| |
| |||||||
Log-Analyse und Auswertung: MyStart Trojaner eingefangen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.09.2012, 21:03
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  MyStart Trojaner eingefangen! Wir sind hier ja auch langenoch nicht fertig! Was gedenkst du den OTL-Fix zu machen? Ohne den werden wir nie fertig
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2012, 21:58
| #17 |
 | MyStart Trojaner eingefangen!Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
HKEY_USERS\S-1-5-21-1740474236-2717846627-2894093939-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1740474236-2717846627-2894093939-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1740474236-2717846627-2894093939-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{241c1f7c-db7c-11e1-833e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{241c1f7c-db7c-11e1-833e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{241c1f7c-db7c-11e1-833e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{241c1f7c-db7c-11e1-833e-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
ADS C:\ProgramData\Temp:35501BA4 deleted successfully.
ADS C:\ProgramData\Temp:0F64164E deleted successfully.
ADS C:\ProgramData\Temp:2F474C84 deleted successfully.
ADS C:\ProgramData\Temp:53BA2DF6 deleted successfully.
ADS C:\ProgramData\Temp:244E4E3A deleted successfully.
ADS C:\ProgramData\Temp:1CD511E5 deleted successfully.
ADS C:\ProgramData\Temp:5FC043A8 deleted successfully.
ADS C:\ProgramData\Temp:E265ED33 deleted successfully.
ADS C:\ProgramData\Temp:94A31742 deleted successfully.
ADS C:\ProgramData\Temp:795F6DEC deleted successfully.
ADS C:\ProgramData\Temp:E4E83517 deleted successfully.
ADS C:\ProgramData\Temp:98CD9221 deleted successfully.
ADS C:\ProgramData\Temp:3D922890 deleted successfully.
ADS C:\ProgramData\Temp:092BD83A deleted successfully.
ADS C:\ProgramData\Temp:2CFBE2D1 deleted successfully.
ADS C:\ProgramData\Temp:AC57032B deleted successfully.
ADS C:\ProgramData\Temp:9C732DB0 deleted successfully.
ADS C:\ProgramData\Temp:6AF6BB0E deleted successfully.
ADS C:\ProgramData\Temp:A8ADEA55 deleted successfully.
ADS C:\ProgramData\Temp:398EFF0F deleted successfully.
ADS C:\ProgramData\Temp:86B7FDDB deleted successfully.
ADS C:\ProgramData\Temp:363E775E deleted successfully.
ADS C:\ProgramData\Temp:5133A494 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:373C6DC2 deleted successfully.
ADS C:\ProgramData\Temp:32EA849C deleted successfully.
ADS C:\ProgramData\Temp:CA1AFE85 deleted successfully.
ADS C:\ProgramData\Temp:EE2DD6CC deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
ADS C:\ProgramData\Temp:8AD1F2E0 deleted successfully.
ADS C:\ProgramData\Temp:1A5822A3 deleted successfully.
========== FILES ==========
C:\Users\n.quero-espino\AppData\Local\{FBAAB55C-0C5E-4628-ACDF-1C9D213F83A5} folder moved successfully.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
File\Folder C:\Program Files (x86)\Searchqu Toolbar not found.
C:\Users\n.quero-espino\Downloads\DownloadAcceleratorSetup.exe moved successfully.
C:\Users\n.quero-espino\Downloads\DownloadManagerSetup.exe moved successfully.
C:\Users\n.quero-espino\Downloads\jZipV1.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\n.quero-espino\Downloads\cmd.bat deleted successfully.
C:\Users\n.quero-espino\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: n.quero-espino
->Temp folder emptied: 34087104 bytes
->Temporary Internet Files folder emptied: 126297879 bytes
->FireFox cache emptied: 203937179 bytes
->Google Chrome cache emptied: 478768376 bytes
->Flash cache emptied: 62308 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 368578101 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50468 bytes
RecycleBin emptied: 2151622 bytes
Total Files Cleaned = 1.158,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09272012_225051
Files\Folders moved on Reboot...
C:\Users\n.quero-espino\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_LdzMCbxflidlSWt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 10:30
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
28.09.2012, 14:57
| #19 |
| | MyStart Trojaner eingefangen!Code:
ATTFilter 15:51:04.0404 12540 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:51:04.0404 12540 UEFI system
15:51:04.0825 12540 ============================================================
15:51:04.0825 12540 Current date / time: 2012/09/28 15:51:04.0825
15:51:04.0825 12540 SystemInfo:
15:51:04.0825 12540
15:51:04.0825 12540 OS Version: 6.1.7601 ServicePack: 1.0
15:51:04.0825 12540 Product type: Workstation
15:51:04.0825 12540 ComputerName: NATALIE
15:51:04.0825 12540 UserName: n.quero-espino
15:51:04.0825 12540 Windows directory: C:\Windows
15:51:04.0825 12540 System windows directory: C:\Windows
15:51:04.0825 12540 Running under WOW64
15:51:04.0825 12540 Processor architecture: Intel x64
15:51:04.0825 12540 Number of processors: 8
15:51:04.0825 12540 Page size: 0x1000
15:51:04.0825 12540 Boot type: Normal boot
15:51:04.0825 12540 ============================================================
15:51:05.0340 12540 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:51:05.0371 12540 ============================================================
15:51:05.0371 12540 \Device\Harddisk0\DR0:
15:51:05.0371 12540 GPT partitions:
15:51:05.0371 12540 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {584DF351-A471-44AB-A90B-C12C90007879}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
15:51:05.0371 12540 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F6402069-8FF2-48B2-B60A-8714FD316299}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
15:51:05.0371 12540 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6E381354-DC9F-4198-8755-BFB76C084475}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0x22EE8800
15:51:05.0371 12540 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6C137E68-4728-469D-9F05-849518F05716}, Name: Basic data partition, StartLBA 0x22F8D000, BlocksNum 0x313B9000
15:51:05.0371 12540 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7084BADA-F395-416B-BBDE-C7E81C24342E}, Name: Basic data partition, StartLBA 0x54346000, BlocksNum 0x3200000
15:51:05.0371 12540 MBR partitions:
15:51:05.0371 12540 ============================================================
15:51:05.0418 12540 C: <-> \Device\Harddisk0\DR0\Partition3
15:51:05.0480 12540 D: <-> \Device\Harddisk0\DR0\Partition4
15:51:05.0480 12540 ============================================================
15:51:05.0480 12540 Initialize success
15:51:05.0480 12540 ============================================================
15:52:24.0503 4088 ============================================================
15:52:24.0503 4088 Scan started
15:52:24.0503 4088 Mode: Manual; SigCheck; TDLFS;
15:52:24.0503 4088 ============================================================
15:52:24.0784 4088 ================ Scan system memory ========================
15:52:24.0784 4088 System memory - ok
15:52:24.0784 4088 ================ Scan services =============================
15:52:24.0955 4088 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:52:25.0064 4088 1394ohci - ok
15:52:25.0096 4088 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:52:25.0127 4088 ACPI - ok
15:52:25.0142 4088 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:52:25.0205 4088 AcpiPmi - ok
15:52:25.0298 4088 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:52:25.0314 4088 AdobeARMservice - ok
15:52:25.0423 4088 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:25.0454 4088 AdobeFlashPlayerUpdateSvc - ok
15:52:25.0517 4088 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:52:25.0548 4088 adp94xx - ok
15:52:25.0579 4088 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:52:25.0610 4088 adpahci - ok
15:52:25.0626 4088 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:52:25.0657 4088 adpu320 - ok
15:52:25.0688 4088 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:52:25.0813 4088 AeLookupSvc - ok
15:52:25.0860 4088 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:52:25.0922 4088 AFD - ok
15:52:26.0000 4088 [ 10816C326423E5E660A4B2BB4F023B3F ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
15:52:26.0032 4088 AffinegyService - ok
15:52:26.0063 4088 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:52:26.0110 4088 AgereSoftModem - ok
15:52:26.0125 4088 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:52:26.0125 4088 agp440 - ok
15:52:26.0172 4088 [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
15:52:26.0219 4088 AiCharger - ok
15:52:26.0250 4088 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:52:26.0297 4088 ALG - ok
15:52:26.0344 4088 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:52:26.0359 4088 aliide - ok
15:52:26.0359 4088 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:52:26.0390 4088 amdide - ok
15:52:26.0390 4088 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:52:26.0437 4088 AmdK8 - ok
15:52:26.0468 4088 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:52:26.0500 4088 AmdPPM - ok
15:52:26.0531 4088 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:52:26.0546 4088 amdsata - ok
15:52:26.0562 4088 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:52:26.0578 4088 amdsbs - ok
15:52:26.0593 4088 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:52:26.0609 4088 amdxata - ok
15:52:26.0640 4088 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:52:26.0827 4088 AppID - ok
15:52:26.0858 4088 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:52:26.0921 4088 AppIDSvc - ok
15:52:26.0952 4088 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:52:27.0014 4088 Appinfo - ok
15:52:27.0046 4088 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:52:27.0061 4088 arc - ok
15:52:27.0077 4088 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:52:27.0092 4088 arcsas - ok
15:52:27.0155 4088 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:52:27.0170 4088 ASLDRService - ok
15:52:27.0202 4088 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:52:27.0217 4088 ASMMAP64 - ok
15:52:27.0311 4088 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:52:27.0326 4088 aspnet_state - ok
15:52:27.0404 4088 [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
15:52:27.0420 4088 ASUS InstantOn - ok
15:52:27.0451 4088 ASUSProcObsrv - ok
15:52:27.0482 4088 [ CBF4C9263F35A9E80E4AD5CBBAE6049C ] AsusVBus C:\Windows\system32\DRIVERS\AsusVBus.sys
15:52:27.0498 4088 AsusVBus - ok
15:52:27.0529 4088 [ C951F6F1D909E1AAD7160D9EE860A3F1 ] AsusVTouch C:\Windows\system32\DRIVERS\AsusVTouch.sys
15:52:27.0545 4088 AsusVTouch - ok
15:52:27.0592 4088 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:27.0654 4088 AsyncMac - ok
15:52:27.0685 4088 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:52:27.0701 4088 atapi - ok
15:52:27.0732 4088 [ 78B183A794A08978EA0A8D017054352B ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
15:52:27.0748 4088 AthBTPort - ok
15:52:27.0810 4088 [ 7A1F47FFF813F141E5ADEBB4FD97E14F ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:52:27.0826 4088 AtherosSvc - ok
15:52:27.0904 4088 [ 0B034E43E0B4A33BB5624C28EFE3C6ED ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:52:27.0966 4088 athr - ok
15:52:27.0997 4088 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:52:28.0013 4088 ATKGFNEXSrv - ok
15:52:28.0060 4088 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:52:28.0060 4088 ATKWMIACPIIO - ok
