|
Log-Analyse und Auswertung: Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.01.2013, 14:39 | #1 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Liebe Forenmitglieder! Folgendes Problem auf meinem Samsung Aura R510 Notebook mit Windows Vista: Meine Antiviren-Software Panda GP 2012 findet in letzter Zeit in immer kürzer werdenden Abständen den oben genannten Virus im oben genannten Verzeichnis mit dem Ergebnis, dass dieser geblockt wäre. In letzter Zeit geschieht dies immer häufiger, zeitweise im 5-Minuten-Takt, immer genau die gleiche Fehlermeldung. Dazu hängt der Computer sich immer häufiger auf oder er fährt in etwa 2 Sekunden einfach eigenmächtig runter. Außerdem sind zeitweise INternetseiten extrem langsam oder Verzeichnisse im Datei-Manager lassen sich nur extrem langsam öffnen und stürzen dann ab. Alles wie gesagt mit in letzter Zeit stark zunehmender Frequenz. Was ist zu tun? Vielen Dank schon im Vorraus für eure Mühe! Ich hoffe ich habe bei der Erstellung der Logfiles alles richtig gemacht. Viele Grüße! HM |
06.01.2013, 14:54 | #2 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXEIch werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
06.01.2013, 15:23 | #3 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Vielen Dank für die schnelle Hilfe!
__________________Alles gelesen und verstanden! noch eine frage vorab: muss ich die internetverbindung und meine antivirussoftware (panda) währenddessen ausmachen? Gruß |
06.01.2013, 15:37 | #4 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Kannst du machen, musst aber nur, wenn es in einer Anleitung auftaucht.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
08.01.2013, 14:13 | #5 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
08.01.2013, 21:56 | #6 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE bin beruflich eingespannt, sorry! defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:48 on 08/01/2013 (Björn) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
09.01.2013, 16:19 | #7 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Ja das glaube ich. Es ist jedoch wichtig, dass man da dran bleibt.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.01.2013, 00:10 | #8 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE ok, jetzt alles vollständig: 1.) defogger: siehe oben 2.) asw MBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-09 22:23:02 ----------------------------- 22:23:02.147 OS Version: Windows 6.0.6002 Service Pack 2 22:23:02.147 Number of processors: 2 586 0xF0D 22:23:02.149 ComputerName: SAMSUNGR510 UserName: Björn 22:23:03.642 Initialize success 22:27:07.791 AVAST engine defs: 13010900 22:29:21.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:29:21.268 Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3 22:29:21.283 Disk 0 MBR read successfully 22:29:21.286 Disk 0 MBR scan 22:29:21.291 Disk 0 Windows VISTA default MBR code 22:29:21.308 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048 22:29:21.336 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295003 MB offset 20973568 22:29:21.351 Disk 0 scanning sectors +625139712 22:29:21.424 Disk 0 scanning C:\Windows\system32\drivers 22:29:45.122 Service scanning 22:30:15.477 Modules scanning 22:30:36.939 Disk 0 trace - called modules: 22:30:36.973 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:30:36.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e33ac8] 22:30:36.987 3 CLASSPNP.SYS[8aea78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84687028] 22:30:38.343 AVAST engine scan C:\Windows 22:30:43.033 AVAST engine scan C:\Windows\system32 22:36:38.354 AVAST engine scan C:\Windows\system32\drivers 22:36:56.150 AVAST engine scan C:\Users\Björn 23:19:50.298 AVAST engine scan C:\ProgramData 23:23:59.863 Scan finished successfully 23:48:44.118 Disk 0 MBR has been saved successfully to "C:\Users\Björn\Desktop\MBR.dat" 23:48:44.130 The log file has been saved successfully to "C:\Users\Björn\Desktop\aswMBR.txt" 3.) TDSS: Code:
ATTFilter 23:53:22.0236 4212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:53:23.0656 4212 ============================================================ 23:53:23.0656 4212 Current date / time: 2013/01/09 23:53:23.0656 23:53:23.0656 4212 SystemInfo: 23:53:23.0656 4212 23:53:23.0656 4212 OS Version: 6.0.6002 ServicePack: 2.0 23:53:23.0656 4212 Product type: Workstation 23:53:23.0656 4212 ComputerName: SAMSUNGR510 23:53:23.0656 4212 UserName: Björn 23:53:23.0656 4212 Windows directory: C:\Windows 23:53:23.0656 4212 System windows directory: C:\Windows 23:53:23.0656 4212 Processor architecture: Intel x86 23:53:23.0656 4212 Number of processors: 2 23:53:23.0656 4212 Page size: 0x1000 23:53:23.0656 4212 Boot type: Normal boot 23:53:23.0656 4212 ============================================================ 23:53:24.0867 4212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:53:24.0884 4212 ============================================================ 23:53:24.0884 4212 \Device\Harddisk0\DR0: 23:53:24.0907 4212 MBR partitions: 23:53:24.0907 4212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800 23:53:24.0907 4212 ============================================================ 23:53:25.0064 4212 C: <-> \Device\Harddisk0\DR0\Partition1 23:53:25.0064 4212 ============================================================ 23:53:25.0064 4212 Initialize success 23:53:25.0064 4212 ============================================================ 23:54:25.0960 3696 ============================================================ 23:54:25.0960 3696 Scan started 23:54:25.0960 3696 Mode: Manual; TDLFS; 23:54:25.0960 3696 ============================================================ 23:54:26.0236 3696 ================ Scan system memory ======================== 23:54:26.0236 3696 System memory - ok 23:54:26.0239 3696 ================ Scan services ============================= 23:54:26.0505 3696 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 23:54:26.0506 3696 AAV UpdateService - ok 23:54:26.0928 3696 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 23:54:26.0937 3696 ACPI - ok 23:54:27.0065 3696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:54:27.0073 3696 AdobeARMservice - ok 23:54:27.0170 3696 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:54:27.0172 3696 AdobeFlashPlayerUpdateSvc - ok 