45.0807 4148 IPMIDRV - ok
18:19:45.0822 4148 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:19:45.0865 4148 IPNAT - ok
18:19:45.0908 4148 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:19:45.0933 4148 iPod Service - ok
18:19:45.0976 4148 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:19:46.0022 4148 IRENUM - ok
18:19:46.0084 4148 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:19:46.0096 4148 isapnp - ok
18:19:46.0162 4148 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:46.0177 4148 iScsiPrt - ok
18:19:46.0204 4148 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:19:46.0215 4148 iteatapi - ok
18:19:46.0228 4148 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:19:46.0239 4148 iteraid - ok
18:19:46.0263 4148 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:46.0275 4148 kbdclass - ok
18:19:46.0297 4148 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:19:46.0339 4148 kbdhid - ok
18:19:46.0378 4148 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:19:46.0427 4148 KeyIso - ok
18:19:46.0458 4148 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:19:46.0480 4148 KSecDD - ok
18:19:46.0536 4148 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:19:46.0592 4148 KtmRm - ok
18:19:46.0634 4148 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:19:46.0693 4148 LanmanServer - ok
18:19:46.0763 4148 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:19:46.0822 4148 LanmanWorkstation - ok
18:19:46.0854 4148 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:19:46.0894 4148 lltdio - ok
18:19:46.0940 4148 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:19:46.0986 4148 lltdsvc - ok
18:19:47.0003 4148 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:19:47.0069 4148 lmhosts - ok
18:19:47.0099 4148 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:19:47.0112 4148 LSI_FC - ok
18:19:47.0127 4148 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:19:47.0140 4148 LSI_SAS - ok
18:19:47.0176 4148 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:19:47.0190 4148 LSI_SCSI - ok
18:19:47.0219 4148 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:19:47.0243 4148 luafv - ok
18:19:47.0343 4148 [ D1A79F9CF0A0960DF4DAB08BEF847F43 ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:19:47.0373 4148 massfilter - ok
18:19:47.0401 4148 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:19:47.0436 4148 Mcx2Svc - ok
18:19:47.0492 4148 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:19:47.0505 4148 megasas - ok
18:19:47.0541 4148 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:19:47.0564 4148 MegaSR - ok
18:19:47.0590 4148 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:19:47.0633 4148 MMCSS - ok
18:19:47.0671 4148 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:19:47.0720 4148 Modem - ok
18:19:47.0774 4148 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:19:47.0814 4148 monitor - ok
18:19:47.0845 4148 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:19:47.0857 4148 mouclass - ok
18:19:47.0884 4148 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:19:47.0926 4148 mouhid - ok
18:19:47.0955 4148 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:19:47.0967 4148 MountMgr - ok
18:19:48.0004 4148 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:19:48.0015 4148 MozillaMaintenance - ok
18:19:48.0053 4148 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:19:48.0068 4148 mpio - ok
18:19:48.0094 4148 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:19:48.0136 4148 mpsdrv - ok
18:19:48.0180 4148 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:19:48.0233 4148 MpsSvc - ok
18:19:48.0253 4148 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:19:48.0264 4148 Mraid35x - ok
18:19:48.0294 4148 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:19:48.0326 4148 MRxDAV - ok
18:19:48.0358 4148 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:48.0410 4148 mrxsmb - ok
18:19:48.0430 4148 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:48.0469 4148 mrxsmb10 - ok
18:19:48.0501 4148 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:48.0515 4148 mrxsmb20 - ok
18:19:48.0538 4148 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:19:48.0550 4148 msahci - ok
18:19:48.0593 4148 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:19:48.0606 4148 msdsm - ok
18:19:48.0627 4148 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:19:48.0652 4148 MSDTC - ok
18:19:48.0662 4148 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:19:48.0698 4148 Msfs - ok
18:19:48.0736 4148 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:19:48.0748 4148 msisadrv - ok
18:19:48.0781 4148 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:19:48.0825 4148 MSiSCSI - ok
18:19:48.0829 4148 msiserver - ok
18:19:48.0893 4148 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:19:48.0935 4148 MSKSSRV - ok
18:19:48.0954 4148 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:48.0990 4148 MSPCLOCK - ok
18:19:49.0007 4148 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:19:49.0031 4148 MSPQM - ok
18:19:49.0060 4148 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:19:49.0076 4148 MsRPC - ok
18:19:49.0086 4148 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:49.0098 4148 mssmbios - ok
18:19:49.0160 4148 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:19:49.0204 4148 MSTEE - ok
18:19:49.0226 4148 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:19:49.0239 4148 Mup - ok
18:19:49.0266 4148 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:19:49.0289 4148 napagent - ok
18:19:49.0344 4148 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:19:49.0360 4148 NativeWifiP - ok
18:19:49.0430 4148 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:19:49.0454 4148 NDIS - ok
18:19:49.0475 4148 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:49.0517 4148 NdisTapi - ok
18:19:49.0542 4148 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:49.0582 4148 Ndisuio - ok
18:19:49.0611 4148 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:49.0656 4148 NdisWan - ok
18:19:49.0680 4148 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:19:49.0716 4148 NDProxy - ok
18:19:49.0813 4148 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:19:49.0840 4148 Nero BackItUp Scheduler 3 - ok
18:19:49.0873 4148 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:19:49.0921 4148 NetBIOS - ok
18:19:49.0960 4148 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:19:49.0988 4148 netbt - ok
18:19:50.0011 4148 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:19:50.0024 4148 Netlogon - ok
18:19:50.0050 4148 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:19:50.0097 4148 Netman - ok
18:19:50.0133 4148 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:19:50.0178 4148 netprofm - ok
18:19:50.0222 4148 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:50.0233 4148 NetTcpPortSharing - ok
18:19:50.0408 4148 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:19:50.0694 4148 NETw5v32 - ok
18:19:50.0763 4148 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:19:50.0775 4148 nfrd960 - ok
18:19:50.0820 4148 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:19:50.0866 4148 NlaSvc - ok
18:19:50.0968 4148 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:19:50.0989 4148 NMIndexingService - ok
18:19:51.0029 4148 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:19:51.0049 4148 Npfs - ok
18:19:51.0070 4148 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:19:51.0095 4148 nsi - ok
18:19:51.0109 4148 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:19:51.0150 4148 nsiproxy - ok
18:19:51.0205 4148 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:19:51.0289 4148 Ntfs - ok
18:19:51.0331 4148 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:19:51.0389 4148 ntrigdigi - ok
18:19:51.0410 4148 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:19:51.0439 4148 Null - ok
18:19:51.0455 4148 [ 590CAA306F9E7C303905B738EBDFE2E2 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:19:51.0465 4148 NVHDA - ok
18:19:51.0655 4148 [ 6838F505C0CC881F0C78D333DFDE181B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:19:51.0984 4148 nvlddmkm - ok
18:19:52.0037 4148 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:19:52.0051 4148 nvraid - ok
18:19:52.0074 4148 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:19:52.0087 4148 nvstor - ok
18:19:52.0113 4148 [ 0E2619B8E1BD3C432BCCBB2504087598 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:19:52.0126 4148 nvsvc - ok
18:19:52.0147 4148 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:19:52.0161 4148 nv_agp - ok
18:19:52.0165 4148 NwlnkFlt - ok
18:19:52.0171 4148 NwlnkFwd - ok
18:19:52.0272 4148 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:52.0293 4148 odserv - ok
18:19:52.0346 4148 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:19:52.0387 4148 ohci1394 - ok
18:19:52.0461 4148 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:52.0473 4148 ose - ok
18:19:52.0521 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:19:52.0584 4148 p2pimsvc - ok
18:19:52.0594 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:19:52.0682 4148 p2psvc - ok
18:19:52.0720 4148 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:19:52.0761 4148 Parport - ok
18:19:52.0803 4148 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:19:52.0817 4148 partmgr - ok
18:19:52.0843 4148 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:19:52.0912 4148 Parvdm - ok
18:19:52.0951 4148 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:19:52.0976 4148 PcaSvc - ok
18:19:53.0005 4148 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:19:53.0023 4148 pci - ok
18:19:53.0047 4148 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:19:53.0060 4148 pciide - ok
18:19:53.0092 4148 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:19:53.0106 4148 pcmcia - ok
18:19:53.0157 4148 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:19:53.0225 4148 PEAUTH - ok
18:19:53.0455 4148 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:19:53.0564 4148 pla - ok
18:19:53.0629 4148 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
18:19:53.0649 4148 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:19:53.0649 4148 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:19:53.0678 4148 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:19:53.0724 4148 PlugPlay - ok
18:19:53.0821 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:19:53.0885 4148 PNRPAutoReg - ok
18:19:53.0897 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:19:53.0982 4148 PNRPsvc - ok
18:19:54.0112 4148 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:19:54.0178 4148 PolicyAgent - ok
18:19:54.0234 4148 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:19:54.0289 4148 PptpMiniport - ok
18:19:54.0312 4148 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:19:54.0354 4148 Processor - ok
