| |
| |||||||
Log-Analyse und Auswertung: Polizei Virus - Cyber Crime Investigation DepartmentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.10.2012, 21:02
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Polizei Virus - Cyber Crime Investigation Department Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Windows\tasks\AutoKMS.job
C:\Users\Sabrina\AppData\Local\{*
C:\ProgramData\*.pad
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.10.2012, 17:25
| #17 |
 | Polizei Virus - Cyber Crime Investigation Department Habe den Fix gemacht, mit folgendem Ergebnis. Kurze Zwischenfrage: Kann ich derzeit Onlinebanking auf meinem Laptop machen oder lieber noch nicht?
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Windows\tasks\AutoKMS.job moved successfully.
C:\Users\Sabrina\AppData\Local\{0657303C-0B26-4FEC-930A-724F5529A431} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{239EA659-035E-491C-9800-B259FD2FB8E9} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{275EE3EE-1771-4304-BDA7-0D0BA7950055} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{3671FB78-3849-4143-ADCD-4DF7EB64E93D} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{3760CAF4-EC13-4684-93FD-0893427D0A5D} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{554F0B1E-132C-4C68-B31D-6F54E92877C1} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{55590E80-E01C-41AF-A21F-A8FD5B697412} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{60AF4F9C-780E-4334-B430-582581AE29F3} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{66842677-77F0-4E4E-B11E-11B0B768F274} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{68DEABD0-453C-478B-9D1A-C87CA7A8342A} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{73D64CB2-B622-4FE7-9F40-AA2916FD4822} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{7838C41A-051D-48A1-9583-7D53FEFA3C17} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{82EF8208-018D-48D5-9CD3-391F815C3D30} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{8595E399-3115-4C86-AF4B-B571E0201031} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{902AF1A1-FAAA-44F5-83C3-50379197DE14} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{98913C66-3285-4E35-94B6-CAD6B5EE8384} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{9A53E2AC-280D-49F9-98B5-9568156EEB04} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{9DEFBDAB-2087-48AA-8827-E9D0B5D79DAB} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{9E63B17E-BEC1-4B83-8EDD-671E5687EDCE} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{A8AF9FB5-5F25-476F-8BAA-2EE8587376AF} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{AA7440C7-3D98-4D90-A2BC-D580066EFA82} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{B0442B52-F8B2-46EB-ADB3-A001A9ADDB44} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{B3ADF0DC-7FB6-4228-9E28-75A80973B443} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{BD0D3067-FD60-4795-847C-77E86D0CBE21} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{CBFB96B8-4AA9-403F-AB4A-5A7CA482039D} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{D1CCC6A3-3FBC-49AF-BBBD-727B191C2AA1} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{E0132CB5-7D93-494D-9371-F59A95323A29} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{F01FF2FC-A91B-49AD-90B3-3CFB63DA07FD} folder moved successfully.
C:\Users\Sabrina\AppData\Local\{F208864B-3123-4CBB-8537-110F66EE4181} folder moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sabrina\Desktop\cmd.bat deleted successfully.
C:\Users\Sabrina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sabrina
->Temp folder emptied: 117133882 bytes
->Temporary Internet Files folder emptied: 239744731 bytes
->Java cache emptied: 201201 bytes
->Flash cache emptied: 58028 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 543426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 801864 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 342,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.70.1 log created on 10042012_181241
Files\Folders moved on Reboot...
C:\Users\Sabrina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
04.10.2012, 19:21
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Erstmal müssen wir hier durch sein bevor du wieder an so etwas denken kannst!
__________________Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
04.10.2012, 20:37
| #19 |
| | Polizei Virus - Cyber Crime Investigation Department Danke für die Warnung, dann müssen meine Rechnungen eben warten  Hier das Log vom TDSS-Killer (und zwischendurch wiedermal vielen Dank für deine Geduld und Hilfe): Code:
ATTFilter 21:32:16.0285 0608 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:32:16.0503 0608 ============================================================
21:32:16.0503 0608 Current date / time: 2012/10/04 21:32:16.0503
21:32:16.0503 0608 SystemInfo:
21:32:16.0503 0608
21:32:16.0503 0608 OS Version: 6.1.7601 ServicePack: 1.0
21:32:16.0503 0608 Product type: Workstation
21:32:16.0503 0608 ComputerName: SABRINA-VAIO
21:32:16.0503 0608 UserName: Sabrina
21:32:16.0503 0608 Windows directory: C:\Windows
21:32:16.0503 0608 System windows directory: C:\Windows
21:32:16.0503 0608 Running under WOW64
21:32:16.0503 0608 Processor architecture: Intel x64
21:32:16.0503 0608 Number of processors: 2
21:32:16.0503 0608 Page size: 0x1000
21:32:16.0503 0608 Boot type: Normal boot
21:32:16.0503 0608 ============================================================
21:32:19.0686 0608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:19.0701 0608 ============================================================
21:32:19.0701 0608 \Device\Harddisk0\DR0:
21:32:19.0701 0608 MBR partitions:
21:32:19.0701 0608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF6000, BlocksNum 0x32000
21:32:19.0701 0608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C28000, BlocksNum 0x3875D830
21:32:19.0701 0608 ============================================================
21:32:19.0748 0608 C: <-> \Device\Harddisk0\DR0\Partition2
21:32:19.0748 0608 ============================================================
21:32:19.0748 0608 Initialize success
21:32:19.0748 0608 ============================================================
21:32:31.0388 0836 ============================================================
21:32:31.0388 0836 Scan started
21:32:31.0388 0836 Mode: Manual; SigCheck; TDLFS;
21:32:31.0388 0836 ============================================================
21:32:33.0478 0836 ================ Scan system memory ========================
21:32:33.0478 0836 System memory - ok
21:32:33.0478 0836 ================ Scan services =============================
21:32:34.0430 0836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:32:34.0664 0836 1394ohci - ok
21:32:34.0773 0836 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:32:34.0820 0836 ACDaemon - ok
21:32:34.0882 0836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:32:34.0914 0836 ACPI - ok
21:32:34.0960 0836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:32:35.0070 0836 AcpiPmi - ok
21:32:35.0163 0836 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:32:35.0194 0836 AdobeARMservice - ok
21:32:35.0241 0836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:32:35.0272 0836 adp94xx - ok
21:32:35.0319 0836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:32:35.0350 0836 adpahci - ok
21:32:35.0382 0836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:32:35.0413 0836 adpu320 - ok
21:32:35.0444 0836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:32:35.0631 0836 AeLookupSvc - ok
21:32:35.0709 0836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:32:35.0834 0836 AFD - ok
21:32:35.0865 0836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:32:35.0896 0836 agp440 - ok
21:32:35.0943 0836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:32:36.0052 0836 ALG - ok
21:32:36.0099 0836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:32:36.0115 0836 aliide - ok
21:32:36.0162 0836 [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:32:36.0286 0836 AMD External Events Utility - ok
21:32:36.0364 0836 AMD FUEL Service - ok
21:32:36.0380 0836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:32:36.0411 0836 amdide - ok
21:32:36.0458 0836 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:32:36.0474 0836 amdiox64 - ok
21:32:36.0505 0836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:32:36.0567 0836 AmdK8 - ok
21:32:37.0644 0836 [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:32:38.0034 0836 amdkmdag - ok
21:32:38.0127 0836 [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:32:38.0205 0836 amdkmdap - ok
21:32:38.0236 0836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:32:38.0299 0836 AmdPPM - ok
21:32:38.0361 0836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:32:38.0424 0836 amdsata - ok
21:32:38.0439 0836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:32:38.0470 0836 amdsbs - ok
21:32:38.0486 0836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:32:38.0517 0836 amdxata - ok
21:32:38.0548 0836 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
