| |
| |||||||
Log-Analyse und Auswertung: Ebenfalls GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.12.2012, 13:59
| #1 |
| |  Ebenfalls GVU Trojaner Hallo und erstmal danke für die kompetente Hilfe hier bei euch! Auch mich hat es heute erwischt. Der GVU Trojaner hat zugesclagen. Ich hab mein Win7 64bit runtergefahren und mit F8 im abgesicherten Modus gestartet, dann OTL.exe dürberlaufen lassen. Logs sind im Anhang. Würde mich über Hilfe freuen. |
|
18.12.2012, 14:10
| #2 |
| /// Malware-holic   | Ebenfalls GVU Trojaner hi
__________________falls du deinen Namen unkenntlich gemacht hast, passe das Script an. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - Startup: C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk = File not found
O4 - HKU\S-1-5-21-3510303937-31973250-3848675314-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3510303937-31973250-3848675314-1000..\Run: [EPSONE1429D (Epson Stylus Photo PX720WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Users\MM\AppData\Local\Temp\E_SDAC4.tmp" /EF "HKCU" File not found
[2012.12.18 12:33:19 | 000,266,240 | ---- | C] (Корпорация Майкрософт) -- C:\Users\MM\wgsdgsdgdsgsd.exe
[2012.12.18 12:33:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.18 12:33:28 | 000,001,039 | ---- | C] () -- C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
18.12.2012, 14:37
| #3 |
| | Ebenfalls GVU Trojaner Danke für die schnelle Antwort.
__________________Habe die Datei wie beschrieben, problemlos über den Uploadchannel hochladen können. achso: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk moved successfully.
Registry value HKEY_USERS\S-1-5-21-3510303937-31973250-3848675314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3510303937-31973250-3848675314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSONE1429D (Epson Stylus Photo PX720WD) deleted successfully.
C:\Users\MM\wgsdgsdgdsgsd.exe moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56504 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mcx1-TALL-GODDESS
->Flash cache emptied: 56504 bytes
User: MM
->Flash cache emptied: 1994062 bytes
User: Public
Total Flash Files Cleaned = 2,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mcx1-TALL-GODDESS
->Temp folder emptied: 454 bytes
->Temporary Internet Files folder emptied: 78346 bytes
->Flash cache emptied: 0 bytes
User: MM
->Temp folder emptied: 4093 bytes
->Temporary Internet Files folder emptied: 152993909 bytes
->Java cache emptied: 6307290 bytes
->FireFox cache emptied: 596385900 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1548319 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61649002 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 527618 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 782,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12182012_142946
Files\Folders moved on Reboot...
C:\Users\MM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
18.12.2012, 19:05
| #4 |
| /// Malware-holic | Ebenfalls GVU Trojaner Hi danke. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:39
| #5 |
| | Ebenfalls GVU Trojaner Hmm, ich hoffe, das ist der richtgie Log: Code:
ATTFilter 19:31:46.0866 5056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:31:47.0022 5056 ============================================================
19:31:47.0022 5056 Current date / time: 2012/12/18 19:31:47.0022
19:31:47.0022 5056 SystemInfo:
19:31:47.0022 5056
19:31:47.0022 5056 OS Version: 6.1.7601 ServicePack: 1.0
19:31:47.0022 5056 Product type: Workstation
19:31:47.0022 5056 ComputerName: TALL-GODDESS
19:31:47.0022 5056 UserName: MM
19:31:47.0022 5056 Windows directory: C:\Windows
19:31:47.0022 5056 System windows directory: C:\Windows
19:31:47.0022 5056 Running under WOW64
19:31:47.0022 5056 Processor architecture: Intel x64
19:31:47.0022 5056 Number of processors: 2
19:31:47.0022 5056 Page size: 0x1000
19:31:47.0022 5056 Boot type: Normal boot
19:31:47.0022 5056 ============================================================
19:31:48.0098 5056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:48.0114 5056 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:48.0160 5056 Drive \Device\Harddisk6\DR6 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:31:48.0504 5056 Drive \Device\Harddisk7\DR9 - Size: 0x3B6000000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x791, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:31:48.0504 5056 ============================================================
19:31:48.0504 5056 \Device\Harddisk0\DR0:
19:31:48.0504 5056 MBR partitions:
19:31:48.0504 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:31:48.0535 5056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
19:31:48.0535 5056 \Device\Harddisk1\DR1:
19:31:48.0550 5056 MBR partitions:
19:31:48.0550 5056 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:31:48.0566 5056 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
19:31:48.0566 5056 \Device\Harddisk6\DR6:
19:31:48.0566 5056 MBR partitions:
19:31:48.0566 5056 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
19:31:48.0566 5056 \Device\Harddisk7\DR9:
19:31:48.0566 5056 MBR partitions:
19:31:48.0566 5056 \Device\Harddisk7\DR9\Partition1: MBR, Type 0xC, StartLBA 0x970, BlocksNum 0x1DAF690
19:31:48.0566 5056 ============================================================
19:31:48.0628 5056 C: <-> \Device\Harddisk1\DR1\Partition1
19:31:48.0644 5056 D: <-> \Device\Harddisk0\DR0\Partition1
19:31:48.0675 5056 E: <-> \Device\Harddisk0\DR0\Partition2
19:31:48.0706 5056 F: <-> \Device\Harddisk1\DR1\Partition2
19:31:48.0816 5056 O: <-> \Device\Harddisk6\DR6\Partition1
19:31:48.0816 5056 ============================================================
19:31:48.0816 5056 Initialize success
19:31:48.0816 5056 ============================================================
19:32:27.0784 1768 ============================================================
19:32:27.0784 1768 Scan started
19:32:27.0784 1768 Mode: Manual; SigCheck; TDLFS;
19:32:27.0784 1768 ============================================================
19:32:29.0110 1768 ================ Scan system memory ========================
19:32:29.0110 1768 System memory - ok
19:32:29.0110 1768 ================ Scan services =============================
19:32:29.0235 1768 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:32:29.0329 1768 1394ohci - ok
19:32:29.0360 1768 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:32:29.0391 1768 ACPI - ok
19:32:29.0407 1768 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:32:29.0469 1768 AcpiPmi - ok
19:32:29.0500 1768 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
19:32:29.0547 1768 adfs - ok
19:32:29.0594 1768 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:29.0641 1768 adp94xx - ok
19:32:29.0672 1768 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:32:29.0703 1768 adpahci - ok
19:32:29.0719 1768 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:32:29.0734 1768 adpu320 - ok
19:32:29.0766 1768 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:32:29.0875 1768 AeLookupSvc - ok
19:32:29.0937 1768 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:32:29.0984 1768 AFD - ok
19:32:30.0031 1768 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:32:30.0046 1768 agp440 - ok
19:32:30.0062 1768 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:32:30.0109 1768 ALG - ok
19:32:30.0156 1768 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:32:30.0171 1768 aliide - ok
19:32:30.0187 1768 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:32:30.0202 1768 amdide - ok
19:32:30.0249 1768 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:32:30.0296 1768 AmdK8 - ok
19:32:30.0312 1768 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:32:30.0343 1768 AmdPPM - ok
19:32:30.0374 1768 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:32:30.0390 1768 amdsata - ok
19:32:30.0421 1768 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:30.0452 1768 amdsbs - ok
