| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.11.2012, 14:05
| #1 |
| |  Skype-Trojaner Ich hab mir den Skype-Trojaner eingefangen: Ich habe folgende Nachricht erhalten und geöffnet (auch das exe file): Code:
ATTFilter moin, kaum zu glauben was für schöne fotos von dir auf deinem profil? hxxp://goo.gl/gdASg?img=eva.kalvoda
Kasperski hat folgende Files beim hochstarten automatisch gelöscht: Code:
ATTFilter gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\urDrive.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\Modellbildung UE.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\client.xp.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\Modellbildung VO.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\Tagungen.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\03 presentations.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: F:\04 ReDrop.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\$RECYCLE.BIN.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\2012 11 15 Video.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\Sicherung 25.Mai2012.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\Sicherung 4.November 2012.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\Sicherung ALT.lnk ICVT09\efa localhost
gelöscht: Virus Worm.Win32.AutoRun.hxw Die Datei: I:\System Volume Information.lnk ICVT09\efa localhost
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 efa :: ICVT09 [Administrator] 16.11.2012 12:38:02 mbam-log-2012-11-16 (13-58-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 693239 Laufzeit: 1 Stunde(n), 19 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 F:\RECYCLER\e621ca05.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. I:\RECYCLER\e621ca05.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. I:\Sicherung 4.November 2012\Uni\Material Science\CloneDVD.exe (PUP.AdBundler) -> Keine Aktion durchgeführt. I:\Sicherung ALT\Uni\Material Science\CloneDVD.exe (PUP.AdBundler) -> Keine Aktion durchgeführt. (Ende) |
|
18.11.2012, 00:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Skype-Trojaner Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
19.11.2012, 11:54
| #3 |
| | Skype-Trojaner Danke für die Antwort!!
__________________aswMBR.exe hat nach Neustart und auswählen von "AV scan" (none) folgendes txt-File ausgegeben: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 11:45:17
-----------------------------
11:45:17.847 OS Version: Windows x64 6.1.7601 Service Pack 1
11:45:17.847 Number of processors: 4 586 0x3A09
11:45:17.847 ComputerName: **** UserName: ***
11:45:18.327 Initialize success
11:45:22.919 AVAST engine defs: 12111900
11:45:26.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:45:26.460 Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
11:45:26.491 Disk 0 MBR read successfully
11:45:26.491 Disk 0 MBR scan
11:45:26.491 Disk 0 Windows 7 default MBR code
11:45:26.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:45:26.507 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 176838 MB offset 206848
11:45:26.523 Disk 0 scanning C:\Windows\system32\drivers
11:45:35.929 Service scanning
11:45:55.585 Modules scanning
11:45:55.585 Disk 0 trace - called modules:
11:45:55.648 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:45:55.663 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7a6060]
11:45:56.163 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d1bc550]
11:45:56.163 Scan finished successfully
11:46:10.234 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:46:10.234 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 11:47:45.0083 6904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:47:45.0317 6904 ============================================================
11:47:45.0317 6904 Current date / time: 2012/11/19 11:47:45.0317
11:47:45.0317 6904 SystemInfo:
11:47:45.0317 6904
11:47:45.0317 6904 OS Version: 6.1.7601 ServicePack: 1.0
11:47:45.0317 6904 Product type: Workstation
11:47:45.0317 6904 ComputerName: ****
11:47:45.0317 6904 UserName: ***
11:47:45.0317 6904 Windows directory: C:\Windows
11:47:45.0317 6904 System windows directory: C:\Windows
11:47:45.0317 6904 Running under WOW64
11:47:45.0317 6904 Processor architecture: Intel x64
11:47:45.0317 6904 Number of processors: 4
11:47:45.0317 6904 Page size: 0x1000
11:47:45.0317 6904 Boot type: Normal boot
11:47:45.0317 6904 ============================================================
11:47:45.0910 6904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:45.0925 6904 ============================================================
11:47:45.0925 6904 \Device\Harddisk0\DR0:
11:47:45.0925 6904 MBR partitions:
11:47:45.0925 6904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:47:45.0925 6904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15963000
11:47:45.0925 6904 ============================================================
11:47:45.0972 6904 C: <-> \Device\Harddisk0\DR0\Partition2
11:47:45.0972 6904 ============================================================
11:47:45.0972 6904 Initialize success
11:47:45.0972 6904 ============================================================
11:48:03.0694 1240 ============================================================
11:48:03.0694 1240 Scan started
11:48:03.0694 1240 Mode: Manual; SigCheck; TDLFS;
11:48:03.0694 1240 ============================================================
11:48:04.0037 1240 ================ Scan system memory ========================
11:48:04.0037 1240 System memory - ok
11:48:04.0037 1240 ================ Scan services =============================
11:48:04.0333 1240 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:48:04.0411 1240 1394ohci - ok
11:48:04.0427 1240 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:48:04.0443 1240 ACPI - ok
11:48:04.0443 1240 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:48:04.0458 1240 AcpiPmi - ok
11:48:04.0552 1240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:04.0567 1240 AdobeARMservice - ok
11:48:04.0645 1240 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:04.0661 1240 AdobeFlashPlayerUpdateSvc - ok
11:48:04.0692 1240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:48:04.0723 1240 adp94xx - ok
11:48:04.0739 1240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:48:04.0755 1240 adpahci - ok
11:48:04.0755 1240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:48:04.0770 1240 adpu320 - ok
11:48:04.0786 1240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:48:04.0817 1240 AeLookupSvc - ok
11:48:04.0879 1240 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
11:48:04.0895 1240 AERTFilters - ok
11:48:04.0942 1240 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:48:04.0973 1240 AFD - ok
11:48:04.0989 1240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:48:05.0004 1240 agp440 - ok
11:48:05.0020 1240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:48:05.0035 1240 ALG - ok
11:48:05.0051 1240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:48:05.0067 1240 aliide - ok
11:48:05.0067 1240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:48:05.0082 1240 amdide - ok
11:48:05.0098 1240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:48:05.0113 1240 AmdK8 - ok
11:48:05.0113 1240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:48:05.0145 1240 AmdPPM - ok
11:48:05.0176 1240 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:48:05.0191 1240 amdsata - ok
11:48:05.0191 1240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:48:05.0207 1240 amdsbs - ok
11:48:05.0223 1240 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:48:05.0223 1240 amdxata - ok
11:48:05.0238 1240 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:48:05.0269 1240 AppID - ok
11:48:05.0285 1240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:48:05.0301 1240 AppIDSvc - ok
11:48:05.0316 1240 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:48:05.0347 1240 Appinfo - ok
11:48:05.0347 1240 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:48:05.0363 1240 AppMgmt - ok
11:48:05.0394 1240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:48:05.0410 1240 arc - ok
11:48:05.0410 1240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:48:05.0410 1240 arcsas - ok
11:48:05.0519 1240 [ D6153F483ECEACDEB4F11E8C0CCD7C31 ] Aspen Remote Simulation Service V7.2 C:\Program Files (x86)\AspenTech\Aspen Remote Simulation Service V7.2\AspenTech.AspenCxs.RemotingSvc.exe
11:48:05.0519 1240 Aspen Remote Simulation Service V7.2 ( UnsignedFile.Multi.Generic ) - warning
11:48:05.0519 1240 Aspen Remote Simulation Service V7.2 - detected UnsignedFile.Multi.Generic (1)
11:48:05.0535 1240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:05.0581 1240 AsyncMac - ok
11:48:05.0597 1240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:48:05.0613 1240 atapi - ok
11:48:05.0644 1240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:05.0691 1240 AudioEndpointBuilder - ok