21:32:38.0564 0836 amd_sata - ok
21:32:38.0626 0836 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
21:32:38.0642 0836 amd_xata - ok
21:32:38.0720 0836 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:32:38.0767 0836 AntiVirSchedulerService - ok
21:32:38.0814 0836 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:32:38.0829 0836 AntiVirService - ok
21:32:38.0860 0836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:32:39.0079 0836 AppID - ok
21:32:39.0110 0836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:32:39.0204 0836 AppIDSvc - ok
21:32:39.0250 0836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:32:39.0360 0836 Appinfo - ok
21:32:39.0422 0836 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:39.0453 0836 Apple Mobile Device - ok
21:32:39.0484 0836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:32:39.0500 0836 arc - ok
21:32:39.0531 0836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:32:39.0562 0836 arcsas - ok
21:32:39.0609 0836 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:32:39.0625 0836 ArcSoftKsUFilter - ok
21:32:39.0750 0836 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:32:39.0781 0836 aspnet_state - ok
21:32:39.0812 0836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:39.0906 0836 AsyncMac - ok
21:32:39.0921 0836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:32:39.0952 0836 atapi - ok
21:32:39.0984 0836 [ 50F257E19554421B6891E3F998EDCA90 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
21:32:39.0999 0836 AthBTPort - ok
21:32:40.0108 0836 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:32:40.0140 0836 Atheros Bt&Wlan Coex Agent - ok
21:32:40.0171 0836 [ EBC3119394C9074A9CD87578A435050D ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:32:40.0186 0836 AtherosSvc - ok
21:32:40.0592 0836 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:32:40.0795 0836 athr - ok
21:32:40.0857 0836 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:32:40.0873 0836 AtiHDAudioService - ok
21:32:40.0920 0836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:32:41.0044 0836 AudioEndpointBuilder - ok
21:32:41.0060 0836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:32:41.0138 0836 AudioSrv - ok
21:32:41.0169 0836 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:32:41.0200 0836 avgntflt - ok
21:32:41.0247 0836 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:32:41.0278 0836 avipbb - ok
21:32:41.0325 0836 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:32:41.0341 0836 avkmgr - ok
21:32:41.0403 0836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:32:41.0466 0836 AxInstSV - ok
21:32:41.0528 0836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:32:41.0653 0836 b06bdrv - ok
21:32:41.0715 0836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:32:41.0778 0836 b57nd60a - ok
21:32:41.0871 0836 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:32:41.0918 0836 BBSvc - ok
21:32:41.0965 0836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:32:42.0043 0836 BDESVC - ok
21:32:42.0090 0836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:32:42.0183 0836 Beep - ok
21:32:42.0246 0836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:32:42.0339 0836 BFE - ok
21:32:42.0495 0836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:32:42.0651 0836 BITS - ok
21:32:42.0698 0836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:32:42.0760 0836 blbdrive - ok
21:32:42.0823 0836 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:32:42.0854 0836 Bonjour Service - ok
21:32:42.0885 0836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:32:42.0979 0836 bowser - ok
21:32:43.0010 0836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:32:43.0072 0836 BrFiltLo - ok
21:32:43.0135 0836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:32:43.0197 0836 BrFiltUp - ok
21:32:43.0275 0836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:32:43.0291 0836 Browser - ok
21:32:43.0338 0836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:32:43.0416 0836 Brserid - ok
21:32:43.0447 0836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:32:43.0509 0836 BrSerWdm - ok
21:32:43.0540 0836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:32:43.0618 0836 BrUsbMdm - ok
21:32:43.0650 0836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:32:43.0712 0836 BrUsbSer - ok
21:32:43.0774 0836 [ B3BCD755FA9A359D10208CC9F09847CC ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
21:32:43.0806 0836 BTATH_A2DP - ok
21:32:43.0821 0836 [ 9BBBA9D6DBDEFC8A6542BC7A6EBAF710 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
21:32:43.0837 0836 btath_avdt - ok
21:32:43.0868 0836 [ D838DD1BCB328EFCFAD7A52DE9E3CAFD ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
21:32:43.0884 0836 BTATH_BUS - ok
21:32:43.0930 0836 [ A441B800E04CF8443FAF519207563ABB ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:32:43.0962 0836 BTATH_HCRP - ok
21:32:43.0977 0836 [ B16F8429A35BBA2A8EF9DB2E08675B97 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:32:44.0008 0836 BTATH_LWFLT - ok
21:32:44.0024 0836 [ C24231C6BDFE21735930084A22089AAB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
21:32:44.0055 0836 BTATH_RCP - ok
21:32:44.0118 0836 [ 3632FA4C6B3CE9EC827690DEAC266D8C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
21:32:44.0149 0836 BtFilter - ok
21:32:44.0196 0836 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:32:44.0289 0836 BthEnum - ok
21:32:44.0320 0836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:32:44.0367 0836 BTHMODEM - ok
21:32:44.0414 0836 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:32:44.0492 0836 BthPan - ok
21:32:44.0554 0836 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:32:44.0664 0836 BTHPORT - ok
21:32:44.0710 0836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:32:44.0773 0836 bthserv - ok
21:32:44.0866 0836 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:32:44.0991 0836 BTHUSB - ok
21:32:45.0022 0836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:32:45.0116 0836 cdfs - ok
21:32:45.0147 0836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:32:45.0178 0836 cdrom - ok
21:32:45.0225 0836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:32:45.0334 0836 CertPropSvc - ok
21:32:45.0381 0836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:32:45.0428 0836 circlass - ok
21:32:45.0490 0836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:32:45.0537 0836 CLFS - ok
21:32:45.0709 0836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:45.0740 0836 clr_optimization_v2.0.50727_32 - ok
21:32:45.0771 0836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:32:45.0818 0836 clr_optimization_v2.0.50727_64 - ok
21:32:45.0896 0836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:45.0943 0836 clr_optimization_v4.0.30319_32 - ok
21:32:45.0974 0836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:32:46.0005 0836 clr_optimization_v4.0.30319_64 - ok
21:32:46.0021 0836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:32:46.0068 0836 CmBatt - ok
21:32:46.0130 0836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:32:46.0146 0836 cmdide - ok
21:32:46.0192 0836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:32:46.0239 0836 CNG - ok
21:32:46.0302 0836 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:32:46.0364 0836 CnxtHdAudService - ok
21:32:46.0395 0836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:32:46.0426 0836 Compbatt - ok
21:32:46.0458 0836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:32:46.0504 0836 CompositeBus - ok
21:32:46.0536 0836 COMSysApp - ok
21:32:46.0598 0836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:32:46.0645 0836 crcdisk - ok
21:32:46.0692 0836 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:32:46.0801 0836 CryptSvc - ok
21:32:46.0957 0836 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:32:47.0004 0836 cvhsvc - ok
21:32:47.0160 0836 [ 75E3C4BB1ED032310EDCF5691A452B4B ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
21:32:47.0191 0836 DCDhcpService - ok
21:32:47.0253 0836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:32:47.0362 0836 DcomLaunch - ok
21:32:47.0425 0836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:32:47.0518 0836 defragsvc - ok
21:32:47.0550 0836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:32:47.0643 0836 DfsC - ok
21:32:47.0690 0836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:32:47.0815 0836 Dhcp - ok
21:32:47.0830 0836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:32:47.0924 0836 discache - ok
21:32:47.0971 0836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:32:48.0002 0836 Disk - ok
21:32:48.0033 0836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:32:48.0111 0836 Dnscache - ok
21:32:48.0127 0836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:32:48.0220 0836 dot3svc - ok
21:32:48.0267 0836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:32:48.0361 0836 DPS - ok
21:32:48.0408 0836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:32:48.0454 0836 drmkaud - ok
21:32:48.0595 0836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:32:48.0657 0836 DXGKrnl - ok