19:32:30.0468 1768 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:32:30.0483 1768 amdxata - ok
19:32:30.0561 1768 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:32:30.0577 1768 AntiVirSchedulerService - ok
19:32:30.0624 1768 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:32:30.0624 1768 AntiVirService - ok
19:32:30.0670 1768 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:32:30.0811 1768 AppID - ok
19:32:30.0842 1768 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:32:30.0889 1768 AppIDSvc - ok
19:32:30.0920 1768 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:32:30.0982 1768 Appinfo - ok
19:32:31.0045 1768 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:32:31.0045 1768 Apple Mobile Device - ok
19:32:31.0092 1768 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:32:31.0107 1768 AppMgmt - ok
19:32:31.0138 1768 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:32:31.0170 1768 arc - ok
19:32:31.0185 1768 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:32:31.0201 1768 arcsas - ok
19:32:31.0232 1768 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:31.0279 1768 AsyncMac - ok
19:32:31.0326 1768 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:32:31.0341 1768 atapi - ok
19:32:31.0388 1768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:31.0466 1768 AudioEndpointBuilder - ok
19:32:31.0482 1768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:32:31.0528 1768 AudioSrv - ok
19:32:31.0575 1768 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:32:31.0591 1768 avgntflt - ok
19:32:31.0622 1768 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:32:31.0638 1768 avipbb - ok
19:32:31.0653 1768 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:32:31.0669 1768 avkmgr - ok
19:32:31.0700 1768 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:32:31.0778 1768 AxInstSV - ok
19:32:31.0825 1768 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:31.0872 1768 b06bdrv - ok
19:32:31.0918 1768 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:31.0965 1768 b57nd60a - ok
19:32:31.0996 1768 [ 2BC7C1697B633692A061A4A36ED9DFDD ] bcm44amd64 C:\Windows\system32\DRIVERS\b44amd64.sys
19:32:32.0028 1768 bcm44amd64 - ok
19:32:32.0059 1768 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:32:32.0090 1768 BDESVC - ok
19:32:32.0106 1768 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:32:32.0152 1768 Beep - ok
19:32:32.0215 1768 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:32:32.0277 1768 BFE - ok
19:32:32.0324 1768 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:32:32.0402 1768 BITS - ok
19:32:32.0433 1768 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:32.0449 1768 blbdrive - ok
19:32:32.0527 1768 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:32:32.0542 1768 Bonjour Service - ok
19:32:32.0589 1768 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:32:32.0620 1768 bowser - ok
19:32:32.0636 1768 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:32:32.0698 1768 BrFiltLo - ok
19:32:32.0714 1768 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:32:32.0745 1768 BrFiltUp - ok
19:32:32.0776 1768 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:32:32.0808 1768 Browser - ok
19:32:32.0823 1768 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:32:32.0870 1768 Brserid - ok
19:32:32.0886 1768 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:32.0901 1768 BrSerWdm - ok
19:32:32.0917 1768 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:32.0948 1768 BrUsbMdm - ok
19:32:32.0948 1768 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:32.0964 1768 BrUsbSer - ok
19:32:32.0979 1768 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:33.0010 1768 BTHMODEM - ok
19:32:33.0042 1768 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:32:33.0104 1768 bthserv - ok
19:32:33.0135 1768 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\Windows\system32\DRIVERS\busenum.sys
19:32:33.0151 1768 busenum - ok
19:32:33.0182 1768 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:32:33.0244 1768 cdfs - ok
19:32:33.0291 1768 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:32:33.0322 1768 cdrom - ok
19:32:33.0354 1768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:32:33.0400 1768 CertPropSvc - ok
19:32:33.0416 1768 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:32:33.0463 1768 circlass - ok
19:32:33.0478 1768 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:32:33.0494 1768 CLFS - ok
19:32:33.0541 1768 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:33.0556 1768 clr_optimization_v2.0.50727_32 - ok
19:32:33.0603 1768 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:32:33.0634 1768 clr_optimization_v2.0.50727_64 - ok
19:32:33.0697 1768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:33.0712 1768 clr_optimization_v4.0.30319_32 - ok
19:32:33.0790 1768 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:32:33.0790 1768 clr_optimization_v4.0.30319_64 - ok
19:32:33.0822 1768 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:33.0884 1768 CmBatt - ok
19:32:33.0915 1768 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:32:33.0931 1768 cmdide - ok
19:32:33.0962 1768 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:32:34.0009 1768 CNG - ok
19:32:34.0009 1768 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:32:34.0040 1768 Compbatt - ok
19:32:34.0056 1768 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:32:34.0102 1768 CompositeBus - ok
19:32:34.0118 1768 COMSysApp - ok
19:32:34.0134 1768 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:34.0149 1768 crcdisk - ok
19:32:34.0196 1768 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:32:34.0243 1768 CryptSvc - ok
19:32:34.0274 1768 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:32:34.0336 1768 CSC - ok
19:32:34.0368 1768 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:32:34.0430 1768 CscService - ok
19:32:34.0461 1768 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:32:34.0477 1768 CVirtA - ok
19:32:34.0524 1768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:32:34.0570 1768 DcomLaunch - ok
19:32:34.0602 1768 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:32:34.0648 1768 defragsvc - ok
19:32:34.0680 1768 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:32:34.0726 1768 DfsC - ok
19:32:34.0758 1768 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:32:34.0773 1768 dg_ssudbus - ok
19:32:34.0820 1768 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:32:34.0867 1768 Dhcp - ok
19:32:34.0882 1768 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:32:34.0945 1768 discache - ok
19:32:34.0960 1768 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:32:34.0976 1768 Disk - ok
19:32:35.0007 1768 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:32:35.0023 1768 DNE - ok
19:32:35.0070 1768 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:32:35.0101 1768 Dnscache - ok
19:32:35.0148 1768 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:32:35.0194 1768 dot3svc - ok
19:32:35.0226 1768 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:32:35.0272 1768 DPS - ok
19:32:35.0304 1768 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:32:35.0319 1768 drmkaud - ok
19:32:35.0366 1768 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:32:35.0382 1768 dsNcAdpt - ok
19:32:35.0475 1768 [ 6AFB858B9E124E6A4DC4ED4E8525C050 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
19:32:35.0491 1768 dsNcService - ok
19:32:35.0538 1768 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:32:35.0584 1768 DXGKrnl - ok
19:32:35.0616 1768 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:32:35.0662 1768 EapHost - ok
19:32:35.0740 1768 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:32:35.0865 1768 ebdrv - ok
19:32:35.0881 1768 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:32:35.0912 1768 EFS - ok