11:48:05.0706 1240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:48:05.0722 1240 AudioSrv - ok
11:48:05.0784 1240 [ 5E3F0AAEA4642BF184DEEA311C7201DE ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
11:48:05.0815 1240 AVP - ok
11:48:05.0831 1240 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:48:05.0862 1240 AxInstSV - ok
11:48:05.0878 1240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:48:05.0893 1240 b06bdrv - ok
11:48:05.0925 1240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:05.0940 1240 b57nd60a - ok
11:48:05.0971 1240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:48:06.0003 1240 BDESVC - ok
11:48:06.0018 1240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:48:06.0049 1240 Beep - ok
11:48:06.0065 1240 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:48:06.0096 1240 BFE - ok
11:48:06.0143 1240 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:48:06.0221 1240 BITS - ok
11:48:06.0252 1240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:06.0268 1240 blbdrive - ok
11:48:06.0299 1240 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:48:06.0315 1240 bowser - ok
11:48:06.0330 1240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:48:06.0377 1240 BrFiltLo - ok
11:48:06.0377 1240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:48:06.0393 1240 BrFiltUp - ok
11:48:06.0439 1240 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:48:06.0455 1240 Browser - ok
11:48:06.0455 1240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:48:06.0486 1240 Brserid - ok
11:48:06.0502 1240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:06.0517 1240 BrSerWdm - ok
11:48:06.0517 1240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:06.0549 1240 BrUsbMdm - ok
11:48:06.0549 1240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:06.0564 1240 BrUsbSer - ok
11:48:06.0564 1240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:48:06.0580 1240 BTHMODEM - ok
11:48:06.0595 1240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:48:06.0627 1240 bthserv - ok
11:48:06.0642 1240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:48:06.0673 1240 cdfs - ok
11:48:06.0689 1240 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:48:06.0705 1240 cdrom - ok
11:48:06.0720 1240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:48:06.0751 1240 CertPropSvc - ok
11:48:06.0751 1240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:48:06.0767 1240 circlass - ok
11:48:06.0783 1240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:48:06.0783 1240 CLFS - ok
11:48:06.0845 1240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:06.0861 1240 clr_optimization_v2.0.50727_32 - ok
11:48:06.0876 1240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:06.0892 1240 clr_optimization_v2.0.50727_64 - ok
11:48:06.0970 1240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:06.0985 1240 clr_optimization_v4.0.30319_32 - ok
11:48:07.0001 1240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:07.0017 1240 clr_optimization_v4.0.30319_64 - ok
11:48:07.0048 1240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:48:07.0063 1240 CmBatt - ok
11:48:07.0079 1240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:48:07.0095 1240 cmdide - ok
11:48:07.0141 1240 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:48:07.0173 1240 CNG - ok
11:48:07.0188 1240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:48:07.0188 1240 Compbatt - ok
11:48:07.0219 1240 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:48:07.0235 1240 CompositeBus - ok
11:48:07.0235 1240 COMSysApp - ok
11:48:07.0297 1240 [ D2922F17645DE78906BE7880F59914E4 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:48:07.0313 1240 cphs - ok
11:48:07.0313 1240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:48:07.0329 1240 crcdisk - ok
11:48:07.0375 1240 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:48:07.0407 1240 CryptSvc - ok
11:48:07.0422 1240 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:48:07.0453 1240 CSC - ok
11:48:07.0485 1240 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:48:07.0516 1240 CscService - ok
11:48:07.0531 1240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:48:07.0594 1240 DcomLaunch - ok
11:48:07.0609 1240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:48:07.0641 1240 defragsvc - ok
11:48:07.0656 1240 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:48:07.0672 1240 DfsC - ok
11:48:07.0703 1240 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:48:07.0734 1240 Dhcp - ok
11:48:07.0750 1240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:48:07.0797 1240 discache - ok
11:48:07.0828 1240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:48:07.0843 1240 Disk - ok
11:48:07.0843 1240 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:48:07.0859 1240 dmvsc - ok
11:48:07.0890 1240 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:48:07.0906 1240 Dnscache - ok
11:48:07.0937 1240 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:48:07.0984 1240 dot3svc - ok
11:48:07.0984 1240 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:48:08.0015 1240 DPS - ok
11:48:08.0031 1240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:48:08.0062 1240 drmkaud - ok
11:48:08.0093 1240 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:48:08.0124 1240 DXGKrnl - ok
11:48:08.0311 1240 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
11:48:08.0327 1240 e1cexpress - ok
11:48:08.0374 1240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:48:08.0405 1240 EapHost - ok
11:48:08.0499 1240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:48:08.0561 1240 ebdrv - ok
11:48:08.0608 1240 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:48:08.0623 1240 EFS - ok
11:48:08.0670 1240 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:48:08.0717 1240 ehRecvr - ok
11:48:08.0717 1240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:48:08.0733 1240 ehSched - ok
11:48:08.0764 1240 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
11:48:08.0779 1240 ElbyCDIO - ok
11:48:08.0811 1240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:48:08.0842 1240 elxstor - ok
11:48:08.0842 1240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:48:08.0857 1240 ErrDev - ok
11:48:08.0889 1240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:48:08.0951 1240 EventSystem - ok
11:48:08.0967 1240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:48:08.0998 1240 exfat - ok
11:48:09.0013 1240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:48:09.0045 1240 fastfat - ok
11:48:09.0060 1240 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:48:09.0091 1240 Fax - ok
11:48:09.0091 1240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:48:09.0107 1240 fdc - ok
11:48:09.0123 1240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:48:09.0138 1240 fdPHost - ok
11:48:09.0154 1240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:48:09.0169 1240 FDResPub - ok
11:48:09.0185 1240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:48:09.0201 1240 FileInfo - ok
11:48:09.0201 1240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:48:09.0232 1240 Filetrace - ok
11:48:09.0232 1240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:48:09.0247 1240 flpydisk - ok
11:48:09.0263 1240 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:48:09.0263 1240 FltMgr - ok
11:48:09.0310 1240 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:48:09.0357 1240 FontCache - ok
11:48:09.0419 1240 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:09.0419 1240 FontCache3.0.0.0 - ok
11:48:09.0450 1240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:48:09.0466 1240 FsDepends - ok
11:48:09.0481 1240 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:48:09.0497 1240 Fs_Rec - ok
11:48:09.0513 1240 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:48:09.0528 1240 fvevol - ok
11:48:09.0544 1240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:48:09.0559 1240 gagp30kx - ok
11:48:09.0575 1240 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:48:09.0606 1240 gpsvc - ok
11:48:09.0622 1240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:48:09.0637 1240 hcw85cir - ok
11:48:09.0669 1240 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:48:09.0700 1240 HdAudAddService - ok
11:48:09.0715 1240 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:48:09.0747 1240 HDAudBus - ok
11:48:09.0747 1240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:48:09.0762 1240 HidBatt - ok
11:48:09.0762 1240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:48:09.0778 1240 HidBth - ok
11:48:09.0793 1240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:48:09.0809 1240 HidIr - ok
11:48:09.0825 1240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:48:09.0856 1240 hidserv - ok
11:48:09.0887 1240 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:48:09.0903 1240 HidUsb - ok