21:32:48.0673 0836 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
21:32:48.0735 0836 e1yexpress - ok
21:32:48.0798 0836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:32:48.0891 0836 EapHost - ok
21:32:49.0390 0836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:32:49.0546 0836 ebdrv - ok
21:32:49.0624 0836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:32:49.0702 0836 EFS - ok
21:32:49.0780 0836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:32:49.0890 0836 ehRecvr - ok
21:32:49.0921 0836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:32:49.0983 0836 ehSched - ok
21:32:50.0077 0836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:32:50.0139 0836 elxstor - ok
21:32:50.0155 0836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:32:50.0202 0836 ErrDev - ok
21:32:50.0280 0836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:32:50.0373 0836 EventSystem - ok
21:32:50.0404 0836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:32:50.0467 0836 exfat - ok
21:32:50.0498 0836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:32:50.0592 0836 fastfat - ok
21:32:50.0654 0836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:32:50.0763 0836 Fax - ok
21:32:50.0794 0836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:32:50.0841 0836 fdc - ok
21:32:50.0888 0836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:32:50.0950 0836 fdPHost - ok
21:32:50.0966 0836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:32:51.0060 0836 FDResPub - ok
21:32:51.0106 0836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:32:51.0138 0836 FileInfo - ok
21:32:51.0153 0836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:32:51.0247 0836 Filetrace - ok
21:32:51.0294 0836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:32:51.0325 0836 flpydisk - ok
21:32:51.0356 0836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:32:51.0387 0836 FltMgr - ok
21:32:51.0434 0836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:32:51.0543 0836 FontCache - ok
21:32:51.0590 0836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:32:51.0621 0836 FontCache3.0.0.0 - ok
21:32:51.0652 0836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:32:51.0684 0836 FsDepends - ok
21:32:51.0730 0836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:32:51.0777 0836 Fs_Rec - ok
21:32:51.0808 0836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:32:51.0855 0836 fvevol - ok
21:32:51.0902 0836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:32:51.0918 0836 gagp30kx - ok
21:32:51.0964 0836 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:52.0011 0836 GEARAspiWDM - ok
21:32:52.0152 0836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:32:52.0276 0836 gpsvc - ok
21:32:52.0308 0836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:32:52.0370 0836 hcw85cir - ok
21:32:52.0417 0836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:32:52.0479 0836 HdAudAddService - ok
21:32:52.0526 0836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:52.0620 0836 HDAudBus - ok
21:32:52.0635 0836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:32:52.0698 0836 HidBatt - ok
21:32:52.0744 0836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:32:52.0807 0836 HidBth - ok
21:32:52.0854 0836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:32:52.0885 0836 HidIr - ok
21:32:52.0916 0836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:32:53.0010 0836 hidserv - ok
21:32:53.0088 0836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:32:53.0134 0836 HidUsb - ok
21:32:53.0166 0836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:32:53.0259 0836 hkmsvc - ok
21:32:53.0322 0836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:32:53.0415 0836 HomeGroupListener - ok
21:32:53.0446 0836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:32:53.0493 0836 HomeGroupProvider - ok
21:32:53.0524 0836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:32:53.0556 0836 HpSAMD - ok
21:32:53.0602 0836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:32:53.0712 0836 HTTP - ok
21:32:53.0743 0836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:32:53.0758 0836 hwpolicy - ok
21:32:53.0790 0836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:53.0821 0836 i8042prt - ok
21:32:53.0899 0836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:32:53.0946 0836 iaStorV - ok
21:32:54.0086 0836 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:32:54.0180 0836 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
21:32:54.0180 0836 IconMan_R - detected UnsignedFile.Multi.Generic (1)
21:32:54.0258 0836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:32:54.0320 0836 idsvc - ok
21:32:54.0351 0836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:32:54.0382 0836 iirsp - ok
21:32:54.0429 0836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:32:54.0538 0836 IKEEXT - ok
21:32:54.0570 0836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:32:54.0601 0836 intelide - ok
21:32:54.0632 0836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:32:54.0679 0836 intelppm - ok
21:32:54.0726 0836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:32:54.0835 0836 IPBusEnum - ok
21:32:54.0850 0836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:54.0928 0836 IpFilterDriver - ok
21:32:54.0960 0836 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:32:55.0069 0836 iphlpsvc - ok
21:32:55.0084 0836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:32:55.0147 0836 IPMIDRV - ok
21:32:55.0194 0836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:32:55.0287 0836 IPNAT - ok
21:32:55.0350 0836 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:32:55.0396 0836 iPod Service - ok
21:32:55.0428 0836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:32:55.0490 0836 IRENUM - ok
21:32:55.0538 0836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:32:55.0553 0836 isapnp - ok
21:32:55.0569 0836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:32:55.0600 0836 iScsiPrt - ok
21:32:55.0616 0836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:55.0647 0836 kbdclass - ok
21:32:55.0678 0836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:32:55.0725 0836 kbdhid - ok
21:32:55.0756 0836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:32:55.0787 0836 KeyIso - ok
21:32:55.0819 0836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:32:55.0850 0836 KSecDD - ok
21:32:55.0881 0836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:32:55.0912 0836 KSecPkg - ok
21:32:55.0943 0836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:32:56.0037 0836 ksthunk - ok
21:32:56.0068 0836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:32:56.0146 0836 KtmRm - ok
21:32:56.0193 0836 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:32:56.0209 0836 L1C - ok
21:32:56.0271 0836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:32:56.0396 0836 LanmanServer - ok
21:32:56.0458 0836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:32:56.0553 0836 LanmanWorkstation - ok
21:32:56.0631 0836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:32:56.0740 0836 lltdio - ok
21:32:56.0818 0836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:32:56.0958 0836 lltdsvc - ok
21:32:57.0005 0836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:32:57.0114 0836 lmhosts - ok
21:32:57.0161 0836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:32:57.0192 0836 LSI_FC - ok
21:32:57.0208 0836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:32:57.0239 0836 LSI_SAS - ok
21:32:57.0255 0836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:32:57.0270 0836 LSI_SAS2 - ok
21:32:57.0286 0836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:32:57.0317 0836 LSI_SCSI - ok
21:32:57.0333 0836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:32:57.0426 0836 luafv - ok
21:32:57.0473 0836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:32:57.0520 0836 Mcx2Svc - ok
21:32:57.0567 0836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:32:57.0582 0836 megasas - ok
21:32:57.0645 0836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:32:57.0676 0836 MegaSR - ok
21:32:57.0738 0836 Microsoft SharePoint Workspace Audit Service - ok
21:32:57.0785 0836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:32:57.0863 0836 MMCSS - ok
21:32:57.0879 0836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:32:57.0972 0836 Modem - ok
21:32:58.0004 0836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:32:58.0066 0836 monitor - ok
21:32:58.0113 0836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:32:58.0128 0836 mouclass - ok
21:32:58.0175 0836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:32:58.0222 0836 mouhid - ok
21:32:58.0253 0836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:32:58.0284 0836 mountmgr - ok
21:32:58.0300 0836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:32:58.0316 0836 mpio - ok
21:32:58.0347 0836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:32:58.0425 0836 mpsdrv - ok
21:32:58.0456 0836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:32:58.0550 0836 MpsSvc - ok