19:32:35.0974 1768 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:32:36.0037 1768 ehRecvr - ok
19:32:36.0068 1768 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:32:36.0099 1768 ehSched - ok
19:32:36.0146 1768 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:32:36.0177 1768 elxstor - ok
19:32:36.0208 1768 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:32:36.0224 1768 ErrDev - ok
19:32:36.0286 1768 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:32:36.0333 1768 EventSystem - ok
19:32:36.0349 1768 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:32:36.0396 1768 exfat - ok
19:32:36.0427 1768 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:32:36.0474 1768 fastfat - ok
19:32:36.0520 1768 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:32:36.0598 1768 Fax - ok
19:32:36.0614 1768 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:32:36.0630 1768 fdc - ok
19:32:36.0661 1768 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:32:36.0708 1768 fdPHost - ok
19:32:36.0723 1768 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:32:36.0770 1768 FDResPub - ok
19:32:36.0801 1768 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:32:36.0817 1768 FileInfo - ok
19:32:36.0832 1768 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:32:36.0879 1768 Filetrace - ok
19:32:36.0926 1768 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:32:36.0942 1768 FLEXnet Licensing Service - ok
19:32:36.0988 1768 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:32:37.0020 1768 FLEXnet Licensing Service 64 - ok
19:32:37.0035 1768 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:37.0051 1768 flpydisk - ok
19:32:37.0098 1768 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:32:37.0113 1768 FltMgr - ok
19:32:37.0144 1768 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:32:37.0222 1768 FontCache - ok
19:32:37.0269 1768 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:37.0285 1768 FontCache3.0.0.0 - ok
19:32:37.0300 1768 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:32:37.0316 1768 FsDepends - ok
19:32:37.0347 1768 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:32:37.0363 1768 Fs_Rec - ok
19:32:37.0410 1768 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:32:37.0425 1768 fvevol - ok
19:32:37.0441 1768 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:37.0456 1768 gagp30kx - ok
19:32:37.0503 1768 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:37.0519 1768 GEARAspiWDM - ok
19:32:37.0550 1768 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:32:37.0628 1768 gpsvc - ok
19:32:37.0644 1768 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:32:37.0659 1768 hcw85cir - ok
19:32:37.0706 1768 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:37.0753 1768 HdAudAddService - ok
19:32:37.0784 1768 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:32:37.0800 1768 HDAudBus - ok
19:32:37.0815 1768 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:37.0846 1768 HidBatt - ok
19:32:37.0862 1768 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:32:37.0893 1768 HidBth - ok
19:32:37.0924 1768 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:32:37.0956 1768 HidIr - ok
19:32:37.0987 1768 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:32:38.0034 1768 hidserv - ok
19:32:38.0080 1768 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:32:38.0112 1768 HidUsb - ok
19:32:38.0143 1768 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:32:38.0190 1768 hkmsvc - ok
19:32:38.0221 1768 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:38.0268 1768 HomeGroupListener - ok
19:32:38.0314 1768 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:38.0330 1768 HomeGroupProvider - ok
19:32:38.0361 1768 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:32:38.0377 1768 HpSAMD - ok
19:32:38.0424 1768 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:32:38.0502 1768 HTTP - ok
19:32:38.0533 1768 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:32:38.0548 1768 hwpolicy - ok
19:32:38.0595 1768 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:32:38.0611 1768 i8042prt - ok
19:32:38.0642 1768 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:32:38.0689 1768 iaStorV - ok
19:32:38.0736 1768 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:38.0985 1768 idsvc - ok
19:32:39.0016 1768 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:32:39.0032 1768 iirsp - ok
19:32:39.0079 1768 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:32:39.0204 1768 IKEEXT - ok
19:32:39.0235 1768 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:32:39.0250 1768 intelide - ok
19:32:39.0266 1768 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:32:39.0297 1768 intelppm - ok
19:32:39.0328 1768 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:32:39.0375 1768 IPBusEnum - ok
19:32:39.0422 1768 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:39.0453 1768 IpFilterDriver - ok
19:32:39.0500 1768 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:32:39.0531 1768 iphlpsvc - ok
19:32:39.0578 1768 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:32:39.0609 1768 IPMIDRV - ok
19:32:39.0640 1768 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:32:39.0703 1768 IPNAT - ok
19:32:39.0781 1768 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:32:39.0796 1768 iPod Service - ok
19:32:39.0812 1768 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:32:39.0890 1768 IRENUM - ok
19:32:39.0906 1768 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:32:39.0921 1768 isapnp - ok
19:32:39.0952 1768 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:32:39.0984 1768 iScsiPrt - ok
19:32:39.0999 1768 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:40.0030 1768 kbdclass - ok
19:32:40.0046 1768 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:40.0077 1768 kbdhid - ok
19:32:40.0077 1768 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:32:40.0093 1768 KeyIso - ok
19:32:40.0124 1768 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:32:40.0140 1768 KSecDD - ok
19:32:40.0171 1768 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:32:40.0186 1768 KSecPkg - ok
19:32:40.0218 1768 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:32:40.0264 1768 ksthunk - ok
19:32:40.0296 1768 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:32:40.0374 1768 KtmRm - ok
19:32:40.0405 1768 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:32:40.0467 1768 LanmanServer - ok
19:32:40.0498 1768 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:40.0545 1768 LanmanWorkstation - ok
19:32:40.0592 1768 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:32:40.0639 1768 lltdio - ok
19:32:40.0670 1768 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:32:40.0717 1768 lltdsvc - ok
19:32:40.0732 1768 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:32:40.0779 1768 lmhosts - ok
19:32:40.0810 1768 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:40.0826 1768 LSI_FC - ok
19:32:40.0842 1768 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:40.0873 1768 LSI_SAS - ok
19:32:40.0888 1768 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:40.0904 1768 LSI_SAS2 - ok
19:32:40.0920 1768 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:40.0935 1768 LSI_SCSI - ok
19:32:40.0966 1768 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:32:41.0029 1768 luafv - ok
19:32:41.0060 1768 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:32:41.0076 1768 LVPr2M64 - ok
19:32:41.0107 1768 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:32:41.0107 1768 LVPr2Mon - ok
19:32:41.0138 1768 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:32:41.0154 1768 LVPrcS64 - ok
19:32:41.0185 1768 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:32:41.0216 1768 LVRS64 - ok
19:32:41.0341 1768 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:32:41.0575 1768 LVUVC64 - ok