18:19:54.0380 4148 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:19:54.0436 4148 ProfSvc - ok
18:19:54.0456 4148 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:19:54.0469 4148 ProtectedStorage - ok
18:19:54.0534 4148 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:19:54.0546 4148 ProtexisLicensing - ok
18:19:54.0607 4148 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:19:54.0701 4148 PSched - ok
18:19:55.0043 4148 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:19:55.0135 4148 ql2300 - ok
18:19:55.0145 4148 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:19:55.0181 4148 ql40xx - ok
18:19:55.0340 4148 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:19:55.0356 4148 QWAVE - ok
18:19:55.0373 4148 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:19:55.0386 4148 QWAVEdrv - ok
18:19:55.0632 4148 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:19:55.0701 4148 RapiMgr - ok
18:19:55.0707 4148 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:19:55.0730 4148 RasAcd - ok
18:19:55.0760 4148 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:19:55.0807 4148 RasAuto - ok
18:19:55.0831 4148 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:55.0868 4148 Rasl2tp - ok
18:19:55.0929 4148 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:19:55.0970 4148 RasMan - ok
18:19:56.0009 4148 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:56.0047 4148 RasPppoe - ok
18:19:56.0082 4148 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:19:56.0094 4148 RasSstp - ok
18:19:56.0158 4148 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:19:56.0208 4148 rdbss - ok
18:19:56.0246 4148 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:56.0294 4148 RDPCDD - ok
18:19:56.0337 4148 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:19:56.0366 4148 rdpdr - ok
18:19:56.0371 4148 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:19:56.0411 4148 RDPENCDD - ok
18:19:56.0503 4148 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:19:56.0562 4148 RDPWD - ok
18:19:56.0628 4148 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:19:56.0652 4148 RemoteAccess - ok
18:19:56.0703 4148 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:19:56.0723 4148 RemoteRegistry - ok
18:19:56.0758 4148 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
18:19:56.0773 4148 resetWinService ( UnsignedFile.Multi.Generic ) - warning
18:19:56.0773 4148 resetWinService - detected UnsignedFile.Multi.Generic (1)
18:19:56.0858 4148 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
18:19:56.0870 4148 RichVideo - ok
18:19:56.0901 4148 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:19:56.0960 4148 RpcLocator - ok
18:19:56.0980 4148 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:19:57.0007 4148 RpcSs - ok
18:19:57.0045 4148 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:19:57.0084 4148 rspndr - ok
18:19:57.0105 4148 [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:19:57.0136 4148 RTL8169 - ok
18:19:57.0156 4148 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
18:19:57.0192 4148 RTSTOR - ok
18:19:57.0212 4148 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:19:57.0224 4148 SamSs - ok
18:19:57.0253 4148 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:19:57.0265 4148 sbp2port - ok
18:19:57.0302 4148 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:19:57.0322 4148 SCardSvr - ok
18:19:57.0361 4148 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:19:57.0480 4148 Schedule - ok
18:19:57.0498 4148 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:19:57.0516 4148 SCPolicySvc - ok
18:19:57.0576 4148 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:19:57.0620 4148 SDRSVC - ok
18:19:57.0647 4148 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:19:57.0710 4148 secdrv - ok
18:19:57.0738 4148 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:19:57.0763 4148 seclogon - ok
18:19:57.0782 4148 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:19:57.0827 4148 SENS - ok
18:19:57.0852 4148 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:19:57.0904 4148 Serenum - ok
18:19:57.0919 4148 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:19:57.0962 4148 Serial - ok
18:19:57.0993 4148 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:19:58.0016 4148 sermouse - ok
18:19:58.0045 4148 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:19:58.0070 4148 SessionEnv - ok
18:19:58.0085 4148 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:19:58.0104 4148 sffdisk - ok
18:19:58.0131 4148 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:19:58.0171 4148 sffp_mmc - ok
18:19:58.0189 4148 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:19:58.0213 4148 sffp_sd - ok
18:19:58.0235 4148 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:19:58.0301 4148 sfloppy - ok
18:19:58.0342 4148 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:19:58.0387 4148 SharedAccess - ok
18:19:58.0422 4148 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:19:58.0488 4148 ShellHWDetection - ok
18:19:58.0517 4148 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:19:58.0530 4148 sisagp - ok
18:19:58.0544 4148 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:19:58.0557 4148 SiSRaid2 - ok
18:19:58.0567 4148 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:19:58.0580 4148 SiSRaid4 - ok
18:19:58.0687 4148 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:19:58.0877 4148 Skype C2C Service - ok
18:19:58.0907 4148 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:19:58.0917 4148 SkypeUpdate - ok
18:19:59.0008 4148 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:19:59.0188 4148 slsvc - ok
18:19:59.0252 4148 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:19:59.0299 4148 SLUINotify - ok
18:19:59.0342 4148 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:19:59.0381 4148 Smb - ok
18:19:59.0422 4148 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:19:59.0435 4148 SNMPTRAP - ok
18:19:59.0721 4148 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
18:20:00.0404 4148 SNP2STD - ok
18:20:00.0523 4148 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:20:00.0638 4148 SNP2UVC - ok
18:20:00.0708 4148 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:20:00.0748 4148 spldr - ok
18:20:00.0838 4148 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:20:00.0941 4148 Spooler - ok
18:20:01.0105 4148 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:20:01.0105 4148 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:20:01.0107 4148 sptd ( LockedFile.Multi.Generic ) - warning
18:20:01.0107 4148 sptd - detected LockedFile.Multi.Generic (1)
18:20:01.0125 4148 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:20:01.0165 4148 srv - ok
18:20:01.0205 4148 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:20:01.0252 4148 srv2 - ok
18:20:01.0277 4148 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:20:01.0312 4148 srvnet - ok
18:20:01.0350 4148 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:20:01.0387 4148 SSDPSRV - ok
18:20:01.0416 4148 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:20:01.0425 4148 ssmdrv - ok
18:20:01.0440 4148 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:20:01.0478 4148 SstpSvc - ok
18:20:01.0524 4148 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:20:01.0527 4148 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:20:01.0527 4148 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:20:01.0592 4148 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:20:01.0645 4148 stisvc - ok
18:20:01.0677 4148 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:20:01.0689 4148 swenum - ok
18:20:01.0738 4148 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:20:01.0762 4148 swprv - ok
18:20:01.0784 4148 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:20:01.0796 4148 Symc8xx - ok
18:20:01.0807 4148 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:20:01.0818 4148 Sym_hi - ok
18:20:01.0840 4148 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:20:01.0851 4148 Sym_u3 - ok
18:20:01.0910 4148 [ A7CEC70DD3D85AC711897E02358E9793 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:20:01.0924 4148 SynTP - ok
18:20:01.0952 4148 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:20:02.0006 4148 SysMain - ok
18:20:02.0059 4148 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:02.0087 4148 TabletInputService - ok
18:20:02.0136 4148 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:20:02.0187 4148 TapiSrv - ok
18:20:02.0209 4148 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:20:02.0233 4148 TBS - ok
18:20:02.0272 4148 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:20:02.0355 4148 Tcpip - ok
18:20:02.0371 4148 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:20:02.0401 4148 Tcpip6 - ok
18:20:02.0445 4148 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:20:02.0465 4148 tcpipreg - ok
18:20:02.0494 4148 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:20:02.0537 4148 TDPIPE - ok
18:20:02.0557 4148 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:20:02.0604 4148 TDTCP - ok
18:20:02.0642 4148 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:20:02.0681 4148 tdx - ok
18:20:02.0719 4148 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:20:02.0732 4148 TermDD - ok
18:20:02.0765 4148 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:20:02.0793 4148 TermService - ok
18:20:02.0811 4148 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:20:02.0827 4148 Themes - ok
18:20:02.0835 4148 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:20:02.0859 4148 THREADORDER - ok
18:20:02.0888 4148 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:20:02.0920 4148 TrkWks - ok
18:20:02.0970 4148 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:02.0988 4148 TrustedInstaller - ok
18:20:03.0022 4148 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:03.0065 4148 tssecsrv - ok
18:20:03.0093 4148 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:20:03.0114 4148 tunmp - ok
18:20:03.0178 4148 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:20:03.0208 4148 tunnel - ok
18:20:03.0233 4148 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:20:03.0246 4148 uagp35 - ok
18:20:03.0278 4148 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:20:03.0323 4148 udfs - ok
18:20:03.0386 4148 [ 1BBF135FA5D385858DEC0F484D5934A5 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
18:20:03.0399 4148 UI Assistant Service - ok
18:20:03.0429 4148 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:20:03.0477 4148 UI0Detect - ok
18:20:03.0517 4148 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:20:03.0530 4148 uliagpkx - ok
18:20:03.0545 4148 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:20:03.0562 4148 uliahci - ok
18:20:03.0578 4148 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:20:03.0591 4148 UlSata - ok