15:52:28.0106 4088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:52:28.0169 4088 AudioEndpointBuilder - ok
15:52:28.0169 4088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:52:28.0200 4088 AudioSrv - ok
15:52:28.0231 4088 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:52:28.0294 4088 AxInstSV - ok
15:52:28.0340 4088 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:52:28.0403 4088 b06bdrv - ok
15:52:28.0450 4088 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:28.0481 4088 b57nd60a - ok
15:52:28.0543 4088 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:52:28.0574 4088 BBSvc - ok
15:52:28.0606 4088 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:52:28.0652 4088 BDESVC - ok
15:52:28.0684 4088 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:52:28.0730 4088 Beep - ok
15:52:28.0793 4088 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
15:52:28.0824 4088 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
15:52:28.0824 4088 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
15:52:28.0824 4088 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
15:52:28.0855 4088 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
15:52:28.0855 4088 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
15:52:28.0918 4088 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:52:28.0980 4088 BFE - ok
15:52:29.0011 4088 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:52:29.0058 4088 BITS - ok
15:52:29.0089 4088 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:29.0105 4088 blbdrive - ok
15:52:29.0136 4088 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:52:29.0167 4088 bowser - ok
15:52:29.0214 4088 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:52:29.0276 4088 BrFiltLo - ok
15:52:29.0276 4088 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:52:29.0292 4088 BrFiltUp - ok
15:52:29.0339 4088 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:52:29.0370 4088 Browser - ok
15:52:29.0401 4088 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:52:29.0448 4088 Brserid - ok
15:52:29.0479 4088 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:29.0526 4088 BrSerWdm - ok
15:52:29.0526 4088 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:29.0542 4088 BrUsbMdm - ok
15:52:29.0573 4088 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:29.0604 4088 BrUsbSer - ok
15:52:29.0635 4088 [ B1ED56C4A0FD343E9DCB42ED44329028 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
15:52:29.0666 4088 BTATH_A2DP - ok
15:52:29.0682 4088 [ 869F3519010BB4D5F9C95F2DD005C34F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
15:52:29.0682 4088 btath_avdt - ok
15:52:29.0729 4088 [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
15:52:29.0729 4088 BTATH_BUS - ok
15:52:29.0760 4088 [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:52:29.0776 4088 BTATH_HCRP - ok
15:52:29.0791 4088 [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:52:29.0791 4088 BTATH_LWFLT - ok
15:52:29.0822 4088 [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
15:52:29.0854 4088 BTATH_RCP - ok
15:52:29.0885 4088 [ F66BEA72E4061E35DFF0E0BCD6A0C4E2 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
15:52:29.0916 4088 BtFilter - ok
15:52:29.0978 4088 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:52:30.0041 4088 BthEnum - ok
15:52:30.0072 4088 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:52:30.0072 4088 BTHMODEM - ok
15:52:30.0119 4088 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:52:30.0150 4088 BthPan - ok
15:52:30.0181 4088 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:52:30.0212 4088 BTHPORT - ok
15:52:30.0244 4088 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:52:30.0290 4088 bthserv - ok
15:52:30.0306 4088 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:52:30.0322 4088 BTHUSB - ok
15:52:30.0368 4088 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:52:30.0415 4088 cdfs - ok
15:52:30.0446 4088 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:52:30.0478 4088 cdrom - ok
15:52:30.0509 4088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:52:30.0587 4088 CertPropSvc - ok
15:52:30.0602 4088 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
15:52:30.0602 4088 cfwids - ok
15:52:30.0634 4088 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:52:30.0649 4088 circlass - ok
15:52:30.0680 4088 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:52:30.0712 4088 CLFS - ok
15:52:30.0758 4088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:30.0758 4088 clr_optimization_v2.0.50727_32 - ok
15:52:30.0790 4088 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:30.0821 4088 clr_optimization_v2.0.50727_64 - ok
15:52:30.0899 4088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:30.0914 4088 clr_optimization_v4.0.30319_32 - ok
15:52:30.0930 4088 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:30.0946 4088 clr_optimization_v4.0.30319_64 - ok
15:52:30.0977 4088 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:31.0008 4088 CmBatt - ok
15:52:31.0024 4088 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:52:31.0024 4088 cmdide - ok
15:52:31.0070 4088 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:52:31.0102 4088 CNG - ok
15:52:31.0133 4088 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:52:31.0148 4088 Compbatt - ok
15:52:31.0164 4088 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:52:31.0180 4088 CompositeBus - ok
15:52:31.0195 4088 COMSysApp - ok
15:52:31.0273 4088 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:52:31.0304 4088 cphs - ok
15:52:31.0320 4088 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:52:31.0336 4088 crcdisk - ok
15:52:31.0382 4088 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:52:31.0429 4088 CryptSvc - ok
15:52:31.0554 4088 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:52:31.0585 4088 cvhsvc - ok
15:52:31.0616 4088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:52:31.0663 4088 DcomLaunch - ok
15:52:31.0694 4088 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:52:31.0741 4088 defragsvc - ok
15:52:31.0788 4088 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:52:31.0850 4088 DfsC - ok
15:52:31.0897 4088 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:52:31.0960 4088 Dhcp - ok
15:52:31.0975 4088 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:52:32.0022 4088 discache - ok
15:52:32.0053 4088 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:52:32.0069 4088 Disk - ok
15:52:32.0084 4088 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:52:32.0131 4088 Dnscache - ok
15:52:32.0194 4088 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:52:32.0240 4088 dot3svc - ok
15:52:32.0256 4088 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:52:32.0303 4088 DPS - ok
15:52:32.0334 4088 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:52:32.0350 4088 drmkaud - ok
15:52:32.0412 4088 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:52:32.0443 4088 DXGKrnl - ok
15:52:32.0474 4088 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:52:32.0506 4088 EapHost - ok
15:52:32.0584 4088 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:52:32.0693 4088 ebdrv - ok
15:52:32.0724 4088 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:52:32.0771 4088 EFS - ok
15:52:32.0833 4088 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:52:32.0880 4088 ehRecvr - ok
15:52:32.0911 4088 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:52:32.0958 4088 ehSched - ok
15:52:33.0036 4088 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:52:33.0067 4088 elxstor - ok
15:52:33.0067 4088 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:52:33.0098 4088 ErrDev - ok
15:52:33.0145 4088 [ 42B4D3D746B3625EF42233C3897E1F68 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
15:52:33.0161 4088 ETD - ok
15:52:33.0192 4088 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:52:33.0239 4088 EventSystem - ok
15:52:33.0270 4088 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:52:33.0317 4088 exfat - ok
15:52:33.0364 4088 Fabs - ok
15:52:33.0379 4088 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:52:33.0457 4088 fastfat - ok
15:52:33.0504 4088 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:52:33.0551 4088 Fax - ok
15:52:33.0582 4088 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:52:33.0613 4088 fdc - ok
15:52:33.0629 4088 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:52:33.0676 4088 fdPHost - ok
15:52:33.0691 4088 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:52:33.0722 4088 FDResPub - ok
15:52:33.0738 4088 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:52:33.0754 4088 FileInfo - ok
15:52:33.0754 4088 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:52:33.0800 4088 Filetrace - ok
15:52:33.0878 4088 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:52:33.0910 4088 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:52:33.0910 4088 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:52:33.0941 4088 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:52:33.0956 4088 flpydisk - ok
15:52:33.0988 4088 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:52:34.0003 4088 FltMgr - ok
15:52:34.0050 4088 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:52:34.0128 4088 FontCache - ok
15:52:34.0175 4088 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:34.0190 4088 FontCache3.0.0.0 - ok
15:52:34.0222 4088 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:52:34.0237 4088 FsDepends - ok
15:52:34.0284 4088 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:52:34.0300 4088 fssfltr - ok
15:52:34.0378 4088 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:52:34.0393 4088 fsssvc - ok
15:52:34.0440 4088 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:52:34.0440 4088 Fs_Rec - ok
15:52:34.0471 4088 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:52:34.0471 4088 fvevol - ok
15:52:34.0502 4088 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:52:34.0518 4088 gagp30kx - ok
15:52:34.0549 4088 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:52:34.0596 4088 gpsvc - ok
15:52:34.0643 4088 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:34.0658 4088 gupdate - ok
15:52:34.0674 4088 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:34.0674 4088 gupdatem - ok
15:52:34.0705 4088 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:52:34.0721 4088 gusvc - ok
15:52:34.0752 4088 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:52:34.0783 4088 hcw85cir - ok
15:52:34.0814 4088 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:52:34.0846 4088 HdAudAddService - ok
15:52:34.0877 4088 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:52:34.0924 4088 HDAudBus - ok
15:52:34.0939 4088 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:52:34.0970 4088 HidBatt - ok
15:52:34.0970 4088 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:52:34.0986 4088 HidBth - ok
15:52:35.0002 4088 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:52:35.0017 4088 HidIr - ok
15:52:35.0048 4088 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:52:35.0095 4088 hidserv - ok
15:52:35.0126 4088 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:52:35.0142 4088 HidUsb - ok
15:52:35.0173 4088 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:52:35.0204 4088 hkmsvc - ok
15:52:35.0236 4088 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:52:35.0267 4088 HomeGroupListener - ok
15:52:35.0282 4088 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:52:35.0314 4088 HomeGroupProvider - ok