19:32:41.0606 1768 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:32:41.0637 1768 Mcx2Svc - ok
19:32:41.0653 1768 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:32:41.0668 1768 megasas - ok
19:32:41.0700 1768 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:41.0731 1768 MegaSR - ok
19:32:41.0778 1768 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:32:41.0793 1768 Microsoft Office Groove Audit Service - ok
19:32:41.0824 1768 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:32:41.0871 1768 MMCSS - ok
19:32:41.0902 1768 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:32:41.0949 1768 Modem - ok
19:32:41.0980 1768 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:32:42.0012 1768 monitor - ok
19:32:42.0027 1768 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:32:42.0058 1768 mouclass - ok
19:32:42.0090 1768 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:32:42.0121 1768 mouhid - ok
19:32:42.0136 1768 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:32:42.0152 1768 mountmgr - ok
19:32:42.0230 1768 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:32:42.0246 1768 MozillaMaintenance - ok
19:32:42.0277 1768 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:32:42.0308 1768 mpio - ok
19:32:42.0324 1768 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:32:42.0370 1768 mpsdrv - ok
19:32:42.0417 1768 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:32:42.0464 1768 MpsSvc - ok
19:32:42.0511 1768 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:32:42.0542 1768 MRxDAV - ok
19:32:42.0589 1768 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:42.0620 1768 mrxsmb - ok
19:32:42.0667 1768 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:42.0698 1768 mrxsmb10 - ok
19:32:42.0714 1768 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:42.0745 1768 mrxsmb20 - ok
19:32:42.0760 1768 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:32:42.0792 1768 msahci - ok
19:32:42.0807 1768 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:32:42.0823 1768 msdsm - ok
19:32:42.0854 1768 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:32:42.0870 1768 MSDTC - ok
19:32:42.0901 1768 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:32:42.0948 1768 Msfs - ok
19:32:42.0963 1768 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:32:43.0010 1768 mshidkmdf - ok
19:32:43.0041 1768 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:32:43.0041 1768 msisadrv - ok
19:32:43.0072 1768 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:32:43.0119 1768 MSiSCSI - ok
19:32:43.0135 1768 msiserver - ok
19:32:43.0150 1768 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:32:43.0197 1768 MSKSSRV - ok
19:32:43.0213 1768 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:43.0260 1768 MSPCLOCK - ok
19:32:43.0275 1768 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:32:43.0338 1768 MSPQM - ok
19:32:43.0369 1768 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:32:43.0384 1768 MsRPC - ok
19:32:43.0416 1768 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:32:43.0431 1768 mssmbios - ok
19:32:43.0447 1768 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:32:43.0494 1768 MSTEE - ok
19:32:43.0509 1768 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:43.0556 1768 MTConfig - ok
19:32:43.0587 1768 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:32:43.0587 1768 Mup - ok
19:32:43.0634 1768 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:32:43.0681 1768 napagent - ok
19:32:43.0728 1768 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:32:43.0774 1768 NativeWifiP - ok
19:32:43.0806 1768 [ 74C4AC4E3424862A8149DD1E788ABC89 ] ncplelhp C:\Windows\system32\DRIVERS\ncplelhp.sys
19:32:43.0821 1768 ncplelhp - ok
19:32:43.0884 1768 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:32:43.0930 1768 NDIS - ok
19:32:43.0977 1768 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:44.0024 1768 NdisCap - ok
19:32:44.0055 1768 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:44.0118 1768 NdisTapi - ok
19:32:44.0149 1768 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:44.0180 1768 Ndisuio - ok
19:32:44.0211 1768 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:44.0274 1768 NdisWan - ok
19:32:44.0305 1768 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:32:44.0367 1768 NDProxy - ok
19:32:44.0398 1768 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:32:44.0430 1768 NetBIOS - ok
19:32:44.0461 1768 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:32:44.0523 1768 NetBT - ok
19:32:44.0539 1768 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:32:44.0554 1768 Netlogon - ok
19:32:44.0586 1768 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:32:44.0632 1768 Netman - ok
19:32:44.0664 1768 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:32:44.0710 1768 netprofm - ok
19:32:44.0742 1768 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:44.0773 1768 NetTcpPortSharing - ok
19:32:44.0788 1768 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:44.0820 1768 nfrd960 - ok
19:32:44.0851 1768 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:32:44.0898 1768 NlaSvc - ok
19:32:44.0944 1768 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:32:44.0960 1768 NMSAccessU - ok
19:32:44.0976 1768 nmwcdnsucx64 - ok
19:32:44.0991 1768 nmwcdnsux64 - ok
19:32:45.0007 1768 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:32:45.0038 1768 Npfs - ok
19:32:45.0069 1768 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:32:45.0116 1768 nsi - ok
19:32:45.0132 1768 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:32:45.0194 1768 nsiproxy - ok
19:32:45.0241 1768 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:32:45.0303 1768 Ntfs - ok
19:32:45.0319 1768 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:32:45.0381 1768 Null - ok
19:32:45.0646 1768 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:46.0052 1768 nvlddmkm - ok
19:32:46.0114 1768 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:32:46.0130 1768 nvraid - ok
19:32:46.0146 1768 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:32:46.0161 1768 nvstor - ok
19:32:46.0208 1768 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:32:46.0224 1768 nvsvc - ok
19:32:46.0239 1768 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:32:46.0270 1768 nv_agp - ok
19:32:46.0333 1768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:32:46.0380 1768 odserv - ok
19:32:46.0411 1768 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:32:46.0426 1768 ohci1394 - ok
19:32:46.0458 1768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:46.0473 1768 ose - ok
19:32:46.0504 1768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:32:46.0536 1768 p2pimsvc - ok
19:32:46.0567 1768 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:32:46.0582 1768 p2psvc - ok
19:32:46.0614 1768 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:32:46.0629 1768 Parport - ok
19:32:46.0660 1768 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:32:46.0660 1768 partmgr - ok
19:32:46.0676 1768 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:32:46.0707 1768 PcaSvc - ok
19:32:46.0723 1768 pccsmcfd - ok
19:32:46.0754 1768 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:32:46.0770 1768 pci - ok
19:32:46.0801 1768 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:32:46.0816 1768 pciide - ok
19:32:46.0848 1768 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:46.0879 1768 pcmcia - ok
19:32:46.0894 1768 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:32:46.0910 1768 pcw - ok
19:32:46.0926 1768 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:32:47.0019 1768 PEAUTH - ok
19:32:47.0050 1768 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:32:47.0113 1768 PeerDistSvc - ok
19:32:47.0191 1768 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:32:47.0206 1768 PerfHost - ok
19:32:47.0269 1768 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:32:47.0378 1768 pla - ok