18:20:03.0614 4148 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:20:03.0627 4148 ulsata2 - ok
18:20:03.0652 4148 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:20:03.0676 4148 umbus - ok
18:20:03.0705 4148 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:20:03.0735 4148 upnphost - ok
18:20:03.0799 4148 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:20:03.0829 4148 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:20:03.0829 4148 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:20:03.0862 4148 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:03.0881 4148 usbccgp - ok
18:20:03.0900 4148 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:20:03.0967 4148 usbcir - ok
18:20:04.0005 4148 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:20:04.0031 4148 usbehci - ok
18:20:04.0070 4148 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:20:04.0099 4148 usbhub - ok
18:20:04.0111 4148 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:20:04.0151 4148 usbohci - ok
18:20:04.0175 4148 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:20:04.0198 4148 usbprint - ok
18:20:04.0212 4148 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:04.0257 4148 USBSTOR - ok
18:20:04.0295 4148 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:20:04.0332 4148 usbuhci - ok
18:20:04.0397 4148 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:20:04.0423 4148 usbvideo - ok
18:20:04.0449 4148 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:20:04.0470 4148 UxSms - ok
18:20:04.0503 4148 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:20:04.0557 4148 vds - ok
18:20:04.0590 4148 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:04.0625 4148 vga - ok
18:20:04.0634 4148 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:20:04.0658 4148 VgaSave - ok
18:20:04.0678 4148 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:20:04.0691 4148 viaagp - ok
18:20:04.0706 4148 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:20:04.0730 4148 ViaC7 - ok
18:20:04.0747 4148 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:20:04.0760 4148 viaide - ok
18:20:04.0780 4148 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:20:04.0793 4148 volmgr - ok
18:20:04.0828 4148 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:20:04.0847 4148 volmgrx - ok
18:20:04.0882 4148 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:20:04.0900 4148 volsnap - ok
18:20:04.0926 4148 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:20:04.0940 4148 vsmraid - ok
18:20:04.0974 4148 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:20:05.0040 4148 VSS - ok
18:20:05.0086 4148 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:20:05.0110 4148 W32Time - ok
18:20:05.0126 4148 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:20:05.0187 4148 WacomPen - ok
18:20:05.0210 4148 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:20:05.0239 4148 Wanarp - ok
18:20:05.0243 4148 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:20:05.0263 4148 Wanarpv6 - ok
18:20:05.0290 4148 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:20:05.0353 4148 WcesComm - ok
18:20:05.0396 4148 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:20:05.0419 4148 wcncsvc - ok
18:20:05.0459 4148 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:05.0507 4148 WcsPlugInService - ok
18:20:05.0537 4148 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:20:05.0549 4148 Wd - ok
18:20:05.0576 4148 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:20:05.0600 4148 Wdf01000 - ok
18:20:05.0610 4148 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:20:05.0660 4148 WdiServiceHost - ok
18:20:05.0664 4148 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:20:05.0690 4148 WdiSystemHost - ok
18:20:05.0709 4148 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:20:05.0749 4148 WebClient - ok
18:20:05.0781 4148 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:20:05.0806 4148 Wecsvc - ok
18:20:05.0816 4148 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:20:05.0836 4148 wercplsupport - ok
18:20:05.0871 4148 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:20:05.0897 4148 WerSvc - ok
18:20:05.0942 4148 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:20:05.0957 4148 WinDefend - ok
18:20:05.0963 4148 WinHttpAutoProxySvc - ok
18:20:06.0015 4148 WINIO - ok
18:20:06.0069 4148 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:20:06.0089 4148 Winmgmt - ok
18:20:06.0272 4148 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
18:20:06.0491 4148 WinRM - ok
18:20:06.0568 4148 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:20:06.0587 4148 winusb - ok
18:20:06.0629 4148 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:20:06.0735 4148 Wlansvc - ok
18:20:06.0829 4148 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:20:07.0008 4148 wlidsvc - ok
18:20:07.0057 4148 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:20:07.0097 4148 WmiAcpi - ok
18:20:07.0137 4148 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:20:07.0170 4148 wmiApSrv - ok
18:20:07.0240 4148 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:20:07.0323 4148 WMPNetworkSvc - ok
18:20:07.0374 4148 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:20:07.0427 4148 WPCSvc - ok
18:20:07.0493 4148 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:20:07.0515 4148 WPDBusEnum - ok
18:20:07.0543 4148 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:20:07.0580 4148 WpdUsb - ok
18:20:07.0702 4148 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:07.0728 4148 WPFFontCache_v0400 - ok
18:20:07.0762 4148 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:20:07.0792 4148 ws2ifsl - ok
18:20:07.0822 4148 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:20:07.0862 4148 wscsvc - ok
18:20:07.0866 4148 WSearch - ok
18:20:07.0942 4148 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:20:08.0210 4148 wuauserv - ok
18:20:08.0270 4148 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:08.0294 4148 WUDFRd - ok
18:20:08.0324 4148 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:20:08.0358 4148 wudfsvc - ok
18:20:08.0427 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:20:08.0478 4148 ZTEusbmdm6k - ok
18:20:08.0493 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:20:08.0506 4148 ZTEusbnmea - ok
18:20:08.0522 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:20:08.0534 4148 ZTEusbser6k - ok
18:20:08.0539 4148 ================ Scan global ===============================
18:20:08.0562 4148 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:20:08.0592 4148 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:08.0603 4148 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:08.0634 4148 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:20:08.0638 4148 [Global] - ok
18:20:08.0638 4148 ================ Scan MBR ==================================
18:20:08.0655 4148 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:20:09.0066 4148 \Device\Harddisk0\DR0 - ok
18:20:09.0066 4148 ================ Scan VBR ==================================
18:20:09.0069 4148 [ 13E8234390A200E399F4F5AB8CC0F413 ] \Device\Harddisk0\DR0\Partition1
18:20:09.0071 4148 \Device\Harddisk0\DR0\Partition1 - ok
18:20:09.0105 4148 [ 62062CEECDE3D67CE29D79C3EE23A1B7 ] \Device\Harddisk0\DR0\Partition2
18:20:09.0106 4148 \Device\Harddisk0\DR0\Partition2 - ok
18:20:09.0106 4148 ============================================================
18:20:09.0106 4148 Scan finished
18:20:09.0106 4148 ============================================================
18:20:09.0123 4188 Detected object count: 8
18:20:09.0123 4188 Actual detected object count: 8
18:20:21.0327 4188 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:20:21.0328 4188 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:20:21.0330 4188 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
18:20:21.0330 4188 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip
18:20:21.0332 4188 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0332 4188 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0333 4188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0333 4188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0335 4188 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0335 4188 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0337 4188 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:20:21.0337 4188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:20:21.0339 4188 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0339 4188 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0341 4188 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0341 4188 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.09.2012, 11:45
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows VistaCode:
ATTFilter geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2012, 12:13
| #21 |
| | Bundespolizei Trojaner Windows Vista Der neueste Log: Code:
ATTFilter 13:07:39.0785 3600 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:07:40.0112 3600 ============================================================
13:07:40.0112 3600 Current date / time: 2012/09/27 13:07:40.0112
13:07:40.0112 3600 SystemInfo:
13:07:40.0112 3600
13:07:40.0112 3600 OS Version: 6.0.6002 ServicePack: 2.0
13:07:40.0112 3600 Product type: Workstation
13:07:40.0112 3600 ComputerName: SARAH-PC
13:07:40.0112 3600 UserName: Sarah
13:07:40.0112 3600 Windows directory: C:\Windows
13:07:40.0112 3600 System windows directory: C:\Windows
13:07:40.0112 3600 Processor architecture: Intel x86
13:07:40.0112 3600 Number of processors: 2
13:07:40.0112 3600 Page size: 0x1000
13:07:40.0112 3600 Boot type: Normal boot
13:07:40.0112 3600 ============================================================
13:07:41.0862 3600 BG loaded
13:07:43.0334 3600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:07:43.0361 3600 ============================================================
13:07:43.0361 3600 \Device\Harddisk0\DR0:
13:07:43.0366 3600 MBR partitions:
13:07:43.0366 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x370BE000
13:07:43.0366 3600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x370BE800, BlocksNum 0x32C6800
13:07:43.0366 3600 ============================================================
13:07:43.0403 3600 C: <-> \Device\Harddisk0\DR0\Partition1
13:07:43.0429 3600 D: <-> \Device\Harddisk0\DR0\Partition2
13:07:43.0429 3600 ============================================================
13:07:43.0429 3600 Initialize success
13:07:43.0429 3600 ============================================================
13:08:06.0925 3052 ============================================================
13:08:06.0925 3052 Scan started
13:08:06.0925 3052 Mode: Manual; SigCheck; TDLFS;
13:08:06.0925 3052 ============================================================
13:08:16.0781 3052 ================ Scan system memory ========================
