| |
| |||||||
Log-Analyse und Auswertung: Wie gefährlich sind diese Infektionen auf meinem Laptop?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.10.2012, 23:36
| #1 |
| |  Wie gefährlich sind diese Infektionen auf meinem Laptop? Hallo Trojaner-Board-User, ich poste hier erstmalig das Ergebnis eines Scanlaufs. Wie gefährlich sind die gefundenen Probleme und sind die Problem durch das Löschen nun behoben? Ich danke allen für ihre Hilfe. Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PackardBellAdmin :: PACKARDBELLADMI [Administrator] Schutz: Aktiviert 07.10.2012 23:10:25 mbam-log-2012-10-07 (23-10-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196378 Laufzeit: 3 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Operating System (Backdoor.Messa) -> Daten: C:\Users\PackardBellAdmin\AppData\Roaming\Microsoft\Windows\Templates\msadrh10.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\PackardBellAdmin\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-24-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PackardBellAdmin\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
08.10.2012, 06:51
| #2 |
| /// Malwareteam    | Wie gefährlich sind diese Infektionen auf meinem Laptop? Das Problem ist, dass du einen Backdoor-Schädling am System hattest, der zusätzlich bereits umfangreiche Informationen abgefischt zu haben scheint.
__________________Wird der Rechner für Online-Banking oder ähnliche finanzielle Transaktionen genutzt (z.B. Paypal, Interneteinkäufe, usw?)
__________________ |
|
08.10.2012, 18:39
| #3 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? Hi Psychotic,
__________________ja diesen Laptop nutze ich auch für Online-Banking, Paypal und Interneteinkäufe! Onlinebanking aber nur mit mTan und sonst nur bei Vorkasse mit Überweisung per mTan / auf Rechnung oder ich achte auf eine https-Verbindung (Paypal). Konnte noch keine Unregelmäßigkeiten auf meinen Konten feststellen. Kann ich irgendwie herausfinden, was sich in den Log-Dateien vom 2109-2709 an Daten angesammelt hat? Vielen Dank für Rückmeldungen |
|
08.10.2012, 19:56
| #4 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? In diesem Fall rate ich dir, an einem sauberen Rechner alle relvanten Passwörter zu ädern und anschließend das befallene System neu aufzusetzen. Moderne Malware ist durchaus in der Lage, die Sicherheitsvorkehrungen auszuhebeln! Was in den Logdateien steht, ist mit Sicherheit nicht für jedermann lesbar. Falls du dich dennoch für eine Bereinigung entscheidest, lass es mich bitte wissen! 
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.10.2012, 20:10
| #5 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? Psychotic, schon mal herzlichen Dank für Dein Angebot mir beim Reinigen des Systems zu helfen. Ich würde das gerne mit Deiner Hilfe ausprobieren. Habe heute nochmal einen vollständigen Scan mit Malware durchgeführt - keine Funde wurden gemeldet Ich frage mich natürlich weshalb ich Avira Internet Security 2012 gekauft habe - immer aktualisiert - alles an Firewall - Echtzeitscanner - Browserschutz - Emailschutz. Dort wurde am 0710 / 3009 TR/Zusy.19110 - am 3009 TR/Agent.6144.201 gemeldet und in Quarantäne verfrachtet. Wenn es Deine Zeit erlaubt - poste mir bitte, was ich Deiner Meinung nach jetzt machen soll! |
|
08.10.2012, 20:18
| #6 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 4: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Wie gefährlich sind diese Infektionen auf meinem Laptop? |
|
08.10.2012, 20:49
| #7 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? Marius, vielen Dank für Deine Hilfe - ich starte jetzt die Anweisungen: 1. defogger gestartet keine Fehlermeldung Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:21 on 08/10/2012 (PackardBellAdmin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Extras.txt Code:
ATTFilter OTL Extras logfile created on: 08.10.2012 21:27:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PackardBellAdmin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,76% Memory free
15,71 Gb Paging File | 13,68 Gb Available in Paging File | 87,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 193,52 Gb Total Space | 151,05 Gb Free Space | 78,05% Space Free | Partition Type: NTFS
Drive F: | 387,05 Gb Total Space | 385,04 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive I: | 931,50 Gb Total Space | 196,49 Gb Free Space | 21,09% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 654,27 Gb Free Space | 70,24% Space Free | Partition Type: NTFS
Drive V: | 931,51 Gb Total Space | 541,38 Gb Free Space | 58,12% Space Free | Partition Type: NTFS
Drive Z: | 61,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PACKARDBELLADMI | User Name: PackardBellAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DD8217-5280-47FD-8C9F-BE99081B365D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04C02194-5781-4CBA-A59F-D38EE602D153}" = lport=137 | protocol=17 | dir=in | app=system |
"{1ACE7D7A-EBB8-44AE-AEEE-989C34A0EEE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{1BFCF2D1-3E0E-488A-9A2B-39BD7644293E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E3C7463-1DA6-4FC0-A639-D8E486ED4171}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E40E04F-E641-4CFA-BA5E-D7DF3F596CB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3289189D-6C87-40F6-A3E2-093A79EF7EBF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7CFFF916-8E6D-499F-9437-34C46B622C36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A83371B-ED66-4E05-9BD3-C80D3A6A9D48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{920C412A-1645-4F46-A967-E671A666D540}" = lport=445 | protocol=6 | dir=in | app=system |
"{984DDB7B-E4AD-4182-A39E-C5C12D519C61}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F896C77-2209-455F-9D7E-5E79FE02AFFF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A969DB18-6A7A-493A-A269-1EF1E2F0AC5D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5DF1C19-63C9-4FD0-94EF-6413E3AD1F2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7C9A303-5110-4352-A3A7-D15084FA67A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB0ABE2E-ED5B-4AAC-B468-2236D9DBF4E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C478B378-C737-40E4-8F9F-7A9468C29247}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4A365E0-47BE-4151-9F35-0BE5880E9DD8}" = rport=138 | protocol=17 | dir=out | app=system |
"{C899A670-C5AC-4E8C-AC58-E8A2C906A389}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5DFFD04-5FE0-4F7C-B01F-47FD62715708}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAECF0A1-D60F-42C0-B2A6-1135551B5F66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB0E58A8-9C29-470E-A4FD-030389830063}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E017A070-4252-434A-A253-DD9C9097DE20}" = rport=445 | protocol=6 | dir=out | app=system |
"{F91FE79F-499C-48F7-9B54-2BEFA686FB36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FF33F23-73E6-4429-B4B0-BC8C03EBAA63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{10329E89-9284-4AFA-8A43-7E7A86D7470D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1562804B-C576-4236-9B0E-07F69173B831}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{214969B3-D7BD-43A0-94F5-65D90A96DA15}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26D3F34E-4D43-42C4-BE84-1D3B26BB49E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FBB27A2-1A00-455F-80E8-C372C5661648}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{323BC0E9-977C-4546-9712-87DCBE0ED603}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35A9D8FD-3793-4BE0-BC5E-644F2AE16614}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3686FBA1-BCDA-49D9-A620-6FCC885349B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36BB32BF-185D-42B6-8D84-4D2A5CEFAA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52905307-ED83-418B-AF59-D8EE0F7A4A08}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{57E88308-6A12-4F50-B0D4-E335B4268B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B76E4BE-4C78-4205-9DD4-A6502F9BADC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5DC1A175-C4F1-4F68-8605-4F23BD3B8141}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6310E814-277D-4C26-8756-7584F79F837D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65C586AC-BC4B-4A9B-AA18-DE29058A4B06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{747EDC58-4B8B-46C7-97D5-C84672FA0D12}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{75104C50-D238-4D4C-916C-17F4E9134E81}" = protocol=6 | dir=out | app=system |
"{79F24C88-490E-4538-B4C8-6CFA998E8175}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{933A5259-0818-4FF0-B0D1-BAF7573D714D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94314C7F-C559-440F-8CC7-8D04A8CF658A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{968E2F78-80B2-421B-8EAD-DAA0396C69B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A211F032-1421-4797-916F-2BC6079A9F13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D23DDB-6FD7-4B6C-99C6-961714D01138}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D0651D63-A259-49B7-B511-C31F988C9D05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2BAC467-2472-4084-B2FB-D40D2BEBA55E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCDA8305-08D1-41EA-8B37-89485767D53C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DE34F488-607C-4D9D-8FFF-DCD928C1036A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E268B390-27A9-49A7-84CF-44C6AD5C297E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAE4431B-36C1-4D4D-9C73-493E54B90B35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1" = FotoMorph version 13.6.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"EXCEL" = Microsoft Office Excel 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Notepad++" = Notepad++
"Organizer V99.1" = Lotus Organizer 6.0
"OUTLOOK" = Microsoft Office Outlook 2007
"POWERPOINT" = Microsoft Office PowerPoint 2007
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Syncdata SmartphoneNotes" = SmartphoneNotes (uninstall only)
"VISPRO" = Microsoft Office Visio Professional 2007
"WORD" = Microsoft Office Word 2007
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.10.2012 01:12:46 | Computer Name = PackardBellAdmi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000057c9c
ID
des fehlerhaften Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0x01cd9f7a2d2a25b1
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a2814a3a-0b86-11e2-8365-1c7508d0b1fa
Error - 01.10.2012 15:12:55 | Computer Name = PackardBellAdmi | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
vdrv1000. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 05.10.2012 15:57:00 | Computer Name = PackardBellAdmi | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
Error - 06.10.2012 04:31:43 | Computer Name = PackardBellAdmi | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
Error - 07.10.2012 04:59:15 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 486
Description = Windows (3676) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001CB.log"
nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
verschieben, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die
Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Verschieben von Dateien.