19:32:47.0425 1768 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:47.0472 1768 PlugPlay - ok
19:32:47.0487 1768 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:32:47.0518 1768 PNRPAutoReg - ok
19:32:47.0550 1768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:32:47.0565 1768 PNRPsvc - ok
19:32:47.0596 1768 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:32:47.0612 1768 Point64 - ok
19:32:47.0643 1768 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:47.0721 1768 PolicyAgent - ok
19:32:47.0737 1768 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:32:47.0784 1768 Power - ok
19:32:47.0815 1768 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:47.0862 1768 PptpMiniport - ok
19:32:47.0893 1768 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:32:47.0908 1768 Processor - ok
19:32:47.0955 1768 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:47.0986 1768 ProfSvc - ok
19:32:48.0002 1768 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:48.0018 1768 ProtectedStorage - ok
19:32:48.0049 1768 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:32:48.0096 1768 Psched - ok
19:32:48.0142 1768 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
19:32:48.0158 1768 PSI - ok
19:32:48.0205 1768 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:32:48.0298 1768 ql2300 - ok
19:32:48.0314 1768 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:48.0345 1768 ql40xx - ok
19:32:48.0376 1768 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:32:48.0408 1768 QWAVE - ok
19:32:48.0423 1768 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:48.0454 1768 QWAVEdrv - ok
19:32:48.0470 1768 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:48.0517 1768 RasAcd - ok
19:32:48.0548 1768 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:48.0579 1768 RasAgileVpn - ok
19:32:48.0595 1768 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:32:48.0657 1768 RasAuto - ok
19:32:48.0704 1768 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:48.0751 1768 Rasl2tp - ok
19:32:48.0798 1768 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:32:48.0860 1768 RasMan - ok
19:32:48.0891 1768 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:48.0954 1768 RasPppoe - ok
19:32:48.0985 1768 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:49.0032 1768 RasSstp - ok
19:32:49.0078 1768 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:49.0125 1768 rdbss - ok
19:32:49.0141 1768 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:49.0156 1768 rdpbus - ok
19:32:49.0172 1768 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:49.0219 1768 RDPCDD - ok
19:32:49.0250 1768 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:32:49.0281 1768 RDPDR - ok
19:32:49.0297 1768 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:49.0344 1768 RDPENCDD - ok
19:32:49.0359 1768 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:32:49.0406 1768 RDPREFMP - ok
19:32:49.0437 1768 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:49.0484 1768 RdpVideoMiniport - ok
19:32:49.0515 1768 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:49.0562 1768 RDPWD - ok
19:32:49.0609 1768 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:32:49.0624 1768 rdyboost - ok
19:32:49.0640 1768 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:49.0687 1768 RemoteAccess - ok
19:32:49.0718 1768 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:49.0765 1768 RemoteRegistry - ok
19:32:49.0796 1768 [ 0DFC90948AC23B2B7955B664EC5830D5 ] rp24gms C:\Windows\system32\drivers\rp24gms.sys
19:32:49.0827 1768 rp24gms - ok
19:32:49.0843 1768 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:32:49.0905 1768 RpcEptMapper - ok
19:32:49.0936 1768 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:32:49.0952 1768 RpcLocator - ok
19:32:49.0999 1768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:32:50.0030 1768 RpcSs - ok
19:32:50.0061 1768 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:50.0108 1768 rspndr - ok
19:32:50.0139 1768 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
19:32:50.0155 1768 s0016bus - ok
19:32:50.0186 1768 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:32:50.0202 1768 s0016mdfl - ok
19:32:50.0217 1768 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
19:32:50.0233 1768 s0016mdm - ok
19:32:50.0264 1768 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
19:32:50.0280 1768 s0016mgmt - ok
19:32:50.0326 1768 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
19:32:50.0342 1768 s0016nd5 - ok
19:32:50.0358 1768 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
19:32:50.0373 1768 s0016obex - ok
19:32:50.0404 1768 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
19:32:50.0420 1768 s0016unic - ok
19:32:50.0451 1768 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:32:50.0498 1768 s3cap - ok
19:32:50.0498 1768 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:32:50.0514 1768 SamSs - ok
19:32:50.0545 1768 SANDRA - ok
19:32:50.0560 1768 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:50.0576 1768 sbp2port - ok
19:32:50.0623 1768 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:32:50.0654 1768 SBSDWSCService - ok
19:32:50.0685 1768 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:50.0748 1768 SCardSvr - ok
19:32:50.0779 1768 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:32:50.0826 1768 scfilter - ok
19:32:50.0857 1768 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:32:50.0950 1768 Schedule - ok
19:32:50.0966 1768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:51.0013 1768 SCPolicySvc - ok
19:32:51.0044 1768 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:51.0091 1768 SDRSVC - ok
19:32:51.0106 1768 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:51.0153 1768 secdrv - ok
19:32:51.0184 1768 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:32:51.0247 1768 seclogon - ok
19:32:51.0262 1768 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:32:51.0309 1768 SENS - ok
19:32:51.0340 1768 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:32:51.0356 1768 SensrSvc - ok
19:32:51.0387 1768 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:32:51.0418 1768 Serenum - ok
19:32:51.0450 1768 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:32:51.0496 1768 Serial - ok
19:32:51.0543 1768 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:32:51.0559 1768 sermouse - ok
19:32:51.0606 1768 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:51.0652 1768 SessionEnv - ok
19:32:51.0668 1768 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:51.0715 1768 sffdisk - ok
19:32:51.0730 1768 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:51.0746 1768 sffp_mmc - ok
19:32:51.0762 1768 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:51.0793 1768 sffp_sd - ok
19:32:51.0824 1768 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:51.0855 1768 sfloppy - ok
19:32:51.0886 1768 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:51.0933 1768 SharedAccess - ok
19:32:51.0980 1768 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:52.0027 1768 ShellHWDetection - ok
19:32:52.0042 1768 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:52.0058 1768 SiSRaid2 - ok
19:32:52.0089 1768 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:52.0105 1768 SiSRaid4 - ok
19:32:52.0167 1768 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:32:52.0183 1768 SkypeUpdate - ok
19:32:52.0214 1768 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:52.0261 1768 Smb - ok
19:32:52.0292 1768 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:52.0323 1768 SNMPTRAP - ok
19:32:52.0339 1768 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:52.0354 1768 spldr - ok
19:32:52.0401 1768 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:52.0432 1768 Spooler - ok
19:32:52.0526 1768 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:32:52.0651 1768 sppsvc - ok