15:52:35.0360 4088 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:52:35.0392 4088 HpSAMD - ok
15:52:35.0407 4088 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:52:35.0454 4088 HTTP - ok
15:52:35.0470 4088 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:52:35.0470 4088 hwpolicy - ok
15:52:35.0501 4088 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:35.0532 4088 i8042prt - ok
15:52:35.0548 4088 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:52:35.0563 4088 iaStor - ok
15:52:35.0610 4088 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:52:35.0626 4088 iaStorV - ok
15:52:35.0657 4088 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:35.0688 4088 idsvc - ok
15:52:35.0922 4088 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:52:36.0250 4088 igfx - ok
15:52:36.0281 4088 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:52:36.0296 4088 iirsp - ok
15:52:36.0343 4088 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:52:36.0390 4088 IKEEXT - ok
15:52:36.0484 4088 [ 02674201AD9FE19AC3376705077882C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:52:36.0593 4088 IntcAzAudAddService - ok
15:52:36.0655 4088 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:52:36.0671 4088 Intel(R) Capability Licensing Service Interface - ok
15:52:36.0764 4088 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
15:52:36.0780 4088 Intel(R) ME Service - ok
15:52:36.0811 4088 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:52:36.0827 4088 intelide - ok
15:52:36.0842 4088 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:52:36.0874 4088 intelppm - ok
15:52:36.0905 4088 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:52:36.0952 4088 IPBusEnum - ok
15:52:36.0983 4088 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:36.0998 4088 IpFilterDriver - ok
15:52:37.0045 4088 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:52:37.0092 4088 iphlpsvc - ok
15:52:37.0092 4088 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:52:37.0123 4088 IPMIDRV - ok
15:52:37.0123 4088 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:52:37.0170 4088 IPNAT - ok
15:52:37.0186 4088 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:52:37.0248 4088 IRENUM - ok
15:52:37.0279 4088 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:52:37.0279 4088 isapnp - ok
15:52:37.0295 4088 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:52:37.0310 4088 iScsiPrt - ok
15:52:37.0342 4088 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:52:37.0342 4088 iusb3hcs - ok
15:52:37.0373 4088 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
15:52:37.0373 4088 iusb3hub - ok
15:52:37.0435 4088 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:52:37.0451 4088 iusb3xhc - ok
15:52:37.0482 4088 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:52:37.0498 4088 jhi_service - ok
15:52:37.0529 4088 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:37.0560 4088 kbdclass - ok
15:52:37.0576 4088 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:37.0607 4088 kbdhid - ok
15:52:37.0654 4088 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
15:52:37.0669 4088 kbfiltr - ok
15:52:37.0669 4088 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:52:37.0685 4088 KeyIso - ok
15:52:37.0732 4088 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:52:37.0732 4088 KSecDD - ok
15:52:37.0747 4088 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:52:37.0763 4088 KSecPkg - ok
15:52:37.0794 4088 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:52:37.0825 4088 ksthunk - ok
15:52:37.0841 4088 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:52:37.0888 4088 KtmRm - ok
15:52:37.0934 4088 [ 3CE6A9BEF066BF9488E6BC4D6C62F77E ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:52:37.0950 4088 L1C - ok
15:52:37.0997 4088 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:52:38.0059 4088 LanmanServer - ok
15:52:38.0090 4088 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:52:38.0106 4088 LanmanWorkstation - ok
15:52:38.0137 4088 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:52:38.0168 4088 lltdio - ok
15:52:38.0200 4088 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:52:38.0231 4088 lltdsvc - ok
15:52:38.0246 4088 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:52:38.0278 4088 lmhosts - ok
15:52:38.0309 4088 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:52:38.0340 4088 LMS - ok
15:52:38.0387 4088 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:52:38.0418 4088 LSI_FC - ok
15:52:38.0418 4088 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:52:38.0434 4088 LSI_SAS - ok
15:52:38.0434 4088 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:52:38.0449 4088 LSI_SAS2 - ok
15:52:38.0449 4088 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:52:38.0465 4088 LSI_SCSI - ok
15:52:38.0480 4088 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:52:38.0527 4088 luafv - ok
15:52:38.0574 4088 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:52:38.0574 4088 MBAMProtector - ok
15:52:38.0621 4088 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:52:38.0636 4088 MBAMScheduler - ok
15:52:38.0668 4088 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:52:38.0683 4088 MBAMService - ok
15:52:38.0761 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:52:38.0793 4088 McAfee SiteAdvisor Service - ok
15:52:38.0855 4088 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
15:52:38.0871 4088 McAWFwk - ok
15:52:38.0933 4088 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
15:52:38.0949 4088 McComponentHostService - ok
15:52:38.0980 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:52:38.0995 4088 McMPFSvc - ok
15:52:38.0995 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:52:39.0011 4088 mcmscsvc - ok
15:52:39.0011 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:52:39.0011 4088 McNaiAnn - ok
15:52:39.0027 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:52:39.0042 4088 McNASvc - ok
15:52:39.0089 4088 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
15:52:39.0105 4088 McODS - ok
15:52:39.0105 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:52:39.0120 4088 McOobeSv - ok
15:52:39.0120 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:52:39.0136 4088 McProxy - ok
15:52:39.0183 4088 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:52:39.0214 4088 McShield - ok
15:52:39.0245 4088 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:52:39.0276 4088 Mcx2Svc - ok
15:52:39.0292 4088 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:52:39.0292 4088 megasas - ok
15:52:39.0307 4088 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:52:39.0323 4088 MegaSR - ok
15:52:39.0354 4088 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:52:39.0354 4088 MEIx64 - ok
15:52:39.0401 4088 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:52:39.0417 4088 mfeapfk - ok
15:52:39.0448 4088 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
15:52:39.0463 4088 mfeavfk - ok
15:52:39.0479 4088 mfeavfk01 - ok
15:52:39.0495 4088 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:52:39.0510 4088 mfefire - ok
15:52:39.0557 4088 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
15:52:39.0588 4088 mfefirek - ok
15:52:39.0635 4088 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:52:39.0666 4088 mfehidk - ok
15:52:39.0682 4088 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
15:52:39.0697 4088 mfenlfk - ok
15:52:39.0744 4088 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
15:52:39.0760 4088 mferkdet - ok
15:52:39.0775 4088 [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp C:\Windows\system32\mfevtps.exe
15:52:39.0775 4088 mfevtp - ok
15:52:39.0791 4088 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
15:52:39.0791 4088 mfewfpk - ok
15:52:39.0822 4088 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:52:39.0869 4088 MMCSS - ok
15:52:39.0885 4088 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:52:39.0947 4088 Modem - ok
15:52:39.0963 4088 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:52:39.0994 4088 monitor - ok
15:52:40.0025 4088 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:52:40.0041 4088 mouclass - ok
15:52:40.0056 4088 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:52:40.0087 4088 mouhid - ok
15:52:40.0119 4088 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:52:40.0119 4088 mountmgr - ok
15:52:40.0165 4088 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:40.0181 4088 MozillaMaintenance - ok
15:52:40.0197 4088 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:52:40.0212 4088 mpio - ok
15:52:40.0228 4088 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:52:40.0259 4088 mpsdrv - ok
15:52:40.0290 4088 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:52:40.0337 4088 MpsSvc - ok
15:52:40.0353 4088 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:52:40.0368 4088 MRxDAV - ok
15:52:40.0399 4088 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:40.0431 4088 mrxsmb - ok
15:52:40.0431 4088 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:40.0446 4088 mrxsmb10 - ok
15:52:40.0446 4088 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:40.0477 4088 mrxsmb20 - ok
15:52:40.0477 4088 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:52:40.0493 4088 msahci - ok
15:52:40.0524 4088 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:52:40.0540 4088 msdsm - ok
15:52:40.0571 4088 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:52:40.0602 4088 MSDTC - ok
15:52:40.0618 4088 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:52:40.0633 4088 Msfs - ok
15:52:40.0665 4088 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:52:40.0696 4088 mshidkmdf - ok
15:52:40.0727 4088 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:52:40.0727 4088 msisadrv - ok
15:52:40.0758 4088 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:52:40.0774 4088 MSiSCSI - ok
15:52:40.0774 4088 msiserver - ok
15:52:40.0805 4088 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:52:40.0805 4088 MSK80Service - ok
15:52:40.0821 4088 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:52:40.0852 4088 MSKSSRV - ok
15:52:40.0867 4088 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:40.0899 4088 MSPCLOCK - ok
15:52:40.0899 4088 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:52:40.0930 4088 MSPQM - ok
15:52:40.0945 4088 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:52:40.0961 4088 MsRPC - ok
15:52:40.0977 4088 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:52:40.0977 4088 mssmbios - ok
15:52:40.0992 4088 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:52:41.0023 4088 MSTEE - ok
15:52:41.0023 4088 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:52:41.0055 4088 MTConfig - ok
15:52:41.0070 4088 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:52:41.0086 4088 Mup - ok
15:52:41.0117 4088 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:52:41.0148 4088 napagent - ok
15:52:41.0226 4088 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:52:41.0273 4088 NativeWifiP - ok
15:52:41.0320 4088 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:52:41.0351 4088 NDIS - ok
15:52:41.0367 4088 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:41.0382 4088 NdisCap - ok
15:52:41.0413 4088 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:41.0445 4088 NdisTapi - ok