23:54:27.0234 3696 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 23:54:27.0239 3696 adp94xx - ok 23:54:27.0273 3696 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 23:54:27.0276 3696 adpahci - ok 23:54:27.0298 3696 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 23:54:27.0299 3696 adpu160m - ok 23:54:27.0406 3696 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 23:54:27.0408 3696 adpu320 - ok 23:54:27.0486 3696 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:54:27.0495 3696 AeLookupSvc - ok 23:54:27.0541 3696 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 23:54:27.0548 3696 AFD - ok 23:54:27.0596 3696 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:54:27.0597 3696 agp440 - ok 23:54:27.0634 3696 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 23:54:27.0634 3696 aic78xx - ok 23:54:27.0683 3696 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 23:54:27.0694 3696 ALG - ok 23:54:27.0732 3696 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 23:54:27.0732 3696 aliide - ok 23:54:27.0764 3696 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 23:54:27.0765 3696 amdagp - ok 23:54:27.0796 3696 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 23:54:27.0796 3696 amdide - ok 23:54:27.0847 3696 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 23:54:27.0847 3696 AmdK7 - ok 23:54:27.0865 3696 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 23:54:27.0866 3696 AmdK8 - ok 23:54:27.0901 3696 [ 36B58A8BAFE100DE90C87A3C0E56A3F2 ] AmFSM C:\Windows\system32\DRIVERS\amm8660.sys 23:54:27.0908 3696 AmFSM - ok 23:54:27.0981 3696 [ 6B467E791EC470D010BD50E5E98BF467 ] APPFLT C:\Windows\system32\Drivers\APPFLT.SYS 23:54:27.0986 3696 APPFLT - ok 23:54:28.0039 3696 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 23:54:28.0054 3696 Appinfo - ok 23:54:28.0172 3696 [ 536FCD2CEC5161BFCC91CC21726B9DB2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 23:54:28.0186 3696 Apple Mobile Device - ok 23:54:28.0249 3696 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 23:54:28.0253 3696 arc - ok 23:54:28.0323 3696 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 23:54:28.0327 3696 arcsas - ok 23:54:28.0364 3696 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:54:28.0365 3696 AsyncMac - ok 23:54:28.0424 3696 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 23:54:28.0427 3696 atapi - ok 23:54:28.0631 3696 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys 23:54:28.0673 3696 athr - ok 23:54:28.0723 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:54:28.0735 3696 AudioEndpointBuilder - ok 23:54:28.0824 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:54:28.0827 3696 Audiosrv - ok 23:54:28.0875 3696 AvFlt - ok 23:54:28.0941 3696 [ 5C9D3986BFD7CE9FE1F63596DE76EF63 ] BandLuxe_Service C:\Program Files\o2 Verbindungsmanager\BRService.exe 23:54:28.0967 3696 BandLuxe_Service - ok 23:54:29.0036 3696 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 23:54:29.0036 3696 Beep - ok 23:54:29.0096 3696 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 23:54:29.0099 3696 BFE - ok 23:54:29.0165 3696 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 23:54:29.0172 3696 BITS - ok 23:54:29.0228 3696 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 23:54:29.0261 3696 blbdrive - ok 23:54:29.0305 3696 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:54:29.0653 3696 Bonjour Service - ok 23:54:29.0719 3696 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:54:29.0750 3696 bowser - ok 23:54:29.0825 3696 [ BAEAE0AB3F321DC72F1A84A66149783C ] br3gmdm C:\Windows\system32\DRIVERS\br3gmdm.sys 23:54:29.0827 3696 br3gmdm - ok 23:54:29.0884 3696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 23:54:29.0887 3696 BrFiltLo - ok 23:54:29.0935 3696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 23:54:29.0936 3696 BrFiltUp - ok 23:54:30.0006 3696 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 23:54:30.0019 3696 Browser - ok 23:54:30.0119 3696 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 23:54:30.0120 3696 Brserid - ok 23:54:30.0180 3696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 23:54:30.0185 3696 BrSerWdm - ok 23:54:30.0224 3696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 23:54:30.0225 3696 BrUsbMdm - ok 23:54:30.0264 3696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 23:54:30.0264 3696 BrUsbSer - ok 23:54:30.0314 3696 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 23:54:30.0315 3696 BTHMODEM - ok 23:54:30.0342 3696 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:54:30.0371 3696 cdfs - ok 23:54:30.0412 3696 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:54:30.0416 3696 cdrom - ok 23:54:30.0459 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 23:54:30.0615 3696 CertPropSvc - ok 23:54:30.0654 3696 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 23:54:30.0654 3696 circlass - ok 23:54:30.0710 3696 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 23:54:30.0742 3696 CLFS - ok 23:54:30.0823 3696 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:54:30.0824 3696 clr_optimization_v2.0.50727_32 - ok 23:54:30.0959 3696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:54:32.0260 3696 clr_optimization_v4.0.30319_32 - ok 23:54:32.0335 3696 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:54:32.0339 3696 CmBatt - ok 23:54:32.0370 3696 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:54:32.0371 3696 cmdide - ok 23:54:32.0413 3696 [ D9C33E68F61F27D8206F65B0190DC5CF ] ComFiltr C:\Windows\system32\DRIVERS\COMFiltr.sys 23:54:32.0422 3696 ComFiltr - ok 23:54:32.0436 3696 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:54:32.0440 3696 Compbatt - ok 23:54:32.0451 3696 COMSysApp - ok 23:54:32.0457 3696 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 23:54:32.0463 3696 crcdisk - ok 23:54:32.0485 3696 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 23:54:32.0485 3696 Crusoe - ok 23:54:32.0546 3696 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:54:32.0562 3696 CryptSvc - ok 23:54:32.0607 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:54:32.0614 3696 DcomLaunch - ok 23:54:32.0666 3696 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:54:32.0671 3696 DfsC - ok 23:54:32.0788 3696 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 