19:32:52.0666 1768 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:32:52.0713 1768 sppuinotify - ok
19:32:52.0760 1768 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
19:32:52.0760 1768 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:32:52.0760 1768 sptd ( LockedFile.Multi.Generic ) - warning
19:32:52.0760 1768 sptd - detected LockedFile.Multi.Generic (1)
19:32:52.0791 1768 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:52.0838 1768 srv - ok
19:32:52.0869 1768 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:52.0900 1768 srv2 - ok
19:32:52.0916 1768 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:52.0947 1768 srvnet - ok
19:32:52.0978 1768 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:53.0041 1768 SSDPSRV - ok
19:32:53.0056 1768 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:53.0088 1768 SstpSvc - ok
19:32:53.0134 1768 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:32:53.0150 1768 ssudmdm - ok
19:32:53.0197 1768 Steam Client Service - ok
19:32:53.0212 1768 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:32:53.0228 1768 stexstor - ok
19:32:53.0275 1768 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:53.0306 1768 stisvc - ok
19:32:53.0353 1768 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:32:53.0368 1768 storflt - ok
19:32:53.0415 1768 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:32:53.0431 1768 storvsc - ok
19:32:53.0462 1768 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:32:53.0478 1768 swenum - ok
19:32:53.0540 1768 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:32:53.0618 1768 swprv - ok
19:32:53.0634 1768 Synth3dVsc - ok
19:32:53.0696 1768 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:32:53.0758 1768 SysMain - ok
19:32:53.0790 1768 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:53.0821 1768 TabletInputService - ok
19:32:53.0852 1768 [ 18A198FCB0C3EFD891BD567B69ADA6DA ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:32:53.0883 1768 tap0901 - ok
19:32:53.0899 1768 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:53.0961 1768 TapiSrv - ok
19:32:53.0992 1768 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:32:54.0024 1768 TBS - ok
19:32:54.0086 1768 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:54.0148 1768 Tcpip - ok
19:32:54.0211 1768 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:54.0242 1768 TCPIP6 - ok
19:32:54.0273 1768 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:54.0289 1768 tcpipreg - ok
19:32:54.0320 1768 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:54.0336 1768 TDPIPE - ok
19:32:54.0382 1768 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:54.0398 1768 TDTCP - ok
19:32:54.0429 1768 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:32:54.0476 1768 tdx - ok
19:32:54.0492 1768 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:32:54.0523 1768 TermDD - ok
19:32:54.0554 1768 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:32:54.0616 1768 TermService - ok
19:32:54.0663 1768 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
19:32:54.0679 1768 TFsExDisk - ok
19:32:54.0710 1768 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:32:54.0741 1768 Themes - ok
19:32:54.0757 1768 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:32:54.0788 1768 THREADORDER - ok
19:32:54.0804 1768 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:32:54.0866 1768 TrkWks - ok
19:32:54.0897 1768 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:54.0944 1768 TrustedInstaller - ok
19:32:54.0975 1768 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:55.0038 1768 tssecsrv - ok
19:32:55.0053 1768 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:32:55.0100 1768 TsUsbFlt - ok
19:32:55.0100 1768 tsusbhub - ok
19:32:55.0131 1768 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:32:55.0194 1768 tunnel - ok
19:32:55.0225 1768 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:32:55.0240 1768 uagp35 - ok
19:32:55.0256 1768 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:32:55.0318 1768 udfs - ok
19:32:55.0334 1768 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:32:55.0365 1768 UI0Detect - ok
19:32:55.0381 1768 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:32:55.0396 1768 uliagpkx - ok
19:32:55.0428 1768 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:32:55.0459 1768 umbus - ok
19:32:55.0490 1768 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:32:55.0521 1768 UmPass - ok
19:32:55.0552 1768 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:32:55.0584 1768 UmRdpService - ok
19:32:55.0646 1768 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
19:32:55.0662 1768 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:32:55.0662 1768 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:32:55.0677 1768 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:32:55.0740 1768 upnphost - ok
19:32:55.0755 1768 upperdev - ok
19:32:55.0802 1768 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:32:55.0802 1768 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:32:55.0802 1768 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:32:55.0849 1768 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:32:55.0880 1768 usbaudio - ok
19:32:55.0911 1768 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:55.0942 1768 usbccgp - ok
19:32:55.0974 1768 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:32:55.0989 1768 usbcir - ok
19:32:56.0067 1768 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
19:32:56.0098 1768 UsbClientService ( UnsignedFile.Multi.Generic ) - warning
19:32:56.0098 1768 UsbClientService - detected UnsignedFile.Multi.Generic (1)
19:32:56.0114 1768 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:32:56.0130 1768 usbehci - ok
19:32:56.0176 1768 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:32:56.0208 1768 usbhub - ok
19:32:56.0223 1768 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:32:56.0254 1768 usbohci - ok
19:32:56.0270 1768 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:32:56.0301 1768 usbprint - ok
19:32:56.0317 1768 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:56.0364 1768 USBSTOR - ok
19:32:56.0379 1768 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:32:56.0395 1768 usbuhci - ok
19:32:56.0442 1768 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:32:56.0473 1768 usbvideo - ok
19:32:56.0488 1768 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:32:56.0551 1768 UxSms - ok
19:32:56.0566 1768 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:32:56.0566 1768 VaultSvc - ok
19:32:56.0613 1768 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:32:56.0629 1768 vdrvroot - ok
19:32:56.0660 1768 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:32:56.0722 1768 vds - ok
19:32:56.0769 1768 [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
19:32:56.0800 1768 vflt ( UnsignedFile.Multi.Generic ) - warning
19:32:56.0800 1768 vflt - detected UnsignedFile.Multi.Generic (1)
19:32:56.0832 1768 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:56.0847 1768 vga - ok
19:32:56.0863 1768 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:32:56.0910 1768 VgaSave - ok
19:32:56.0925 1768 VGPU - ok
19:32:56.0956 1768 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:32:56.0988 1768 vhdmp - ok
19:32:57.0003 1768 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:32:57.0019 1768 viaide - ok
19:32:57.0066 1768 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:32:57.0081 1768 vmbus - ok
19:32:57.0097 1768 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:32:57.0112 1768 VMBusHID - ok
19:32:57.0144 1768 [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
19:32:57.0159 1768 vnet ( UnsignedFile.Multi.Generic ) - warning
19:32:57.0159 1768 vnet - detected UnsignedFile.Multi.Generic (1)
19:32:57.0175 1768 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:32:57.0190 1768 volmgr - ok
19:32:57.0237 1768 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:32:57.0253 1768 volmgrx - ok