15:52:41.0460 4088 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:41.0491 4088 Ndisuio - ok
15:52:41.0523 4088 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:41.0569 4088 NdisWan - ok
15:52:41.0601 4088 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:52:41.0647 4088 NDProxy - ok
15:52:41.0663 4088 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:52:41.0710 4088 NetBIOS - ok
15:52:41.0725 4088 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:52:41.0757 4088 NetBT - ok
15:52:41.0772 4088 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:52:41.0788 4088 Netlogon - ok
15:52:41.0819 4088 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:52:41.0866 4088 Netman - ok
15:52:41.0944 4088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:41.0959 4088 NetMsmqActivator - ok
15:52:41.0959 4088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:41.0975 4088 NetPipeActivator - ok
15:52:42.0022 4088 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:52:42.0069 4088 netprofm - ok
15:52:42.0084 4088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:42.0100 4088 NetTcpActivator - ok
15:52:42.0100 4088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:42.0115 4088 NetTcpPortSharing - ok
15:52:42.0131 4088 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:52:42.0147 4088 nfrd960 - ok
15:52:42.0178 4088 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:52:42.0209 4088 NlaSvc - ok
15:52:42.0225 4088 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:52:42.0256 4088 Npfs - ok
15:52:42.0271 4088 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:52:42.0303 4088 nsi - ok
15:52:42.0318 4088 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:52:42.0349 4088 nsiproxy - ok
15:52:42.0396 4088 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:52:42.0427 4088 Ntfs - ok
15:52:42.0443 4088 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:52:42.0474 4088 Null - ok
15:52:42.0521 4088 [ 680371A3C9179A3AF99A89ADB46A1B15 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
15:52:42.0537 4088 nvkflt - ok
15:52:42.0802 4088 [ 6F47F63075FD4C4522CC2F15C5AC7A06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:52:43.0114 4088 nvlddmkm - ok
15:52:43.0114 4088 [ 445A5BD14480A578615DB4F4CCDCAD84 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:52:43.0129 4088 nvpciflt - ok
15:52:43.0161 4088 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:52:43.0176 4088 nvraid - ok
15:52:43.0207 4088 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:52:43.0223 4088 nvstor - ok
15:52:43.0270 4088 [ 783215D9840E74B05F91A7D55DC03210 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:52:43.0301 4088 nvsvc - ok
15:52:43.0426 4088 [ 6AAB18AD52B106230B247E0D9E20B97E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:52:43.0519 4088 nvUpdatusService - ok
15:52:43.0551 4088 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:52:43.0566 4088 nv_agp - ok
15:52:43.0566 4088 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:52:43.0597 4088 ohci1394 - ok
15:52:43.0629 4088 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:43.0660 4088 ose - ok
15:52:43.0816 4088 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:52:43.0956 4088 osppsvc - ok
15:52:43.0987 4088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:52:44.0019 4088 p2pimsvc - ok
15:52:44.0050 4088 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:52:44.0065 4088 p2psvc - ok
15:52:44.0097 4088 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:52:44.0128 4088 Parport - ok
15:52:44.0159 4088 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:52:44.0159 4088 partmgr - ok
15:52:44.0190 4088 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:52:44.0221 4088 PcaSvc - ok
15:52:44.0253 4088 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:52:44.0268 4088 pci - ok
15:52:44.0284 4088 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:52:44.0315 4088 pciide - ok
15:52:44.0331 4088 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:52:44.0362 4088 pcmcia - ok
15:52:44.0377 4088 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:52:44.0377 4088 pcw - ok
15:52:44.0409 4088 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:52:44.0455 4088 PEAUTH - ok
15:52:44.0533 4088 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:52:44.0565 4088 PerfHost - ok
15:52:44.0611 4088 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:52:44.0674 4088 pla - ok
15:52:44.0721 4088 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:52:44.0767 4088 PlugPlay - ok
15:52:44.0799 4088 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:52:44.0830 4088 PNRPAutoReg - ok
15:52:44.0861 4088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:52:44.0877 4088 PNRPsvc - ok
15:52:44.0908 4088 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:52:44.0955 4088 PolicyAgent - ok
15:52:44.0986 4088 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:52:45.0017 4088 Power - ok
15:52:45.0048 4088 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:52:45.0095 4088 PptpMiniport - ok
15:52:45.0095 4088 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:52:45.0126 4088 Processor - ok
15:52:45.0157 4088 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:52:45.0204 4088 ProfSvc - ok
15:52:45.0204 4088 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:52:45.0235 4088 ProtectedStorage - ok
15:52:45.0251 4088 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:52:45.0282 4088 Psched - ok
15:52:45.0329 4088 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:52:45.0360 4088 ql2300 - ok
15:52:45.0360 4088 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:52:45.0376 4088 ql40xx - ok
15:52:45.0407 4088 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:52:45.0423 4088 QWAVE - ok
15:52:45.0438 4088 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:52:45.0454 4088 QWAVEdrv - ok
15:52:45.0469 4088 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:52:45.0501 4088 RasAcd - ok
15:52:45.0532 4088 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:45.0594 4088 RasAgileVpn - ok
15:52:45.0625 4088 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:52:45.0672 4088 RasAuto - ok
15:52:45.0688 4088 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:45.0735 4088 Rasl2tp - ok
15:52:45.0750 4088 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:52:45.0797 4088 RasMan - ok
15:52:45.0797 4088 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:45.0828 4088 RasPppoe - ok
15:52:45.0859 4088 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:52:45.0906 4088 RasSstp - ok
15:52:45.0922 4088 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:52:45.0984 4088 rdbss - ok
15:52:46.0015 4088 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:52:46.0047 4088 rdpbus - ok
15:52:46.0078 4088 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:46.0140 4088 RDPCDD - ok
15:52:46.0156 4088 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:52:46.0234 4088 RDPENCDD - ok
15:52:46.0249 4088 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:52:46.0281 4088 RDPREFMP - ok
15:52:46.0312 4088 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:52:46.0359 4088 RDPWD - ok
15:52:46.0390 4088 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:52:46.0421 4088 rdyboost - ok
15:52:46.0437 4088 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:52:46.0499 4088 RemoteAccess - ok
15:52:46.0530 4088 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:52:46.0577 4088 RemoteRegistry - ok
15:52:46.0608 4088 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:46.0624 4088 RFCOMM - ok
15:52:46.0702 4088 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:52:46.0733 4088 RichVideo - ok
15:52:46.0764 4088 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:52:46.0795 4088 RpcEptMapper - ok
15:52:46.0811 4088 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:52:46.0842 4088 RpcLocator - ok
15:52:46.0858 4088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:52:46.0873 4088 RpcSs - ok
15:52:46.0905 4088 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:52:46.0936 4088 rspndr - ok
15:52:46.0936 4088 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:52:46.0951 4088 SamSs - ok
15:52:46.0967 4088 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:52:46.0983 4088 sbp2port - ok
15:52:47.0014 4088 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:52:47.0029 4088 SCardSvr - ok
15:52:47.0045 4088 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:52:47.0076 4088 scfilter - ok
15:52:47.0107 4088 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:52:47.0154 4088 Schedule - ok
15:52:47.0201 4088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:52:47.0232 4088 SCPolicySvc - ok
15:52:47.0263 4088 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:52:47.0295 4088 SDRSVC - ok
15:52:47.0357 4088 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:52:47.0373 4088 SeaPort - ok
15:52:47.0404 4088 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:52:47.0451 4088 secdrv - ok
15:52:47.0466 4088 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:52:47.0497 4088 seclogon - ok
15:52:47.0529 4088 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:52:47.0560 4088 SENS - ok
15:52:47.0575 4088 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:52:47.0607 4088 SensrSvc - ok
15:52:47.0638 4088 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:52:47.0669 4088 Serenum - ok
15:52:47.0700 4088 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:52:47.0716 4088 Serial - ok
15:52:47.0747 4088 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:52:47.0794 4088 sermouse - ok
15:52:47.0825 4088 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:52:47.0887 4088 SessionEnv - ok
15:52:47.0887 4088 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:52:47.0919 4088 sffdisk - ok
15:52:47.0919 4088 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:52:47.0950 4088 sffp_mmc - ok
15:52:47.0965 4088 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:52:47.0997 4088 sffp_sd - ok
15:52:48.0012 4088 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:52:48.0043 4088 sfloppy - ok
15:52:48.0090 4088 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:52:48.0137 4088 Sftfs - ok
15:52:48.0215 4088 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:52:48.0246 4088 sftlist - ok
15:52:48.0262 4088 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:52:48.0277 4088 Sftplay - ok
15:52:48.0309 4088 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:52:48.0324 4088 Sftredir - ok
15:52:48.0324 4088 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:52:48.0340 4088 Sftvol - ok
15:52:48.0387 4088 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:52:48.0402 4088 sftvsa - ok
15:52:48.0433 4088 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:52:48.0496 4088 SharedAccess - ok
15:52:48.0511 4088 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:52:48.0558 4088 ShellHWDetection - ok
15:52:48.0589 4088 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
15:52:48.0621 4088 SiSGbeLH - ok
15:52:48.0621 4088 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:52:48.0636 4088 SiSRaid2 - ok
15:52:48.0636 4088 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:52:48.0652 4088 SiSRaid4 - ok
15:52:48.0730 4088 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:52:48.0761 4088 SkypeUpdate - ok
15:52:48.0792 4088 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:52:48.0839 4088 Smb - ok