13:08:16.0781 3052 System memory - ok
13:08:16.0781 3052 ================ Scan services =============================
13:08:19.0478 3052 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:08:19.0815 3052 ACPI - ok
13:08:19.0988 3052 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
13:08:20.0030 3052 adfs - ok
13:08:20.0202 3052 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:08:20.0425 3052 AdobeFlashPlayerUpdateSvc - ok
13:08:20.0651 3052 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:08:21.0277 3052 adp94xx - ok
13:08:21.0388 3052 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:08:21.0829 3052 adpahci - ok
13:08:22.0058 3052 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:08:22.0194 3052 adpu160m - ok
13:08:22.0746 3052 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:08:22.0873 3052 adpu320 - ok
13:08:22.0954 3052 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:09:07.0636 3052 AeLookupSvc - ok
13:09:07.0773 3052 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:09:07.0864 3052 AFD - ok
13:09:08.0058 3052 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:09:08.0195 3052 agp440 - ok
13:09:08.0330 3052 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:09:08.0433 3052 aic78xx - ok
13:09:11.0269 3052 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
13:09:11.0269 3052 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
13:09:11.0278 3052 Akamai ( HiddenFile.Multi.Generic ) - warning
13:09:11.0278 3052 Akamai - detected HiddenFile.Multi.Generic (1)
13:09:11.0438 3052 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:09:13.0126 3052 ALG - ok
13:09:13.0173 3052 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
13:09:14.0531 3052 aliide - ok
13:09:14.0602 3052 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:09:14.0635 3052 amdagp - ok
13:09:14.0666 3052 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
13:09:14.0696 3052 amdide - ok
13:09:14.0740 3052 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:09:14.0807 3052 AmdK7 - ok
13:09:14.0842 3052 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:09:14.0956 3052 AmdK8 - ok
13:09:15.0086 3052 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:09:15.0118 3052 AntiVirSchedulerService - ok
13:09:15.0172 3052 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:09:15.0195 3052 AntiVirService - ok
13:09:15.0343 3052 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:09:15.0451 3052 Appinfo - ok
13:09:15.0544 3052 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:15.0566 3052 Apple Mobile Device - ok
13:09:15.0656 3052 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:09:15.0713 3052 arc - ok
13:09:15.0785 3052 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:09:15.0819 3052 arcsas - ok
13:09:15.0870 3052 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:15.0971 3052 AsyncMac - ok
13:09:16.0007 3052 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:09:16.0019 3052 atapi - ok
13:09:16.0219 3052 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:16.0284 3052 AudioEndpointBuilder - ok
13:09:16.0295 3052 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:09:16.0336 3052 Audiosrv - ok
13:09:16.0426 3052 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:09:16.0467 3052 avgntflt - ok
13:09:16.0502 3052 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:09:16.0538 3052 avipbb - ok
13:09:16.0559 3052 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:09:16.0588 3052 avkmgr - ok
13:09:16.0698 3052 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:09:16.0757 3052 Beep - ok
13:09:16.0837 3052 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:09:16.0925 3052 BFE - ok
13:09:17.0051 3052 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
13:09:17.0133 3052 BITS - ok
13:09:17.0200 3052 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:09:17.0294 3052 blbdrive - ok
13:09:17.0423 3052 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:17.0475 3052 Bonjour Service - ok
13:09:17.0499 3052 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:09:17.0574 3052 bowser - ok
13:09:17.0634 3052 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:09:17.0717 3052 BrFiltLo - ok
13:09:17.0741 3052 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:09:17.0822 3052 BrFiltUp - ok
13:09:17.0879 3052 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:09:17.0960 3052 Browser - ok
13:09:18.0030 3052 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:09:19.0034 3052 Brserid - ok
13:09:19.0074 3052 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:09:19.0181 3052 BrSerWdm - ok
13:09:19.0255 3052 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:09:19.0365 3052 BrUsbMdm - ok
13:09:19.0395 3052 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:09:19.0491 3052 BrUsbSer - ok
13:09:19.0529 3052 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:09:19.0621 3052 BTHMODEM - ok
13:09:19.0700 3052 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:09:19.0770 3052 cdfs - ok
13:09:19.0842 3052 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:09:19.0896 3052 cdrom - ok
13:09:19.0974 3052 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:09:20.0046 3052 CertPropSvc - ok
13:09:20.0081 3052 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:09:20.0151 3052 circlass - ok
13:09:20.0186 3052 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:09:20.0230 3052 CLFS - ok
13:09:20.0292 3052 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:20.0325 3052 clr_optimization_v2.0.50727_32 - ok
13:09:20.0464 3052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:20.0662 3052 clr_optimization_v4.0.30319_32 - ok
13:09:20.0731 3052 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:20.0810 3052 CmBatt - ok
13:09:20.0844 3052 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:09:20.0876 3052 cmdide - ok
13:09:20.0897 3052 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:09:20.0968 3052 Compbatt - ok
13:09:20.0978 3052 COMSysApp - ok
13:09:21.0057 3052 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:09:21.0099 3052 crcdisk - ok
13:09:21.0126 3052 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:09:21.0256 3052 Crusoe - ok
13:09:21.0322 3052 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:09:21.0366 3052 CryptSvc - ok
13:09:21.0479 3052 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:09:21.0706 3052 DcomLaunch - ok
13:09:21.0733 3052 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:09:21.0801 3052 DfsC - ok
13:09:21.0960 3052 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:09:22.0648 3052 DFSR - ok
13:09:22.0959 3052 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:09:23.0064 3052 Dhcp - ok
13:09:23.0162 3052 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:09:23.0230 3052 disk - ok
13:09:23.0309 3052 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:09:23.0435 3052 Dnscache - ok
13:09:23.0467 3052 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:09:23.0524 3052 dot3svc - ok
13:09:23.0601 3052 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:09:23.0642 3052 DPS - ok
13:09:23.0715 3052 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:09:23.0770 3052 drmkaud - ok
13:09:24.0002 3052 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:09:24.0084 3052 DXGKrnl - ok
13:09:24.0287 3052 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:09:24.0378 3052 E1G60 - ok
13:09:24.0433 3052 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:09:24.0490 3052 EapHost - ok
13:09:24.0607 3052 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:09:24.0656 3052 Ecache - ok
13:09:24.0718 3052 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:09:24.0768 3052 ehRecvr - ok
13:09:24.0787 3052 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:09:24.0867 3052 ehSched - ok
13:09:24.0890 3052 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:09:24.0934 3052 ehstart - ok
13:09:25.0037 3052 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:09:25.0066 3052 elxstor - ok
13:09:25.0169 3052 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:09:25.0268 3052 EMDMgmt - ok
13:09:25.0369 3052 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:09:25.0435 3052 ErrDev - ok
13:09:25.0481 3052 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:09:25.0528 3052 EventSystem - ok
13:09:25.0636 3052 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:09:25.0736 3052 exfat - ok
13:09:25.0790 3052 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:09:25.0833 3052 fastfat - ok
13:09:25.0914 3052 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:09:25.0985 3052 fdc - ok
13:09:26.0015 3052 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:09:26.0042 3052 fdPHost - ok
13:09:26.0062 3052 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:09:26.0123 3052 FDResPub - ok
13:09:26.0152 3052 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:09:26.0184 3052 FileInfo - ok
13:09:26.0208 3052 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:09:26.0299 3052 Filetrace - ok
13:09:26.0538 3052 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:09:26.0626 3052 FLEXnet Licensing Service - ok
13:09:26.0705 3052 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:26.0769 3052 flpydisk - ok
13:09:26.0808 3052 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:09:26.0922 3052 FltMgr - ok
13:09:27.0003 3052 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:09:27.0117 3052 FontCache - ok
13:09:27.0160 3052 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:27.0232 3052 FontCache3.0.0.0 - ok
13:09:27.0322 3052 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:09:27.0421 3052 Fs_Rec - ok
13:09:27.0487 3052 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:09:27.0549 3052 gagp30kx - ok
13:09:27.0598 3052 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:09:27.0610 3052 GEARAspiWDM - ok
13:09:27.0738 3052 [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
13:09:27.0787 3052 getPlusHelper - ok
13:09:27.0866 3052 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:09:27.0974 3052 gpsvc - ok
13:09:28.0147 3052 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:09:28.0181 3052 gusvc - ok
13:09:28.0279 3052 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:09:28.0417 3052 HdAudAddService - ok
13:09:28.0479 3052 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:09:28.0551 3052 HDAudBus - ok
13:09:28.0606 3052 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:09:28.0702 3052 HidBth - ok
13:09:28.0748 3052 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:09:28.0825 3052 HidIr - ok
13:09:28.0874 3052 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
13:09:29.0003 3052 hidserv - ok
13:09:29.0038 3052 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:09:29.0083 3052 HidUsb - ok
13:09:29.0105 3052 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:09:29.0169 3052 hkmsvc - ok