23:54:32.0803 3696 DFSR - ok 23:54:32.0857 3696 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 23:54:32.0859 3696 Dhcp - ok 23:54:32.0899 3696 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 23:54:32.0900 3696 disk - ok 23:54:32.0934 3696 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:54:32.0943 3696 Dnscache - ok 23:54:32.0968 3696 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:54:32.0981 3696 dot3svc - ok 23:54:33.0023 3696 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 23:54:33.0024 3696 Dot4 - ok 23:54:33.0045 3696 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 23:54:33.0049 3696 Dot4Print - ok 23:54:33.0059 3696 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 23:54:33.0060 3696 dot4usb - ok 23:54:33.0093 3696 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 23:54:33.0108 3696 DPS - ok 23:54:33.0146 3696 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:54:33.0147 3696 drmkaud - ok 23:54:33.0180 3696 [ 5BB0F91FFD84057D094D106D9FF53298 ] DSAFLT C:\Windows\system32\Drivers\DSAFLT.SYS 23:54:33.0189 3696 DSAFLT - ok 23:54:33.0224 3696 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:54:33.0245 3696 DXGKrnl - ok 23:54:33.0279 3696 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 23:54:33.0281 3696 E1G60 - ok 23:54:33.0312 3696 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 23:54:33.0326 3696 EapHost - ok 23:54:33.0365 3696 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 23:54:33.0377 3696 Ecache - ok 23:54:33.0422 3696 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:54:33.0438 3696 ehRecvr - ok 23:54:33.0457 3696 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 23:54:33.0470 3696 ehSched - ok 23:54:33.0480 3696 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 23:54:33.0489 3696 ehstart - ok 23:54:33.0517 3696 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 23:54:33.0519 3696 elxstor - ok 23:54:33.0567 3696 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 23:54:33.0598 3696 EMDMgmt - ok 23:54:33.0644 3696 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:54:33.0645 3696 ErrDev - ok 23:54:33.0673 3696 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 23:54:33.0684 3696 EventSystem - ok 23:54:33.0716 3696 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 23:54:33.0718 3696 exfat - ok 23:54:33.0738 3696 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:54:33.0743 3696 fastfat - ok 23:54:33.0758 3696 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:54:33.0758 3696 fdc - ok 23:54:33.0785 3696 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 23:54:33.0798 3696 fdPHost - ok 23:54:33.0807 3696 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 23:54:33.0822 3696 FDResPub - ok 23:54:33.0839 3696 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:54:33.0844 3696 FileInfo - ok 23:54:33.0871 3696 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:54:33.0872 3696 Filetrace - ok 23:54:33.0899 3696 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:54:33.0900 3696 flpydisk - ok 23:54:33.0924 3696 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:54:33.0931 3696 FltMgr - ok 23:54:33.0966 3696 [ A38B9BA7A4C17F7DCE9EC4E8F7870026 ] FNETMON C:\Windows\system32\Drivers\fnetmon.SYS 23:54:33.0976 3696 FNETMON - ok 23:54:34.0035 3696 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 23:54:34.0061 3696 FontCache - ok 23:54:34.0110 3696 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:54:34.0112 3696 FontCache3.0.0.0 - ok 23:54:34.0139 3696 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:54:34.0139 3696 Fs_Rec - ok 23:54:34.0164 3696 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 23:54:34.0167 3696 gagp30kx - ok 23:54:34.0200 3696 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:54:34.0205 3696 GEARAspiWDM - ok 23:54:34.0250 3696 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 23:54:34.0270 3696 gpsvc - ok 23:54:34.0308 3696 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:54:34.0311 3696 HdAudAddService - ok 23:54:34.0340 3696 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 23:54:34.0369 3696 HDAudBus - ok 23:54:34.0388 3696 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 23:54:34.0397 3696 HidBth - ok 23:54:34.0420 3696 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 23:54:34.0421 3696 HidIr - ok 23:54:34.0463 3696 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 23:54:34.0473 3696 hidserv - ok 23:54:34.0502 3696 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:54:34.0502 3696 HidUsb - ok 23:54:34.0536 3696 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:54:34.0547 3696 hkmsvc - ok 23:54:34.0585 3696 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 23:54:34.0586 3696 HpCISSs - ok 23:54:34.0677 3696 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 23:54:34.0681 3696 hpqcxs08 - ok 23:54:34.0714 3696 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 23:54:34.0730 3696 hpqddsvc - ok 23:54:34.0799 3696 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:54:35.0198 3696 HTTP - ok 23:54:35.0218 3696 [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 23:54:35.0219 3696 hwdatacard - ok 23:54:35.0257 3696 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 23:54:35.0265 3696 i2omp - ok 23:54:35.0304 3696 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:54:35.0308 3696 i8042prt - ok 23:54:35.0335 3696 [ F263A9036F8897FFA2AE54685E03AD60 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 23:54:35.0338 3696 iaStor - ok 23:54:35.0359 3696 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 23:54:35.0363 3696 iaStorV - ok 23:54:35.0426 3696 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 23:54:35.0427 3696 IDriverT - ok 23:54:35.0456 3696 [ C4E887CF7BA2D3624233231AECD34C9D ] IDSFLT C:\Windows\system32\Drivers\IDSFLT.SYS 23:54:35.0470 3696 IDSFLT - ok 23:54:35.0540 3696 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:54:35.0557 3696 idsvc - ok 23:54:35.0575 3696 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 23:54:35.0576 3696 iirsp - ok 23:54:35.0607 3696 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 23:54:35.0637 3696 IKEEXT - ok 23:54:35.0727 3696 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 23:54:35.0809 3696 IntcAzAudAddService - ok 23:54:35.0841 3696 