21:32:58.0565 0836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:32:58.0643 0836 MRxDAV - ok
21:32:58.0706 0836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:58.0815 0836 mrxsmb - ok
21:32:58.0893 0836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:58.0955 0836 mrxsmb10 - ok
21:32:58.0971 0836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:59.0002 0836 mrxsmb20 - ok
21:32:59.0033 0836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:32:59.0064 0836 msahci - ok
21:32:59.0080 0836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:32:59.0111 0836 msdsm - ok
21:32:59.0142 0836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:32:59.0189 0836 MSDTC - ok
21:32:59.0252 0836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:32:59.0330 0836 Msfs - ok
21:32:59.0345 0836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:32:59.0439 0836 mshidkmdf - ok
21:32:59.0454 0836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:32:59.0486 0836 msisadrv - ok
21:32:59.0532 0836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:32:59.0627 0836 MSiSCSI - ok
21:32:59.0643 0836 msiserver - ok
21:32:59.0674 0836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:32:59.0752 0836 MSKSSRV - ok
21:32:59.0783 0836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:59.0877 0836 MSPCLOCK - ok
21:32:59.0923 0836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:33:00.0017 0836 MSPQM - ok
21:33:00.0079 0836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:33:00.0142 0836 MsRPC - ok
21:33:00.0173 0836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:33:00.0204 0836 mssmbios - ok
21:33:00.0235 0836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:33:00.0329 0836 MSTEE - ok
21:33:00.0376 0836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:33:00.0423 0836 MTConfig - ok
21:33:00.0454 0836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:33:00.0469 0836 Mup - ok
21:33:00.0501 0836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:33:00.0595 0836 napagent - ok
21:33:00.0673 0836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:33:00.0736 0836 NativeWifiP - ok
21:33:00.0845 0836 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:33:00.0923 0836 NDIS - ok
21:33:00.0938 0836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:01.0032 0836 NdisCap - ok
21:33:01.0079 0836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:01.0157 0836 NdisTapi - ok
21:33:01.0172 0836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:01.0266 0836 Ndisuio - ok
21:33:01.0297 0836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:01.0391 0836 NdisWan - ok
21:33:01.0406 0836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:33:01.0500 0836 NDProxy - ok
21:33:01.0547 0836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:33:01.0625 0836 NetBIOS - ok
21:33:01.0718 0836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:33:01.0828 0836 NetBT - ok
21:33:01.0843 0836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:33:01.0874 0836 Netlogon - ok
21:33:01.0921 0836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:33:02.0030 0836 Netman - ok
21:33:02.0062 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:33:02.0093 0836 NetMsmqActivator - ok
21:33:02.0093 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:33:02.0124 0836 NetPipeActivator - ok
21:33:02.0202 0836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:33:02.0327 0836 netprofm - ok
21:33:02.0358 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:33:02.0374 0836 NetTcpActivator - ok
21:33:02.0389 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:33:02.0405 0836 NetTcpPortSharing - ok
21:33:02.0452 0836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:33:02.0467 0836 nfrd960 - ok
21:33:02.0514 0836 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:33:02.0608 0836 NlaSvc - ok
21:33:02.0623 0836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:33:02.0701 0836 Npfs - ok
21:33:02.0732 0836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:33:02.0826 0836 nsi - ok
21:33:02.0857 0836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:33:02.0966 0836 nsiproxy - ok
21:33:03.0294 0836 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:33:03.0388 0836 Ntfs - ok
21:33:03.0419 0836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:33:03.0497 0836 Null - ok
21:33:04.0729 0836 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:33:05.0275 0836 nvlddmkm - ok
21:33:05.0306 0836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:33:05.0338 0836 nvraid - ok
21:33:05.0384 0836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:33:05.0431 0836 nvstor - ok
21:33:05.0478 0836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:33:05.0509 0836 nv_agp - ok
21:33:05.0525 0836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:33:05.0603 0836 ohci1394 - ok
21:33:05.0696 0836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:05.0728 0836 ose - ok
21:33:06.0617 0836 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:33:06.0851 0836 osppsvc - ok
21:33:06.0898 0836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:33:06.0991 0836 p2pimsvc - ok
21:33:07.0116 0836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:33:07.0178 0836 p2psvc - ok
21:33:07.0210 0836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:33:07.0256 0836 Parport - ok
21:33:07.0303 0836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:33:07.0350 0836 partmgr - ok
21:33:07.0397 0836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:33:07.0475 0836 PcaSvc - ok
21:33:07.0522 0836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:33:07.0584 0836 pci - ok
21:33:07.0615 0836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:33:07.0646 0836 pciide - ok
21:33:07.0662 0836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:33:07.0693 0836 pcmcia - ok
21:33:07.0740 0836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:33:07.0771 0836 pcw - ok
21:33:07.0834 0836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:33:07.0958 0836 PEAUTH - ok
21:33:08.0614 0836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:33:08.0708 0836 PerfHost - ok
21:33:08.0802 0836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:33:08.0927 0836 pla - ok
21:33:09.0098 0836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:33:09.0192 0836 PlugPlay - ok
21:33:09.0426 0836 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
21:33:09.0473 0836 PMBDeviceInfoProvider - ok
21:33:09.0519 0836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:33:09.0597 0836 PNRPAutoReg - ok
21:33:09.0629 0836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:33:09.0675 0836 PNRPsvc - ok
21:33:09.0753 0836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:33:09.0863 0836 PolicyAgent - ok
21:33:09.0909 0836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:33:10.0003 0836 Power - ok
21:33:10.0050 0836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:33:10.0159 0836 PptpMiniport - ok
21:33:10.0190 0836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:33:10.0237 0836 Processor - ok
21:33:10.0331 0836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:33:10.0440 0836 ProfSvc - ok
21:33:10.0455 0836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:33:10.0471 0836 ProtectedStorage - ok
21:33:10.0502 0836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:33:10.0596 0836 Psched - ok
21:33:10.0689 0836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:33:10.0783 0836 ql2300 - ok
21:33:10.0830 0836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:33:10.0861 0836 ql40xx - ok
21:33:10.0908 0836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:33:10.0986 0836 QWAVE - ok
21:33:11.0017 0836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:33:11.0095 0836 QWAVEdrv - ok
21:33:11.0173 0836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:33:11.0267 0836 RasAcd - ok
21:33:11.0345 0836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:11.0407 0836 RasAgileVpn - ok
21:33:11.0469 0836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:33:11.0610 0836 RasAuto - ok
21:33:11.0625 0836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:11.0719 0836 Rasl2tp - ok
21:33:11.0781 0836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:33:11.0859 0836 RasMan - ok
21:33:11.0891 0836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:11.0969 0836 RasPppoe - ok
21:33:12.0015 0836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:33:12.0125 0836 RasSstp - ok
21:33:12.0203 0836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:33:12.0327 0836 rdbss - ok
21:33:12.0359 0836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:33:12.0405 0836 rdpbus - ok
21:33:12.0452 0836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:12.0515 0836 RDPCDD - ok
21:33:12.0546 0836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:33:12.0671 0836 RDPENCDD - ok
21:33:12.0702 0836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:33:12.0780 0836 RDPREFMP - ok
21:33:12.0827 0836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:33:12.0905 0836 RDPWD - ok
21:33:12.0936 0836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:33:12.0967 0836 rdyboost - ok