15:52:48.0886 4088 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:52:48.0917 4088 SNMPTRAP - ok
15:52:48.0933 4088 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:52:48.0948 4088 spldr - ok
15:52:48.0979 4088 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:52:49.0026 4088 Spooler - ok
15:52:49.0104 4088 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:52:49.0213 4088 sppsvc - ok
15:52:49.0245 4088 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:52:49.0276 4088 sppuinotify - ok
15:52:49.0291 4088 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:52:49.0323 4088 srv - ok
15:52:49.0323 4088 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:52:49.0338 4088 srv2 - ok
15:52:49.0369 4088 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:52:49.0385 4088 srvnet - ok
15:52:49.0416 4088 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:52:49.0463 4088 SSDPSRV - ok
15:52:49.0479 4088 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:52:49.0510 4088 SstpSvc - ok
15:52:49.0557 4088 [ BC3A40487D30895AC5B4C9660BF3549C ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:52:49.0588 4088 Stereo Service - ok
15:52:49.0603 4088 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:52:49.0603 4088 stexstor - ok
15:52:49.0650 4088 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:52:49.0681 4088 stisvc - ok
15:52:49.0697 4088 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:52:49.0697 4088 swenum - ok
15:52:49.0744 4088 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:52:49.0822 4088 swprv - ok
15:52:49.0853 4088 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys
15:52:49.0869 4088 sxuptp - ok
15:52:49.0915 4088 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:52:49.0947 4088 SysMain - ok
15:52:49.0978 4088 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:52:49.0993 4088 TabletInputService - ok
15:52:50.0009 4088 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:52:50.0056 4088 TapiSrv - ok
15:52:50.0087 4088 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:52:50.0118 4088 TBS - ok
15:52:50.0181 4088 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:52:50.0227 4088 Tcpip - ok
15:52:50.0259 4088 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:52:50.0290 4088 TCPIP6 - ok
15:52:50.0305 4088 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:52:50.0337 4088 tcpipreg - ok
15:52:50.0383 4088 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:52:50.0399 4088 TDPIPE - ok
15:52:50.0430 4088 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:52:50.0461 4088 TDTCP - ok
15:52:50.0493 4088 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:52:50.0539 4088 tdx - ok
15:52:50.0555 4088 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:52:50.0571 4088 TermDD - ok
15:52:50.0602 4088 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:52:50.0649 4088 TermService - ok
15:52:50.0664 4088 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:52:50.0695 4088 Themes - ok
15:52:50.0727 4088 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:52:50.0742 4088 THREADORDER - ok
15:52:50.0758 4088 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
15:52:50.0773 4088 TPM - ok
15:52:50.0805 4088 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:52:50.0836 4088 TrkWks - ok
15:52:50.0883 4088 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:52:50.0945 4088 TrustedInstaller - ok
15:52:50.0961 4088 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:50.0992 4088 tssecsrv - ok
15:52:51.0023 4088 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:52:51.0054 4088 TsUsbFlt - ok
15:52:51.0054 4088 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:52:51.0070 4088 TsUsbGD - ok
15:52:51.0117 4088 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:52:51.0148 4088 tunnel - ok
15:52:51.0163 4088 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:52:51.0179 4088 uagp35 - ok
15:52:51.0195 4088 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:52:51.0257 4088 udfs - ok
15:52:51.0273 4088 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:52:51.0304 4088 UI0Detect - ok
15:52:51.0335 4088 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:52:51.0351 4088 uliagpkx - ok
15:52:51.0366 4088 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:52:51.0382 4088 umbus - ok
15:52:51.0397 4088 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:52:51.0413 4088 UmPass - ok
15:52:51.0507 4088 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:52:51.0538 4088 UNS - ok
15:52:51.0663 4088 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:52:51.0725 4088 upnphost - ok
15:52:51.0772 4088 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:51.0803 4088 usbccgp - ok
15:52:51.0819 4088 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:52:51.0865 4088 usbcir - ok
15:52:51.0912 4088 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:52:51.0959 4088 usbehci - ok
15:52:51.0975 4088 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:52:52.0006 4088 usbhub - ok
15:52:52.0021 4088 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:52:52.0053 4088 usbohci - ok
15:52:52.0068 4088 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:52:52.0084 4088 usbprint - ok
15:52:52.0115 4088 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:52.0146 4088 USBSTOR - ok
15:52:52.0177 4088 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:52:52.0209 4088 usbuhci - ok
15:52:52.0255 4088 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:52:52.0302 4088 usbvideo - ok
15:52:52.0318 4088 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:52:52.0365 4088 UxSms - ok
15:52:52.0365 4088 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:52:52.0380 4088 VaultSvc - ok
15:52:52.0396 4088 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:52:52.0396 4088 vdrvroot - ok
15:52:52.0427 4088 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:52:52.0458 4088 vds - ok
15:52:52.0489 4088 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:52.0489 4088 vga - ok
15:52:52.0505 4088 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:52:52.0536 4088 VgaSave - ok
15:52:52.0567 4088 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:52:52.0583 4088 vhdmp - ok
15:52:52.0599 4088 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:52:52.0599 4088 viaide - ok
15:52:52.0630 4088 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:52:52.0645 4088 volmgr - ok
15:52:52.0661 4088 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:52:52.0677 4088 volmgrx - ok
15:52:52.0692 4088 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:52:52.0692 4088 volsnap - ok
15:52:52.0708 4088 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:52:52.0723 4088 vsmraid - ok
15:52:52.0755 4088 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:52:52.0801 4088 VSS - ok
15:52:52.0817 4088 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:52:52.0833 4088 vwifibus - ok
15:52:52.0848 4088 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:52:52.0864 4088 vwififlt - ok
15:52:52.0879 4088 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:52:52.0926 4088 W32Time - ok
15:52:52.0957 4088 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:52:52.0989 4088 WacomPen - ok
15:52:53.0004 4088 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:52:53.0051 4088 WANARP - ok
15:52:53.0067 4088 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:52:53.0082 4088 Wanarpv6 - ok
15:52:53.0129 4088 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:52:53.0191 4088 wbengine - ok
15:52:53.0223 4088 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:52:53.0238 4088 WbioSrvc - ok
15:52:53.0269 4088 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:52:53.0316 4088 wcncsvc - ok
15:52:53.0332 4088 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:52:53.0363 4088 WcsPlugInService - ok
15:52:53.0394 4088 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:52:53.0410 4088 Wd - ok
15:52:53.0457 4088 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:52:53.0472 4088 Wdf01000 - ok
15:52:53.0503 4088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:52:53.0566 4088 WdiServiceHost - ok
15:52:53.0566 4088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:52:53.0597 4088 WdiSystemHost - ok
15:52:53.0613 4088 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:52:53.0628 4088 WebClient - ok
15:52:53.0675 4088 [ 688399FF25A4012AF16DA2E5C3DAF050 ] WebOptimizer C:\Windows\system32\dmwu.exe
15:52:53.0706 4088 WebOptimizer - ok
15:52:53.0722 4088 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:52:53.0769 4088 Wecsvc - ok
15:52:53.0769 4088 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:52:53.0800 4088 wercplsupport - ok
15:52:53.0847 4088 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:52:53.0909 4088 WerSvc - ok
15:52:53.0925 4088 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:53.0987 4088 WfpLwf - ok
15:52:54.0034 4088 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:52:54.0049 4088 WimFltr - ok
15:52:54.0081 4088 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:52:54.0096 4088 WIMMount - ok
15:52:54.0127 4088 WinDefend - ok
15:52:54.0127 4088 WinHttpAutoProxySvc - ok
15:52:54.0174 4088 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:52:54.0221 4088 Winmgmt - ok
15:52:54.0283 4088 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:52:54.0361 4088 WinRM - ok
15:52:54.0424 4088 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
15:52:54.0439 4088 WinUsb - ok
15:52:54.0471 4088 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:52:54.0517 4088 Wlansvc - ok
15:52:54.0564 4088 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:52:54.0580 4088 wlcrasvc - ok
15:52:54.0689 4088 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:54.0736 4088 wlidsvc - ok
15:52:54.0751 4088 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:54.0767 4088 WmiAcpi - ok
15:52:54.0798 4088 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:52:54.0829 4088 wmiApSrv - ok
15:52:54.0861 4088 WMPNetworkSvc - ok
15:52:54.0892 4088 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:52:54.0923 4088 WPCSvc - ok
15:52:54.0939 4088 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:52:54.0970 4088 WPDBusEnum - ok
15:52:55.0001 4088 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:52:55.0032 4088 ws2ifsl - ok
15:52:55.0048 4088 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:52:55.0063 4088 wscsvc - ok
15:52:55.0063 4088 WSearch - ok
15:52:55.0157 4088 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:52:55.0204 4088 wuauserv - ok
15:52:55.0219 4088 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:52:55.0266 4088 WudfPf - ok
15:52:55.0297 4088 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:55.0329 4088 WUDFRd - ok
15:52:55.0344 4088 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:52:55.0375 4088 wudfsvc - ok
15:52:55.0391 4088 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:52:55.0407 4088 WwanSvc - ok
15:52:55.0485 4088 [ D65B42FBF19C676AA01AE95EC62F7764 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
15:52:55.0500 4088 ZAtheros Bt&Wlan Coex Agent - ok
15:52:55.0516 4088 ================ Scan global ===============================
15:52:55.0547 4088 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:52:55.0563 4088 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:55.0578 4088 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:55.0594 4088 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:52:55.0625 4088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:52:55.0625 4088 [Global] - ok