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 23:54:35.0841 3696 intelide - ok 23:54:35.0869 3696 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:54:35.0870 3696 intelppm - ok 23:54:35.0897 3696 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:54:35.0898 3696 IPBusEnum - ok 23:54:35.0913 3696 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:54:35.0919 3696 IpFilterDriver - ok 23:54:35.0957 3696 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:54:35.0959 3696 iphlpsvc - ok 23:54:35.0964 3696 IpInIp - ok 23:54:35.0985 3696 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 23:54:35.0989 3696 IPMIDRV - ok 23:54:36.0011 3696 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 23:54:36.0013 3696 IPNAT - ok 23:54:36.0060 3696 [ 05CF6A56FBF436C347BB87FD1957ADC1 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:54:36.0064 3696 iPod Service - ok 23:54:36.0088 3696 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:54:36.0091 3696 IRENUM - ok 23:54:36.0112 3696 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:54:36.0112 3696 isapnp - ok 23:54:36.0158 3696 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 23:54:36.0161 3696 iScsiPrt - ok 23:54:36.0184 3696 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 23:54:36.0185 3696 iteatapi - ok 23:54:36.0199 3696 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 23:54:36.0200 3696 iteraid - ok 23:54:36.0217 3696 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:54:36.0222 3696 kbdclass - ok 23:54:36.0250 3696 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:54:36.0251 3696 kbdhid - ok 23:54:36.0265 3696 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 23:54:36.0273 3696 KeyIso - ok 23:54:36.0301 3696 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys 23:54:36.0305 3696 KMDFMEMIO - ok 23:54:36.0335 3696 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:54:36.0356 3696 KSecDD - ok 23:54:36.0406 3696 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 23:54:36.0425 3696 KtmRm - ok 23:54:36.0481 3696 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 23:54:36.0498 3696 LanmanServer - ok 23:54:36.0547 3696 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:54:36.0563 3696 LanmanWorkstation - ok 23:54:36.0614 3696 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 23:54:36.0623 3696 LightScribeService - ok 23:54:36.0650 3696 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:54:36.0657 3696 lltdio - ok 23:54:36.0719 3696 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:54:36.0746 3696 lltdsvc - ok 23:54:36.0770 3696 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:54:36.0795 3696 lmhosts - ok 23:54:36.0829 3696 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 23:54:36.0836 3696 LSI_FC - ok 23:54:36.0867 3696 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 23:54:36.0869 3696 LSI_SAS - ok 23:54:36.0917 3696 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 23:54:36.0919 3696 LSI_SCSI - ok 23:54:36.0945 3696 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 23:54:36.0952 3696 luafv - ok 23:54:37.0012 3696 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 23:54:37.0050 3696 McComponentHostService - ok 23:54:37.0103 3696 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:54:37.0121 3696 Mcx2Svc - ok 23:54:37.0178 3696 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 23:54:37.0186 3696 megasas - ok 23:54:37.0230 3696 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 23:54:37.0234 3696 MegaSR - ok 23:54:37.0305 3696 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 23:54:37.0306 3696 Microsoft Office Groove Audit Service - ok 23:54:37.0331 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 23:54:37.0333 3696 MMCSS - ok 23:54:37.0340 3696 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 23:54:37.0344 3696 Modem - ok 23:54:37.0354 3696 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:54:37.0360 3696 monitor - ok 23:54:37.0382 3696 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:54:37.0386 3696 mouclass - ok 23:54:37.0400 3696 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:54:37.0405 3696 mouhid - ok 23:54:37.0426 3696 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 23:54:37.0431 3696 MountMgr - ok 23:54:37.0491 3696 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:54:38.0584 3696 MozillaMaintenance - ok 23:54:38.0649 3696 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 23:54:38.0651 3696 mpio - ok 23:54:38.0668 3696 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:54:38.0672 3696 mpsdrv - ok 23:54:38.0699 3696 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 23:54:38.0714 3696 MpsSvc - ok 23:54:38.0746 3696 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 23:54:38.0747 3696 Mraid35x - ok 23:54:38.0783 3696 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:54:38.0788 3696 MRxDAV - ok 23:54:38.0813 3696 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:54:38.0819 3696 mrxsmb - ok 23:54:38.0844 3696 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:54:38.0846 3696 mrxsmb10 - ok 23:54:38.0857 3696 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:54:38.0863 3696 mrxsmb20 - ok 23:54:38.0882 3696 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 23:54:38.0892 3696 msahci - ok 23:54:38.0913 3696 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:54:38.0915 3696 msdsm - ok 23:54:38.0941 3696 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 23:54:38.0944 3696 MSDTC - ok 23:54:38.0975 3696 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:54:38.0979 3696 Msfs - ok 23:54:39.0014 3696 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:54:39.0018 3696 msisadrv - ok 23:54:39.0053 3696 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:54:39.0068 3696 MSiSCSI - ok 23:54:39.0077 3696 msiserver - ok 23:54:39.0120 3696 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:54:39.0121 3696 MSKSSRV - ok 23:54:39.0141 3696 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:54:39.0142 3696 MSPCLOCK - ok 23:54:39.0155 3696 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:54:39.0156 3696 MSPQM - ok 23:54:39.0179 3696 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:54:39.0181 3696 MsRPC - ok 23:54:39.0193 3696 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 