11:48:09.0903 1240 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:48:09.0934 1240 hkmsvc - ok
11:48:09.0949 1240 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:09.0965 1240 HomeGroupListener - ok
11:48:09.0996 1240 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:10.0027 1240 HomeGroupProvider - ok
11:48:10.0027 1240 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:48:10.0043 1240 HpSAMD - ok
11:48:10.0074 1240 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:48:10.0121 1240 HTTP - ok
11:48:10.0137 1240 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:48:10.0137 1240 hwpolicy - ok
11:48:10.0137 1240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:48:10.0152 1240 i8042prt - ok
11:48:10.0199 1240 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:48:10.0215 1240 iaStorV - ok
11:48:10.0308 1240 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:48:10.0308 1240 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:48:10.0308 1240 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:48:10.0355 1240 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:10.0386 1240 idsvc - ok
11:48:10.0589 1240 [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:48:10.0823 1240 igfx - ok
11:48:10.0839 1240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:48:10.0854 1240 iirsp - ok
11:48:10.0885 1240 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:48:10.0932 1240 IKEEXT - ok
11:48:11.0010 1240 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:48:11.0057 1240 IntcAzAudAddService - ok
11:48:11.0104 1240 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:48:11.0135 1240 IntcDAud - ok
11:48:11.0244 1240 [ B353F1834FCD36D77BE3F74992C147D4 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
11:48:11.0275 1240 Intel(R) Capability Licensing Service Interface - ok
11:48:11.0307 1240 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
11:48:11.0322 1240 Intel(R) PROSet Monitoring Service - ok
11:48:11.0338 1240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:48:11.0338 1240 intelide - ok
11:48:11.0353 1240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:48:11.0385 1240 intelppm - ok
11:48:11.0400 1240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:48:11.0431 1240 IPBusEnum - ok
11:48:11.0431 1240 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:11.0463 1240 IpFilterDriver - ok
11:48:11.0494 1240 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:48:11.0541 1240 iphlpsvc - ok
11:48:11.0541 1240 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:48:11.0556 1240 IPMIDRV - ok
11:48:11.0572 1240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:48:11.0603 1240 IPNAT - ok
11:48:11.0619 1240 [ 7BEF7A76B13D38658CBC8D5D8425C384 ] iprntsrv C:\Windows\system32\iprntsrv.exe
11:48:11.0634 1240 iprntsrv ( UnsignedFile.Multi.Generic ) - warning
11:48:11.0634 1240 iprntsrv - detected UnsignedFile.Multi.Generic (1)
11:48:11.0650 1240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:48:11.0681 1240 IRENUM - ok
11:48:11.0697 1240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:48:11.0697 1240 isapnp - ok
11:48:11.0712 1240 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:48:11.0728 1240 iScsiPrt - ok
11:48:11.0759 1240 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
11:48:11.0775 1240 iusb3hcs - ok
11:48:11.0790 1240 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
11:48:11.0806 1240 iusb3hub - ok
11:48:11.0821 1240 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
11:48:11.0837 1240 iusb3xhc - ok
11:48:11.0931 1240 [ 5B7DE9D87B9D2713BDD6A53678DC2A49 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:48:11.0946 1240 jhi_service - ok
11:48:11.0977 1240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:48:11.0993 1240 kbdclass - ok
11:48:11.0993 1240 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:48:12.0024 1240 kbdhid - ok
11:48:12.0040 1240 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:48:12.0055 1240 KeyIso - ok
11:48:12.0087 1240 [ 5D470398AA182E502C520E48E7A09FA5 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
11:48:12.0102 1240 kl1 - ok
11:48:12.0149 1240 [ E03C26D496AA103856B3439F43085A35 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
11:48:12.0165 1240 KLIF - ok
11:48:12.0211 1240 [ B86A7B6A99AE9738ABC299BB4E8D26D7 ] klnagent C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
11:48:12.0227 1240 klnagent - ok
11:48:12.0243 1240 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:48:12.0258 1240 KSecDD - ok
11:48:12.0305 1240 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:48:12.0321 1240 KSecPkg - ok
11:48:12.0352 1240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:48:12.0399 1240 ksthunk - ok
11:48:12.0414 1240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:48:12.0445 1240 KtmRm - ok
11:48:12.0492 1240 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:48:12.0523 1240 LanmanServer - ok
11:48:12.0539 1240 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:48:12.0570 1240 LanmanWorkstation - ok
11:48:12.0586 1240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:48:12.0617 1240 lltdio - ok
11:48:12.0617 1240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:48:12.0648 1240 lltdsvc - ok
11:48:12.0679 1240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:48:12.0695 1240 lmhosts - ok
11:48:12.0742 1240 [ E70FD0D2C95F559A17321D831875593D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:48:12.0757 1240 LMS - ok
11:48:12.0789 1240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:48:12.0804 1240 LSI_FC - ok
11:48:12.0820 1240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:48:12.0835 1240 LSI_SAS - ok
11:48:12.0835 1240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:48:12.0851 1240 LSI_SAS2 - ok
11:48:12.0851 1240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:48:12.0867 1240 LSI_SCSI - ok
11:48:12.0882 1240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:48:12.0913 1240 luafv - ok
11:48:12.0929 1240 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:48:12.0945 1240 Mcx2Svc - ok
11:48:12.0960 1240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:48:12.0960 1240 megasas - ok
11:48:12.0960 1240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:48:12.0976 1240 MegaSR - ok
11:48:13.0023 1240 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:48:13.0038 1240 MEIx64 - ok
11:48:13.0101 1240 Microsoft SharePoint Workspace Audit Service - ok
11:48:13.0132 1240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:48:13.0163 1240 MMCSS - ok
11:48:13.0179 1240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:48:13.0225 1240 Modem - ok
11:48:13.0241 1240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:48:13.0272 1240 monitor - ok
11:48:13.0288 1240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:48:13.0288 1240 mouclass - ok
11:48:13.0303 1240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:48:13.0319 1240 mouhid - ok
11:48:13.0350 1240 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:48:13.0350 1240 mountmgr - ok
11:48:13.0397 1240 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:48:13.0413 1240 MozillaMaintenance - ok
11:48:13.0428 1240 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:48:13.0459 1240 mpio - ok
11:48:13.0459 1240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:48:13.0491 1240 mpsdrv - ok
11:48:13.0506 1240 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:48:13.0537 1240 MpsSvc - ok
11:48:13.0553 1240 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:48:13.0569 1240 MRxDAV - ok
11:48:13.0600 1240 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:13.0615 1240 mrxsmb - ok
11:48:13.0631 1240 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:13.0647 1240 mrxsmb10 - ok
11:48:13.0662 1240 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:13.0678 1240 mrxsmb20 - ok
11:48:13.0693 1240 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:48:13.0693 1240 msahci - ok
11:48:13.0709 1240 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:48:13.0709 1240 msdsm - ok
11:48:13.0725 1240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:48:13.0740 1240 MSDTC - ok
11:48:13.0771 1240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:48:13.0787 1240 Msfs - ok
11:48:13.0818 1240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:48:13.0865 1240 mshidkmdf - ok
11:48:13.0881 1240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:48:13.0881 1240 msisadrv - ok
11:48:13.0912 1240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:48:13.0943 1240 MSiSCSI - ok
11:48:13.0943 1240 msiserver - ok
11:48:13.0959 1240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:48:13.0990 1240 MSKSSRV - ok
11:48:14.0005 1240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:14.0037 1240 MSPCLOCK - ok
11:48:14.0037 1240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:48:14.0068 1240 MSPQM - ok