13:09:29.0235 3052 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:09:29.0290 3052 HpCISSs - ok
13:09:29.0394 3052 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:09:29.0551 3052 HTTP - ok
13:09:29.0610 3052 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:09:29.0641 3052 i2omp - ok
13:09:29.0743 3052 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:09:29.0847 3052 i8042prt - ok
13:09:29.0939 3052 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:09:29.0976 3052 iaStorV - ok
13:09:30.0161 3052 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:09:30.0296 3052 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:09:30.0296 3052 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:09:30.0508 3052 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:31.0270 3052 idsvc - ok
13:09:31.0302 3052 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:09:31.0323 3052 iirsp - ok
13:09:31.0418 3052 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:09:31.0500 3052 IKEEXT - ok
13:09:31.0713 3052 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:09:31.0878 3052 IntcAzAudAddService - ok
13:09:31.0960 3052 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
13:09:32.0072 3052 intelide - ok
13:09:32.0138 3052 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:09:32.0193 3052 intelppm - ok
13:09:32.0274 3052 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:09:32.0344 3052 IPBusEnum - ok
13:09:32.0376 3052 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:32.0532 3052 IpFilterDriver - ok
13:09:32.0567 3052 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:09:32.0692 3052 iphlpsvc - ok
13:09:32.0698 3052 IpInIp - ok
13:09:32.0814 3052 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:09:32.0891 3052 IPMIDRV - ok
13:09:32.0911 3052 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:09:33.0004 3052 IPNAT - ok
13:09:33.0055 3052 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:09:33.0179 3052 iPod Service - ok
13:09:33.0209 3052 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:09:33.0294 3052 IRENUM - ok
13:09:33.0328 3052 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:09:33.0479 3052 isapnp - ok
13:09:33.0585 3052 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:09:33.0613 3052 iScsiPrt - ok
13:09:33.0682 3052 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:09:33.0808 3052 iteatapi - ok
13:09:33.0850 3052 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:09:33.0932 3052 iteraid - ok
13:09:33.0985 3052 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:34.0038 3052 kbdclass - ok
13:09:34.0097 3052 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:09:34.0493 3052 kbdhid - ok
13:09:34.0522 3052 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:09:34.0626 3052 KeyIso - ok
13:09:34.0692 3052 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:09:34.0816 3052 KSecDD - ok
13:09:34.0911 3052 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:09:35.0032 3052 KtmRm - ok
13:09:35.0079 3052 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
13:09:35.0178 3052 LanmanServer - ok
13:09:35.0286 3052 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:35.0451 3052 LanmanWorkstation - ok
13:09:35.0488 3052 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:09:35.0565 3052 lltdio - ok
13:09:35.0674 3052 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:09:35.0757 3052 lltdsvc - ok
13:09:35.0780 3052 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:09:35.0887 3052 lmhosts - ok
13:09:35.0932 3052 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:09:35.0973 3052 LSI_FC - ok
13:09:35.0994 3052 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:09:36.0013 3052 LSI_SAS - ok
13:09:36.0098 3052 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:09:36.0152 3052 LSI_SCSI - ok
13:09:36.0185 3052 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:09:36.0224 3052 luafv - ok
13:09:36.0499 3052 [ D1A79F9CF0A0960DF4DAB08BEF847F43 ] massfilter C:\Windows\system32\drivers\massfilter.sys
13:09:36.0556 3052 massfilter - ok
13:09:36.0580 3052 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:09:36.0681 3052 Mcx2Svc - ok
13:09:36.0725 3052 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:09:36.0883 3052 megasas - ok
13:09:36.0985 3052 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:09:37.0217 3052 MegaSR - ok
13:09:37.0267 3052 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:09:37.0377 3052 MMCSS - ok
13:09:37.0393 3052 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:09:37.0464 3052 Modem - ok
13:09:37.0530 3052 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:09:37.0569 3052 monitor - ok
13:09:37.0575 3052 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:09:37.0604 3052 mouclass - ok
13:09:37.0617 3052 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:09:37.0670 3052 mouhid - ok
13:09:37.0710 3052 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:09:37.0730 3052 MountMgr - ok
13:09:37.0815 3052 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:37.0856 3052 MozillaMaintenance - ok
13:09:37.0887 3052 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:09:37.0963 3052 mpio - ok
13:09:37.0985 3052 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:09:38.0069 3052 mpsdrv - ok
13:09:38.0176 3052 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:09:38.0261 3052 MpsSvc - ok
13:09:38.0353 3052 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:09:38.0411 3052 Mraid35x - ok
13:09:38.0439 3052 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:09:38.0512 3052 MRxDAV - ok
13:09:38.0536 3052 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:38.0617 3052 mrxsmb - ok
13:09:38.0653 3052 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:38.0742 3052 mrxsmb10 - ok
13:09:38.0757 3052 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:38.0833 3052 mrxsmb20 - ok
13:09:38.0882 3052 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
13:09:38.0950 3052 msahci - ok
13:09:39.0026 3052 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:09:39.0100 3052 msdsm - ok
13:09:39.0127 3052 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:09:39.0242 3052 MSDTC - ok
13:09:39.0272 3052 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:09:39.0321 3052 Msfs - ok
13:09:39.0370 3052 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:09:39.0425 3052 msisadrv - ok
13:09:39.0525 3052 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:09:40.0155 3052 MSiSCSI - ok
13:09:40.0161 3052 msiserver - ok
13:09:40.0227 3052 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:09:40.0320 3052 MSKSSRV - ok
13:09:40.0343 3052 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:40.0397 3052 MSPCLOCK - ok
13:09:40.0440 3052 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:09:40.0503 3052 MSPQM - ok
13:09:40.0605 3052 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:09:40.0706 3052 MsRPC - ok
13:09:40.0753 3052 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:09:40.0778 3052 mssmbios - ok
13:09:40.0827 3052 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:09:40.0899 3052 MSTEE - ok
13:09:40.0960 3052 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:09:41.0012 3052 Mup - ok
13:09:41.0073 3052 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:09:41.0103 3052 napagent - ok
13:09:41.0190 3052 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:09:41.0270 3052 NativeWifiP - ok
13:09:41.0510 3052 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:09:41.0557 3052 NDIS - ok
13:09:41.0598 3052 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:41.0706 3052 NdisTapi - ok
13:09:41.0731 3052 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:41.0783 3052 Ndisuio - ok
13:09:41.0812 3052 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:41.0872 3052 NdisWan - ok
13:09:41.0902 3052 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:09:41.0967 3052 NDProxy - ok
13:09:42.0160 3052 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:09:42.0217 3052 Nero BackItUp Scheduler 3 - ok
13:09:42.0251 3052 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:09:42.0373 3052 NetBIOS - ok
13:09:42.0450 3052 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:09:42.0548 3052 netbt - ok
13:09:42.0567 3052 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:09:42.0591 3052 Netlogon - ok
13:09:42.0717 3052 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:09:42.0795 3052 Netman - ok
13:09:42.0888 3052 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:09:42.0945 3052 netprofm - ok
13:09:42.0999 3052 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:43.0069 3052 NetTcpPortSharing - ok
13:09:43.0381 3052 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
13:09:43.0594 3052 NETw5v32 - ok
13:09:43.0631 3052 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:09:43.0656 3052 nfrd960 - ok
13:09:43.0686 3052 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:09:43.0733 3052 NlaSvc - ok
13:09:43.0958 3052 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:09:44.0087 3052 NMIndexingService - ok
13:09:44.0152 3052 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:09:44.0557 3052 Npfs - ok
13:09:44.0581 3052 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:09:44.0658 3052 nsi - ok
13:09:44.0709 3052 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:09:44.0824 3052 nsiproxy - ok
13:09:44.0920 3052 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:09:45.0059 3052 Ntfs - ok
13:09:45.0142 3052 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:09:46.0012 3052 ntrigdigi - ok
13:09:46.0032 3052 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:09:46.0084 3052 Null - ok
13:09:46.0100 3052 [ 590CAA306F9E7C303905B738EBDFE2E2 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
13:09:46.0237 3052 NVHDA - ok
13:09:46.0490 3052 [ 6838F505C0CC881F0C78D333DFDE181B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:09:46.0942 3052 nvlddmkm - ok
13:09:47.0038 3052 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:09:47.0113 3052 nvraid - ok
13:09:47.0141 3052 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:09:47.0195 3052 nvstor - ok
13:09:47.0258 3052 [ 0E2619B8E1BD3C432BCCBB2504087598 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:09:47.0321 3052 nvsvc - ok
13:09:47.0337 3052 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:09:47.0465 3052 nv_agp - ok
13:09:47.0475 3052 NwlnkFlt - ok
13:09:47.0489 3052 NwlnkFwd - ok
13:09:47.0785 3052 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:09:47.0861 3052 odserv - ok
13:09:47.0913 3052 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:09:47.0966 3052 ohci1394 - ok
13:09:48.0174 3052 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:48.0298 3052 ose - ok
13:09:48.0357 3052 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:09:48.0447 3052 p2pimsvc - ok