23:54:39.0197 3696 mssmbios - ok 23:54:39.0227 3696 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:54:39.0228 3696 MSTEE - ok 23:54:39.0251 3696 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 23:54:39.0255 3696 Mup - ok 23:54:39.0286 3696 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 23:54:39.0290 3696 napagent - ok 23:54:39.0326 3696 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:54:39.0332 3696 NativeWifiP - ok 23:54:39.0377 3696 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:54:39.0686 3696 NDIS - ok 23:54:39.0713 3696 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:54:39.0721 3696 NdisTapi - ok 23:54:39.0737 3696 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:54:39.0740 3696 Ndisuio - ok 23:54:39.0762 3696 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:54:39.0767 3696 NdisWan - ok 23:54:39.0784 3696 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:54:39.0788 3696 NDProxy - ok 23:54:39.0827 3696 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 23:54:39.0834 3696 Net Driver HPZ12 - ok 23:54:39.0875 3696 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:54:39.0876 3696 NetBIOS - ok 23:54:39.0905 3696 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 23:54:39.0912 3696 netbt - ok 23:54:39.0949 3696 [ D8F44FC13DB193C9379297973EE42272 ] NETFLTDI C:\Windows\system32\Drivers\NETFLTDI.SYS 23:54:39.0958 3696 NETFLTDI - ok 23:54:39.0984 3696 [ 9DEE136C4863D5065437D07262BB5C40 ] NETIMFLT01060044 C:\Windows\system32\DRIVERS\neti1644.sys 23:54:39.0987 3696 NETIMFLT01060044 - ok 23:54:39.0998 3696 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 23:54:40.0000 3696 Netlogon - ok 23:54:40.0023 3696 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 23:54:40.0040 3696 Netman - ok 23:54:40.0061 3696 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 23:54:40.0065 3696 netprofm - ok 23:54:40.0085 3696 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:54:40.0091 3696 NetTcpPortSharing - ok 23:54:40.0126 3696 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 23:54:40.0133 3696 nfrd960 - ok 23:54:40.0155 3696 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:54:40.0158 3696 NlaSvc - ok 23:54:40.0188 3696 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:54:40.0189 3696 Npfs - ok 23:54:40.0207 3696 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 23:54:40.0218 3696 nsi - ok 23:54:40.0230 3696 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:54:40.0234 3696 nsiproxy - ok 23:54:40.0280 3696 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:54:40.0668 3696 Ntfs - ok 23:54:40.0680 3696 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 23:54:40.0681 3696 ntrigdigi - ok 23:54:40.0692 3696 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 23:54:40.0693 3696 Null - ok 23:54:40.0900 3696 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:54:41.0170 3696 nvlddmkm - ok 23:54:41.0232 3696 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:54:41.0233 3696 nvraid - ok 23:54:41.0254 3696 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:54:41.0254 3696 nvstor - ok 23:54:41.0274 3696 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe 23:54:41.0286 3696 nvsvc - ok 23:54:41.0319 3696 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:54:41.0320 3696 nv_agp - ok 23:54:41.0326 3696 NwlnkFlt - ok 23:54:41.0335 3696 NwlnkFwd - ok 23:54:41.0426 3696 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:54:41.0487 3696 odserv - ok 23:54:41.0519 3696 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:54:41.0523 3696 ohci1394 - ok 23:54:41.0565 3696 OpenVPNService - ok 23:54:41.0609 3696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:54:41.0620 3696 ose - ok 23:54:41.0666 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 23:54:41.0672 3696 p2pimsvc - ok 23:54:41.0733 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 23:54:41.0741 3696 p2psvc - ok 23:54:41.0789 3696 [ 78B7642B0C51F24F0835C0226540D58B ] Panda Software Controller C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe 23:54:41.0790 3696 Panda Software Controller - ok 23:54:41.0873 3696 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 23:54:41.0877 3696 Parport - ok 23:54:41.0932 3696 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:54:41.0933 3696 partmgr - ok 23:54:41.0985 3696 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 23:54:41.0986 3696 Parvdm - ok 23:54:42.0059 3696 [ 55D654258A9C509B671310C314BD30B4 ] pavboot C:\Windows\system32\Drivers\pavboot.sys 23:54:42.0084 3696 pavboot - ok 23:54:42.0202 3696 [ 3BB71BD8B4873C5FECA890EFC6BF9257 ] PAVFNSVR C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe 23:54:42.0212 3696 PAVFNSVR - ok 23:54:42.0294 3696 [ A110035FDC4B8F8F0CD5E71D031274E1 ] PavProc C:\Windows\system32\DRIVERS\PavProc.sys 23:54:42.0311 3696 PavProc - ok 23:54:42.0327 3696 [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe 23:54:42.0335 3696 PavPrSrv - ok 23:54:42.0342 3696 PavSRK.sys - ok 23:54:42.0385 3696 [ 97005413310966001FB6F4A5C503149C ] PAVSRV C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe 23:54:42.0707 3696 PAVSRV - ok 23:54:42.0712 3696 PavTPK.sys - ok 23:54:42.0762 3696 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 23:54:42.0779 3696 PcaSvc - ok 23:54:42.0807 3696 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 23:54:42.0810 3696 pci - ok 23:54:42.0847 3696 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 23:54:42.0848 3696 pciide - ok 23:54:42.0871 3696 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 23:54:42.0873 3696 pcmcia - ok 23:54:42.0879 3696 PDNMp50 - ok 23:54:42.0885 3696 PDNSp50 - ok 23:54:42.0939 3696 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:54:42.0983 3696 PEAUTH - ok 23:54:43.0047 3696 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 23:54:43.0091 3696 pla - ok 23:54:43.0124 3696 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:54:43.0142 3696 PlugPlay - ok 23:54:43.0199 3696 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 23:54:43.0206 3696 Pml Driver HPZ12 - ok 23:54:43.0244 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 23:54:43.0251 3696 PNRPAutoReg - ok 23:54:43.0288 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 23:54:43.0295 3696 PNRPsvc - ok 23:54:43.0326 3696 