11:48:14.0083 1240 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:48:14.0083 1240 MsRPC - ok
11:48:14.0099 1240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:48:14.0099 1240 mssmbios - ok
11:48:14.0177 1240 MSSQL$SQLEXPRESS - ok
11:48:14.0208 1240 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:48:14.0224 1240 MSSQLServerADHelper - ok
11:48:14.0255 1240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:48:14.0302 1240 MSTEE - ok
11:48:14.0302 1240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:48:14.0317 1240 MTConfig - ok
11:48:14.0333 1240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:48:14.0349 1240 Mup - ok
11:48:14.0364 1240 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:48:14.0411 1240 napagent - ok
11:48:14.0427 1240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:48:14.0442 1240 NativeWifiP - ok
11:48:14.0473 1240 [ 779D0FDF086B4F8283A54746200C96F7 ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys
11:48:14.0473 1240 NCFilter - ok
11:48:14.0536 1240 [ C80385731664EEBEE0DA9C8553ED6EAB ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
11:48:14.0551 1240 NCFSD - ok
11:48:14.0567 1240 [ 08F4627B97E22E331C65B63AB452042F ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
11:48:14.0567 1240 NCIOCTL - ok
11:48:14.0583 1240 [ FE41234831B9CC2552404E5DB9C4067E ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys
11:48:14.0583 1240 NCRecognizer - ok
11:48:14.0598 1240 [ FBCFA160A001D27FCEA53017EB9EFAEE ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys
11:48:14.0614 1240 NCUncFilter - ok
11:48:14.0661 1240 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:48:14.0676 1240 NDIS - ok
11:48:14.0707 1240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:14.0754 1240 NdisCap - ok
11:48:14.0754 1240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:14.0785 1240 NdisTapi - ok
11:48:14.0785 1240 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:14.0817 1240 Ndisuio - ok
11:48:14.0832 1240 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:14.0848 1240 NdisWan - ok
11:48:14.0863 1240 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:48:14.0895 1240 NDProxy - ok
11:48:14.0895 1240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:48:14.0941 1240 NetBIOS - ok
11:48:14.0941 1240 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:48:14.0973 1240 NetBT - ok
11:48:14.0988 1240 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:48:14.0988 1240 Netlogon - ok
11:48:15.0019 1240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:48:15.0051 1240 Netman - ok
11:48:15.0066 1240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:48:15.0097 1240 netprofm - ok
11:48:15.0113 1240 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:48:15.0129 1240 NetTcpPortSharing - ok
11:48:15.0160 1240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:48:15.0160 1240 nfrd960 - ok
11:48:15.0191 1240 [ BB7E5D19E2565BA797CE0BCC20EDB74C ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
11:48:15.0207 1240 NICM - ok
11:48:15.0238 1240 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:48:15.0253 1240 NlaSvc - ok
11:48:15.0269 1240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:48:15.0300 1240 Npfs - ok
11:48:15.0331 1240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:48:15.0347 1240 nsi - ok
11:48:15.0363 1240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:48:15.0378 1240 nsiproxy - ok
11:48:15.0441 1240 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:48:15.0503 1240 Ntfs - ok
11:48:15.0519 1240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:48:15.0550 1240 Null - ok
11:48:15.0565 1240 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:48:15.0565 1240 nvraid - ok
11:48:15.0581 1240 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:48:15.0597 1240 nvstor - ok
11:48:15.0612 1240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:48:15.0612 1240 nv_agp - ok
11:48:15.0628 1240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:48:15.0659 1240 ohci1394 - ok
11:48:15.0721 1240 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:15.0737 1240 ose - ok
11:48:15.0846 1240 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:15.0955 1240 osppsvc - ok
11:48:15.0971 1240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:16.0002 1240 p2pimsvc - ok
11:48:16.0018 1240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:16.0018 1240 p2psvc - ok
11:48:16.0049 1240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:48:16.0065 1240 Parport - ok
11:48:16.0080 1240 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:16.0096 1240 partmgr - ok
11:48:16.0096 1240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:48:16.0111 1240 PcaSvc - ok
11:48:16.0127 1240 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:48:16.0143 1240 pci - ok
11:48:16.0158 1240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:16.0158 1240 pciide - ok
11:48:16.0174 1240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:48:16.0189 1240 pcmcia - ok
11:48:16.0205 1240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:16.0205 1240 pcw - ok
11:48:16.0221 1240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:16.0236 1240 PEAUTH - ok
11:48:16.0267 1240 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:48:16.0314 1240 PeerDistSvc - ok
11:48:16.0361 1240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:48:16.0377 1240 PerfHost - ok
11:48:16.0423 1240 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:48:16.0486 1240 pla - ok
11:48:16.0533 1240 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:16.0564 1240 PlugPlay - ok
11:48:16.0579 1240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:16.0611 1240 PNRPAutoReg - ok
11:48:16.0626 1240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:16.0626 1240 PNRPsvc - ok
11:48:16.0657 1240 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:16.0720 1240 PolicyAgent - ok
11:48:16.0735 1240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:48:16.0767 1240 Power - ok
11:48:16.0782 1240 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:16.0813 1240 PptpMiniport - ok
11:48:16.0813 1240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:48:16.0829 1240 Processor - ok
11:48:16.0876 1240 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:16.0876 1240 ProfSvc - ok
11:48:16.0891 1240 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:16.0907 1240 ProtectedStorage - ok
11:48:16.0923 1240 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:16.0954 1240 Psched - ok
11:48:17.0001 1240 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:48:17.0016 1240 PSI_SVC_2 - ok
11:48:17.0063 1240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:48:17.0110 1240 ql2300 - ok
11:48:17.0125 1240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:48:17.0125 1240 ql40xx - ok
11:48:17.0157 1240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:48:17.0157 1240 QWAVE - ok
11:48:17.0172 1240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:17.0188 1240 QWAVEdrv - ok
11:48:17.0203 1240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:17.0235 1240 RasAcd - ok
11:48:17.0266 1240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:17.0281 1240 RasAgileVpn - ok
11:48:17.0297 1240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:48:17.0328 1240 RasAuto - ok
11:48:17.0344 1240 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:17.0375 1240 Rasl2tp - ok
11:48:17.0406 1240 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:48:17.0422 1240 RasMan - ok
11:48:17.0437 1240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:17.0469 1240 RasPppoe - ok
11:48:17.0469 1240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:48:17.0500 1240 RasSstp - ok
11:48:17.0515 1240 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:48:17.0531 1240 rdbss - ok
11:48:17.0562 1240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:17.0562 1240 rdpbus - ok
11:48:17.0578 1240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:17.0609 1240 RDPCDD - ok
11:48:17.0609 1240 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:48:17.0625 1240 RDPDR - ok
11:48:17.0640 1240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:48:17.0671 1240 RDPENCDD - ok
11:48:17.0671 1240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:48:17.0687 1240 RDPREFMP - ok
11:48:17.0718 1240 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:48:17.0734 1240 RdpVideoMiniport - ok
11:48:17.0781 1240 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:48:17.0796 1240 RDPWD - ok
11:48:17.0812 1240 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:48:17.0827 1240 rdyboost - ok
11:48:17.0843 1240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:48:17.0874 1240 RemoteAccess - ok
11:48:17.0890 1240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:48:17.0921 1240 RemoteRegistry - ok
11:48:17.0937 1240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:48:17.0952 1240 RpcEptMapper - ok