Error - 07.10.2012 04:59:15 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 413
Description = Windows (3676) Windows: Neue Protokolldatei konnte nicht erstellt
werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk
ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu
wenig freien Speicherplatz. Fehler -1032.
Error - 07.10.2012 04:59:15 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 492
Description = Windows (3676) Windows: Die Protokolldatei-Reihenfolge in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\"
wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese
Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich.
Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine
Wiederherstellung aus einer Sicherung durch.
Error - 07.10.2012 10:56:30 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 486
Description = Windows (3980) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001CC.log"
nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
verschieben, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die
Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Verschieben von Dateien.
Error - 07.10.2012 10:56:30 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 413
Description = Windows (3980) Windows: Neue Protokolldatei konnte nicht erstellt
werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk
ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu
wenig freien Speicherplatz. Fehler -1032.
Error - 07.10.2012 10:56:30 | Computer Name = PackardBellAdmi | Source = ESENT | ID = 492
Description = Windows (3980) Windows: Die Protokolldatei-Reihenfolge in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\"
wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese
Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich.
Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine
Wiederherstellung aus einer Sicherung durch.
[ System Events ]
Error - 26.09.2012 23:50:31 | Computer Name = PackardBellAdmi | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 26.09.2012 23:50:31 | Computer Name = PackardBellAdmi | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 27.09.2012 15:03:01 | Computer Name = PackardBellAdmi | Source = bScsiMSa | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
\Device\Scsi\bScsiMSa1 festgestellt.
Error - 03.10.2012 08:34:56 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk4\DR4 ist für den Zugriff noch nicht bereit.
Error - 03.10.2012 08:34:56 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk4\DR4 ist für den Zugriff noch nicht bereit.
Error - 03.10.2012 08:34:56 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk4\DR4 ist für den Zugriff noch nicht bereit.
Error - 03.10.2012 08:34:56 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk4\DR4 ist für den Zugriff noch nicht bereit.
Error - 06.10.2012 10:27:53 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.10.2012 10:27:54 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 06.10.2012 10:27:55 | Computer Name = PackardBellAdmi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
< End of report >
OTL.txt als OTL.7z Soweit der erste Teil - gleich geht es weiter ! |
|
08.10.2012, 21:05
| #8 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? 3. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 21:50:39
-----------------------------
21:50:39.139 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:39.139 Number of processors: 8 586 0x2A07
21:50:39.139 ComputerName: PACKARDBELLADMI UserName:
21:50:40.621 Initialize success
21:51:34.610 AVAST engine defs: 12100800
21:51:45.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:51:45.967 Disk 0 Vendor: WDC_WD6400BPVT-22HXZT1 01.01A01 Size: 610480MB BusType: 11
21:51:46.013 Disk 0 MBR read successfully
21:51:46.013 Disk 0 MBR scan
21:51:46.029 Disk 0 unknown MBR code
21:51:46.029 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15872 MB offset 2048
21:51:46.060 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32507904
21:51:46.076 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 198169 MB offset 32712704
21:51:46.107 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 396337 MB offset 438562816
21:51:46.138 Disk 0 scanning C:\Windows\system32\drivers
21:52:00.490 Service scanning
21:52:24.842 Modules scanning
21:52:24.842 Disk 0 trace - called modules:
21:52:24.873 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:52:24.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008346790]
21:52:24.889 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ded680]
21:52:26.230 AVAST engine scan C:\Windows
21:52:28.399 AVAST engine scan C:\Windows\system32
21:55:39.421 AVAST engine scan C:\Windows\system32\drivers
21:55:57.517 AVAST engine scan C:\Users\PackardBellAdmin
21:57:53.472 AVAST engine scan C:\ProgramData
21:58:21.068 Scan finished successfully
21:59:45.215 Disk 0 MBR has been saved successfully to "C:\Users\PackardBellAdmin\Desktop\MBR.dat"
21:59:45.231 The log file has been saved successfully to "C:\Users\PackardBellAdmin\Desktop\aswMBR.txt"
Code:
ATTFilter 22:02:04.0745 4764 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:02:06.0758 4764 ============================================================
22:02:06.0758 4764 Current date / time: 2012/10/08 22:02:06.0758
22:02:06.0758 4764 SystemInfo:
22:02:06.0758 4764
22:02:06.0758 4764 OS Version: 6.1.7601 ServicePack: 1.0
22:02:06.0758 4764 Product type: Workstation
22:02:06.0758 4764 ComputerName: PACKARDBELLADMI
22:02:06.0758 4764 UserName: PackardBellAdmin
22:02:06.0758 4764 Windows directory: C:\Windows
22:02:06.0758 4764 System windows directory: C:\Windows
22:02:06.0758 4764 Running under WOW64
22:02:06.0758 4764 Processor architecture: Intel x64
22:02:06.0758 4764 Number of processors: 8
22:02:06.0758 4764 Page size: 0x1000
22:02:06.0758 4764 Boot type: Normal boot
22:02:06.0758 4764 ============================================================
22:02:07.0787 4764 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:02:07.0803 4764 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:02:07.0834 4764 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:02:14.0963 4764 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:02:25.0150 4764 ============================================================
22:02:25.0150 4764 \Device\Harddisk0\DR0:
22:02:25.0150 4764 MBR partitions:
22:02:25.0150 4764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F00800, BlocksNum 0x32000
22:02:25.0150 4764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F32800, BlocksNum 0x1830C800
22:02:25.0150 4764 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1A23F000, BlocksNum 0x30618800
22:02:25.0150 4764 \Device\Harddisk1\DR1:
22:02:25.0150 4764 MBR partitions:
22:02:25.0150 4764 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:02:25.0150 4764 \Device\Harddisk2\DR2:
22:02:25.0150 4764 MBR partitions:
22:02:25.0150 4764 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x74701AC1
22:02:25.0150 4764 \Device\Harddisk3\DR3:
22:02:25.0150 4764 MBR partitions:
22:02:25.0150 4764 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:02:25.0150 4764 ============================================================
22:02:25.0306 4764 C: <-> \Device\Harddisk0\DR0\Partition2
22:02:25.0322 4764 I: <-> \Device\Harddisk2\DR2\Partition1
22:02:25.0790 4764 V: <-> \Device\Harddisk1\DR1\Partition1
22:02:25.0899 4764 F: <-> \Device\Harddisk0\DR0\Partition3
22:02:25.0915 4764 J: <-> \Device\Harddisk3\DR3\Partition1
22:02:25.0915 4764 ============================================================
22:02:25.0915 4764 Initialize success
22:02:25.0915 4764 ============================================================
22:02:44.0962 2944 ============================================================
22:02:44.0962 2944 Scan started
22:02:44.0962 2944 Mode: Manual;
22:02:44.0962 2944 ============================================================
22:02:46.0007 2944 ================ Scan system memory ========================
22:02:46.0007 2944 System memory - ok
22:02:46.0007 2944 ================ Scan services =============================
22:02:46.0195 2944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:02:46.0226 2944 1394ohci - ok
22:02:46.0257 2944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:02:46.0273 2944 ACPI - ok
22:02:46.0288 2944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:02:46.0304 2944 AcpiPmi - ok
22:02:46.0397 2944 [ F6783C115BA943407CA6A604C7013ABE ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
22:02:46.0413 2944 AcrSch2Svc - ok
22:02:46.0444 2944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:02:46.0444 2944 AdobeARMservice - ok
22:02:46.0538 2944 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:02:46.0538 2944 AdobeFlashPlayerUpdateSvc - ok
22:02:46.0600 2944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:02:46.0631 2944 adp94xx - ok
22:02:46.0663 2944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:02:46.0678 2944 adpahci - ok
22:02:46.0709 2944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:02:46.0709 2944 adpu320 - ok
22:02:46.0741 2944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:02:46.0741 2944 AeLookupSvc - ok
22:02:46.0772 2944 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
22:02:46.0772 2944 afcdp - ok
22:02:46.0865 2944 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
22:02:46.0943 2944 afcdpsrv - ok
22:02:47.0006 2944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:02:47.0021 2944 AFD - ok
22:02:47.0037 2944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:02:47.0053 2944 agp440 - ok
22:02:47.0053 2944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:02:47.0068 2944 ALG - ok