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:54:43.0330 3696 PolicyAgent - ok 23:54:43.0375 3696 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:54:43.0380 3696 PptpMiniport - ok 23:54:43.0421 3696 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 23:54:43.0421 3696 Processor - ok 23:54:43.0462 3696 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 23:54:43.0476 3696 ProfSvc - ok 23:54:43.0488 3696 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 23:54:43.0490 3696 ProtectedStorage - ok 23:54:43.0520 3696 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 23:54:43.0525 3696 PSched - ok 23:54:43.0589 3696 [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE 23:54:43.0602 3696 PSHost - ok 23:54:43.0639 3696 [ 196C450F2779D0B462C444DA4906EA7F ] PSIMSVC C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe 23:54:43.0977 3696 PSIMSVC - ok 23:54:44.0005 3696 [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe 23:54:44.0013 3696 PskSvcRetail - ok 23:54:44.0068 3696 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 23:54:44.0075 3696 ql2300 - ok 23:54:44.0120 3696 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 23:54:44.0122 3696 ql40xx - ok 23:54:44.0164 3696 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 23:54:44.0178 3696 QWAVE - ok 23:54:44.0208 3696 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:54:44.0216 3696 QWAVEdrv - ok 23:54:44.0237 3696 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:54:44.0238 3696 RasAcd - ok 23:54:44.0257 3696 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 23:54:44.0271 3696 RasAuto - ok 23:54:44.0306 3696 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:54:44.0308 3696 Rasl2tp - ok 23:54:44.0385 3696 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 23:54:44.0390 3696 RasMan - ok 23:54:44.0432 3696 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:54:44.0434 3696 RasPppoe - ok 23:54:44.0474 3696 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:54:44.0482 3696 RasSstp - ok 23:54:44.0523 3696 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:54:44.0530 3696 rdbss - ok 23:54:44.0561 3696 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:54:44.0562 3696 RDPCDD - ok 23:54:44.0609 3696 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 23:54:44.0612 3696 rdpdr - ok 23:54:44.0624 3696 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:54:44.0625 3696 RDPENCDD - ok 23:54:44.0722 3696 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:54:44.0725 3696 RDPWD - ok 23:54:44.0813 3696 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:54:44.0829 3696 RemoteAccess - ok 23:54:44.0862 3696 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:54:44.0872 3696 RemoteRegistry - ok 23:54:44.0924 3696 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 23:54:44.0938 3696 RichVideo - ok 23:54:44.0972 3696 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 23:54:44.0973 3696 ROOTMODEM - ok 23:54:44.0999 3696 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 23:54:45.0008 3696 RpcLocator - ok 23:54:45.0053 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 23:54:45.0059 3696 RpcSs - ok 23:54:45.0078 3696 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:54:45.0082 3696 rspndr - ok 23:54:45.0090 3696 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 23:54:45.0092 3696 SamSs - ok 23:54:45.0130 3696 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:54:45.0131 3696 sbp2port - ok 23:54:45.0191 3696 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:54:45.0204 3696 SCardSvr - ok 23:54:45.0252 3696 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 23:54:45.0262 3696 Schedule - ok 23:54:45.0284 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 23:54:45.0285 3696 SCPolicySvc - ok 23:54:45.0318 3696 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:54:45.0330 3696 SDRSVC - ok 23:54:45.0363 3696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:54:45.0373 3696 secdrv - ok 23:54:45.0410 3696 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 23:54:45.0420 3696 seclogon - ok 23:54:45.0441 3696 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 23:54:45.0444 3696 SENS - ok 23:54:45.0466 3696 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 23:54:45.0468 3696 Serenum - ok 23:54:45.0500 3696 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 23:54:45.0501 3696 Serial - ok 23:54:45.0554 3696 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 23:54:45.0554 3696 sermouse - ok 23:54:45.0600 3696 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 23:54:45.0615 3696 SessionEnv - ok 23:54:45.0657 3696 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:54:45.0661 3696 sffdisk - ok 23:54:45.0687 3696 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:54:45.0687 3696 sffp_mmc - ok 23:54:45.0720 3696 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:54:45.0721 3696 sffp_sd - ok 23:54:45.0765 3696 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 23:54:45.0774 3696 sfloppy - ok 23:54:45.0811 3696 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:54:45.0847 3696 SharedAccess - ok 23:54:45.0886 3696 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:54:45.0901 3696 ShellHWDetection - ok 23:54:45.0939 3696 [ 32D6F7632234F0354C79E915CA4613D4 ] ShldDrv C:\Windows\system32\DRIVERS\ShlDrv51.sys 23:54:45.0951 3696 ShldDrv - ok 23:54:46.0041 3696 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 23:54:46.0042 3696 sisagp - ok 23:54:46.0075 3696 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 23:54:46.0076 3696 SiSRaid2 - ok 23:54:46.0131 3696 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 23:54:46.0131 3696 SiSRaid4 - ok 23:54:46.0194 3696 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 23:54:51.0642 3696 SkypeUpdate - ok 23:54:51.0749 3696 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 23:54:51.0842 3696 slsvc - ok 23:54:51.0900 3696 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 23:54:51.0914 3696 SLUINotify - ok 23:54:51.0985 3696 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:54:51.0989 3696 Smb - ok 23:54:52.0034 3696 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:54:52.0045 3696 SNMPTRAP - ok 23:54:52.0079 3696 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 23:54:52.0087 3696 spldr - ok 23:54:52.0122 