11:48:17.0968 1240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:48:17.0983 1240 RpcLocator - ok
11:48:17.0999 1240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:48:18.0015 1240 RpcSs - ok
11:48:18.0030 1240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:48:18.0061 1240 rspndr - ok
11:48:18.0077 1240 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:48:18.0093 1240 s3cap - ok
11:48:18.0093 1240 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:48:18.0108 1240 SamSs - ok
11:48:18.0124 1240 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:48:18.0124 1240 sbp2port - ok
11:48:18.0139 1240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:48:18.0155 1240 SCardSvr - ok
11:48:18.0171 1240 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:48:18.0202 1240 scfilter - ok
11:48:18.0217 1240 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:48:18.0280 1240 Schedule - ok
11:48:18.0295 1240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:48:18.0311 1240 SCPolicySvc - ok
11:48:18.0327 1240 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:48:18.0342 1240 SDRSVC - ok
11:48:18.0358 1240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:48:18.0405 1240 secdrv - ok
11:48:18.0405 1240 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:48:18.0436 1240 seclogon - ok
11:48:18.0436 1240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:48:18.0467 1240 SENS - ok
11:48:18.0498 1240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:48:18.0529 1240 SensrSvc - ok
11:48:18.0561 1240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:48:18.0607 1240 Serenum - ok
11:48:18.0623 1240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:48:18.0654 1240 Serial - ok
11:48:18.0670 1240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:48:18.0701 1240 sermouse - ok
11:48:18.0717 1240 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:48:18.0748 1240 SessionEnv - ok
11:48:18.0763 1240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:48:18.0779 1240 sffdisk - ok
11:48:18.0779 1240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:48:18.0795 1240 sffp_mmc - ok
11:48:18.0795 1240 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:48:18.0810 1240 sffp_sd - ok
11:48:18.0810 1240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:48:18.0810 1240 sfloppy - ok
11:48:18.0841 1240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:48:18.0873 1240 SharedAccess - ok
11:48:18.0888 1240 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:18.0919 1240 ShellHWDetection - ok
11:48:18.0935 1240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:48:18.0951 1240 SiSRaid2 - ok
11:48:18.0966 1240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:48:18.0966 1240 SiSRaid4 - ok
11:48:19.0029 1240 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:19.0044 1240 SkypeUpdate - ok
11:48:19.0060 1240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:48:19.0107 1240 Smb - ok
11:48:19.0122 1240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:48:19.0153 1240 SNMPTRAP - ok
11:48:19.0153 1240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:48:19.0169 1240 spldr - ok
11:48:19.0185 1240 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:48:19.0216 1240 Spooler - ok
11:48:19.0294 1240 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:48:19.0403 1240 sppsvc - ok
11:48:19.0403 1240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:48:19.0434 1240 sppuinotify - ok
11:48:19.0434 1240 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:48:19.0450 1240 SQLBrowser - ok
11:48:19.0512 1240 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:48:19.0528 1240 SQLWriter - ok
11:48:19.0559 1240 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:48:19.0590 1240 srv - ok
11:48:19.0590 1240 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:48:19.0621 1240 srv2 - ok
11:48:19.0637 1240 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:48:19.0653 1240 srvnet - ok
11:48:19.0668 1240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:48:19.0699 1240 SSDPSRV - ok
11:48:19.0699 1240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:48:19.0731 1240 SstpSvc - ok
11:48:19.0746 1240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:48:19.0762 1240 stexstor - ok
11:48:19.0777 1240 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:48:19.0809 1240 stisvc - ok
11:48:19.0824 1240 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:48:19.0824 1240 storflt - ok
11:48:19.0855 1240 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:48:19.0871 1240 StorSvc - ok
11:48:19.0887 1240 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:48:19.0887 1240 storvsc - ok
11:48:19.0902 1240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:48:19.0902 1240 swenum - ok
11:48:19.0918 1240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:48:19.0965 1240 swprv - ok
11:48:19.0965 1240 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
11:48:19.0980 1240 Synth3dVsc - ok
11:48:20.0011 1240 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:48:20.0058 1240 SysMain - ok
11:48:20.0074 1240 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:20.0089 1240 TabletInputService - ok
11:48:20.0105 1240 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:48:20.0136 1240 TapiSrv - ok
11:48:20.0152 1240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:48:20.0167 1240 TBS - ok
11:48:20.0230 1240 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:48:20.0277 1240 Tcpip - ok
11:48:20.0339 1240 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:48:20.0370 1240 TCPIP6 - ok
11:48:20.0386 1240 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:48:20.0386 1240 tcpipreg - ok
11:48:20.0417 1240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:48:20.0417 1240 TDPIPE - ok
11:48:20.0448 1240 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:48:20.0479 1240 TDTCP - ok
11:48:20.0495 1240 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:48:20.0542 1240 tdx - ok
11:48:20.0635 1240 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:48:20.0667 1240 TeamViewer7 - ok
11:48:20.0682 1240 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:48:20.0682 1240 TermDD - ok
11:48:20.0698 1240 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
11:48:20.0713 1240 terminpt - ok
11:48:20.0729 1240 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:48:20.0760 1240 TermService - ok
11:48:20.0776 1240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:48:20.0791 1240 Themes - ok
11:48:20.0807 1240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:48:20.0823 1240 THREADORDER - ok
11:48:20.0854 1240 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
11:48:20.0869 1240 TPM - ok
11:48:20.0869 1240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:48:20.0901 1240 TrkWks - ok
11:48:20.0947 1240 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:20.0994 1240 TrustedInstaller - ok
11:48:21.0010 1240 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:21.0041 1240 tssecsrv - ok
11:48:21.0057 1240 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:48:21.0088 1240 TsUsbFlt - ok
11:48:21.0103 1240 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:48:21.0119 1240 TsUsbGD - ok
11:48:21.0135 1240 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
11:48:21.0150 1240 tsusbhub - ok
11:48:21.0306 1240 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
11:48:21.0384 1240 TuneUp.UtilitiesSvc - ok
11:48:21.0400 1240 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
11:48:21.0400 1240 TuneUpUtilitiesDrv - ok
11:48:21.0447 1240 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:48:21.0478 1240 tunnel - ok
11:48:21.0493 1240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:48:21.0509 1240 uagp35 - ok
11:48:21.0509 1240 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:48:21.0540 1240 udfs - ok
11:48:21.0556 1240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:48:21.0571 1240 UI0Detect - ok
11:48:21.0571 1240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:48:21.0587 1240 uliagpkx - ok
11:48:21.0603 1240 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:48:21.0618 1240 umbus - ok
11:48:21.0618 1240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:48:21.0634 1240 UmPass - ok
11:48:21.0649 1240 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:48:21.0665 1240 UmRdpService - ok
11:48:21.0743 1240 [ C485FB802F6C4A306B8F89BA087E5CA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:48:21.0774 1240 UNS - ok
11:48:21.0790 1240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:48:21.0852 1240 upnphost - ok
11:48:21.0883 1240 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
11:48:21.0899 1240 usbccgp - ok
11:48:21.0930 1240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:48:21.0961 1240 usbcir - ok