21:33:12.0998 0836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:33:13.0092 0836 RemoteAccess - ok
21:33:13.0139 0836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:33:13.0263 0836 RemoteRegistry - ok
21:33:13.0310 0836 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:33:13.0373 0836 RFCOMM - ok
21:33:13.0419 0836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:33:13.0513 0836 RpcEptMapper - ok
21:33:13.0544 0836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:33:13.0591 0836 RpcLocator - ok
21:33:13.0716 0836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:33:13.0809 0836 RpcSs - ok
21:33:13.0887 0836 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
21:33:13.0934 0836 RSPCIESTOR - ok
21:33:13.0981 0836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:33:14.0043 0836 rspndr - ok
21:33:14.0121 0836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:33:14.0153 0836 SamSs - ok
21:33:14.0184 0836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:33:14.0215 0836 sbp2port - ok
21:33:14.0246 0836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:33:14.0324 0836 SCardSvr - ok
21:33:14.0355 0836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:33:14.0449 0836 scfilter - ok
21:33:14.0636 0836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:33:14.0761 0836 Schedule - ok
21:33:14.0808 0836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:33:14.0870 0836 SCPolicySvc - ok
21:33:14.0901 0836 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:33:14.0964 0836 sdbus - ok
21:33:15.0026 0836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:33:15.0104 0836 SDRSVC - ok
21:33:15.0135 0836 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:33:15.0182 0836 SeaPort - ok
21:33:15.0229 0836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:33:15.0338 0836 secdrv - ok
21:33:15.0369 0836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:33:15.0463 0836 seclogon - ok
21:33:15.0525 0836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:33:15.0635 0836 SENS - ok
21:33:15.0666 0836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:33:15.0775 0836 SensrSvc - ok
21:33:15.0775 0836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:33:15.0837 0836 Serenum - ok
21:33:15.0869 0836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:33:15.0931 0836 Serial - ok
21:33:15.0962 0836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:33:16.0009 0836 sermouse - ok
21:33:16.0103 0836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:33:16.0227 0836 SessionEnv - ok
21:33:16.0259 0836 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
21:33:16.0337 0836 SFEP - ok
21:33:16.0368 0836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:33:16.0430 0836 sffdisk - ok
21:33:16.0430 0836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:33:16.0477 0836 sffp_mmc - ok
21:33:16.0493 0836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:33:16.0524 0836 sffp_sd - ok
21:33:16.0555 0836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:33:16.0617 0836 sfloppy - ok
21:33:16.0695 0836 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:33:16.0742 0836 Sftfs - ok
21:33:16.0851 0836 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:33:16.0898 0836 sftlist - ok
21:33:16.0992 0836 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:33:17.0039 0836 Sftplay - ok
21:33:17.0070 0836 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:33:17.0085 0836 Sftredir - ok
21:33:17.0117 0836 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:33:17.0132 0836 Sftvol - ok
21:33:17.0210 0836 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:33:17.0241 0836 sftvsa - ok
21:33:17.0397 0836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:33:17.0538 0836 SharedAccess - ok
21:33:17.0663 0836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:33:17.0772 0836 ShellHWDetection - ok
21:33:17.0834 0836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:33:17.0850 0836 SiSRaid2 - ok
21:33:17.0881 0836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:33:17.0897 0836 SiSRaid4 - ok
21:33:17.0975 0836 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:33:18.0006 0836 SkypeUpdate - ok
21:33:18.0053 0836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:33:18.0162 0836 Smb - ok
21:33:18.0224 0836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:33:18.0271 0836 SNMPTRAP - ok
21:33:18.0380 0836 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:33:18.0411 0836 SOHCImp - ok
21:33:18.0443 0836 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:33:18.0458 0836 SOHDs - ok
21:33:18.0614 0836 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
21:33:18.0661 0836 SpfService - ok
21:33:18.0677 0836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:33:18.0708 0836 spldr - ok
21:33:18.0879 0836 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:33:18.0926 0836 Spooler - ok
21:33:19.0613 0836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:33:19.0831 0836 sppsvc - ok
21:33:19.0862 0836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:33:19.0940 0836 sppuinotify - ok
21:33:20.0096 0836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:33:20.0221 0836 srv - ok
21:33:20.0268 0836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:33:20.0346 0836 srv2 - ok
21:33:20.0424 0836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:33:20.0471 0836 srvnet - ok
21:33:20.0502 0836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:33:20.0580 0836 SSDPSRV - ok
21:33:20.0611 0836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:33:20.0689 0836 SstpSvc - ok
21:33:20.0720 0836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:33:20.0767 0836 stexstor - ok
21:33:20.0829 0836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:33:20.0907 0836 stisvc - ok
21:33:20.0970 0836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:33:21.0001 0836 swenum - ok
21:33:21.0095 0836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:33:21.0219 0836 swprv - ok
21:33:21.0469 0836 [ C43E3CA9C672B2EC30B66CCE0B89BD36 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:33:21.0531 0836 SynTP - ok
21:33:21.0797 0836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:33:21.0937 0836 SysMain - ok
21:33:22.0015 0836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:33:22.0109 0836 TabletInputService - ok
21:33:22.0155 0836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:33:22.0233 0836 TapiSrv - ok
21:33:22.0265 0836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:33:22.0374 0836 TBS - ok
21:33:22.0483 0836 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:33:22.0577 0836 Tcpip - ok
21:33:22.0967 0836 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:33:23.0045 0836 TCPIP6 - ok
21:33:23.0123 0836 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:33:23.0247 0836 tcpipreg - ok
21:33:23.0279 0836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:33:23.0372 0836 TDPIPE - ok
21:33:23.0419 0836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:33:23.0466 0836 TDTCP - ok
21:33:23.0513 0836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:33:23.0591 0836 tdx - ok
21:33:23.0622 0836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:33:23.0653 0836 TermDD - ok
21:33:23.0715 0836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:33:23.0840 0836 TermService - ok
21:33:23.0871 0836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:33:23.0903 0836 Themes - ok
21:33:23.0981 0836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:33:24.0074 0836 THREADORDER - ok
21:33:24.0121 0836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:33:24.0246 0836 TrkWks - ok
21:33:24.0371 0836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:33:24.0511 0836 TrustedInstaller - ok
21:33:24.0573 0836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:24.0683 0836 tssecsrv - ok
21:33:24.0714 0836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:33:24.0792 0836 TsUsbFlt - ok
21:33:24.0807 0836 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:33:24.0854 0836 TsUsbGD - ok
21:33:24.0901 0836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:33:24.0995 0836 tunnel - ok
21:33:25.0026 0836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:33:25.0057 0836 uagp35 - ok
21:33:25.0119 0836 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:33:25.0151 0836 uCamMonitor - ok
21:33:25.0197 0836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:33:25.0307 0836 udfs - ok
21:33:25.0338 0836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:33:25.0400 0836 UI0Detect - ok
21:33:25.0447 0836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:33:25.0463 0836 uliagpkx - ok
21:33:25.0509 0836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:33:25.0572 0836 umbus - ok
21:33:25.0603 0836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:33:25.0650 0836 UmPass - ok
21:33:25.0697 0836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:33:25.0790 0836 upnphost - ok
21:33:25.0853 0836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:25.0962 0836 usbccgp - ok