22:02:47.0084 2944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:02:47.0099 2944 aliide - ok
22:02:47.0099 2944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:02:47.0115 2944 amdide - ok
22:02:47.0146 2944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:02:47.0146 2944 AmdK8 - ok
22:02:47.0146 2944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:02:47.0146 2944 AmdPPM - ok
22:02:47.0177 2944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:02:47.0193 2944 amdsata - ok
22:02:47.0209 2944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:02:47.0224 2944 amdsbs - ok
22:02:47.0240 2944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:02:47.0240 2944 amdxata - ok
22:02:47.0318 2944 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
22:02:47.0318 2944 AntiVirFirewallService - ok
22:02:47.0349 2944 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
22:02:47.0365 2944 AntiVirMailService - ok
22:02:47.0380 2944 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:02:47.0380 2944 AntiVirSchedulerService - ok
22:02:47.0396 2944 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:02:47.0411 2944 AntiVirService - ok
22:02:47.0443 2944 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:02:47.0443 2944 AntiVirWebService - ok
22:02:47.0474 2944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:02:47.0489 2944 AppID - ok
22:02:47.0505 2944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:02:47.0521 2944 AppIDSvc - ok
22:02:47.0552 2944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:02:47.0552 2944 Appinfo - ok
22:02:47.0614 2944 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:02:47.0630 2944 Apple Mobile Device - ok
22:02:47.0661 2944 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:02:47.0661 2944 AppMgmt - ok
22:02:47.0723 2944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:02:47.0723 2944 arc - ok
22:02:47.0739 2944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:02:47.0739 2944 arcsas - ok
22:02:47.0770 2944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:02:47.0770 2944 AsyncMac - ok
22:02:47.0801 2944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:02:47.0801 2944 atapi - ok
22:02:47.0911 2944 [ 524D0E30104137870A6B9D637E8B210C ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:02:47.0973 2944 athr - ok
22:02:48.0020 2944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:02:48.0020 2944 AudioEndpointBuilder - ok
22:02:48.0051 2944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:02:48.0067 2944 AudioSrv - ok
22:02:48.0082 2944 [ F3A3859D006783A0E0D40E227E52C35C ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
22:02:48.0082 2944 avfwim - ok
22:02:48.0129 2944 [ BC06315A7BDBCAD0C7719D1C1306A4DB ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
22:02:48.0145 2944 avfwot - ok
22:02:48.0160 2944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:02:48.0176 2944 avgntflt - ok
22:02:48.0207 2944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:02:48.0207 2944 avipbb - ok
22:02:48.0223 2944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:02:48.0223 2944 avkmgr - ok
22:02:48.0254 2944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:02:48.0254 2944 AxInstSV - ok
22:02:48.0301 2944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:02:48.0347 2944 b06bdrv - ok
22:02:48.0394 2944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:02:48.0410 2944 b57nd60a - ok
22:02:48.0472 2944 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
22:02:48.0472 2944 b57xdbd - ok
22:02:48.0488 2944 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
22:02:48.0503 2944 b57xdmp - ok
22:02:48.0550 2944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:02:48.0550 2944 BDESVC - ok
22:02:48.0581 2944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:02:48.0581 2944 Beep - ok
22:02:48.0659 2944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:02:48.0675 2944 BFE - ok
22:02:48.0722 2944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:02:48.0753 2944 BITS - ok
22:02:48.0769 2944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:02:48.0784 2944 blbdrive - ok
22:02:48.0862 2944 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:02:48.0878 2944 Bonjour Service - ok
22:02:48.0925 2944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:02:48.0925 2944 bowser - ok
22:02:48.0940 2944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:02:48.0940 2944 BrFiltLo - ok
22:02:48.0956 2944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:02:48.0956 2944 BrFiltUp - ok
22:02:48.0987 2944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:02:48.0987 2944 Browser - ok
22:02:49.0003 2944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:02:49.0018 2944 Brserid - ok
22:02:49.0034 2944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:02:49.0034 2944 BrSerWdm - ok
22:02:49.0034 2944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:02:49.0034 2944 BrUsbMdm - ok
22:02:49.0049 2944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:02:49.0049 2944 BrUsbSer - ok
22:02:49.0081 2944 [ 520408CFDB56DE8CDB44B2F11B9C5B5C ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
22:02:49.0081 2944 bScsiMSa - ok
22:02:49.0127 2944 [ 9F880F03F4A72215C8B77FD51322C297 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
22:02:49.0143 2944 bScsiSDa - ok
22:02:49.0143 2944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:02:49.0159 2944 BTHMODEM - ok
22:02:49.0174 2944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:02:49.0174 2944 bthserv - ok
22:02:49.0205 2944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:02:49.0205 2944 cdfs - ok
22:02:49.0237 2944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:02:49.0237 2944 cdrom - ok
22:02:49.0268 2944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:02:49.0268 2944 CertPropSvc - ok
22:02:49.0299 2944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:02:49.0315 2944 circlass - ok
22:02:49.0330 2944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:02:49.0346 2944 CLFS - ok
22:02:49.0424 2944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:02:49.0424 2944 clr_optimization_v2.0.50727_32 - ok
22:02:49.0471 2944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:02:49.0471 2944 clr_optimization_v2.0.50727_64 - ok
22:02:49.0564 2944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:02:49.0564 2944 clr_optimization_v4.0.30319_32 - ok
22:02:49.0595 2944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:02:49.0595 2944 clr_optimization_v4.0.30319_64 - ok
22:02:49.0611 2944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:02:49.0611 2944 CmBatt - ok
22:02:49.0627 2944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:02:49.0627 2944 cmdide - ok
22:02:49.0658 2944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:02:49.0673 2944 CNG - ok
22:02:49.0705 2944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:02:49.0705 2944 Compbatt - ok
22:02:49.0720 2944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:02:49.0736 2944 CompositeBus - ok
22:02:49.0736 2944 COMSysApp - ok
22:02:49.0798 2944 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:02:49.0814 2944 cphs - ok
22:02:49.0829 2944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:02:49.0829 2944 crcdisk - ok
22:02:49.0876 2944 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:02:49.0892 2944 CryptSvc - ok
22:02:49.0939 2944 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:02:49.0970 2944 CSC - ok
22:02:50.0032 2944 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:02:50.0048 2944 CscService - ok
22:02:50.0079 2944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:02:50.0079 2944 DcomLaunch - ok
22:02:50.0126 2944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:02:50.0157 2944 defragsvc - ok
22:02:50.0204 2944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:02:50.0204 2944 DfsC - ok
22:02:50.0251 2944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:02:50.0251 2944 Dhcp - ok
22:02:50.0266 2944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:02:50.0282 2944 discache - ok
22:02:50.0313 2944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:02:50.0313 2944 Disk - ok
22:02:50.0344 2944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:02:50.0360 2944 Dnscache - ok
22:02:50.0422 2944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:02:50.0438 2944 dot3svc - ok
22:02:50.0469 2944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:02:50.0469 2944 DPS - ok
22:02:50.0516 2944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:02:50.0516 2944 drmkaud - ok
22:02:50.0563 2944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:02:50.0594 2944 DXGKrnl - ok
22:02:50.0625 2944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:02:50.0625 2944 EapHost - ok
22:02:50.0734 2944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:02:50.0812 2944 ebdrv - ok
22:02:50.0843 2944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:02:50.0843 2944 EFS - ok
22:02:50.0890 2944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:02:50.0906 2944 ehRecvr - ok
22:02:50.0937 2944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:02:50.0937 2944 ehSched - ok
22:02:50.0984 2944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:02:50.0984 2944 elxstor - ok
22:02:50.0999 2944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:02:50.0999 2944 ErrDev - ok
22:02:51.0046 2944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:02:51.0062 2944 EventSystem - ok
22:02:51.0077 2944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:02:51.0077 2944 exfat - ok
22:02:51.0093 2944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:02:51.0109 2944 fastfat - ok