11:48:21.0977 1240 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:48:21.0993 1240 usbehci - ok
11:48:22.0008 1240 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:48:22.0039 1240 usbhub - ok
11:48:22.0055 1240 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:48:22.0071 1240 usbohci - ok
11:48:22.0086 1240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:48:22.0117 1240 usbprint - ok
11:48:22.0133 1240 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:22.0149 1240 USBSTOR - ok
11:48:22.0164 1240 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:48:22.0195 1240 usbuhci - ok
11:48:22.0211 1240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:48:22.0258 1240 UxSms - ok
11:48:22.0289 1240 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:48:22.0289 1240 VaultSvc - ok
11:48:22.0336 1240 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
11:48:22.0351 1240 VClone - ok
11:48:22.0367 1240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:48:22.0383 1240 vdrvroot - ok
11:48:22.0414 1240 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:48:22.0461 1240 vds - ok
11:48:22.0476 1240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:22.0476 1240 vga - ok
11:48:22.0492 1240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:48:22.0507 1240 VgaSave - ok
11:48:22.0523 1240 VGPU - ok
11:48:22.0539 1240 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:48:22.0539 1240 vhdmp - ok
11:48:22.0554 1240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:48:22.0570 1240 viaide - ok
11:48:22.0570 1240 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:48:22.0585 1240 vmbus - ok
11:48:22.0601 1240 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:48:22.0617 1240 VMBusHID - ok
11:48:22.0617 1240 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:48:22.0632 1240 volmgr - ok
11:48:22.0632 1240 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:48:22.0648 1240 volmgrx - ok
11:48:22.0648 1240 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:48:22.0663 1240 volsnap - ok
11:48:22.0695 1240 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
11:48:22.0710 1240 vpcbus - ok
11:48:22.0741 1240 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
11:48:22.0757 1240 vpcnfltr - ok
11:48:22.0773 1240 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
11:48:22.0788 1240 vpcusb - ok
11:48:22.0835 1240 [ C5B651E52540E6F46DA66574C74B4898 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
11:48:22.0866 1240 vpcvmm - ok
11:48:22.0866 1240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:48:22.0882 1240 vsmraid - ok
11:48:22.0929 1240 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:48:22.0975 1240 VSS - ok
11:48:22.0991 1240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:48:23.0007 1240 vwifibus - ok
11:48:23.0038 1240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:48:23.0069 1240 W32Time - ok
11:48:23.0085 1240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:48:23.0100 1240 WacomPen - ok
11:48:23.0116 1240 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:48:23.0147 1240 WANARP - ok
11:48:23.0147 1240 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:48:23.0163 1240 Wanarpv6 - ok
11:48:23.0209 1240 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:23.0272 1240 WatAdminSvc - ok
11:48:23.0303 1240 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:48:23.0365 1240 wbengine - ok
11:48:23.0381 1240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:48:23.0397 1240 WbioSrvc - ok
11:48:23.0397 1240 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:48:23.0428 1240 wcncsvc - ok
11:48:23.0443 1240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:48:23.0459 1240 WcsPlugInService - ok
11:48:23.0475 1240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:48:23.0490 1240 Wd - ok
11:48:23.0521 1240 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:48:23.0553 1240 Wdf01000 - ok
11:48:23.0568 1240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:48:23.0599 1240 WdiServiceHost - ok
11:48:23.0631 1240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:48:23.0646 1240 WdiSystemHost - ok
11:48:23.0662 1240 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:48:23.0677 1240 WebClient - ok
11:48:23.0693 1240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:48:23.0724 1240 Wecsvc - ok
11:48:23.0740 1240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:48:23.0771 1240 wercplsupport - ok
11:48:23.0802 1240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:48:23.0818 1240 WerSvc - ok
11:48:23.0833 1240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:48:23.0849 1240 WfpLwf - ok
11:48:23.0865 1240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:48:23.0865 1240 WIMMount - ok
11:48:23.0880 1240 WinDefend - ok
11:48:23.0880 1240 WinHttpAutoProxySvc - ok
11:48:23.0927 1240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:48:23.0958 1240 Winmgmt - ok
11:48:24.0005 1240 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:48:24.0067 1240 WinRM - ok
11:48:24.0099 1240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:48:24.0145 1240 Wlansvc - ok
11:48:24.0161 1240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:48:24.0177 1240 WmiAcpi - ok
11:48:24.0192 1240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:48:24.0208 1240 wmiApSrv - ok
11:48:24.0208 1240 WMPNetworkSvc - ok
11:48:24.0223 1240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:48:24.0239 1240 WPCSvc - ok
11:48:24.0255 1240 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:48:24.0255 1240 WPDBusEnum - ok
11:48:24.0270 1240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:48:24.0301 1240 ws2ifsl - ok
11:48:24.0317 1240 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:48:24.0348 1240 wscsvc - ok
11:48:24.0348 1240 WSearch - ok
11:48:24.0426 1240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:48:24.0504 1240 wuauserv - ok
11:48:24.0520 1240 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:48:24.0551 1240 WudfPf - ok
11:48:24.0567 1240 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:48:24.0582 1240 WUDFRd - ok
11:48:24.0613 1240 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:48:24.0629 1240 wudfsvc - ok
11:48:24.0660 1240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:48:24.0676 1240 WwanSvc - ok
11:48:24.0707 1240 XTSvcMgr - ok
11:48:24.0707 1240 ================ Scan global ===============================
11:48:24.0738 1240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:48:24.0769 1240 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:48:24.0769 1240 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:48:24.0785 1240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:48:24.0816 1240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:48:24.0816 1240 [Global] - ok
11:48:24.0816 1240 ================ Scan MBR ==================================
11:48:24.0832 1240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:48:25.0035 1240 \Device\Harddisk0\DR0 - ok
11:48:25.0035 1240 ================ Scan VBR ==================================
11:48:25.0050 1240 [ 8487A859575EAEAA67EE732BD9920FBE ] \Device\Harddisk0\DR0\Partition1
11:48:25.0050 1240 \Device\Harddisk0\DR0\Partition1 - ok
11:48:25.0066 1240 [ ADABF8D5663EAC56F98CB4F2467C0A12 ] \Device\Harddisk0\DR0\Partition2
11:48:25.0081 1240 \Device\Harddisk0\DR0\Partition2 - ok
11:48:25.0081 1240 ============================================================
11:48:25.0081 1240 Scan finished
11:48:25.0081 1240 ============================================================
11:48:25.0081 6112 Detected object count: 3
11:48:25.0081 6112 Actual detected object count: 3
11:49:16.0062 6112 Aspen Remote Simulation Service V7.2 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:16.0062 6112 Aspen Remote Simulation Service V7.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:16.0062 6112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:16.0062 6112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:16.0062 6112 iprntsrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:16.0062 6112 iprntsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.11.2012, 13:05
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype-Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2012, 13:36
| #5 |
| | Skype-Trojaner Das log-file von combofix lautet: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-16.02 - efa 19.11.2012 13:12:55.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1031.18.16259.14030 [GMT 1:00]
ausgeführt von:: c:\users\efa\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Betreuer\AppData\Roaming\unins000.exe
c:\users\Betreuer\Desktop\Internet Explorer.lnk
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\lsprst7.dll
c:\windows\TEMP\kladminkit\a97981a2-6bc9-4020-af5a-cfee830149cd.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-19 bis 2012-11-19 ))))))))))))))))))))))))))))))
.
.