21:33:26.0024 0836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:33:26.0071 0836 usbcir - ok
21:33:26.0118 0836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:33:26.0180 0836 usbehci - ok
21:33:26.0227 0836 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:33:26.0243 0836 usbfilter - ok
21:33:26.0289 0836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:33:26.0336 0836 usbhub - ok
21:33:26.0367 0836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:33:26.0414 0836 usbohci - ok
21:33:26.0477 0836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:33:26.0523 0836 usbprint - ok
21:33:26.0586 0836 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:33:26.0617 0836 usbscan - ok
21:33:26.0648 0836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:26.0742 0836 USBSTOR - ok
21:33:26.0773 0836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:33:26.0820 0836 usbuhci - ok
21:33:26.0867 0836 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:33:26.0913 0836 usbvideo - ok
21:33:26.0960 0836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:33:27.0069 0836 UxSms - ok
21:33:27.0116 0836 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
21:33:27.0147 0836 VAIO Event Service - ok
21:33:27.0179 0836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:33:27.0194 0836 VaultSvc - ok
21:33:27.0413 0836 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:33:27.0522 0836 VCFw - ok
21:33:27.0647 0836 [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:33:27.0709 0836 VcmIAlzMgr - ok
21:33:27.0849 0836 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:33:27.0912 0836 VcmINSMgr - ok
21:33:27.0990 0836 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:33:28.0021 0836 VcmXmlIfHelper - ok
21:33:28.0115 0836 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
21:33:28.0161 0836 VCService - ok
21:33:28.0193 0836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:33:28.0208 0836 vdrvroot - ok
21:33:28.0302 0836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:33:28.0442 0836 vds - ok
21:33:28.0489 0836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:33:28.0520 0836 vga - ok
21:33:28.0536 0836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:33:28.0629 0836 VgaSave - ok
21:33:28.0661 0836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:33:28.0692 0836 vhdmp - ok
21:33:28.0692 0836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:33:28.0723 0836 viaide - ok
21:33:28.0754 0836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:33:28.0770 0836 volmgr - ok
21:33:28.0801 0836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:33:28.0832 0836 volmgrx - ok
21:33:28.0848 0836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:33:28.0879 0836 volsnap - ok
21:33:28.0957 0836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:33:28.0973 0836 vsmraid - ok
21:33:29.0175 0836 [ 03F6F618367CB16A2176B8DB4215D1F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
21:33:29.0269 0836 VSNService - ok
21:33:29.0581 0836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:33:29.0768 0836 VSS - ok
21:33:30.0002 0836 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:33:30.0096 0836 VUAgent - ok
21:33:30.0111 0836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:33:30.0158 0836 vwifibus - ok
21:33:30.0189 0836 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:33:30.0252 0836 vwififlt - ok
21:33:30.0377 0836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:33:30.0501 0836 W32Time - ok
21:33:30.0548 0836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:33:30.0642 0836 WacomPen - ok
21:33:30.0704 0836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:33:30.0782 0836 WANARP - ok
21:33:30.0813 0836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:33:30.0876 0836 Wanarpv6 - ok
21:33:30.0985 0836 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:33:31.0094 0836 WatAdminSvc - ok
21:33:31.0141 0836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:33:31.0281 0836 wbengine - ok
21:33:31.0344 0836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:33:31.0422 0836 WbioSrvc - ok
21:33:31.0500 0836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:33:31.0640 0836 wcncsvc - ok
21:33:31.0687 0836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:33:31.0781 0836 WcsPlugInService - ok
21:33:31.0812 0836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:33:31.0843 0836 Wd - ok
21:33:31.0874 0836 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:33:31.0921 0836 Wdf01000 - ok
21:33:31.0952 0836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:33:32.0093 0836 WdiServiceHost - ok
21:33:32.0108 0836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:33:32.0155 0836 WdiSystemHost - ok
21:33:32.0217 0836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:33:32.0311 0836 WebClient - ok
21:33:32.0358 0836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:33:32.0451 0836 Wecsvc - ok
21:33:32.0498 0836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:33:32.0561 0836 wercplsupport - ok
21:33:32.0607 0836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:33:32.0685 0836 WerSvc - ok
21:33:32.0732 0836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:33:32.0795 0836 WfpLwf - ok
21:33:32.0826 0836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:33:32.0857 0836 WIMMount - ok
21:33:32.0873 0836 WinDefend - ok
21:33:32.0888 0836 WinHttpAutoProxySvc - ok
21:33:33.0013 0836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:33:33.0107 0836 Winmgmt - ok
21:33:33.0621 0836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:33:33.0824 0836 WinRM - ok
21:33:33.0933 0836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:33:34.0027 0836 Wlansvc - ok
21:33:34.0089 0836 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:33:34.0121 0836 wlcrasvc - ok
21:33:34.0604 0836 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:33:34.0729 0836 wlidsvc - ok
21:33:34.0760 0836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:33:34.0791 0836 WmiAcpi - ok
21:33:34.0885 0836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:33:34.0963 0836 wmiApSrv - ok
21:33:35.0010 0836 WMPNetworkSvc - ok
21:33:35.0057 0836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:33:35.0088 0836 WPCSvc - ok
21:33:35.0119 0836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:33:35.0150 0836 WPDBusEnum - ok
21:33:35.0228 0836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:33:35.0291 0836 ws2ifsl - ok
21:33:35.0353 0836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:33:35.0415 0836 wscsvc - ok
21:33:35.0415 0836 WSearch - ok
21:33:35.0883 0836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:33:36.0008 0836 wuauserv - ok
21:33:36.0024 0836 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:33:36.0103 0836 WudfPf - ok
21:33:36.0165 0836 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:36.0243 0836 WUDFRd - ok
21:33:36.0274 0836 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:33:36.0337 0836 wudfsvc - ok
21:33:36.0399 0836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:33:36.0508 0836 WwanSvc - ok
21:33:36.0555 0836 ================ Scan global ===============================
21:33:36.0586 0836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:33:36.0680 0836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:33:36.0727 0836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:33:36.0774 0836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:33:36.0852 0836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:33:36.0867 0836 [Global] - ok
21:33:36.0867 0836 ================ Scan MBR ==================================
21:33:36.0883 0836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:33:39.0410 0836 \Device\Harddisk0\DR0 - ok
21:33:39.0410 0836 ================ Scan VBR ==================================
21:33:39.0441 0836 [ 0C16B16F4814B75552DF64D32360762D ] \Device\Harddisk0\DR0\Partition1
21:33:39.0472 0836 \Device\Harddisk0\DR0\Partition1 - ok
21:33:39.0488 0836 [ 5DC775753D289D602BC451002ECF550E ] \Device\Harddisk0\DR0\Partition2
21:33:39.0519 0836 \Device\Harddisk0\DR0\Partition2 - ok
21:33:39.0519 0836 ============================================================
21:33:39.0519 0836 Scan finished
21:33:39.0519 0836 ============================================================
21:33:39.0550 2412 Detected object count: 1
21:33:39.0550 2412 Actual detected object count: 1
21:34:02.0030 2412 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:02.0030 2412 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.10.2012, 11:17
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 16:47
| #21 |
| | Polizei Virus - Cyber Crime Investigation Department Bitte schön [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - Sabrina 05.10.2012 17:23:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3691.2393 [GMT 2:00]
ausgeführt von:: c:\users\Sabrina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\aiopobnkolbfcpfbdmccjcpcdbolljdd.crx
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\settings.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 ))))))))))))))))))))))))))))))
.
.