15:52:55.0625 4088 ================ Scan MBR ==================================
15:52:55.0641 4088 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:52:55.0765 4088 \Device\Harddisk0\DR0 - ok
15:52:55.0765 4088 ================ Scan VBR ==================================
15:52:55.0765 4088 [ C5B6C041DE39D013E2F54088FB9EF064 ] \Device\Harddisk0\DR0\Partition1
15:52:55.0765 4088 \Device\Harddisk0\DR0\Partition1 - ok
15:52:55.0812 4088 [ 0CDBBB138D54121AAABB912D57DE3075 ] \Device\Harddisk0\DR0\Partition2
15:52:55.0812 4088 \Device\Harddisk0\DR0\Partition2 - ok
15:52:55.0828 4088 [ 43E76EFEE1292E9FFF85CFE03EC1623D ] \Device\Harddisk0\DR0\Partition3
15:52:55.0828 4088 \Device\Harddisk0\DR0\Partition3 - ok
15:52:55.0843 4088 [ CA44269A2868ADDE617E183C4D3A93D7 ] \Device\Harddisk0\DR0\Partition4
15:52:55.0843 4088 \Device\Harddisk0\DR0\Partition4 - ok
15:52:55.0859 4088 [ 248A8E426C1F5BB2B863DC5CB119A56B ] \Device\Harddisk0\DR0\Partition5
15:52:55.0875 4088 \Device\Harddisk0\DR0\Partition5 - ok
15:52:55.0875 4088 ============================================================
15:52:55.0875 4088 Scan finished
15:52:55.0875 4088 ============================================================
15:52:55.0875 3764 Detected object count: 3
15:52:55.0875 3764 Actual detected object count: 3
15:53:58.0633 3764 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:58.0633 3764 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:58.0633 3764 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:58.0633 3764 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:58.0633 3764 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:58.0633 3764 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.09.2012, 15:32
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 16:49
| #21 |
| | MyStart Trojaner eingefangen! Combofix Logfile: Code:
ATTFilter ComboFix 12-09-27.03 - n.quero-espino 28.09.2012 17:28:26.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8078.6213 [GMT 2:00]
ausgeführt von:: c:\users\n.quero-espino\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\n.quero-espino\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\n.quero-espino\AppData\Roaming\log.txt
c:\users\N150C~1.QUE\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-28 ))))))))))))))))))))))))))))))
.
.
2012-09-28 11:53 . 2012-09-28 11:53 -------- d-----w- c:\programdata\Intenium
2012-09-28 11:52 . 2012-09-28 11:52 -------- d-----w- c:\program files (x86)\DEUTSCHLAND SPIELT
2012-09-28 11:51 . 2012-09-28 11:51 -------- d-----w- c:\program files (x86)\OXXOGames
2012-09-28 08:21 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D743BB06-819B-4D49-9D9C-C694DB2AA0FF}\mpengine.dll
2012-09-27 22:12 . 2012-09-27 22:12 -------- d-----w- c:\programdata\Playrix Entertainment
2012-09-27 20:50 . 2012-09-27 20:50 -------- d-----w- C:\_OTL
2012-09-26 11:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 15:22 . 2012-09-25 15:22 -------- d-----w- c:\program files (x86)\ESET
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\programdata\Malwarebytes
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-25 14:17 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:35 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 14:09 . 2012-09-25 14:35 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\windows\system32\Macromed
2012-09-25 10:20 . 2012-09-25 10:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 10:13 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-24 21:09 . 2012-09-24 21:09 -------- d-----w- c:\program files (x86)\jZip
2012-09-24 20:05 . 2012-09-28 08:16 -------- d-----w- c:\windows\SysWow64\WNLT
2012-09-24 20:05 . 2012-09-28 00:24 -------- d-----w- c:\windows\system32\ARFC
2012-09-24 20:05 . 2012-09-13 13:26 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-24 20:05 . 2012-09-13 13:25 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-24 20:05 . 2012-09-24 20:05 -------- d-----w- c:\program files (x86)\vGrabber-software
2012-09-24 20:04 . 2012-09-24 20:04 -------- d-----w- c:\program files (x86)\Perion
2012-09-24 19:42 . 2012-09-24 19:42 -------- d-----w- c:\program files (x86)\SpottyFiles
2012-09-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-22 01:09 . 2012-09-22 01:09 -------- d-----w- c:\programdata\Particles
2012-09-22 01:08 . 2012-09-22 01:08 -------- d-----w- c:\programdata\Far Mills
2012-09-22 01:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 16:46 . 2012-09-20 16:47 -------- d-----w- c:\programdata\Skype
2012-09-19 14:07 . 2012-09-19 14:07 -------- d-----w- c:\programdata\DailyMagic
2012-09-19 13:50 . 2012-09-19 13:50 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 -------- d-----w- c:\program files (x86)\OpenAL
2012-09-19 12:32 . 2012-09-19 12:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-19 12:30 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-19 01:35 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-19 01:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-19 01:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-19 01:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-19 01:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-19 01:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-19 01:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-18 23:48 . 2012-09-21 21:36 -------- d-----w- c:\programdata\Elephant Games
2012-09-18 23:43 . 2012-09-18 23:43 -------- d-----w- c:\programdata\Big Fish Games
2012-09-18 23:42 . 2012-09-18 23:43 -------- d-----w- c:\program files (x86)\bfgclient
2012-09-18 23:40 . 2012-09-28 10:33 -------- d-----w- C:\BigFishGamesCache
2012-09-18 20:26 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-18 20:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-18 20:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-18 20:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-18 20:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-18 20:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-18 20:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-18 20:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-18 20:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-18 20:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-18 20:14 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-18 20:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-18 20:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-18 20:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-18 20:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 20:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-18 20:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-18 20:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-18 20:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-18 20:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-18 20:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-18 20:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-18 16:02 . 2012-09-18 16:02 -------- d-----w- c:\programdata\Affinegy
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Napster 5
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-16 10:20 . 2012-09-16 10:20 -------- dc-h--w- c:\programdata\{A99563ED-A1AA-404A-B13C-ECDC5E1EB634}
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\program files (x86)\Kabel Deutschland
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\programdata\mquadr.at
2012-09-15 20:32 . 2012-09-15 20:32 -------- d-----w- c:\programdata\Azureus
2012-09-15 19:54 . 2012-09-15 20:37 -------- d-----w- c:\program files (x86)\Vuze
2012-09-15 19:54 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\i4j_jres
2012-09-15 19:52 . 2012-09-18 16:00 -------- d-----w- c:\programdata\Belkin
2012-09-15 19:52 . 2012-09-15 19:52 -------- d-----w- c:\program files\Belkin
2012-09-15 19:49 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Belkin
2012-09-14 20:48 . 2012-09-19 12:48 -------- d-----w- c:\programdata\VirtualizedApplications
2012-09-14 18:41 . 2012-09-14 19:39 -------- d-----w- c:\programdata\FarmFrenzy3_Madagascar
2012-09-14 18:37 . 2012-09-19 01:17 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-09-14 18:37 . 2012-09-14 18:37 -------- d-----w- c:\program files\Microsoft Office
2012-09-14 12:21 . 2012-09-14 12:21 -------- d-----w- c:\users\Public\CyberLink
2012-09-13 19:35 . 2012-09-24 20:55 -------- d-----w- c:\users\n.quero-espino
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 12:26 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-08-01 02:24 . 2012-08-01 02:24 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-08-01 02:24 . 2012-08-01 02:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 02:24 . 2012-08-01 02:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-01 02:18 . 2012-08-01 02:18 80512 ----a-w- c:\windows\AsusScr_N6 Series_ENG Uninstaller.exe
2012-08-01 02:18 . 2012-08-01 02:18 3058304 ----a-w- c:\windows\AsScrPro.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ASUS InstantKey"="c:\program files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" [2012-02-20 20456]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-08-01 3058304]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2011-12-30 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 250288]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-04-24 28992]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-04-24 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-03-30 107648]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-03-11 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-03-11 55296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-24 2458944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-23 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-30 163456]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 16512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-30 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-30 340608]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-30 111232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-30 30848]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-30 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-30 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-30 281472]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-30 550528]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-11 291352]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 14:35]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-09-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-09-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-30 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-30 801408]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-17 361984]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
mLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 83.169.186.33 83.169.186.97
FF - ProfilePath - c:\users\n.quero-espino\AppData\Roaming\Mozilla\Firefox\Profiles\a1aypee2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManagerDeluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\SpottyFiles\SpottyFilesUpdater.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Asus\AsusVibe\AsusVibe2.0.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-28 17:39:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-28 15:39
.