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-19 12:01 . 2012-11-19 12:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-19 12:00 . 2012-11-19 12:01 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-19 12:00 . 2012-11-19 12:00 -------- d-----w- c:\programdata\Apple Computer
2012-11-19 12:00 . 2012-11-19 12:00 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-19 12:00 . 2012-11-19 12:00 -------- d-----w- c:\programdata\Apple
2012-11-19 12:00 . 2012-11-19 12:00 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-16 14:42 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-16 14:42 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 14:42 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 14:42 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 14:37 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 14:37 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 14:37 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 14:37 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 14:37 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 14:37 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 14:37 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:16 . 2012-11-16 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes
2012-11-16 10:16 . 2012-11-16 10:16 -------- d-----w- c:\programdata\Malwarebytes
2012-11-16 10:16 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 10:11 . 2012-05-29 12:09 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-16 10:11 . 2012-05-29 12:09 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-11-16 10:11 . 2012-05-29 12:09 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-11-16 10:11 . 2012-11-16 10:11 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-11-16 10:10 . 2012-11-16 10:11 -------- d-----w- c:\programdata\TuneUp Software
2012-11-16 10:10 . 2012-11-16 10:10 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-11-16 10:10 . 2012-11-16 10:10 -------- d--h--w- c:\programdata\Common Files
2012-11-06 13:23 . 2012-11-06 13:23 -------- d-----w- c:\program files\PDF Split And Merge Basic
2012-11-06 13:18 . 2012-11-06 13:18 -------- d-----w- c:\program files (x86)\pdfsam
2012-11-06 10:01 . 2012-11-06 10:01 -------- d-----w- c:\program files\Windows XP Mode
2012-11-06 09:56 . 2009-09-23 01:48 3584 ----a-w- c:\windows\system32\drivers\de-DE\vpchbus.sys.mui
2012-10-31 15:10 . 2012-10-31 15:10 -------- d-----w- c:\program files (x86)\Mendeley Desktop
2012-10-31 14:13 . 2012-10-31 14:13 -------- d-----w- c:\programdata\Protexis
2012-10-25 11:56 . 2012-10-25 11:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-25 11:56 . 2012-10-25 11:56 -------- d-----r- c:\program files (x86)\Skype
2012-10-25 11:55 . 2012-10-25 11:56 -------- d-----w- c:\programdata\Skype
2012-10-25 06:34 . 2012-11-06 13:38 -------- d-----w- c:\users\efa
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-24 09:07 . 2012-10-24 09:07 -------- d-----w- c:\users\admin
2012-10-24 08:55 . 2012-10-24 08:55 -------- d-----w- c:\users\Betreuer\AppData\Local\OriginLab
2012-10-24 08:53 . 2012-10-24 08:53 -------- d-----w- c:\users\Betreuer\AppData\Roaming\Subversion
2012-10-24 08:53 . 2012-10-24 08:53 -------- d-----w- c:\users\Betreuer\AppData\Roaming\MathWorks
2012-10-24 08:51 . 2012-10-24 08:51 -------- d-----w- c:\programdata\OriginLab
2012-10-24 08:48 . 2012-10-24 08:48 -------- d-----w- c:\program files\OriginLab
2012-10-24 08:47 . 2012-10-24 08:47 -------- d-----w- c:\users\Betreuer\AppData\Roaming\InstallShield
2012-10-24 07:57 . 2012-10-24 07:57 -------- d-----w- c:\program files\MATLAB
2012-10-24 07:45 . 2012-11-19 04:53 -------- d-----w- C:\NDPS
2012-10-24 07:36 . 2012-10-24 07:36 -------- d-----w- c:\windows\SysWow64\novell
2012-10-24 07:36 . 2009-03-30 09:45 823296 ------w- c:\windows\SysWow64\ccsw32.dll
2012-10-24 07:36 . 2008-06-12 06:34 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-10-24 07:36 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-10-24 07:36 . 2001-09-05 02:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-10-24 07:36 . 2001-09-05 02:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-10-24 07:36 . 2001-09-05 02:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-10-24 07:36 . 2012-10-24 07:36 -------- d-----w- c:\programdata\Novell
2012-10-24 07:36 . 2012-10-24 07:36 -------- d-----w- c:\windows\SysWow64\nls
2012-10-24 07:36 . 2012-10-24 07:37 -------- d-----w- c:\program files\Novell
2012-10-24 07:36 . 2012-10-24 07:37 -------- d-----w- c:\program files (x86)\Novell
2012-10-24 07:36 . 2012-10-24 07:36 -------- d-----w- c:\windows\system32\nls
2012-10-24 07:31 . 2012-10-24 07:31 27736 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-10-24 07:29 . 2012-10-24 07:29 -------- d-----w- c:\users\Betreuer\AppData\Roaming\TeamViewer
2012-10-24 07:27 . 2012-10-24 07:27 -------- d-----w- c:\program files (x86)\TeamViewer
2012-10-23 13:01 . 2012-11-19 09:49 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-23 13:01 . 2012-10-24 07:31 268376 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-23 13:00 . 2012-10-23 13:01 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-23 13:00 . 2012-10-23 13:00 -------- d-----w- c:\program files (x86)\Common Files\Kaspersky Lab
2012-10-23 13:00 . 2012-10-23 13:00 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2012-10-23 13:00 . 2012-10-23 13:00 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
2012-10-23 13:00 . 2012-10-23 13:00 233472 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
2012-10-23 13:00 . 2012-10-23 13:00 335872 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
2012-10-23 13:00 . 2012-10-23 13:00 188416 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
2012-10-23 13:00 . 2012-10-23 13:00 626688 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
2012-10-23 13:00 . 2012-10-23 13:00 290816 ----a-w- c:\program files (x86)\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
2012-10-23 12:59 . 2012-10-23 12:59 -------- d-----w- c:\users\Betreuer\AppData\Roaming\vlc
2012-10-23 12:59 . 2012-10-23 12:59 -------- d-----w- c:\program files (x86)\VideoLAN
2012-10-23 12:54 . 2012-10-23 12:54 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-10-23 12:42 . 2012-10-23 12:44 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-10-23 12:42 . 2012-10-23 12:42 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-10-23 12:42 . 2012-10-23 12:42 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-10-23 12:42 . 2012-10-23 12:42 -------- d-----w- c:\programdata\Corel
2012-10-23 12:40 . 2012-10-23 12:40 -------- d-----w- c:\program files (x86)\Corel
2012-10-23 10:46 . 2012-10-23 10:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-23 10:34 . 2012-10-23 10:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Vorlagen
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Startmenü
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Netzwerkumgebung
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Eigene Dateien
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Druckumgebung
2012-10-23 10:22 . 2012-10-23 10:22 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-10-23 10:17 . 2012-10-23 10:17 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-10-23 10:14 . 2012-10-23 10:14 -------- d-----w- c:\users\Betreuer\AppData\Local\Adobe
2012-10-23 10:12 . 2012-10-23 10:15 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-23 10:11 . 2012-10-23 10:49 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-10-23 09:08 . 2012-10-23 09:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-10-23 09:08 . 2012-10-23 09:08 -------- d-----w- c:\windows\PCHEALTH
2012-10-23 09:08 . 2012-10-23 09:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-10-23 09:08 . 2012-10-23 09:08 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-23 09:07 . 2012-10-23 09:07 -------- d-----w- C:\IDE
2012-10-23 09:07 . 2012-10-23 09:07 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-10-23 09:07 . 2012-10-23 09:07 -------- d-----w- c:\program files\Microsoft Office
2012-10-23 09:07 . 2012-10-23 09:07 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-10-23 09:07 . 2012-10-23 09:07 -------- d-----w- c:\users\Betreuer\AppData\Local\Microsoft Help
2012-10-23 09:07 . 2012-11-16 14:45 -------- d-----w- c:\programdata\Microsoft Help
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----r- C:\MSOCache
2012-10-23 09:03 . 2012-10-23 09:03 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-10-23 09:03 . 2012-10-23 09:03 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-23 09:03 . 2012-10-23 09:03 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-23 09:03 . 2012-10-23 09:03 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 09:03 . 2012-10-23 09:03 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-23 09:03 . 2012-10-23 09:03 188904 ----a-w- c:\windows\system32\java.exe
2012-10-23 09:03 . 2012-10-23 09:03 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-23 09:03 . 2012-10-23 09:03 -------- d-----w- c:\program files\Java
2012-10-23 09:02 . 2012-10-23 09:02 -------- d-----w- c:\users\Betreuer\AppData\Roaming\FreePDF
2012-10-23 09:02 . 2012-10-23 09:02 -------- d-----w- c:\program files (x86)\FreePDF_XP
2012-10-23 09:02 . 2010-06-17 19:56 87040 ----a-w- c:\windows\system32\redmonnt.dll