2012-10-05 15:34 . 2012-10-05 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 15:30 . 2012-10-05 15:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AA44F39-2086-4895-9FDC-311126D17A80}\offreg.dll
2012-10-05 15:02 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AA44F39-2086-4895-9FDC-311126D17A80}\mpengine.dll
2012-10-04 16:12 . 2012-10-04 16:12 -------- d-----w- C:\_OTL
2012-09-26 18:20 . 2012-09-26 18:20 -------- d-----w- c:\program files (x86)\ESET
2012-09-25 18:32 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 22:38 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-24 22:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-24 20:58 . 2012-09-24 20:58 -------- d-----w- c:\users\Sabrina\AppData\Local\Diagnostics
2012-09-24 14:20 . 2012-09-24 14:20 -------- d-----w- c:\users\Sabrina\AppData\Roaming\Malwarebytes
2012-09-24 14:19 . 2012-09-24 14:19 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 14:19 . 2012-09-24 14:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-24 14:19 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 19:24 . 2012-09-18 19:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-18 19:24 . 2012-09-18 19:24 -------- d-----r- c:\program files (x86)\Skype
2012-09-14 19:15 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 19:13 . 2012-09-14 19:13 -------- d-----w- c:\program files\iPod
2012-09-14 19:13 . 2012-09-14 19:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 19:13 . 2012-09-14 19:14 -------- d-----w- c:\program files\iTunes
2012-09-14 19:13 . 2012-09-14 19:14 -------- d-----w- c:\program files (x86)\iTunes
2012-09-12 16:06 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:06 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:06 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:06 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:06 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:06 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:06 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 16:47 . 2011-11-08 19:02 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-27 07:50 . 2012-04-01 16:34 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 07:50 . 2011-11-16 20:38 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 11:01 . 2011-11-08 21:54 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-11-08 21:54 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 19:36 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-24 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-24 38016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-01 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-04-14 2375168]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-01 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-01 309760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-07-01 114704]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-13 77936]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-04-14 337512]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-03-17 44672]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1320788562&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=3079&id=64855&mkt=de-at&cbcxt=mai&snsc=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\OldTimer Tools\OTL\Files]
@DACL=(02 0000)
"c:\\Users\\Sabrina\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-05 17:40:32
ComboFix-quarantined-files.txt 2012-10-05 15:40
.
Vor Suchlauf: 12 Verzeichnis(se), 349.379.129.344 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 348.923.973.632 Bytes frei
.
- - End Of File - - E953E0C9C13DBBA703E3AA1AB81FF35A
|
|
05.10.2012, 18:17
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.10.2012, 20:11
| #23 |
| | Polizei Virus - Cyber Crime Investigation Department So, alles erledigt. Hier die Logfiles: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-06 20:43:25
Windows 6.1.7601 Service Pack 1
Running: efoyl7d9.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78d75b48
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78d75b48 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 21:03:44
-----------------------------
21:03:44.269 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:44.269 Number of processors: 2 586 0x200
21:03:44.269 ComputerName: SABRINA-VAIO UserName: Sabrina
21:03:45.938 Initialize success
21:03:58.262 AVAST engine defs: 12100600
21:04:08.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
21:04:08.714 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
21:04:08.761 Disk 0 MBR read successfully
21:04:08.761 Disk 0 MBR scan
21:04:08.776 Disk 0 Windows 7 default MBR code
21:04:08.792 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14315 MB offset 2048
21:04:08.823 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29319168
21:04:08.839 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462523 MB offset 29523968
21:04:08.886 Disk 0 scanning C:\Windows\system32\drivers
21:04:26.997 Service scanning
21:05:08.852 Modules scanning
21:05:08.883 Disk 0 trace - called modules:
21:05:08.930 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
21:05:08.946 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e46060]
21:05:08.961 3 CLASSPNP.SYS[fffff8800192c43f] -> nt!IofCallDriver -> [0xfffffa8003c026c0]
21:05:08.977 5 amd_xata.sys[fffff88000c648b4] -> nt!IofCallDriver -> [0xfffffa8003bfea40]
21:05:08.993 7 ACPI.sys[fffff88000f207a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8003bfe2e0]
21:05:08.993 Scan finished successfully
21:06:08.039 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
21:06:08.054 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
|
|
07.10.2012, 07:30
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 13:55
| #25 |
| | Polizei Virus - Cyber Crime Investigation Department Das hört sich gut an Hoffe die Logs sagen dass alles passt:Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sabrina :: SABRINA-VAIO [Administrator] 07.10.2012 10:55:00 mbam-log-2012-10-07 (10-55-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379987 Laufzeit: 1 Stunde(n), 1 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/07/2012 at 02:51 PM
Application Version : 5.5.1022
Core Rules Database Version : 9354
Trace Rules Database Version: 7166
Scan type : Complete Scan
Total Scan Time : 02:27:37
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 736
Memory threats detected : 0
Registry items scanned : 73539
Registry threats detected : 0
File items scanned : 159647
File threats detected : 101
Adware.Tracking Cookie
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\AVIY08NA.txt [ /zanox-affiliate.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\CSNWUKBI.txt [ /ad.yieldmanager.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\2PEWBCUT.txt [ /fastclick.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\N1BSWF89.txt [ /apmebf.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\9P7B0WQC.txt [ /msnportal.112.2o7.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\HHKPJ25R.txt [ /ad.dyntracker.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\E6H2RAIK.txt [ /tracking.quisma.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\H2FS2KDF.txt [ /invitemedia.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\25A8HIXR.txt [ /eas.apm.emediate.eu ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\32YTVO89.txt [ /neckermannde.122.2o7.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\SUNBL72M.txt [ /webmasterplan.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\4KE72OMH.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\2426YLVY.txt [ /questionmarket.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\TDA6YLRB.txt [ /advertising.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\FG0232XY.txt [ /ar.atwola.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\GE7Y37VJ.txt [ /ad.ad-srv.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\MRZK2KUW.txt [ /beiersdorf.122.2o7.