Vor Suchlauf: 11 Verzeichnis(se), 229.409.980.416 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 229.259.866.112 Bytes frei
.
- - End Of File - - B377676C6FCC3951CE8CC18C5708B8F6
|
|
28.09.2012, 18:59
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\windows\SysWow64\WNLT
c:\windows\system32\ARFC
Filelook::
c:\windows\system32\dmwu.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 14:30
| #23 |
| | MyStart Trojaner eingefangen! hi es wurde leider nicht gefragt, ob ich neu starten möchte, sondern er hat es einfach getan. ich weiß nicht ob das relevant ist Combofix Logfile: Code:
ATTFilter ComboFix 12-09-27.03 - n.quero-espino 29.09.2012 15:12:32.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8078.6344 [GMT 2:00]
ausgeführt von:: c:\users\n.quero-espino\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\n.quero-espino\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\n.quero-espino\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\N150C~1.QUE\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-29 ))))))))))))))))))))))))))))))
.
.
2012-09-29 13:17 . 2012-09-29 13:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-29 13:17 . 2012-09-29 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 17:41 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99D976D7-FF77-4730-8DE7-D21A160565FE}\mpengine.dll
2012-09-28 11:53 . 2012-09-28 11:53 -------- d-----w- c:\programdata\Intenium
2012-09-28 11:52 . 2012-09-28 11:52 -------- d-----w- c:\program files (x86)\DEUTSCHLAND SPIELT
2012-09-28 11:51 . 2012-09-28 11:51 -------- d-----w- c:\program files (x86)\OXXOGames
2012-09-27 22:12 . 2012-09-27 22:12 -------- d-----w- c:\programdata\Playrix Entertainment
2012-09-27 20:50 . 2012-09-27 20:50 -------- d-----w- C:\_OTL
2012-09-26 21:22 . 2012-09-28 17:34 -------- d-----w- c:\program files (x86)\Hidden Mysteries - Rueckkehr zur Titanic
2012-09-26 11:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 15:22 . 2012-09-25 15:22 -------- d-----w- c:\program files (x86)\ESET
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\programdata\Malwarebytes
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-25 14:17 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 14:09 . 2012-09-28 17:34 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:35 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 14:09 . 2012-09-25 14:35 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\windows\system32\Macromed
2012-09-25 10:20 . 2012-09-25 10:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 10:13 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-24 21:09 . 2012-09-24 21:09 -------- d-----w- c:\program files (x86)\jZip
2012-09-24 20:05 . 2012-09-29 13:18 -------- d-----w- c:\windows\SysWow64\WNLT
2012-09-24 20:05 . 2012-09-29 04:22 -------- d-----w- c:\windows\system32\ARFC
2012-09-24 20:05 . 2012-09-13 13:26 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-24 20:05 . 2012-09-13 13:25 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-24 20:05 . 2012-09-24 20:05 -------- d-----w- c:\program files (x86)\vGrabber-software
2012-09-24 20:04 . 2012-09-24 20:04 -------- d-----w- c:\program files (x86)\Perion
2012-09-24 19:42 . 2012-09-24 19:42 -------- d-----w- c:\program files (x86)\SpottyFiles
2012-09-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-22 01:09 . 2012-09-22 01:09 -------- d-----w- c:\programdata\Particles
2012-09-22 01:08 . 2012-09-22 01:08 -------- d-----w- c:\programdata\Far Mills
2012-09-22 01:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 16:46 . 2012-09-20 16:47 -------- d-----w- c:\programdata\Skype
2012-09-19 14:07 . 2012-09-19 14:07 -------- d-----w- c:\programdata\DailyMagic
2012-09-19 13:50 . 2012-09-19 13:50 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 -------- d-----w- c:\program files (x86)\OpenAL
2012-09-19 12:32 . 2012-09-19 12:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-19 12:30 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-19 01:35 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-19 01:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-19 01:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-19 01:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-19 01:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-19 01:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-19 01:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-18 23:48 . 2012-09-21 21:36 -------- d-----w- c:\programdata\Elephant Games
2012-09-18 23:43 . 2012-09-18 23:43 -------- d-----w- c:\programdata\Big Fish Games
2012-09-18 23:42 . 2012-09-18 23:43 -------- d-----w- c:\program files (x86)\bfgclient
2012-09-18 23:40 . 2012-09-28 17:32 -------- d-----w- C:\BigFishGamesCache
2012-09-18 20:26 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-18 20:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-18 20:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-18 20:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-18 20:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-18 20:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-18 20:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-18 20:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-18 20:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-18 20:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-18 20:14 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-18 20:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-18 20:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-18 20:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-18 20:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 20:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-18 20:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-18 20:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-18 20:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-18 20:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-18 20:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-18 20:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-18 16:02 . 2012-09-18 16:02 -------- d-----w- c:\programdata\Affinegy
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Napster 5
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-16 10:20 . 2012-09-16 10:20 -------- dc-h--w- c:\programdata\{A99563ED-A1AA-404A-B13C-ECDC5E1EB634}
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\program files (x86)\Kabel Deutschland
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\programdata\mquadr.at
2012-09-15 20:32 . 2012-09-15 20:32 -------- d-----w- c:\programdata\Azureus
2012-09-15 19:54 . 2012-09-15 20:37 -------- d-----w- c:\program files (x86)\Vuze
2012-09-15 19:54 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\i4j_jres
2012-09-15 19:52 . 2012-09-18 16:00 -------- d-----w- c:\programdata\Belkin
2012-09-15 19:52 . 2012-09-15 19:52 -------- d-----w- c:\program files\Belkin
2012-09-15 19:49 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Belkin
2012-09-14 20:48 . 2012-09-19 12:48 -------- d-----w- c:\programdata\VirtualizedApplications
2012-09-14 18:41 . 2012-09-14 19:39 -------- d-----w- c:\programdata\FarmFrenzy3_Madagascar
2012-09-14 18:37 . 2012-09-19 01:17 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-09-14 18:37 . 2012-09-14 18:37 -------- d-----w- c:\program files\Microsoft Office
2012-09-14 12:21 . 2012-09-14 12:21 -------- d-----w- c:\users\Public\CyberLink
2012-09-13 19:35 . 2012-09-28 17:37 -------- d-----w- c:\users\n.quero-espino
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 12:26 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-08-01 02:24 . 2012-08-01 02:24 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-08-01 02:24 . 2012-08-01 02:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 02:24 . 2012-08-01 02:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-01 02:18 . 2012-08-01 02:18 80512 ----a-w- c:\windows\AsusScr_N6 Series_ENG Uninstaller.exe
2012-08-01 02:18 . 2012-08-01 02:18 3058304 ----a-w- c:\windows\AsScrPro.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\dmwu.exe ---
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1259888
Created time: 2012-09-24 20:05
Modified time: 2012-09-13 13:26
MD5: 688399FF25A4012AF16DA2E5C3DAF050
SHA1: 16772A183D3695633B2810F8DEDF62B7B6CB8E20
.
---- Directory of c:\windows\system32\ARFC ----
.
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\ARFC\wrtc.exe
.
---- Directory of c:\windows\SysWow64\WNLT ----
.
2012-09-29 04:22 . 2012-09-29 04:22 3108056 ----a-w- c:\windows\SysWow64\WNLT\Installation\WSSetup.exe
2012-09-24 20:05 . 2012-09-29 04:22 86125 ----a-w- c:\windows\SysWow64\WNLT\Installation\uninstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ASUS InstantKey"="c:\program files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" [2012-02-20 20456]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-08-01 3058304]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2011-12-30 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AsusVibeLuncher"="c:\program files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe" [2012-07-18 549040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-24 549040]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 250288]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-04-24 28992]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-04-24 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-03-30 107648]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-03-11 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-03-11 55296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-24 2458944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-23 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-30 163456]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 16512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-30 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-30 340608]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-30 111232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-30 30848]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-30 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-30 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-30 281472]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-30 550528]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-11 291352]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 14:35]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-09-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-09-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-30 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-30 801408]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-17 361984]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 83.169.186.33 83.169.186.97
FF - ProfilePath - c:\users\n.quero-espino\AppData\Roaming\Mozilla\Firefox\Profiles\a1aypee2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManagerDeluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\SpottyFiles\SpottyFilesUpdater.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-29 15:23:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-29 13:23
ComboFix2.txt 2012-09-28 15:39
.
Vor Suchlauf: 12 Verzeichnis(se), 229.798.965.248 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 229.613.793.280 Bytes frei
.