3696 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 23:54:52.0136 3696 Spooler - ok 23:54:52.0179 3696 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:54:52.0184 3696 srv - ok 23:54:52.0222 3696 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:54:52.0229 3696 srv2 - ok 23:54:52.0284 3696 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:54:52.0289 3696 srvnet - ok 23:54:52.0314 3696 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:54:52.0324 3696 SSDPSRV - ok 23:54:52.0360 3696 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:54:52.0373 3696 SstpSvc - ok 23:54:52.0418 3696 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 23:54:52.0438 3696 stisvc - ok 23:54:52.0473 3696 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 23:54:52.0476 3696 swenum - ok 23:54:52.0517 3696 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 23:54:52.0533 3696 swprv - ok 23:54:52.0568 3696 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 23:54:52.0569 3696 Symc8xx - ok 23:54:52.0609 3696 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 23:54:52.0619 3696 Sym_hi - ok 23:54:52.0740 3696 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 23:54:52.0742 3696 Sym_u3 - ok 23:54:52.0798 3696 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 23:54:52.0804 3696 SynTP - ok 23:54:52.0859 3696 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 23:54:52.0877 3696 SysMain - ok 23:54:52.0935 3696 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:54:52.0946 3696 TabletInputService - ok 23:54:52.0997 3696 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\Windows\system32\DRIVERS\tap0801.sys 23:54:53.0001 3696 tap0801 - ok 23:54:53.0065 3696 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:54:53.0080 3696 TapiSrv - ok 23:54:53.0096 3696 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 23:54:53.0113 3696 TBS - ok 23:54:53.0164 3696 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:54:53.0540 3696 Tcpip - ok 23:54:53.0575 3696 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 23:54:53.0581 3696 Tcpip6 - ok 23:54:53.0610 3696 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:54:53.0612 3696 tcpipreg - ok 23:54:53.0641 3696 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:54:53.0642 3696 TDPIPE - ok 23:54:53.0669 3696 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:54:53.0670 3696 TDTCP - ok 23:54:53.0713 3696 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:54:53.0717 3696 tdx - ok 23:54:53.0739 3696 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 23:54:53.0745 3696 TermDD - ok 23:54:53.0770 3696 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 23:54:53.0790 3696 TermService - ok 23:54:53.0810 3696 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 23:54:53.0814 3696 Themes - ok 23:54:53.0834 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 23:54:53.0836 3696 THREADORDER - ok 23:54:53.0887 3696 [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 23:54:53.0923 3696 TOSHIBA Bluetooth Service - ok 23:54:53.0956 3696 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys 23:54:53.0956 3696 tosporte - ok 23:54:53.0983 3696 [ A594DBD80CA5426E2E558BF79195A110 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys 23:54:53.0987 3696 tosrfbd - ok 23:54:54.0013 3696 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys 23:54:54.0015 3696 tosrfbnp - ok 23:54:54.0040 3696 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys 23:54:54.0048 3696 Tosrfcom - ok 23:54:54.0085 3696 [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys 23:54:54.0086 3696 Tosrfhid - ok 23:54:54.0113 3696 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys 23:54:54.0114 3696 tosrfnds - ok 23:54:54.0147 3696 [ 7C0999169EF696F10761BF8275027330 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys 23:54:54.0148 3696 TosRfSnd - ok 23:54:54.0174 3696 [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys 23:54:54.0175 3696 Tosrfusb - ok 23:54:54.0219 3696 [ F7F79FCB3331BC2DB57572E33A5A969D ] TPSrv C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe 23:54:54.0220 3696 TPSrv - ok 23:54:54.0261 3696 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 23:54:54.0275 3696 TrkWks - ok 23:54:54.0323 3696 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:54:54.0333 3696 TrustedInstaller - ok 23:54:54.0375 3696 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:54:54.0376 3696 tssecsrv - ok 23:54:54.0419 3696 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 23:54:54.0422 3696 tunmp - ok 23:54:54.0449 3696 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:54:54.0450 3696 tunnel - ok 23:54:54.0479 3696 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 23:54:54.0480 3696 uagp35 - ok 23:54:54.0544 3696 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:54:54.0550 3696 udfs - ok 23:54:54.0584 3696 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:54:54.0597 3696 UI0Detect - ok 23:54:54.0617 3696 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:54:54.0618 3696 uliagpkx - ok 23:54:54.0656 3696 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 23:54:54.0658 3696 uliahci - ok 23:54:54.0687 3696 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 23:54:54.0688 3696 UlSata - ok 23:54:54.0740 3696 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 23:54:54.0742 3696 ulsata2 - ok 23:54:54.0772 3696 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 23:54:54.0773 3696 umbus - ok 23:54:54.0802 3696 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 23:54:54.0814 3696 upnphost - ok 23:54:54.0862 3696 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 23:54:54.0863 3696 USBAAPL - ok 23:54:54.0916 3696 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 23:54:54.0917 3696 usbaudio - ok 23:54:54.0969 3696 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:54:54.0970 3696 usbccgp - ok 23:54:55.0017 3696 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:54:55.0018 3696 usbcir - ok 23:54:55.0071 3696 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:54:55.0071 3696 usbehci - ok 23:54:55.0096 3696 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:54:55.0102 3696 usbhub - ok 23:54:55.0121 3696 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:54:55.0122 3696 usbohci - ok 23:54:55.0152 3696 