22:02:51.0171 2944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:02:51.0171 2944 Fax - ok
22:02:51.0187 2944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:02:51.0187 2944 fdc - ok
22:02:51.0218 2944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:02:51.0218 2944 fdPHost - ok
22:02:51.0233 2944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:02:51.0233 2944 FDResPub - ok
22:02:51.0249 2944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:02:51.0249 2944 FileInfo - ok
22:02:51.0249 2944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:02:51.0265 2944 Filetrace - ok
22:02:51.0265 2944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:02:51.0265 2944 flpydisk - ok
22:02:51.0311 2944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:02:51.0311 2944 FltMgr - ok
22:02:51.0374 2944 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:02:51.0389 2944 FontCache - ok
22:02:51.0436 2944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:02:51.0436 2944 FontCache3.0.0.0 - ok
22:02:51.0467 2944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:02:51.0467 2944 FsDepends - ok
22:02:51.0499 2944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:02:51.0499 2944 Fs_Rec - ok
22:02:51.0545 2944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:02:51.0545 2944 fvevol - ok
22:02:51.0561 2944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:02:51.0561 2944 gagp30kx - ok
22:02:51.0608 2944 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:02:51.0608 2944 GEARAspiWDM - ok
22:02:51.0639 2944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:02:51.0639 2944 gpsvc - ok
22:02:51.0655 2944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:02:51.0655 2944 hcw85cir - ok
22:02:51.0701 2944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:02:51.0717 2944 HdAudAddService - ok
22:02:51.0764 2944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:02:51.0764 2944 HDAudBus - ok
22:02:51.0779 2944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:02:51.0795 2944 HidBatt - ok
22:02:51.0795 2944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:02:51.0795 2944 HidBth - ok
22:02:51.0811 2944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:02:51.0811 2944 HidIr - ok
22:02:51.0826 2944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:02:51.0826 2944 hidserv - ok
22:02:51.0873 2944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:02:51.0873 2944 HidUsb - ok
22:02:51.0904 2944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:02:51.0904 2944 hkmsvc - ok
22:02:51.0951 2944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:02:51.0951 2944 HomeGroupListener - ok
22:02:51.0967 2944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:02:51.0982 2944 HomeGroupProvider - ok
22:02:52.0013 2944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:02:52.0013 2944 HpSAMD - ok
22:02:52.0060 2944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:02:52.0091 2944 HTTP - ok
22:02:52.0123 2944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:02:52.0123 2944 hwpolicy - ok
22:02:52.0169 2944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:02:52.0169 2944 i8042prt - ok
22:02:52.0216 2944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:02:52.0232 2944 iaStorV - ok
22:02:52.0279 2944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:02:52.0310 2944 idsvc - ok
22:02:52.0637 2944 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:02:52.0934 2944 igfx - ok
22:02:52.0965 2944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:02:52.0965 2944 iirsp - ok
22:02:53.0012 2944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:02:53.0059 2944 IKEEXT - ok
22:02:53.0074 2944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:02:53.0074 2944 intelide - ok
22:02:53.0105 2944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:02:53.0105 2944 intelppm - ok
22:02:53.0152 2944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:02:53.0168 2944 IPBusEnum - ok
22:02:53.0215 2944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:02:53.0230 2944 IpFilterDriver - ok
22:02:53.0293 2944 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:02:53.0308 2944 iphlpsvc - ok
22:02:53.0355 2944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:02:53.0355 2944 IPMIDRV - ok
22:02:53.0371 2944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:02:53.0386 2944 IPNAT - ok
22:02:53.0449 2944 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:02:53.0464 2944 iPod Service - ok
22:02:53.0495 2944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:02:53.0495 2944 IRENUM - ok
22:02:53.0542 2944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:02:53.0542 2944 isapnp - ok
22:02:53.0589 2944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:02:53.0605 2944 iScsiPrt - ok
22:02:53.0667 2944 [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:02:53.0698 2944 k57nd60a - ok
22:02:53.0729 2944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:02:53.0729 2944 kbdclass - ok
22:02:53.0761 2944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:02:53.0761 2944 kbdhid - ok
22:02:53.0776 2944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:02:53.0792 2944 KeyIso - ok
22:02:53.0807 2944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:02:53.0807 2944 KSecDD - ok
22:02:53.0823 2944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:02:53.0839 2944 KSecPkg - ok
22:02:53.0870 2944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:02:53.0870 2944 ksthunk - ok
22:02:53.0901 2944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:02:53.0932 2944 KtmRm - ok
22:02:53.0948 2944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:02:53.0963 2944 LanmanServer - ok
22:02:53.0995 2944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:02:53.0995 2944 LanmanWorkstation - ok
22:02:54.0041 2944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:02:54.0041 2944 lltdio - ok
22:02:54.0073 2944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:02:54.0088 2944 lltdsvc - ok
22:02:54.0119 2944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:02:54.0119 2944 lmhosts - ok
22:02:54.0151 2944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:02:54.0151 2944 LSI_FC - ok
22:02:54.0182 2944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:02:54.0182 2944 LSI_SAS - ok
22:02:54.0197 2944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:02:54.0197 2944 LSI_SAS2 - ok
22:02:54.0213 2944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:02:54.0213 2944 LSI_SCSI - ok
22:02:54.0229 2944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:02:54.0229 2944 luafv - ok
22:02:54.0260 2944 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:02:54.0260 2944 MBAMProtector - ok
22:02:54.0338 2944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:02:54.0338 2944 MBAMScheduler - ok
22:02:54.0385 2944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:02:54.0400 2944 MBAMService - ok
22:02:54.0431 2944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:02:54.0447 2944 Mcx2Svc - ok
22:02:54.0447 2944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:02:54.0447 2944 megasas - ok
22:02:54.0478 2944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:02:54.0509 2944 MegaSR - ok
22:02:54.0541 2944 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:02:54.0541 2944 MEIx64 - ok
22:02:54.0572 2944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:02:54.0587 2944 MMCSS - ok
22:02:54.0587 2944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:02:54.0587 2944 Modem - ok
22:02:54.0619 2944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:02:54.0619 2944 monitor - ok
22:02:54.0650 2944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:02:54.0665 2944 mouclass - ok
22:02:54.0697 2944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:02:54.0697 2944 mouhid - ok
22:02:54.0743 2944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:02:54.0743 2944 mountmgr - ok
22:02:54.0775 2944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:02:54.0775 2944 mpio - ok
22:02:54.0790 2944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:02:54.0790 2944 mpsdrv - ok
22:02:54.0853 2944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:02:54.0868 2944 MpsSvc - ok
22:02:54.0915 2944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:02:54.0915 2944 MRxDAV - ok
22:02:54.0946 2944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:02:54.0946 2944 mrxsmb - ok
22:02:54.0977 2944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:02:54.0993 2944 mrxsmb10 - ok
22:02:55.0024 2944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:02:55.0040 2944 mrxsmb20 - ok
22:02:55.0071 2944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:02:55.0071 2944 msahci - ok
22:02:55.0102 2944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:02:55.0118 2944 msdsm - ok
22:02:55.0133 2944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:02:55.0149 2944 MSDTC - ok
22:02:55.0165 2944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:02:55.0165 2944 Msfs - ok
22:02:55.0196 2944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:02:55.0196 2944 mshidkmdf - ok
22:02:55.0227 2944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:02:55.0227 2944 msisadrv - ok
22:02:55.0258 2944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:02:55.0258 2944 MSiSCSI - ok
22:02:55.0258 2944 msiserver - ok
22:02:55.0274 2944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:02:55.0289 2944 MSKSSRV - ok
22:02:55.0289 2944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:02:55.0289 2944 MSPCLOCK - ok
22:02:55.0289 2944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:02:55.0305 2944 MSPQM - ok