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\ICTENHBP.txt [ /adform.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\ICKJA40W.txt [ /www.etracker.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\88U19L1O.txt [ /zanox.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\HTFCAZM5.txt [ /atwola.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\P8GTUPLO.txt [ /kontera.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\9M20YMO3.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\YLUSCXG2.txt [ /statse.webtrendslive.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\121PGE1L.txt [ /at.atwola.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\283I31Q6.txt [ /cunda.122.2o7.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\E4WQFOSI.txt [ /serving-sys.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\JTUJ0GWM.txt [ /tradedoubler.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\YJ0WOW35.txt [ /de.sitestat.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\AHKTTEZB.txt [ /ad.adc-serv.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\VEJI84MJ.txt [ /c.atdmt.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\WABD3Q6K.txt [ /bs.serving-sys.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\6GJZNX46.txt [ /tracker.vinsight.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\162FUAB3.txt [ /adfarm1.adition.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\1CYAMRA1.txt [ /tradetracker.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\H49L6WJJ.txt [ /doubleclick.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\00F8MJ3M.txt [ /imrworldwide.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\MA14E12C.txt [ /track.adform.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\GUNVH361.txt [ /adtech.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\SLJC45B6.txt [ /mediaplex.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\BC76G67D.txt [ /xiti.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\4TJ6ZFS7.txt [ /revsci.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\C9JLRM40.txt [ /smartadserver.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\33YI28XK.txt [ /tacoda.at.atwola.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\IQC1GTGX.txt [ /tacoda.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\96Y9R6K8.txt [ /atdmt.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\LLPZ2LA4.txt [ /ad.adserver01.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\KG3RICBB.txt [ /h.atdmt.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\V4WPM6VM.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\I2Q0TNYG.txt [ /ads.myswitzerland.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\PWWMHNCJ.txt [ /ad.360yield.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\5TJM1QVL.txt [ /sonyeurope.112.2o7.net ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\VGS2KSW2.txt [ /tomtailor.dyntracker.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\GG41HEWU.txt [ /ad.zanox.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\I9ME9F20.txt [ /ads.creative-serving.com ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\4P0JGL1S.txt [ /ads.echonet.at ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\1I6LVOOC.txt [ /im.banner.t-online.de ]
C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Cookies\O3UKXHLV.txt [ /career-account.com ]
C:\USERS\SABRINA\Cookies\AVIY08NA.txt [ Cookie:sabrina@zanox-affiliate.de/ ]
C:\USERS\SABRINA\Cookies\CSNWUKBI.txt [ Cookie:sabrina@ad.yieldmanager.com/ ]
C:\USERS\SABRINA\Cookies\2PEWBCUT.txt [ Cookie:sabrina@fastclick.net/ ]
C:\USERS\SABRINA\Cookies\9P7B0WQC.txt [ Cookie:sabrina@msnportal.112.2o7.net/ ]
C:\USERS\SABRINA\Cookies\E6H2RAIK.txt [ Cookie:sabrina@tracking.quisma.com/ ]
C:\USERS\SABRINA\Cookies\H2FS2KDF.txt [ Cookie:sabrina@invitemedia.com/ ]
C:\USERS\SABRINA\Cookies\25A8HIXR.txt [ Cookie:sabrina@eas.apm.emediate.eu/ ]
C:\USERS\SABRINA\Cookies\32YTVO89.txt [ Cookie:sabrina@neckermannde.122.2o7.net/ ]
C:\USERS\SABRINA\Cookies\SUNBL72M.txt [ Cookie:sabrina@webmasterplan.com/ ]
C:\USERS\SABRINA\Cookies\4KE72OMH.txt [ Cookie:sabrina@ad1.adfarm1.adition.com/ ]
C:\USERS\SABRINA\Cookies\TDA6YLRB.txt [ Cookie:sabrina@advertising.com/ ]
C:\USERS\SABRINA\Cookies\MRZK2KUW.txt [ Cookie:sabrina@beiersdorf.122.2o7.net/ ]
C:\USERS\SABRINA\Cookies\ICTENHBP.txt [ Cookie:sabrina@adform.net/ ]
C:\USERS\SABRINA\Cookies\ICKJA40W.txt [ Cookie:sabrina@www.etracker.de/ ]
C:\USERS\SABRINA\Cookies\88U19L1O.txt [ Cookie:sabrina@zanox.com/ ]
C:\USERS\SABRINA\Cookies\HTFCAZM5.txt [ Cookie:sabrina@atwola.com/ ]
C:\USERS\SABRINA\Cookies\P8GTUPLO.txt [ Cookie:sabrina@kontera.com/ ]
C:\USERS\SABRINA\Cookies\9M20YMO3.txt [ Cookie:sabrina@ad2.adfarm1.adition.com/ ]
C:\USERS\SABRINA\Cookies\YLUSCXG2.txt [ Cookie:sabrina@statse.webtrendslive.com/ ]
C:\USERS\SABRINA\Cookies\121PGE1L.txt [ Cookie:sabrina@at.atwola.com/ ]
C:\USERS\SABRINA\Cookies\283I31Q6.txt [ Cookie:sabrina@cunda.122.2o7.net/ ]
C:\USERS\SABRINA\Cookies\E4WQFOSI.txt [ Cookie:sabrina@serving-sys.com/ ]
C:\USERS\SABRINA\Cookies\JTUJ0GWM.txt [ Cookie:sabrina@tradedoubler.com/ ]
C:\USERS\SABRINA\Cookies\YJ0WOW35.txt [ Cookie:sabrina@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
C:\USERS\SABRINA\Cookies\WABD3Q6K.txt [ Cookie:sabrina@bs.serving-sys.com/ ]
C:\USERS\SABRINA\Cookies\6GJZNX46.txt [ Cookie:sabrina@tracker.vinsight.de/ ]
C:\USERS\SABRINA\Cookies\162FUAB3.txt [ Cookie:sabrina@adfarm1.adition.com/ ]
C:\USERS\SABRINA\Cookies\1CYAMRA1.txt [ Cookie:sabrina@tradetracker.net/ ]
C:\USERS\SABRINA\Cookies\H49L6WJJ.txt [ Cookie:sabrina@doubleclick.net/ ]
C:\USERS\SABRINA\Cookies\MA14E12C.txt [ Cookie:sabrina@track.adform.net/ ]
C:\USERS\SABRINA\Cookies\GUNVH361.txt [ Cookie:sabrina@adtech.de/ ]
C:\USERS\SABRINA\Cookies\BC76G67D.txt [ Cookie:sabrina@xiti.com/ ]
C:\USERS\SABRINA\Cookies\4TJ6ZFS7.txt [ Cookie:sabrina@revsci.net/ ]
C:\USERS\SABRINA\Cookies\C9JLRM40.txt [ Cookie:sabrina@smartadserver.com/ ]
C:\USERS\SABRINA\Cookies\33YI28XK.txt [ Cookie:sabrina@tacoda.at.atwola.com/ ]
C:\USERS\SABRINA\Cookies\IQC1GTGX.txt [ Cookie:sabrina@tacoda.net/ ]
C:\USERS\SABRINA\Cookies\LLPZ2LA4.txt [ Cookie:sabrina@ad.adserver01.de/ ]
C:\USERS\SABRINA\Cookies\KG3RICBB.txt [ Cookie:sabrina@h.atdmt.com/ ]
C:\USERS\SABRINA\Cookies\V4WPM6VM.txt [ Cookie:sabrina@ad4.adfarm1.adition.com/ ]
C:\USERS\SABRINA\Cookies\VGS2KSW2.txt [ Cookie:sabrina@tomtailor.dyntracker.com/ ]
C:\USERS\SABRINA\Cookies\GG41HEWU.txt [ Cookie:sabrina@ad.zanox.com/ ]
C:\USERS\SABRINA\Cookies\1I6LVOOC.txt [ Cookie:sabrina@im.banner.t-online.de/ ]
C:\USERS\SABRINA\Cookies\O3UKXHLV.txt [ Cookie:sabrina@career-account.com/ ]
|
|
07.10.2012, 19:44
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 21:49
| #27 |
| | Polizei Virus - Cyber Crime Investigation Department Oh Mann bin ich froh, vielen lieben Dank!!! Du warst echt wahnsinnig geduldig mit mir, ich weiß nicht was ich sonst gemacht hätte. Und das Ganze ohne neu aufsetzen, wirklich super ) Danke auch für die Erklärung bzgl. Cookies, ich werde mir das mal näher ansehen.Nein, es gibt sonst keine Funde oder Probleme mehr mit meinem Laptop, scheint alles wieder bestens zu sein *freu* Wenn du gerne Schokolade isst schreib mir per PN deine Adresse |
|
08.10.2012, 10:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Virus - Cyber Crime Investigation Department Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 21:21
| #29 |
| | Polizei Virus - Cyber Crime Investigation Department Juhuuu danke  Werde mich in Zukunft brav um Updates und Virenscans bemühen |
|
| Themen zu Polizei Virus - Cyber Crime Investigation Department |
| antivir, autorun, avira, bho, bingbar, bonjour, browser, crime, document, error, firefox, flash player, format, home, iexplore.exe, infizierte dateien, install.exe, logfile, object, phishing, plug-in, realtek, registry, richtlinie, rundll, scan, security, senden, software, trojan.delf, virus, wgsdgsdgdsgsd.exe, wlan |
Linear-Darstellung