2012-10-23 09:02 . 2010-06-17 19:56 46080 ----a-w- c:\windows\system32\unredmon.exe
2012-10-23 09:01 . 2012-10-23 09:01 -------- d-----w- c:\program files\gs
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 14:37 . 2012-10-19 12:41 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-18 10:31 . 2012-10-18 10:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-18 10:31 . 2012-10-18 10:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-18 10:31 . 2012-10-18 10:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-18 10:31 . 2012-10-18 10:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-18 10:31 . 2012-10-18 10:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-18 10:31 . 2012-10-18 10:31 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-18 10:31 . 2012-10-18 10:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-18 10:31 . 2012-10-18 10:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-18 10:31 . 2012-10-18 10:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-18 10:31 . 2012-10-18 10:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-18 10:31 . 2012-10-18 10:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-18 10:31 . 2012-10-18 10:31 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-18 10:31 . 2012-10-18 10:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-18 10:31 . 2012-10-18 10:31 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-18 10:31 . 2012-10-18 10:31 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-18 10:31 . 2012-10-18 10:31 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-18 10:31 . 2012-10-18 10:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-18 10:31 . 2012-10-18 10:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-18 10:31 . 2012-10-18 10:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-18 10:31 . 2012-10-18 10:31 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-18 10:31 . 2012-10-18 10:31 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-18 10:31 . 2012-10-18 10:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-18 10:31 . 2012-10-18 10:31 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-18 10:31 . 2012-10-18 10:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-18 10:31 . 2012-10-18 10:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-18 10:31 . 2012-10-18 10:31 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-18 10:31 . 2012-10-18 10:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-18 10:31 . 2012-10-18 10:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-18 10:31 . 2012-10-18 10:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-18 10:31 . 2012-10-18 10:31 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-18 10:31 . 2012-10-18 10:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-18 10:31 . 2012-10-18 10:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-18 10:31 . 2012-10-18 10:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-18 10:31 . 2012-10-18 10:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-18 10:31 . 2012-10-18 10:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-18 10:31 . 2012-10-18 10:31 448512 ----a-w- c:\windows\system32\html.iec
2012-10-18 10:31 . 2012-10-18 10:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-18 10:31 . 2012-10-18 10:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-18 10:31 . 2012-10-18 10:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-18 10:31 . 2012-10-18 10:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-18 10:31 . 2012-10-18 10:31 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-18 10:31 . 2012-10-18 10:31 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-18 10:31 . 2012-10-18 10:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-18 10:31 . 2012-10-18 10:31 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-18 10:31 . 2012-10-18 10:31 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-18 10:31 . 2012-10-18 10:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-18 10:31 . 2012-10-18 10:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-18 10:31 . 2012-10-18 10:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-18 10:31 . 2012-10-18 10:31 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-14 19:19 . 2012-10-19 12:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-19 12:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-19 12:38 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-19 11:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-19 11:32 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-19 11:32 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-19 12:38 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-19 12:38 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-10-19 12:38 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-10-19 12:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-10-19 12:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-10-19 12:38 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-20 133440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2012-05-12 112216]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2012-05-12 119896]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2012-05-12 26200]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 Aspen Remote Simulation Service V7.2;Aspen Remote Simulation Service V7.2;c:\program files (x86)\AspenTech\Aspen Remote Simulation Service V7.2\AspenTech.AspenCxs.RemotingSvc.exe [2010-05-04 76800]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
S2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2011-11-04 55296]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-20 166720]
S2 klnagent;Kaspersky Lab Network Agent;c:\program files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-03-10 136352]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2012-05-12 108632]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2012-05-12 90200]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-20 365376]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2012-05-12 19544]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 16:38]
.
2012-11-19 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-10-24 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-23 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-23 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-23 439104]
"NWTRAY"="NWTRAY.EXE" [2012-05-12 37976]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2011-11-04 66136]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2011-11-04 69720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{04B11463-11E5-4D7E-8AD4-F9DD0479F912}: NameServer = 129.27.2.3,129.27.3.3
FF - ProfilePath - c:\users\efa\AppData\Roaming\Mozilla\Firefox\Profiles\fm31a453.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Pqwiwx - c:\users\efa\AppData\Roaming\Pqwiwx.exe
AddRemove-{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1 - c:\users\Betreuer\AppData\Roaming\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-19 13:25:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-19 12:25
.
Vor Suchlauf: 11 Verzeichnis(se), 91.023.192.064 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 91.188.502.528 Bytes frei
.
- - End Of File - - 73D933FD5868CF5862A2ECC767069C00
|
|
19.11.2012, 14:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype-TrojanerCode:
ATTFilter Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1031.18.16259.14030 [GMT 1:00]
__________________ --> Skype-Trojaner |
|
19.11.2012, 14:36
| #7 |
| | Skype-Trojaner Ja, warum? Geändert von Theta (19.11.2012 um 14:50 Uhr) |
|
19.11.2012, 15:26
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype-Trojaner Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 15:34
| #9 |
| | Skype-Trojaner Sorry, wusste ich nicht... unser EDV-Beauftragter wusste auch nicht weiter... Vielen Dank jedenfalls für die Mühe!! |
|
19.11.2012, 18:52
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype-Trojaner Was habt ihr denn für einen EDV-ler?  Ich meine Schädlinge vernünftig per Bereingung muss man nicht unbedingt als Admin können, aber dann zumindest sollte man wissen wie man Datensichert, und das Gerät komplett neu installiert oder besser, man hat vorgesorgt und noch ein enigermaßen aktuelles Images von diesem Rechner Oder habt ihr keine echte EDV-Abteilung, nur eine Person, die sich mehr so nebenbei darum kümmert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 16:54
| #11 |
| | Skype-Trojaner wir haben eine Person, die sich nebenbei kümmert und beim Kollegen war der Trojaner nach dem neu aufsetzen noch da... |
|
20.11.2012, 18:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype-Trojaner Dann muss er aber ziemlich viel falsch gemacht haben...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.11.2012, 14:43
| #13 |
| | Skype-Trojaner Ja, anscheinend... Naja, danke jedenfalls vielmals für diene Hilfe!! Ich hoffe, jetzt ist alles weg... |
|
| Themen zu Skype-Trojaner |
| administrator, anleitung, anti-malware, appdata, automatisch, autostart, code, datei, dateien, e621ca05.exe, exe, explorer, festplatte, file, folge, gen, link, malwarebytes, ordner, recycler, roaming, service, skype-virus, speicher, system, version, öffnen |
Linear-Darstellung