22:02:55.0336 2944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:02:55.0352 2944 MsRPC - ok
22:02:55.0367 2944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:02:55.0367 2944 mssmbios - ok
22:02:55.0383 2944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:02:55.0383 2944 MSTEE - ok
22:02:55.0383 2944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:02:55.0399 2944 MTConfig - ok
22:02:55.0414 2944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:02:55.0414 2944 Mup - ok
22:02:55.0461 2944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:02:55.0477 2944 napagent - ok
22:02:55.0508 2944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:02:55.0508 2944 NativeWifiP - ok
22:02:55.0570 2944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:02:55.0601 2944 NDIS - ok
22:02:55.0633 2944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:02:55.0633 2944 NdisCap - ok
22:02:55.0664 2944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:02:55.0664 2944 NdisTapi - ok
22:02:55.0695 2944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:02:55.0695 2944 Ndisuio - ok
22:02:55.0726 2944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:02:55.0742 2944 NdisWan - ok
22:02:55.0789 2944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:02:55.0789 2944 NDProxy - ok
22:02:55.0820 2944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:02:55.0820 2944 NetBIOS - ok
22:02:55.0867 2944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:02:55.0882 2944 NetBT - ok
22:02:55.0898 2944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:02:55.0898 2944 Netlogon - ok
22:02:55.0929 2944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:02:55.0945 2944 Netman - ok
22:02:55.0960 2944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:02:55.0976 2944 netprofm - ok
22:02:56.0007 2944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:02:56.0007 2944 NetTcpPortSharing - ok
22:02:56.0023 2944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:02:56.0038 2944 nfrd960 - ok
22:02:56.0085 2944 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:02:56.0101 2944 NlaSvc - ok
22:02:56.0163 2944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:02:56.0163 2944 Npfs - ok
22:02:56.0179 2944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:02:56.0179 2944 nsi - ok
22:02:56.0194 2944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:02:56.0194 2944 nsiproxy - ok
22:02:56.0272 2944 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:02:56.0335 2944 Ntfs - ok
22:02:56.0350 2944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:02:56.0366 2944 Null - ok
22:02:56.0397 2944 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:02:56.0397 2944 nusb3hub - ok
22:02:56.0428 2944 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:02:56.0428 2944 nusb3xhc - ok
22:02:56.0475 2944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:02:56.0475 2944 nvraid - ok
22:02:56.0506 2944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:02:56.0506 2944 nvstor - ok
22:02:56.0553 2944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:02:56.0569 2944 nv_agp - ok
22:02:56.0662 2944 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:02:56.0678 2944 odserv - ok
22:02:56.0693 2944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:02:56.0709 2944 ohci1394 - ok
22:02:56.0756 2944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:02:56.0756 2944 ose - ok
22:02:56.0803 2944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:02:56.0803 2944 p2pimsvc - ok
22:02:56.0849 2944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:02:56.0865 2944 p2psvc - ok
22:02:56.0881 2944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:02:56.0881 2944 Parport - ok
22:02:56.0912 2944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:02:56.0927 2944 partmgr - ok
22:02:56.0943 2944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:02:56.0943 2944 PcaSvc - ok
22:02:56.0959 2944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:02:56.0974 2944 pci - ok
22:02:56.0990 2944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:02:57.0005 2944 pciide - ok
22:02:57.0021 2944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:02:57.0021 2944 pcmcia - ok
22:02:57.0052 2944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:02:57.0052 2944 pcw - ok
22:02:57.0083 2944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:02:57.0099 2944 PEAUTH - ok
22:02:57.0146 2944 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:02:57.0193 2944 PeerDistSvc - ok
22:02:57.0224 2944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:02:57.0239 2944 PerfHost - ok
22:02:57.0317 2944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:02:57.0380 2944 pla - ok
22:02:57.0427 2944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:02:57.0442 2944 PlugPlay - ok
22:02:57.0458 2944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:02:57.0458 2944 PNRPAutoReg - ok
22:02:57.0489 2944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:02:57.0489 2944 PNRPsvc - ok
22:02:57.0520 2944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:02:57.0551 2944 PolicyAgent - ok
22:02:57.0583 2944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:02:57.0598 2944 Power - ok
22:02:57.0645 2944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:02:57.0645 2944 PptpMiniport - ok
22:02:57.0661 2944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:02:57.0661 2944 Processor - ok
22:02:57.0692 2944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:02:57.0707 2944 ProfSvc - ok
22:02:57.0723 2944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:02:57.0723 2944 ProtectedStorage - ok
22:02:57.0770 2944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:02:57.0770 2944 Psched - ok
22:02:57.0832 2944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:02:57.0879 2944 ql2300 - ok
22:02:57.0879 2944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:02:57.0895 2944 ql40xx - ok
22:02:57.0910 2944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:02:57.0910 2944 QWAVE - ok
22:02:57.0910 2944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:02:57.0910 2944 QWAVEdrv - ok
22:02:57.0988 2944 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:02:58.0004 2944 RapiMgr - ok
22:02:58.0004 2944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:02:58.0004 2944 RasAcd - ok
22:02:58.0035 2944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:02:58.0035 2944 RasAgileVpn - ok
22:02:58.0051 2944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:02:58.0066 2944 RasAuto - ok
22:02:58.0082 2944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:02:58.0097 2944 Rasl2tp - ok
22:02:58.0144 2944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:02:58.0175 2944 RasMan - ok
22:02:58.0191 2944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:02:58.0191 2944 RasPppoe - ok
22:02:58.0207 2944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:02:58.0222 2944 RasSstp - ok
22:02:58.0253 2944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:02:58.0269 2944 rdbss - ok
22:02:58.0300 2944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:02:58.0300 2944 rdpbus - ok
22:02:58.0316 2944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:02:58.0316 2944 RDPCDD - ok
22:02:58.0347 2944 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:02:58.0363 2944 RDPDR - ok
22:02:58.0394 2944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:02:58.0394 2944 RDPENCDD - ok
22:02:58.0425 2944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:02:58.0425 2944 RDPREFMP - ok
22:02:58.0487 2944 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:02:58.0487 2944 RdpVideoMiniport - ok
22:02:58.0519 2944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:02:58.0519 2944 RDPWD - ok
22:02:58.0550 2944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:02:58.0565 2944 rdyboost - ok
22:02:58.0597 2944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:02:58.0612 2944 RemoteAccess - ok
22:02:58.0628 2944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:02:58.0643 2944 RemoteRegistry - ok
22:02:58.0675 2944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:02:58.0675 2944 RpcEptMapper - ok
22:02:58.0706 2944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:02:58.0721 2944 RpcLocator - ok
22:02:58.0768 2944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:02:58.0768 2944 RpcSs - ok
22:02:58.0784 2944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:02:58.0799 2944 rspndr - ok
22:02:58.0815 2944 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:02:58.0815 2944 s3cap - ok
22:02:58.0831 2944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:02:58.0846 2944 SamSs - ok
22:02:58.0877 2944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:02:58.0877 2944 sbp2port - ok
22:02:58.0893 2944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:02:58.0909 2944 SCardSvr - ok
22:02:58.0940 2944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:02:58.0940 2944 scfilter - ok
22:02:59.0002 2944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:02:59.0049 2944 Schedule - ok
22:02:59.0080 2944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:02:59.0080 2944 SCPolicySvc - ok
22:02:59.0111 2944 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:02:59.0127 2944 sdbus - ok
22:02:59.0143 2944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:02:59.0174 2944 SDRSVC - ok
22:02:59.0189 2944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:02:59.0189 2944 secdrv - ok
22:02:59.0221 2944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:02:59.0221 2944 seclogon - ok