- - End Of File - - C525C53798A824DA774F4BC5F3287D98
--- --- --- |
|
01.10.2012, 11:51
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Bitte öffne die CFScript.txt und pass den Inhalt an, es sollte das hier drinstehen: Code:
ATTFilter Folder::
c:\windows\SysWow64\WNLT
c:\windows\system32\ARFC
File::
c:\windows\system32\dmwu.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 20:32
| #25 |
| | MyStart Trojaner eingefangen! hi, leider war ich bis heute im urlaub und nun ist die datei nicht mehr auffindbar. muss ich nun von komplett neuem beginnen? |
|
07.10.2012, 20:50
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Welche Datei? Die CFScript.txt? Dann legst du die neu an, ist doch nur eine Textdatei!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 21:57
| #27 |
| | MyStart Trojaner eingefangen! Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - n.quero-espino 07.10.2012 22:41:35.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8078.5740 [GMT 2:00]
ausgeführt von:: c:\users\n.quero-espino\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\n.quero-espino\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dmwu.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\n.quero-espino\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\N150C~1.QUE\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\dmwu.exe
c:\windows\SysWow64\WNLT
c:\windows\SysWow64\WNLT\Installation\uninstaller.exe
c:\windows\SysWow64\WNLT\Installation\WSSetup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WebOptimizer
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-07 bis 2012-10-07 ))))))))))))))))))))))))))))))
.
.
2012-10-07 20:46 . 2012-10-07 20:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-07 20:46 . 2012-10-07 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 19:29 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C6DB050-6261-479B-9EB0-95902342898D}\mpengine.dll
2012-09-29 15:27 . 2012-09-29 15:27 -------- d-----r- C:\MSOCache
2012-09-28 11:53 . 2012-09-28 11:53 -------- d-----w- c:\programdata\Intenium
2012-09-28 11:52 . 2012-09-28 11:52 -------- d-----w- c:\program files (x86)\DEUTSCHLAND SPIELT
2012-09-28 11:51 . 2012-09-28 11:51 -------- d-----w- c:\program files (x86)\OXXOGames
2012-09-27 22:12 . 2012-09-27 22:12 -------- d-----w- c:\programdata\Playrix Entertainment
2012-09-27 20:50 . 2012-09-27 20:50 -------- d-----w- C:\_OTL
2012-09-26 21:22 . 2012-09-28 17:34 -------- d-----w- c:\program files (x86)\Hidden Mysteries - Rueckkehr zur Titanic
2012-09-26 11:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 15:22 . 2012-09-25 15:22 -------- d-----w- c:\program files (x86)\ESET
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\programdata\Malwarebytes
2012-09-25 14:17 . 2012-09-25 14:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-25 14:17 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 14:09 . 2012-09-28 17:34 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-09-25 14:09 . 2012-09-25 14:35 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 14:09 . 2012-09-25 14:35 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\windows\system32\Macromed
2012-09-25 10:20 . 2012-09-25 10:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 10:13 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-24 21:09 . 2012-09-24 21:09 -------- d-----w- c:\program files (x86)\jZip
2012-09-24 20:05 . 2012-09-29 04:22 -------- d-----w- c:\windows\system32\ARFC
2012-09-24 20:05 . 2012-09-13 13:25 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-24 20:05 . 2012-09-24 20:05 -------- d-----w- c:\program files (x86)\vGrabber-software
2012-09-24 20:04 . 2012-09-24 20:04 -------- d-----w- c:\program files (x86)\Perion
2012-09-24 19:42 . 2012-09-24 19:42 -------- d-----w- c:\program files (x86)\SpottyFiles
2012-09-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-22 01:09 . 2012-09-22 01:09 -------- d-----w- c:\programdata\Particles
2012-09-22 01:08 . 2012-09-22 01:08 -------- d-----w- c:\programdata\Far Mills
2012-09-22 01:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-20 16:46 . 2012-09-20 16:46 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 16:46 . 2012-09-20 16:47 -------- d-----w- c:\programdata\Skype
2012-09-19 14:07 . 2012-09-19 14:07 -------- d-----w- c:\programdata\DailyMagic
2012-09-19 13:50 . 2012-09-19 13:50 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-19 13:50 . 2012-09-19 13:50 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-19 13:50 . 2012-09-19 13:50 -------- d-----w- c:\program files (x86)\OpenAL
2012-09-19 12:32 . 2012-09-19 12:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-19 12:30 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-19 01:35 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-19 01:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-19 01:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-19 01:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-19 01:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-19 01:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-19 01:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-19 01:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-18 23:48 . 2012-09-21 21:36 -------- d-----w- c:\programdata\Elephant Games
2012-09-18 23:43 . 2012-09-18 23:43 -------- d-----w- c:\programdata\Big Fish Games
2012-09-18 23:42 . 2012-09-18 23:43 -------- d-----w- c:\program files (x86)\bfgclient
2012-09-18 23:40 . 2012-09-28 17:32 -------- d-----w- C:\BigFishGamesCache
2012-09-18 20:26 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-18 20:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-18 20:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-18 20:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-18 20:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-18 20:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-18 20:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-18 20:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-18 20:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-18 20:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-18 20:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-18 20:14 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-18 20:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-18 20:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-18 20:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-18 20:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 20:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-18 20:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-18 20:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-18 20:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-18 20:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-18 20:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-18 20:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-18 16:02 . 2012-09-18 16:02 -------- d-----w- c:\programdata\Affinegy
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Napster 5
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-16 10:20 . 2012-09-16 10:20 -------- dc-h--w- c:\programdata\{A99563ED-A1AA-404A-B13C-ECDC5E1EB634}
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\program files (x86)\Kabel Deutschland
2012-09-16 10:20 . 2012-09-16 10:20 -------- d-----w- c:\programdata\mquadr.at
2012-09-15 20:32 . 2012-09-15 20:32 -------- d-----w- c:\programdata\Azureus
2012-09-15 19:54 . 2012-09-15 20:37 -------- d-----w- c:\program files (x86)\Vuze
2012-09-15 19:54 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\i4j_jres
2012-09-15 19:52 . 2012-09-18 16:00 -------- d-----w- c:\programdata\Belkin
2012-09-15 19:52 . 2012-09-15 19:52 -------- d-----w- c:\program files\Belkin
2012-09-15 19:49 . 2012-09-15 19:54 -------- d-----w- c:\program files (x86)\Belkin
2012-09-14 20:48 . 2012-09-19 12:48 -------- d-----w- c:\programdata\VirtualizedApplications
2012-09-14 18:41 . 2012-09-14 19:39 -------- d-----w- c:\programdata\FarmFrenzy3_Madagascar
2012-09-14 18:37 . 2012-09-19 01:17 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-09-14 18:37 . 2012-09-14 18:37 -------- d-----w- c:\program files\Microsoft Office
2012-09-14 12:21 . 2012-09-14 12:21 -------- d-----w- c:\users\Public\CyberLink
2012-09-13 19:35 . 2012-09-28 17:37 -------- d-----w- c:\users\n.quero-espino
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 12:26 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-08-01 02:24 . 2012-08-01 02:24 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-08-01 02:24 . 2012-08-01 02:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 02:24 . 2012-08-01 02:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-01 02:18 . 2012-08-01 02:18 80512 ----a-w- c:\windows\AsusScr_N6 Series_ENG Uninstaller.exe
2012-08-01 02:18 . 2012-08-01 02:18 3058304 ----a-w- c:\windows\AsScrPro.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ASUS InstantKey"="c:\program files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" [2012-02-20 20456]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-08-01 3058304]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2011-12-30 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-03-17 1141144]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 250288]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-04-24 28992]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-04-24 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-03-30 107648]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-03-11 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-03-11 55296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-24 2458944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-23 382272]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-30 163456]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 16512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-30 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-30 340608]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-30 111232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-30 30848]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-30 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-30 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-30 281472]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-30 550528]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-11 291352]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 14:35]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-10-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-10-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-30 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-30 801408]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-17 361984]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 83.169.186.33 83.169.186.97
FF - ProfilePath - c:\users\n.quero-espino\AppData\Roaming\Mozilla\Firefox\Profiles\a1aypee2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManagerDeluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\SpottyFiles\SpottyFilesUpdater.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-07 22:52:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-07 20:51
ComboFix2.txt 2012-10-07 20:30
ComboFix3.txt 2012-09-29 13:23
ComboFix4.txt 2012-09-28 15:39
.
Vor Suchlauf: 15 Verzeichnis(se), 235.413.909.504 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 235.125.547.008 Bytes frei
.
- - End Of File - - 761DC634D556CAE8CEA9FAFDB54D8763
|
|
08.10.2012, 10:10
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MyStart Trojaner eingefangen! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 19:52
| #29 |
| | MyStart Trojaner eingefangen! hi, ich kann GMER nicht durch führen und osam gibt mir die fehlermeldung dass osam_gui.dll nicht auf dem pc installiert ist und ich die installation wiederholen soll, allerdings habe ich das nun 6 mal gemacht und es funktionieert immer noch nicht. mache ich etwas falsch? mcafee ist aus |
|
| Themen zu MyStart Trojaner eingefangen! |
| autorun, bho, browser, defender, einstellungen, entfernen, firefox, format, google, helper, home, homepage, logfile, monitor, mystart trojaner, object, realtek, registry, scan, siteadvisor, software, trojaner, usb, windows, wlan |
Linear-Darstellung