13:09:48.0464 3052 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:09:48.0519 3052 p2psvc - ok
13:09:48.0543 3052 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:09:48.0662 3052 Parport - ok
13:09:48.0737 3052 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:09:48.0803 3052 partmgr - ok
13:09:48.0843 3052 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:09:49.0123 3052 Parvdm - ok
13:09:49.0175 3052 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:09:49.0232 3052 PcaSvc - ok
13:09:49.0289 3052 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:09:49.0344 3052 pci - ok
13:09:49.0447 3052 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
13:09:49.0523 3052 pciide - ok
13:09:49.0615 3052 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:09:49.0711 3052 pcmcia - ok
13:09:49.0805 3052 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:09:50.0024 3052 PEAUTH - ok
13:09:50.0356 3052 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:09:50.0732 3052 pla - ok
13:09:50.0774 3052 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
13:09:50.0805 3052 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
13:09:50.0806 3052 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
13:09:50.0869 3052 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:09:50.0958 3052 PlugPlay - ok
13:09:50.0989 3052 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:09:51.0040 3052 PNRPAutoReg - ok
13:09:51.0055 3052 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:09:51.0177 3052 PNRPsvc - ok
13:09:51.0260 3052 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:09:51.0340 3052 PolicyAgent - ok
13:09:51.0423 3052 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:09:51.0528 3052 PptpMiniport - ok
13:09:51.0624 3052 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:09:51.0699 3052 Processor - ok
13:09:51.0737 3052 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:09:51.0815 3052 ProfSvc - ok
13:09:51.0834 3052 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:09:51.0861 3052 ProtectedStorage - ok
13:09:51.0890 3052 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
13:09:51.0923 3052 ProtexisLicensing - ok
13:09:51.0952 3052 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:09:52.0015 3052 PSched - ok
13:09:52.0424 3052 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:09:52.0557 3052 ql2300 - ok
13:09:52.0635 3052 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:09:52.0683 3052 ql40xx - ok
13:09:52.0719 3052 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:09:52.0763 3052 QWAVE - ok
13:09:52.0784 3052 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:09:52.0812 3052 QWAVEdrv - ok
13:09:52.0955 3052 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:09:53.0022 3052 RapiMgr - ok
13:09:53.0034 3052 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:09:53.0096 3052 RasAcd - ok
13:09:53.0149 3052 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:09:53.0210 3052 RasAuto - ok
13:09:53.0243 3052 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:53.0280 3052 Rasl2tp - ok
13:09:53.0374 3052 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:09:53.0510 3052 RasMan - ok
13:09:53.0587 3052 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:53.0647 3052 RasPppoe - ok
13:09:53.0671 3052 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:09:53.0688 3052 RasSstp - ok
13:09:53.0775 3052 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:09:53.0835 3052 rdbss - ok
13:09:53.0857 3052 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:53.0895 3052 RDPCDD - ok
13:09:54.0025 3052 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:09:54.0114 3052 rdpdr - ok
13:09:54.0135 3052 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:09:54.0190 3052 RDPENCDD - ok
13:09:54.0236 3052 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:09:54.0318 3052 RDPWD - ok
13:09:54.0395 3052 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:09:54.0436 3052 RemoteAccess - ok
13:09:54.0525 3052 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:09:54.0579 3052 RemoteRegistry - ok
13:09:54.0658 3052 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
13:09:54.0684 3052 resetWinService ( UnsignedFile.Multi.Generic ) - warning
13:09:54.0684 3052 resetWinService - detected UnsignedFile.Multi.Generic (1)
13:09:54.0803 3052 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
13:09:54.0839 3052 RichVideo - ok
13:09:54.0890 3052 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:09:54.0998 3052 RpcLocator - ok
13:09:55.0050 3052 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:09:55.0087 3052 RpcSs - ok
13:09:55.0156 3052 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:09:55.0311 3052 rspndr - ok
13:09:55.0339 3052 [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:09:55.0489 3052 RTL8169 - ok
13:09:55.0523 3052 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:09:55.0586 3052 RTSTOR - ok
13:09:55.0612 3052 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:09:55.0637 3052 SamSs - ok
13:09:55.0733 3052 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:09:55.0924 3052 sbp2port - ok
13:09:56.0014 3052 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:09:56.0059 3052 SCardSvr - ok
13:09:56.0173 3052 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:09:56.0269 3052 Schedule - ok
13:09:56.0287 3052 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:09:56.0312 3052 SCPolicySvc - ok
13:09:56.0343 3052 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:09:56.0433 3052 SDRSVC - ok
13:09:56.0469 3052 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:09:56.0535 3052 secdrv - ok
13:09:56.0561 3052 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:09:56.0591 3052 seclogon - ok
13:09:56.0605 3052 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
13:09:56.0661 3052 SENS - ok
13:09:56.0675 3052 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:09:56.0744 3052 Serenum - ok
13:09:56.0775 3052 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:09:56.0845 3052 Serial - ok
13:09:56.0871 3052 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:09:56.0908 3052 sermouse - ok
13:09:56.0979 3052 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:09:57.0023 3052 SessionEnv - ok
13:09:57.0041 3052 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:09:57.0072 3052 sffdisk - ok
13:09:57.0109 3052 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:09:57.0150 3052 sffp_mmc - ok
13:09:57.0178 3052 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:09:57.0206 3052 sffp_sd - ok
13:09:57.0224 3052 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:09:57.0326 3052 sfloppy - ok
13:09:57.0354 3052 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:09:57.0428 3052 SharedAccess - ok
13:09:57.0467 3052 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:09:57.0607 3052 ShellHWDetection - ok
13:09:57.0651 3052 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:09:57.0683 3052 sisagp - ok
13:09:57.0711 3052 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:09:57.0742 3052 SiSRaid2 - ok
13:09:57.0779 3052 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:09:57.0831 3052 SiSRaid4 - ok
13:09:58.0088 3052 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:09:58.0393 3052 Skype C2C Service - ok
13:09:58.0442 3052 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:09:58.0569 3052 SkypeUpdate - ok
13:09:58.0665 3052 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:09:58.0939 3052 slsvc - ok
13:09:59.0019 3052 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:09:59.0069 3052 SLUINotify - ok
13:09:59.0110 3052 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:09:59.0205 3052 Smb - ok
13:09:59.0233 3052 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:09:59.0283 3052 SNMPTRAP - ok
13:09:59.0995 3052 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
13:10:02.0178 3052 SNP2STD - ok
13:10:02.0355 3052 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:10:02.0510 3052 SNP2UVC - ok
13:10:02.0553 3052 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:10:02.0680 3052 spldr - ok
13:10:02.0750 3052 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:10:02.0807 3052 Spooler - ok
13:10:02.0907 3052 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
13:10:02.0908 3052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
13:10:02.0911 3052 sptd ( LockedFile.Multi.Generic ) - warning
13:10:02.0911 3052 sptd - detected LockedFile.Multi.Generic (1)
13:10:03.0062 3052 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:10:03.0110 3052 srv - ok
13:10:03.0150 3052 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:10:03.0247 3052 srv2 - ok
13:10:03.0278 3052 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:10:03.0338 3052 srvnet - ok
13:10:03.0406 3052 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:10:03.0496 3052 SSDPSRV - ok
13:10:03.0550 3052 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:10:03.0623 3052 ssmdrv - ok
13:10:03.0652 3052 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:10:03.0712 3052 SstpSvc - ok
13:10:03.0802 3052 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
13:10:03.0818 3052 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:10:03.0818 3052 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:10:03.0927 3052 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:10:04.0007 3052 stisvc - ok
13:10:04.0078 3052 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:10:04.0132 3052 swenum - ok
13:10:04.0193 3052 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:10:04.0255 3052 swprv - ok
13:10:04.0373 3052 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:10:04.0500 3052 Symc8xx - ok
13:10:04.0530 3052 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:10:04.0548 3052 Sym_hi - ok
13:10:04.0574 3052 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:10:04.0593 3052 Sym_u3 - ok
13:10:04.0644 3052 [ A7CEC70DD3D85AC711897E02358E9793 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:10:04.0665 3052 SynTP - ok
13:10:04.0745 3052 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:10:04.0861 3052 SysMain - ok
13:10:04.0926 3052 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:10:04.0988 3052 TabletInputService - ok
13:10:05.0081 3052 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:10:05.0137 3052 TapiSrv - ok
13:10:05.0176 3052 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:10:05.0204 3052 TBS - ok
13:10:05.0499 3052 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:10:05.0646 3052 Tcpip - ok
13:10:05.0776 3052 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:10:05.0845 3052 Tcpip6 - ok
13:10:05.0935 3052 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:10:05.0972 3052 tcpipreg - ok
13:10:06.0017 3052 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:10:06.0098 3052 TDPIPE - ok
13:10:06.0124 3052 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:10:06.0277 3052 TDTCP - ok