22:02:59.0252 2944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:02:59.0267 2944 SENS - ok
22:02:59.0283 2944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:02:59.0299 2944 SensrSvc - ok
22:02:59.0314 2944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:02:59.0314 2944 Serenum - ok
22:02:59.0361 2944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:02:59.0361 2944 Serial - ok
22:02:59.0392 2944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:02:59.0392 2944 sermouse - ok
22:02:59.0455 2944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:02:59.0455 2944 SessionEnv - ok
22:02:59.0470 2944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:02:59.0486 2944 sffdisk - ok
22:02:59.0501 2944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:02:59.0501 2944 sffp_mmc - ok
22:02:59.0517 2944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:02:59.0517 2944 sffp_sd - ok
22:02:59.0533 2944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:02:59.0533 2944 sfloppy - ok
22:02:59.0564 2944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:02:59.0579 2944 SharedAccess - ok
22:02:59.0626 2944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:02:59.0657 2944 ShellHWDetection - ok
22:02:59.0673 2944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:02:59.0673 2944 SiSRaid2 - ok
22:02:59.0689 2944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:02:59.0689 2944 SiSRaid4 - ok
22:02:59.0704 2944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:02:59.0704 2944 Smb - ok
22:02:59.0767 2944 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
22:02:59.0767 2944 snapman - ok
22:02:59.0813 2944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:02:59.0813 2944 SNMPTRAP - ok
22:02:59.0829 2944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:02:59.0845 2944 spldr - ok
22:02:59.0876 2944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:02:59.0891 2944 Spooler - ok
22:03:00.0001 2944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:03:00.0063 2944 sppsvc - ok
22:03:00.0094 2944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:03:00.0094 2944 sppuinotify - ok
22:03:00.0141 2944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:03:00.0141 2944 srv - ok
22:03:00.0157 2944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:03:00.0188 2944 srv2 - ok
22:03:00.0203 2944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:03:00.0219 2944 srvnet - ok
22:03:00.0250 2944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:03:00.0250 2944 SSDPSRV - ok
22:03:00.0266 2944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:03:00.0281 2944 SstpSvc - ok
22:03:00.0297 2944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:03:00.0297 2944 stexstor - ok
22:03:00.0359 2944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:03:00.0391 2944 stisvc - ok
22:03:00.0422 2944 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:03:00.0422 2944 storflt - ok
22:03:00.0453 2944 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:03:00.0469 2944 storvsc - ok
22:03:00.0500 2944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:03:00.0500 2944 swenum - ok
22:03:00.0515 2944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:03:00.0547 2944 swprv - ok
22:03:00.0562 2944 Synth3dVsc - ok
22:03:00.0640 2944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:03:00.0687 2944 SysMain - ok
22:03:00.0703 2944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:03:00.0703 2944 TabletInputService - ok
22:03:00.0718 2944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:03:00.0734 2944 TapiSrv - ok
22:03:00.0749 2944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:03:00.0749 2944 TBS - ok
22:03:00.0843 2944 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:03:00.0890 2944 Tcpip - ok
22:03:00.0952 2944 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:03:00.0968 2944 TCPIP6 - ok
22:03:00.0999 2944 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:03:00.0999 2944 tcpipreg - ok
22:03:01.0030 2944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:03:01.0030 2944 TDPIPE - ok
22:03:01.0093 2944 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
22:03:01.0139 2944 tdrpman273 - ok
22:03:01.0171 2944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:03:01.0171 2944 TDTCP - ok
22:03:01.0186 2944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:03:01.0202 2944 tdx - ok
22:03:01.0217 2944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:03:01.0217 2944 TermDD - ok
22:03:01.0264 2944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:03:01.0295 2944 TermService - ok
22:03:01.0327 2944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:03:01.0327 2944 Themes - ok
22:03:01.0327 2944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:03:01.0327 2944 THREADORDER - ok
22:03:01.0389 2944 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
22:03:01.0436 2944 timounter - ok
22:03:01.0467 2944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:03:01.0467 2944 TrkWks - ok
22:03:01.0529 2944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:03:01.0529 2944 TrustedInstaller - ok
22:03:01.0561 2944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:01.0561 2944 tssecsrv - ok
22:03:01.0607 2944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:03:01.0607 2944 TsUsbFlt - ok
22:03:01.0623 2944 tsusbhub - ok
22:03:01.0685 2944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:03:01.0685 2944 tunnel - ok
22:03:01.0732 2944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:03:01.0732 2944 uagp35 - ok
22:03:01.0763 2944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:03:01.0779 2944 udfs - ok
22:03:01.0795 2944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:03:01.0810 2944 UI0Detect - ok
22:03:01.0841 2944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:03:01.0841 2944 uliagpkx - ok
22:03:01.0888 2944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:03:01.0888 2944 umbus - ok
22:03:01.0904 2944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:03:01.0904 2944 UmPass - ok
22:03:01.0919 2944 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:03:01.0935 2944 UmRdpService - ok
22:03:01.0951 2944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:03:01.0966 2944 upnphost - ok
22:03:02.0013 2944 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:03:02.0029 2944 USBAAPL64 - ok
22:03:02.0060 2944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:02.0075 2944 usbccgp - ok
22:03:02.0107 2944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:03:02.0122 2944 usbcir - ok
22:03:02.0138 2944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:03:02.0138 2944 usbehci - ok
22:03:02.0169 2944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:03:02.0200 2944 usbhub - ok
22:03:02.0216 2944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:03:02.0216 2944 usbohci - ok
22:03:02.0247 2944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:03:02.0247 2944 usbprint - ok
22:03:02.0278 2944 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:03:02.0278 2944 usbscan - ok
22:03:02.0309 2944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:02.0309 2944 USBSTOR - ok
22:03:02.0325 2944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:03:02.0325 2944 usbuhci - ok
22:03:02.0356 2944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:03:02.0356 2944 usbvideo - ok
22:03:02.0372 2944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:03:02.0372 2944 UxSms - ok
22:03:02.0403 2944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:03:02.0403 2944 VaultSvc - ok
22:03:02.0434 2944 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
22:03:02.0434 2944 vcd10bus - ok
22:03:02.0481 2944 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
22:03:02.0497 2944 VClone - ok
22:03:02.0528 2944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:03:02.0528 2944 vdrvroot - ok
22:03:02.0575 2944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:03:02.0606 2944 vds - ok
22:03:02.0621 2944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:02.0621 2944 vga - ok
22:03:02.0621 2944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:03:02.0621 2944 VgaSave - ok
22:03:02.0637 2944 VGPU - ok
22:03:02.0653 2944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:03:02.0653 2944 vhdmp - ok
22:03:02.0668 2944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:03:02.0668 2944 viaide - ok
22:03:02.0699 2944 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:03:02.0699 2944 vmbus - ok
22:03:02.0715 2944 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:03:02.0731 2944 VMBusHID - ok
22:03:02.0762 2944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:03:02.0762 2944 volmgr - ok
22:03:02.0809 2944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:03:02.0809 2944 volmgrx - ok
22:03:02.0824 2944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:03:02.0840 2944 volsnap - ok
22:03:02.0855 2944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:03:02.0855 2944 vsmraid - ok
22:03:02.0933 2944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:03:02.0965 2944 VSS - ok
22:03:02.0965 2944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:03:02.0980 2944 vwifibus - ok
22:03:02.0996 2944 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:02.0996 2944 vwififlt - ok
22:03:03.0043 2944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:03:03.0043 2944 W32Time - ok
22:03:03.0058 2944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:03:03.0058 2944 WacomPen - ok
22:03:03.0089 2944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:03:03.0105 2944 WANARP - ok
22:03:03.0105 2944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:03:03.0105 2944 Wanarpv6 - ok