19:32:57.0268 1768 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:32:57.0284 1768 volsnap - ok
19:32:57.0315 1768 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:57.0331 1768 vsmraid - ok
19:32:57.0378 1768 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:32:57.0502 1768 VSS - ok
19:32:57.0534 1768 vvdsvc - ok
19:32:57.0549 1768 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:32:57.0565 1768 vwifibus - ok
19:32:57.0612 1768 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:32:57.0674 1768 W32Time - ok
19:32:57.0705 1768 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:32:57.0721 1768 WacomPen - ok
19:32:57.0783 1768 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:32:57.0830 1768 WANARP - ok
19:32:57.0830 1768 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:32:57.0877 1768 Wanarpv6 - ok
19:32:57.0924 1768 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:32:58.0017 1768 wbengine - ok
19:32:58.0033 1768 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:32:58.0064 1768 WbioSrvc - ok
19:32:58.0111 1768 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:32:58.0142 1768 wcncsvc - ok
19:32:58.0158 1768 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:58.0204 1768 WcsPlugInService - ok
19:32:58.0220 1768 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:32:58.0251 1768 Wd - ok
19:32:58.0282 1768 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:32:58.0329 1768 Wdf01000 - ok
19:32:58.0345 1768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:32:58.0438 1768 WdiServiceHost - ok
19:32:58.0454 1768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:32:58.0470 1768 WdiSystemHost - ok
19:32:58.0501 1768 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:32:58.0548 1768 WebClient - ok
19:32:58.0563 1768 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:32:58.0641 1768 Wecsvc - ok
19:32:58.0657 1768 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:32:58.0719 1768 wercplsupport - ok
19:32:58.0735 1768 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:32:58.0797 1768 WerSvc - ok
19:32:58.0828 1768 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:58.0860 1768 WfpLwf - ok
19:32:58.0875 1768 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:32:58.0906 1768 WIMMount - ok
19:32:58.0922 1768 WinDefend - ok
19:32:58.0938 1768 WinHttpAutoProxySvc - ok
19:32:58.0984 1768 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:32:59.0047 1768 Winmgmt - ok
19:32:59.0109 1768 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:32:59.0234 1768 WinRM - ok
19:32:59.0281 1768 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:32:59.0312 1768 WinUsb - ok
19:32:59.0343 1768 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:32:59.0390 1768 Wlansvc - ok
19:32:59.0515 1768 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:59.0577 1768 wlidsvc - ok
19:32:59.0608 1768 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:32:59.0624 1768 WmiAcpi - ok
19:32:59.0655 1768 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:32:59.0686 1768 wmiApSrv - ok
19:32:59.0702 1768 WMPNetworkSvc - ok
19:32:59.0733 1768 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:32:59.0749 1768 WPCSvc - ok
19:32:59.0780 1768 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:32:59.0811 1768 WPDBusEnum - ok
19:32:59.0827 1768 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:32:59.0874 1768 ws2ifsl - ok
19:32:59.0889 1768 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:32:59.0936 1768 wscsvc - ok
19:32:59.0967 1768 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:32:59.0983 1768 WSDPrintDevice - ok
19:32:59.0998 1768 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:33:00.0014 1768 WSDScan - ok
19:33:00.0014 1768 WSearch - ok
19:33:00.0108 1768 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:33:00.0186 1768 wuauserv - ok
19:33:00.0217 1768 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:33:00.0248 1768 WudfPf - ok
19:33:00.0279 1768 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:00.0310 1768 WUDFRd - ok
19:33:00.0326 1768 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:33:00.0342 1768 wudfsvc - ok
19:33:00.0373 1768 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:33:00.0420 1768 WwanSvc - ok
19:33:00.0435 1768 ================ Scan global ===============================
19:33:00.0466 1768 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:33:00.0498 1768 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:33:00.0529 1768 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:33:00.0544 1768 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:33:00.0591 1768 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:33:00.0591 1768 [Global] - ok
19:33:00.0591 1768 ================ Scan MBR ==================================
19:33:00.0607 1768 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:01.0059 1768 \Device\Harddisk0\DR0 - ok
19:33:01.0075 1768 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
19:33:01.0184 1768 \Device\Harddisk1\DR1 - ok
19:33:01.0527 1768 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk6\DR6
19:33:01.0652 1768 \Device\Harddisk6\DR6 - ok
19:33:01.0652 1768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk7\DR9
19:33:04.0413 1768 \Device\Harddisk7\DR9 - ok
19:33:04.0413 1768 ================ Scan VBR ==================================
19:33:04.0413 1768 [ 36A8788BC8063F24DF1E519656151217 ] \Device\Harddisk0\DR0\Partition1
19:33:04.0413 1768 \Device\Harddisk0\DR0\Partition1 - ok
19:33:04.0413 1768 [ A379F81094807EFCC97F5A740AFA83CD ] \Device\Harddisk0\DR0\Partition2
19:33:04.0413 1768 \Device\Harddisk0\DR0\Partition2 - ok
19:33:04.0429 1768 [ 7236ABC66045A783846F2FB3C715B1BF ] \Device\Harddisk1\DR1\Partition1
19:33:04.0429 1768 \Device\Harddisk1\DR1\Partition1 - ok
19:33:04.0444 1768 [ C1BDE5201D5789D2631CEE3BD656D788 ] \Device\Harddisk1\DR1\Partition2
19:33:04.0444 1768 \Device\Harddisk1\DR1\Partition2 - ok
19:33:04.0444 1768 [ 4CC3C9AA70DB9D88C33C72F25FE99879 ] \Device\Harddisk6\DR6\Partition1
19:33:04.0444 1768 \Device\Harddisk6\DR6\Partition1 - ok
19:33:04.0460 1768 [ 02E91CF285D339CB6CAA4D427BBDCD29 ] \Device\Harddisk7\DR9\Partition1
19:33:04.0460 1768 \Device\Harddisk7\DR9\Partition1 - ok
19:33:04.0460 1768 ============================================================
19:33:04.0460 1768 Scan finished
19:33:04.0460 1768 ============================================================
19:33:04.0476 3764 Detected object count: 6
19:33:04.0476 3764 Actual detected object count: 6
19:36:29.0866 3764 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:36:29.0866 3764 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:29.0866 3764 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:29.0866 3764 UsbClientService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764 UsbClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:29.0882 3764 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0882 3764 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:29.0882 3764 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0882 3764 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.12.2012, 19:58
| #6 | |
| /// Malware-holic | Ebenfalls GVU Trojaner Jepp, danke combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Ebenfalls GVU Trojaner |
|
18.12.2012, 20:53
| #7 |
| | Ebenfalls GVU Trojaner The next one... Code:
ATTFilter ComboFix 12-12-17.02 - MM 18.12.2012 20:05:51.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.4094.2574 [GMT 1:00]
ausgeführt von:: c:\users\MM\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\xml5061.tmp
c:\programdata\xml54B6.tmp
c:\programdata\xml5514.tmp
c:\users\MM\AppData\Roaming\Desktopicon
c:\users\MM\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\vjocx.dll
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-18 bis 2012-12-18 ))))))))))))))))))))))))))))))
.