13:10:06.0343 3052 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:10:06.0404 3052 tdx - ok
13:10:06.0464 3052 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:10:06.0583 3052 TermDD - ok
13:10:06.0688 3052 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:10:06.0790 3052 TermService - ok
13:10:06.0824 3052 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:10:06.0851 3052 Themes - ok
13:10:06.0914 3052 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:10:06.0970 3052 THREADORDER - ok
13:10:07.0000 3052 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:10:07.0066 3052 TrkWks - ok
13:10:07.0115 3052 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:10:07.0141 3052 TrustedInstaller - ok
13:10:07.0211 3052 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:07.0288 3052 tssecsrv - ok
13:10:07.0305 3052 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:10:07.0341 3052 tunmp - ok
13:10:07.0397 3052 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:10:07.0443 3052 tunnel - ok
13:10:07.0501 3052 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:10:07.0519 3052 uagp35 - ok
13:10:07.0590 3052 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:10:07.0668 3052 udfs - ok
13:10:07.0732 3052 [ 1BBF135FA5D385858DEC0F484D5934A5 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
13:10:07.0760 3052 UI Assistant Service - ok
13:10:07.0797 3052 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:10:07.0863 3052 UI0Detect - ok
13:10:07.0962 3052 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:10:08.0003 3052 uliagpkx - ok
13:10:08.0024 3052 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:10:08.0059 3052 uliahci - ok
13:10:08.0079 3052 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:10:08.0121 3052 UlSata - ok
13:10:08.0149 3052 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:10:08.0202 3052 ulsata2 - ok
13:10:08.0242 3052 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:10:08.0291 3052 umbus - ok
13:10:08.0340 3052 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:10:08.0387 3052 upnphost - ok
13:10:08.0455 3052 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:10:08.0530 3052 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
13:10:08.0530 3052 USBAAPL - detected UnsignedFile.Multi.Generic (1)
13:10:08.0574 3052 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:08.0670 3052 usbccgp - ok
13:10:08.0690 3052 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:10:08.0779 3052 usbcir - ok
13:10:08.0828 3052 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:10:08.0873 3052 usbehci - ok
13:10:09.0004 3052 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:10:09.0072 3052 usbhub - ok
13:10:09.0090 3052 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:10:09.0180 3052 usbohci - ok
13:10:09.0265 3052 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:10:09.0444 3052 usbprint - ok
13:10:09.0479 3052 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:09.0547 3052 USBSTOR - ok
13:10:09.0585 3052 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:10:09.0669 3052 usbuhci - ok
13:10:09.0810 3052 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:10:10.0046 3052 usbvideo - ok
13:10:10.0117 3052 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:10:10.0158 3052 UxSms - ok
13:10:10.0284 3052 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:10:10.0454 3052 vds - ok
13:10:10.0491 3052 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:10.0675 3052 vga - ok
13:10:10.0702 3052 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:10:10.0750 3052 VgaSave - ok
13:10:10.0790 3052 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:10:10.0824 3052 viaagp - ok
13:10:10.0852 3052 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:10:10.0907 3052 ViaC7 - ok
13:10:10.0937 3052 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
13:10:10.0969 3052 viaide - ok
13:10:10.0981 3052 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:10:11.0003 3052 volmgr - ok
13:10:11.0074 3052 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:10:11.0245 3052 volmgrx - ok
13:10:11.0296 3052 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:10:11.0355 3052 volsnap - ok
13:10:11.0405 3052 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:10:11.0453 3052 vsmraid - ok
13:10:11.0534 3052 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:10:11.0644 3052 VSS - ok
13:10:11.0743 3052 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:10:11.0816 3052 W32Time - ok
13:10:11.0837 3052 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:10:12.0010 3052 WacomPen - ok
13:10:12.0044 3052 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:10:12.0133 3052 Wanarp - ok
13:10:12.0145 3052 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:10:12.0178 3052 Wanarpv6 - ok
13:10:12.0280 3052 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
13:10:12.0355 3052 WcesComm - ok
13:10:12.0397 3052 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:10:12.0435 3052 wcncsvc - ok
13:10:12.0483 3052 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:10:12.0586 3052 WcsPlugInService - ok
13:10:12.0643 3052 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:10:12.0679 3052 Wd - ok
13:10:12.0712 3052 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:10:12.0767 3052 Wdf01000 - ok
13:10:12.0789 3052 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:10:12.0868 3052 WdiServiceHost - ok
13:10:12.0873 3052 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:10:12.0918 3052 WdiSystemHost - ok
13:10:12.0976 3052 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:10:13.0057 3052 WebClient - ok
13:10:13.0104 3052 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:10:13.0158 3052 Wecsvc - ok
13:10:13.0217 3052 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:10:13.0267 3052 wercplsupport - ok
13:10:13.0339 3052 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:10:13.0421 3052 WerSvc - ok
13:10:13.0522 3052 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:10:13.0615 3052 WinDefend - ok
13:10:13.0624 3052 WinHttpAutoProxySvc - ok
13:10:13.0694 3052 WINIO - ok
13:10:13.0774 3052 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:10:14.0022 3052 Winmgmt - ok
13:10:14.0067 3052 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
13:10:14.0310 3052 WinRM - ok
13:10:14.0413 3052 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
13:10:14.0476 3052 winusb - ok
13:10:14.0585 3052 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:10:14.0711 3052 Wlansvc - ok
13:10:14.0834 3052 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:14.0963 3052 wlidsvc - ok
13:10:15.0003 3052 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:10:15.0054 3052 WmiAcpi - ok
13:10:15.0114 3052 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:10:15.0250 3052 wmiApSrv - ok
13:10:15.0377 3052 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:10:15.0563 3052 WMPNetworkSvc - ok
13:10:15.0641 3052 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:10:15.0736 3052 WPCSvc - ok
13:10:15.0772 3052 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:10:15.0812 3052 WPDBusEnum - ok
13:10:15.0844 3052 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:10:15.0900 3052 WpdUsb - ok
13:10:16.0039 3052 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:10:16.0095 3052 WPFFontCache_v0400 - ok
13:10:16.0119 3052 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:10:16.0187 3052 ws2ifsl - ok
13:10:16.0223 3052 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
13:10:16.0315 3052 wscsvc - ok
13:10:16.0321 3052 WSearch - ok
13:10:16.0392 3052 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:10:16.0472 3052 wuauserv - ok
13:10:16.0515 3052 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:16.0564 3052 WUDFRd - ok
13:10:16.0658 3052 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:10:16.0753 3052 wudfsvc - ok
13:10:16.0839 3052 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:10:16.0907 3052 ZTEusbmdm6k - ok
13:10:16.0928 3052 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:10:16.0965 3052 ZTEusbnmea - ok
13:10:16.0990 3052 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:10:17.0018 3052 ZTEusbser6k - ok
13:10:17.0026 3052 ================ Scan global ===============================
13:10:17.0052 3052 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:10:17.0127 3052 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:10:17.0167 3052 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:10:17.0224 3052 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:10:17.0234 3052 [Global] - ok
13:10:17.0235 3052 ================ Scan MBR ==================================
13:10:17.0256 3052 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:10:17.0995 3052 \Device\Harddisk0\DR0 - ok
13:10:17.0996 3052 ================ Scan VBR ==================================
13:10:18.0024 3052 [ 13E8234390A200E399F4F5AB8CC0F413 ] \Device\Harddisk0\DR0\Partition1
13:10:18.0027 3052 \Device\Harddisk0\DR0\Partition1 - ok
13:10:18.0072 3052 [ 62062CEECDE3D67CE29D79C3EE23A1B7 ] \Device\Harddisk0\DR0\Partition2
13:10:18.0074 3052 \Device\Harddisk0\DR0\Partition2 - ok
13:10:18.0075 3052 ============================================================
13:10:18.0075 3052 Scan finished
13:10:18.0075 3052 ============================================================
13:10:18.0090 3048 Detected object count: 7
13:10:18.0090 3048 Actual detected object count: 7
13:10:27.0758 3048 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:10:27.0759 3048 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:10:27.0761 3048 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:27.0761 3048 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:27.0764 3048 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:27.0764 3048 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:27.0766 3048 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:27.0766 3048 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:27.0769 3048 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:10:27.0769 3048 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:10:27.0771 3048 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:27.0771 3048 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:27.0774 3048 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:27.0774 3048 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.09.2012, 16:19
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 13:16
| #23 |
| | Bundespolizei Trojaner Windows Vista Hier ist das Combo-Fix-Log: Code:
ATTFilter ComboFix 12-09-27.03 - Sarah 28.09.2012 13:50:45.1.2 - x86
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\4.0
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WINIO
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-28 ))))))))))))))))))))))))))))))
.