22:03:03.0167 2944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:03:03.0183 2944 wbengine - ok
22:03:03.0214 2944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:03:03.0214 2944 WbioSrvc - ok
22:03:03.0277 2944 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:03:03.0277 2944 WcesComm - ok
22:03:03.0323 2944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:03:03.0339 2944 wcncsvc - ok
22:03:03.0370 2944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:03:03.0370 2944 WcsPlugInService - ok
22:03:03.0386 2944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:03:03.0386 2944 Wd - ok
22:03:03.0417 2944 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:03:03.0448 2944 Wdf01000 - ok
22:03:03.0464 2944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:03:03.0464 2944 WdiServiceHost - ok
22:03:03.0479 2944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:03:03.0479 2944 WdiSystemHost - ok
22:03:03.0526 2944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:03:03.0526 2944 WebClient - ok
22:03:03.0557 2944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:03:03.0557 2944 Wecsvc - ok
22:03:03.0589 2944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:03:03.0589 2944 wercplsupport - ok
22:03:03.0604 2944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:03:03.0620 2944 WerSvc - ok
22:03:03.0635 2944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:03.0635 2944 WfpLwf - ok
22:03:03.0651 2944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:03:03.0667 2944 WIMMount - ok
22:03:03.0698 2944 WinDefend - ok
22:03:03.0698 2944 WinHttpAutoProxySvc - ok
22:03:03.0776 2944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:03:03.0791 2944 Winmgmt - ok
22:03:03.0869 2944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:03:03.0885 2944 WinRM - ok
22:03:03.0947 2944 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
22:03:03.0947 2944 WINUSB - ok
22:03:04.0010 2944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:03:04.0025 2944 Wlansvc - ok
22:03:04.0072 2944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:03:04.0072 2944 WmiAcpi - ok
22:03:04.0103 2944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:03:04.0119 2944 wmiApSrv - ok
22:03:04.0150 2944 WMPNetworkSvc - ok
22:03:04.0166 2944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:03:04.0166 2944 WPCSvc - ok
22:03:04.0197 2944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:03:04.0213 2944 WPDBusEnum - ok
22:03:04.0244 2944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:03:04.0244 2944 ws2ifsl - ok
22:03:04.0259 2944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:03:04.0259 2944 wscsvc - ok
22:03:04.0275 2944 WSearch - ok
22:03:04.0353 2944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:03:04.0384 2944 wuauserv - ok
22:03:04.0400 2944 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:03:04.0400 2944 WudfPf - ok
22:03:04.0447 2944 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:03:04.0462 2944 WUDFRd - ok
22:03:04.0493 2944 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:03:04.0493 2944 wudfsvc - ok
22:03:04.0525 2944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:03:04.0540 2944 WwanSvc - ok
22:03:04.0556 2944 ================ Scan global ===============================
22:03:04.0587 2944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:03:04.0634 2944 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:03:04.0649 2944 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:03:04.0681 2944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:03:04.0727 2944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:03:04.0743 2944 [Global] - ok
22:03:04.0743 2944 ================ Scan MBR ==================================
22:03:04.0759 2944 [ 767B296F8C92371EBAA7872EBC29C6E3 ] \Device\Harddisk0\DR0
22:03:05.0149 2944 \Device\Harddisk0\DR0 - ok
22:03:05.0149 2944 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:03:05.0149 2944 \Device\Harddisk1\DR1 - ok
22:03:05.0149 2944 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
22:03:05.0164 2944 \Device\Harddisk2\DR2 - ok
22:03:05.0164 2944 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
22:03:05.0164 2944 \Device\Harddisk3\DR3 - ok
22:03:05.0164 2944 ================ Scan VBR ==================================
22:03:05.0164 2944 [ CF883B170B830A29C69E935A60B90030 ] \Device\Harddisk0\DR0\Partition1
22:03:05.0164 2944 \Device\Harddisk0\DR0\Partition1 - ok
22:03:05.0180 2944 [ AB5A9DE8B36617205DC05E89842CD8C9 ] \Device\Harddisk0\DR0\Partition2
22:03:05.0180 2944 \Device\Harddisk0\DR0\Partition2 - ok
22:03:05.0211 2944 [ 619E6174DD6EAC782BF46969A40C9317 ] \Device\Harddisk0\DR0\Partition3
22:03:05.0211 2944 \Device\Harddisk0\DR0\Partition3 - ok
22:03:05.0211 2944 [ 273E5BED3CEA9BB1C52443C19FBFCA07 ] \Device\Harddisk1\DR1\Partition1
22:03:05.0211 2944 \Device\Harddisk1\DR1\Partition1 - ok
22:03:05.0227 2944 [ 126FFF91E4009AF251F95312FE55854C ] \Device\Harddisk2\DR2\Partition1
22:03:05.0227 2944 \Device\Harddisk2\DR2\Partition1 - ok
22:03:05.0227 2944 [ 5B0BD8845B082CCE2C876C0A7385E335 ] \Device\Harddisk3\DR3\Partition1
22:03:05.0242 2944 \Device\Harddisk3\DR3\Partition1 - ok
22:03:05.0242 2944 ============================================================
22:03:05.0242 2944 Scan finished
22:03:05.0242 2944 ============================================================
22:03:05.0242 4716 Detected object count: 0
22:03:05.0242 4716 Actual detected object count: 0
22:03:29.0750 4332 Deinitialize success
Wenn Du wieder Zeit haben solltest, dann geht es weiter - Danke |
|
09.10.2012, 06:28
| #9 | |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.10.2012, 19:24
| #10 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? Hi Marius, hier das Combofix-Log Code:
ATTFilter ComboFix 12-10-09.01 - PackardBellAdmin 09.10.2012 19:26:53.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8044.6529 [GMT 2:00]
ausgeführt von:: c:\users\PackardBellAdmin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-09 bis 2012-10-09 ))))))))))))))))))))))))))))))
.
.
2012-10-09 17:30 . 2012-10-09 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 21:08 . 2012-10-07 21:08 -------- d-----w- c:\programdata\Malwarebytes
2012-10-07 21:08 . 2012-10-07 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-07 21:08 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-07 12:41 . 2012-10-07 12:41 -------- d-----w- c:\windows\Vbox
2012-10-07 12:41 . 2012-10-07 12:41 -------- d-----w- C:\lotus
2012-10-03 08:31 . 2012-10-03 08:31 -------- d-----w- c:\programdata\Canneverbe Limited
2012-10-03 08:31 . 2012-10-03 08:31 -------- d-----w- c:\program files\CDBurnerXP
2012-09-30 14:05 . 2012-07-29 11:59 96768 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-30 14:05 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-09-30 14:05 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-09-30 14:05 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-09-30 14:05 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-09-30 14:05 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-09-30 14:05 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-09-30 14:05 . 2012-09-30 14:05 -------- d-----w- c:\program files (x86)\PDFCreator
2012-09-27 19:01 . 2012-09-27 19:01 -------- d-----w- c:\windows\Downloaded Installations
2012-09-26 18:18 . 2012-09-26 18:18 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-09-26 18:17 . 2012-09-26 18:17 80384 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-09-26 18:17 . 2012-09-26 18:17 180736 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-09-26 03:17 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 08:00 . 2012-09-24 08:00 -------- d-----w- c:\windows\system32\nn-NO
2012-09-24 08:00 . 2012-09-24 08:00 -------- d-----w- c:\program files (x86)\Atheros
2012-09-24 08:00 . 2010-11-02 17:00 63648 ----a-w- c:\windows\system32\athihvui.dll
2012-09-24 08:00 . 2010-11-02 17:00 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-09-24 08:00 . 2010-11-02 17:00 2380448 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-09-24 08:00 . 2012-09-24 08:01 -------- d-----w- c:\programdata\Atheros
2012-09-23 18:38 . 2012-09-23 18:38 -------- d-----w- c:\program files (x86)\IrfanView
2012-09-22 23:14 . 2012-09-22 23:14 -------- d-----w- c:\program files (x86)\Digital Photo Software
2012-09-22 15:38 . 2009-11-09 08:55 220696 ----a-w- c:\windows\system32\drivers\vdrv1000.sys
2012-09-22 15:38 . 2009-07-09 08:24 24088 ----a-w- c:\windows\system32\drivers\HH10Help.sys
2012-09-22 15:38 . 2012-10-01 19:13 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-09-22 15:36 . 2008-06-17 06:22 40464 ----a-w- c:\windows\system32\drivers\vcd10bus.sys
2012-09-21 03:32 . 2012-09-21 03:32 -------- d-----w- c:\program files (x86)\SereneScreen
2012-09-21 03:32 . 2012-02-07 22:48 6938624 ----a-w- c:\windows\SysWow64\MarineAquarium3.scr
2012-09-21 03:32 . 2012-02-07 22:48 6938624 ----a-w- c:\windows\system32\MarineAquarium3.scr
2012-09-20 04:36 . 2012-09-20 04:36 -------- d-----w- c:\program files (x86)\SmartphoneNotes
2012-09-20 04:20 . 2012-09-20 04:21 -------- d-----w- c:\windows\WindowsMobile
2012-09-19 18:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 18:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 18:47 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 18:47 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 18:47 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 17:58 . 2012-09-19 17:58 -------- d-----w- c:\program files (x86)\MOBackup
2012-09-19 17:04 . 2012-09-19 17:04 -------- d-----w- c:\windows\system32\SPReview
2012-09-19 17:04 . 2012-09-19 17:04 -------- d-----w- c:\windows\system32\EventProviders