.
2012-12-18 19:22 . 2012-12-18 19:22 -------- d-----w- c:\users\Mcx1-TALL-GODDESS\AppData\Local\temp
2012-12-18 19:22 . 2012-12-18 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 19:13 . 2012-12-18 19:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A40B182A-D00E-4F8F-9CEF-82F5F24ADF7B}\offreg.dll
2012-12-18 12:42 . 2012-12-18 13:34 -------- d-----w- C:\_OTL
2012-12-18 06:48 . 2012-12-18 06:48 -------- d-----w- c:\programdata\iTunesFolderWatch
2012-12-18 06:48 . 2012-12-18 06:48 -------- d-----w- c:\users\MM\AppData\Local\iTunesFolderWatch
2012-12-18 06:47 . 2012-12-18 06:47 -------- d-----w- c:\program files (x86)\JezSoft
2012-12-16 16:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A40B182A-D00E-4F8F-9CEF-82F5F24ADF7B}\mpengine.dll
2012-12-13 09:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 09:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 09:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 16:23 . 2012-12-12 16:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-12 16:23 . 2012-12-12 16:23 -------- d-----w- c:\program files\iTunes
2012-12-12 16:23 . 2012-12-12 16:23 -------- d-----w- c:\program files\iPod
2012-12-08 13:37 . 2012-12-08 13:37 -------- d-----w- c:\program files (x86)\Rapoo
2012-12-08 13:37 . 2012-12-08 13:37 1355683 ----a-w- c:\windows\unins000.exe
2012-12-08 13:37 . 2011-08-03 10:09 18944 ----a-w- c:\windows\system32\drivers\rp24gms.sys
2012-11-29 12:59 . 2012-11-29 12:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-29 12:59 . 2012-11-29 12:59 -------- d-----r- c:\program files (x86)\Skype
2012-11-21 23:42 . 2012-05-10 21:40 346112 ----a-w- c:\windows\system32\ssleay32.dll
2012-11-21 23:42 . 2012-05-10 21:40 346112 ----a-w- c:\windows\system32\libssl32.dll
2012-11-21 23:42 . 2012-05-10 21:40 1645056 ----a-w- c:\windows\system32\libeay32.dll
2012-11-21 23:37 . 2012-11-21 23:37 -------- d-----w- c:\users\MM\AppData\Local\InstallShare
2012-11-21 23:14 . 2012-11-21 23:42 -------- d-----w- c:\program files\OpenSSL-Win64
2012-11-20 13:47 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-20 13:47 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-20 13:47 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-20 13:47 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-20 13:47 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-20 13:47 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-20 13:47 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-20 13:47 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-20 13:47 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-20 12:03 . 2012-11-20 12:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-20 12:02 . 2012-11-20 12:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 09:58 . 2010-01-06 21:35 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-20 12:02 . 2012-07-30 13:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-20 12:02 . 2010-05-16 10:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 20:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:34 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 20:09 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-13 20:09 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 20:09 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 20:09 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 09:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-13 20:09 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-13 20:09 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-13 20:09 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-13 20:09 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-13 20:09 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-13 20:09 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-13 20:09 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-13 20:09 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-13 20:09 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-13 20:09 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-13 20:09 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-13 20:09 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-13 20:09 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-20 14:02 . 2012-09-20 14:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="e:\games\Steam\\Steam.exe" [2010-06-01 1238352]
"GMX MediaCenter Syncmanager"="c:\users\MM\AppData\Roaming\GMX\GMX MediaCenter Syncmanager\SmartDriveSync.exe" [2011-08-01 2994688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-06 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Rapoo RP24G"="c:\program files (x86)\Rapoo\RP24G\RP24G_Config.exe" [2011-12-16 5406720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-17 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-06 1038088]
R3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-14 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [2009-06-10 87552]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 rp24gms;2.4g Wireless Device;c:\windows\system32\drivers\rp24gms.sys [2011-08-03 18944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25095023
*Deregistered* - 25095023
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local localhost;*.local localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local localhost localhost;*.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MM\AppData\Roaming\Mozilla\Firefox\Profiles\clfcewic.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9m.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9m.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-18 20:44:13
ComboFix-quarantined-files.txt 2012-12-18 19:44
.
Vor Suchlauf: 8 Verzeichnis(se), 49.704.411.136 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 49.062.535.168 Bytes frei
.
- - End Of File - - EE9353DD8835EF34DAE5BAC28479BA2B
|
|
18.12.2012, 21:07
| #8 |
| /// Malware-holic | Ebenfalls GVU Trojaner Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 07:22
| #9 |
| | Ebenfalls GVU Trojaner Guten Morgen, hier der Log von Malwarebytes. Die EverestPoker.exe habe ich nicht gelöscht, die drei anderen ja... Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MM :: TALL-GODDESS [Administrator] 18.12.2012 22:12:41 mbam-log-2012-12-19 (07-16-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|O:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 555239 Laufzeit: 3 Stunde(n), 1 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Users\MM\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\12182012_142946\C_Users\MM\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt. E:\Installationsdateien Programme\Everest Poker.exe (PUP.EverestPoker) -> Keine Aktion durchgeführt. (Ende) |
|
19.12.2012, 17:25
| #10 |
| /// Malware-holic | Ebenfalls GVU Trojaner Sieht gut aus. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ebenfalls GVU Trojaner |
| 64bit, abgesicherte, abgesicherten, abgesicherten modus, ebenfalls, freue, gestartet, gvu trojaner, heute, modus, otl.exe, troja, trojane, trojaner, win, win7, win7 64bit |
Linear-Darstellung