.
2012-09-28 11:59 . 2012-09-28 12:03 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-09-27 11:04 . 2012-09-27 11:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 13:35 . 2012-09-26 13:35 -------- d-----w- C:\_OTL
2012-09-24 11:56 . 2012-09-24 11:56 -------- d-----w- c:\program files\ESET
2012-09-23 10:45 . 2012-09-23 10:45 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-09-23 10:45 . 2012-09-23 10:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 10:45 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 14:38 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 14:35 . 2012-09-16 14:35 -------- d-----w- c:\program files\iPod
2012-09-16 14:28 . 2012-09-16 14:28 -------- d-----w- c:\program files\Bonjour
2012-09-11 18:07 . 2012-09-11 18:07 -------- d-----w- c:\users\Sarah\AppData\Roaming\Avira
2012-09-11 18:01 . 2012-09-07 18:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-11 18:01 . 2012-09-07 18:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-11 18:01 . 2012-09-07 18:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-11 18:01 . 2012-09-11 18:01 -------- d-----w- c:\program files\Avira
2012-09-11 09:09 . 2012-09-11 09:09 -------- d-----w- C:\UserData
2012-09-11 09:04 . 2011-03-26 08:37 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-11 09:04 . 2012-09-11 09:04 -------- d-----w- c:\windows\system32\SupportAppCB
2012-09-11 09:04 . 2012-09-11 09:07 -------- d-----w- c:\program files\1&1 Surf-Stick
2012-09-07 10:11 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A78328D0-B058-4540-94EE-EFBFECD19493}\mpengine.dll ERROR(0x00000005)
2012-09-01 12:07 . 2012-09-23 15:32 -------- d-----w- c:\users\Sarah\AppData\Roaming\Skype
2012-09-01 12:07 . 2012-09-01 12:07 -------- d-----w- c:\program files\Common Files\Skype
2012-09-01 12:07 . 2012-09-01 12:08 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 15:04 . 2012-05-17 18:21 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-26 15:04 . 2012-05-17 18:21 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 07:15 . 2009-02-19 05:31 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-04 14:02 . 2012-08-21 11:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-13 19:08 . 2012-09-13 19:07 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2012-01-17 153424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62668516.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-04 10:40 133104 ----atw- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-26 16:36 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:04]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 10:40]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 10:40]
.
2012-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
AddRemove-FLV Player - c:\program files\FLVPlayer\Uninstall\Uninstall.exe
AddRemove-FoxTab PDF Creator - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-28 14:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,ba,a3,dd,a5,0b,18,2e,29,2f,32,7b,59,45,12,0d,f6,40,a9,2b,1a,
78,09,7e,8a,b6,8b,59,b3,d9,bf,44,a4,c4,9a,dd,65,4e,74,f4,3c,75,8e,80,32,ef,\
"rkeysecu"=hex:4e,30,2c,80,1d,2b,43,62,3e,b6,1c,af,15,31,e2,ed
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\1&1 Surf-Stick\AssistantServices.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-28 14:11:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-28 12:11
.
Vor Suchlauf: 17 Verzeichnis(se), 330.241.970.176 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 329.705.132.032 Bytes frei
.
- - End Of File - - 9376ECB69B0E673EAC80061A69EC6D88
|
|
28.09.2012, 14:50
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2012, 15:05
| #25 |
| | Bundespolizei Trojaner Windows Vista Hier die Logs: GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-30 15:18:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G
Running: cnwin3ev.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\kwloypow.sys
---- System - GMER 1.0.15 ----
SSDT 90DBA92E ZwCreateSection
SSDT 90DBA938 ZwRequestWaitReplyPort
SSDT 90DBA933 ZwSetContextThread
SSDT 90DBA93D ZwSetSecurityObject
SSDT 90DBA942 ZwSystemDebugControl
SSDT 90DBA8CF ZwTerminateProcess
INT 0x51 ? 875A1BF8
INT 0x61 ? 90400050
INT 0x71 ? 904002D0
INT 0x72 ? 875A1BF8
INT 0x82 ? 90400CD0
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 8578BBF8
INT 0xA2 ? 904007D0
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EE58D8 4 Bytes [2E, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 539 82EE5BFC 4 Bytes [38, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EE5C30 4 Bytes [33, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 82EE5C94 4 Bytes [3D, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 82EE5CDC 4 Bytes [42, A9, DB, 90]
.text ...
? System32\Drivers\spzl.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8AE8AB2E 5 Bytes JMP 8578B1D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F40C320, 0x3EEAF7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8B34341B 5 Bytes JMP 875A11D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 653D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!HeapSetInformation + 26 773BA8C0 7 Bytes JMP 653D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!LockResource + C 773D6B0B 7 Bytes JMP 65607B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!VirtualAllocEx + 54 773DAF70 7 Bytes JMP 65607B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] GDI32.dll!SetStretchBltMode + 256 77F8745C 7 Bytes JMP 65607AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D6] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B042] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B800] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0C0] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13E] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069AB90] \SystemRoot\System32\Drivers\spzl.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 861201F8
Device \FileSystem\fastfat \FatCdrom 9052B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC8 0xA4 0x01 0xCD ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC8 0xA4 0x01 0xCD ...
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:15:02 on 30.09.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job" - "Google Inc." - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job" - "Google Inc." - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwloypow" (kwloypow) - ? - C:\Users\Sarah\AppData\Local\Temp\kwloypow.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Akamai NetSession Interface" - "Akamai Technologies, Inc." - "C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "tsnp2std" - "SONIX" - C:\Windows\tsnp2std.exe "tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "UIExec" - ? - "C:\Program Files\1&1 Surf-Stick\UIExec.exe" (File found, but it contains no detailed information) [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Redmon" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe (File found, but it contains no detailed information) "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe (File found, but it contains no detailed information) "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 15:21:39
-----------------------------
15:21:39.590 OS Version: Windows 6.0.6002 Service Pack 2
15:21:39.590 Number of processors: 2 586 0x170A
15:21:39.590 ComputerName: SARAH-PC UserName: Sarah
15:21:42.002 Initialize success
15:23:08.271 AVAST engine defs: 12093000
15:31:29.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:31:29.496 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60G Size: 476940MB BusType: 3
15:31:29.767 Disk 0 MBR read successfully
15:31:29.819 Disk 0 MBR scan
15:31:29.824 Disk 0 Windows VISTA default MBR code
15:31:29.904 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 450940 MB offset 2048
15:31:30.052 Disk 0 Partition 2 00 0C FAT32 LBA MSWIN4.1 25997 MB offset 923527168
15:31:30.208 Disk 0 scanning sectors +976769024
15:31:30.672 Disk 0 scanning C:\Windows\system32\drivers
15:33:04.558 Service scanning
15:33:28.327 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:33:35.801 Modules scanning
15:34:20.600 Disk 0 trace - called modules:
15:34:20.956 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8578f1f8]<<
15:34:20.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863d3620]
15:34:20.964 3 CLASSPNP.SYS[8b59e8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8616fb98]
15:34:20.968 \Driver\atapi[0x86194a60] -> IRP_MJ_CREATE -> 0x8578f1f8
15:34:22.679 AVAST engine scan C:\Windows
15:37:18.376 AVAST engine scan C:\Windows\system32
15:42:41.718 AVAST engine scan C:\Windows\system32\drivers
15:43:08.409 AVAST engine scan C:\Users\Sarah
16:03:27.335 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
16:03:27.342 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"
|
|
01.10.2012, 12:47
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner Windows Vista |
| administrator, anti-malware, autostart, babylon toolbar, benötige, bericht, bösartige, conduit, dateien, dealply, durchgeführt, erfolgreich, explorer, gelöscht, iminent toolbar, install.exe, limited.com/facebook, malwarebytes, minute, origin, picasa, plug-in, quarantäne, registrierung, scan, search the web, service, service pack 2, speicher, trojan.agent, trojaner, tubebox, usb 2.0, version, vista, wajam, windows, windows vista, wscript.exe, yontoo |
Linear-Darstellung