2012-09-19 04:17 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-19 04:17 . 2012-09-19 04:17 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-19 04:16 . 2012-09-19 04:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-19 04:16 . 2012-09-19 04:17 -------- d-----w- c:\program files\iTunes
2012-09-19 04:16 . 2012-09-19 04:17 -------- d-----w- c:\program files (x86)\iTunes
2012-09-19 04:16 . 2012-09-19 04:16 -------- d-----w- c:\programdata\Apple Computer
2012-09-19 04:16 . 2012-09-19 04:16 -------- d-----w- c:\program files\iPod
2012-09-19 04:16 . 2012-09-19 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-19 04:15 . 2012-09-19 04:15 -------- d-----w- c:\program files\Common Files\Apple
2012-09-19 04:15 . 2012-09-19 04:15 -------- d-----w- c:\program files\Bonjour
2012-09-19 04:15 . 2012-09-19 04:15 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-19 04:15 . 2012-09-19 04:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-19 04:15 . 2012-09-19 04:16 -------- d-----w- c:\programdata\Apple
2012-09-19 03:56 . 2010-11-20 13:27 169984 ----a-w- c:\windows\system32\tspubwmi.dll
2012-09-19 03:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-09-19 03:55 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-09-19 03:55 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-09-19 02:51 . 2012-09-19 02:51 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-09-19 02:51 . 2012-09-19 02:51 -------- d-----w- c:\windows\PCHEALTH
2012-09-19 02:49 . 2012-09-19 02:49 -------- d-----w- c:\program files\Microsoft Office
2012-09-19 02:49 . 2012-09-26 17:35 -------- d-----w- c:\programdata\Microsoft Help
2012-09-19 02:48 . 2012-09-19 02:48 -------- d-----r- C:\MSOCache
2012-09-19 02:35 . 2012-09-18 16:44 -------- d-----w- c:\windows\Panther
2012-09-19 02:34 . 2012-09-19 02:34 -------- d-----w- c:\windows\system32\oem
2012-09-19 02:22 . 2012-09-19 02:24 -------- d-----w- c:\program files (x86)\Notepad++
2012-09-18 21:29 . 2012-09-18 21:27 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-18 21:29 . 2012-09-18 21:27 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-18 21:29 . 2012-09-18 21:27 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-18 21:29 . 2012-09-18 21:27 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-09-18 21:29 . 2012-09-18 21:27 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-09-18 21:29 . 2012-09-18 21:29 -------- d-----w- c:\programdata\Avira
2012-09-18 21:29 . 2012-09-18 21:29 -------- d-----w- c:\program files (x86)\Avira
2012-09-18 19:48 . 2012-09-18 19:48 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-18 19:48 . 2012-09-18 19:48 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-18 19:48 . 2012-09-18 19:48 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-18 19:48 . 2012-09-18 19:48 188904 ----a-w- c:\windows\system32\java.exe
2012-09-18 19:48 . 2012-09-18 19:48 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-18 19:48 . 2012-09-18 19:48 -------- d-----w- c:\program files\Java
2012-09-18 19:39 . 2012-09-18 19:39 -------- d-----w- c:\program files\VideoLAN
2012-09-18 19:38 . 2012-09-18 19:38 -------- d-----w- c:\program files\7-Zip
2012-09-18 19:29 . 2012-09-18 19:29 2787800 ----a-w- c:\windows\system32\auto_reactivate.exe
2012-09-18 19:19 . 2012-09-18 19:19 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-09-18 19:19 . 2012-09-18 19:19 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-09-18 19:19 . 2012-09-18 19:19 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-09-18 19:19 . 2012-09-18 19:19 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-09-18 19:18 . 2012-09-18 19:18 -------- d-----w- c:\program files (x86)\Acronis
2012-09-18 19:18 . 2012-09-18 19:19 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-09-18 19:14 . 2012-10-09 04:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-18 19:14 . 2012-10-09 04:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 19:14 . 2012-09-18 19:14 -------- d-----w- c:\windows\SysWow64\Macromed
2012-09-18 19:14 . 2012-09-18 19:14 -------- d-----w- c:\windows\system32\Macromed
2012-09-18 19:12 . 2012-09-18 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-09-18 19:05 . 2012-09-19 02:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-09-18 18:59 . 2012-09-18 18:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-18 18:26 . 2012-09-18 18:26 -------- d-----w- c:\program files (x86)\Intel
2012-09-18 18:26 . 2012-09-18 18:26 -------- d-----w- C:\Intel
2012-09-18 18:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-18 18:04 . 2012-09-18 18:04 -------- d--h--w- c:\programdata\CanonBJ
2012-09-18 18:04 . 2009-07-14 01:40 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2012-09-18 18:00 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-18 17:59 . 2009-07-21 06:00 173568 ----a-w- c:\windows\system32\xrxznzil.dll
2012-09-18 17:57 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-18 17:57 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-18 17:57 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-18 17:57 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-18 17:57 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-18 17:57 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-18 17:57 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-18 17:48 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-18 17:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-09-18 17:46 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-09-18 17:45 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2012-09-18 17:44 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-09-18 17:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-09-18 17:43 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-09-18 17:42 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9646532F-1C19-4FD7-A4BE-CE9C3D070347}\mpengine.dll
2012-09-18 17:42 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-18 17:32 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-18 17:32 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 17:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-19 17:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-18 17:04 . 2012-09-18 17:04 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-09-18 17:04 . 2012-09-18 17:04 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-09-18 17:04 . 2012-09-18 17:04 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-09-18 17:04 . 2012-09-18 17:04 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-09-18 17:04 . 2012-09-18 17:04 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-09-18 17:04 . 2012-09-18 17:04 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-08-21 11:01 . 2012-08-21 11:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2570688]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5587672]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-18 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-09-26 113288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe [1999-9-15 229432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{F8E97979-01AE-11E2-B372-806E6F6E6963}\bootwiz\asrm.bin
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-09-18 1263200]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-09-18 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-18 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-18 3246040]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-09-18 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-09-18 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-09-18 465360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-18 285280]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-09-18 114128]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-01-19 52264]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-09-26 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-09-26 180736]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 04:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-27 395344]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.2
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-09 19:31:56
ComboFix-quarantined-files.txt 2012-10-09 17:31
.
Vor Suchlauf: 8 Verzeichnis(se), 161.921.150.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 162.047.250.432 Bytes frei
.
- - End Of File - - DD1EB87328D14FC84ACD4667B49BE120
|
|
10.10.2012, 06:41
| #11 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.10.2012, 19:22
| #12 |
| | Wie gefährlich sind diese Infektionen auf meinem Laptop? Hi, der Rechner läuft so wie vorher einwandfrei. Malwarebytes hat nichts mehr gemeldet (jeden Tag einen Scan durchgeführt) und Avira auch nicht mehr. Welche Infektion war denn nun eigentlich am Werk? Ich danke erstmal für die einwandfreie Unterstützung und werde dem TJB auch eine Spende für die vollständig kostenlose Hilfe zukommen lassen. Vielen Dank! |
|
11.10.2012, 06:24
| #13 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Informationen zum Schädling. Spenden sind wichtig, sie halten den Laden hier am Laufen!  Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 08:02
| #14 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 12:15
| #15 |
| /// Malwareteam | Wie gefährlich sind diese Infektionen auf meinem Laptop? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Wie gefährlich sind diese Infektionen auf meinem Laptop? |
| administrator, anti-malware, appdata, autostart, bösartige, dateien, dc3_fexec, erfolgreich, ergebnis, explorer, gefährlich, gelöscht, gen, laptop, löschen, microsoft, minute, opera, probleme, quarantäne, registrierung, roaming, service, software, speicher, version |
Linear-Darstellung