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:54:55.0152 3696 usbprint - ok 23:54:55.0175 3696 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:54:55.0176 3696 usbscan - ok 23:54:55.0197 3696 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:54:55.0201 3696 USBSTOR - ok 23:54:55.0225 3696 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:54:55.0228 3696 usbuhci - ok 23:54:55.0272 3696 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 23:54:55.0274 3696 usbvideo - ok 23:54:55.0317 3696 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 23:54:55.0329 3696 UxSms - ok 23:54:55.0362 3696 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 23:54:55.0381 3696 vds - ok 23:54:55.0418 3696 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:54:55.0418 3696 vga - ok 23:54:55.0443 3696 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 23:54:55.0450 3696 VgaSave - ok 23:54:55.0480 3696 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 23:54:55.0481 3696 viaagp - ok 23:54:55.0513 3696 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 23:54:55.0514 3696 ViaC7 - ok 23:54:55.0544 3696 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 23:54:55.0544 3696 viaide - ok 23:54:55.0593 3696 [ 86721C65A2010A9E34E3DC59DA0183CF ] VMC302 C:\Windows\system32\Drivers\VMC302.sys 23:54:55.0602 3696 VMC302 - ok 23:54:55.0628 3696 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:54:55.0632 3696 volmgr - ok 23:54:55.0703 3696 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:54:55.0710 3696 volmgrx - ok 23:54:55.0746 3696 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:54:55.0753 3696 volsnap - ok 23:54:55.0797 3696 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 23:54:55.0801 3696 vsmraid - ok 23:54:55.0860 3696 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 23:54:55.0896 3696 VSS - ok 23:54:55.0937 3696 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 23:54:55.0951 3696 W32Time - ok 23:54:55.0982 3696 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 23:54:55.0982 3696 WacomPen - ok 23:54:56.0013 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 23:54:56.0018 3696 Wanarp - ok 23:54:56.0025 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:54:56.0027 3696 Wanarpv6 - ok 23:54:56.0055 3696 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:54:56.0070 3696 wcncsvc - ok 23:54:56.0106 3696 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:54:56.0121 3696 WcsPlugInService - ok 23:54:56.0215 3696 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 23:54:56.0216 3696 Wd - ok 23:54:56.0270 3696 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:54:56.0291 3696 Wdf01000 - ok 23:54:56.0312 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:54:56.0315 3696 WdiServiceHost - ok 23:54:56.0327 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:54:56.0331 3696 WdiSystemHost - ok 23:54:56.0374 3696 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 23:54:56.0390 3696 WebClient - ok 23:54:56.0430 3696 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:54:56.0434 3696 Wecsvc - ok 23:54:56.0457 3696 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:54:56.0466 3696 wercplsupport - ok 23:54:56.0504 3696 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 23:54:56.0526 3696 WerSvc - ok 23:54:56.0576 3696 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 23:54:56.0589 3696 WinDefend - ok 23:54:56.0606 3696 WinHttpAutoProxySvc - ok 23:54:56.0656 3696 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:54:56.0671 3696 Winmgmt - ok 23:54:56.0742 3696 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 23:54:56.0825 3696 WinRM - ok 23:54:56.0884 3696 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:54:56.0891 3696 Wlansvc - ok 23:54:56.0928 3696 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:54:56.0929 3696 WmiAcpi - ok 23:54:56.0981 3696 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:54:56.0995 3696 wmiApSrv - ok 23:54:57.0066 3696 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 23:54:57.0091 3696 WMPNetworkSvc - ok 23:54:57.0141 3696 [ 0411D0433E8C48AD24B2EF32D7C97AE0 ] WNMFLT C:\Windows\system32\Drivers\WNMFLT.SYS 23:54:57.0146 3696 WNMFLT - ok 23:54:57.0177 3696 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:54:57.0181 3696 WPCSvc - ok 23:54:57.0225 3696 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:54:57.0243 3696 WPDBusEnum - ok 23:54:57.0280 3696 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 23:54:57.0281 3696 WpdUsb - ok 23:54:57.0377 3696 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 23:55:01.0045 3696 WPFFontCache_v0400 - ok 23:55:01.0097 3696 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:55:01.0098 3696 ws2ifsl - ok 23:55:01.0136 3696 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 23:55:01.0140 3696 wscsvc - ok 23:55:01.0151 3696 WSearch - ok 23:55:01.0224 3696 [ A583F4BF607EBC5709578433207A76A8 ] WTGService C:\Program Files\Verbindungsassistent\wtgservice.exe 23:55:01.0528 3696 WTGService - ok 23:55:01.0627 3696 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 23:55:01.0642 3696 wuauserv - ok 23:55:01.0670 3696 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:55:01.0674 3696 WudfPf - ok 23:55:01.0732 3696 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:55:01.0734 3696 WUDFRd - ok 23:55:01.0778 3696 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:55:01.0792 3696 wudfsvc - ok 23:55:01.0850 3696 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 23:55:01.0857 3696 yukonwlh - ok 23:55:01.0900 3696 ================ Scan global =============================== 23:55:01.0929 3696 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 23:55:01.0977 3696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 23:55:02.0011 3696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 23:55:02.0057 3696 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 23:55:02.0061 3696 [Global] - ok 23:55:02.0064 3696 ================ Scan MBR ================================== 23:55:02.0085 3696 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 23:55:02.0472 3696 \Device\Harddisk0\DR0 - ok 23:55:02.0475 3696 ================ Scan VBR ================================== 23:55:02.0478 3696 [ 1BBB7B6706D1441B7B54AA0CC68F832E ] \Device\Harddisk0\DR0\Partition1 23:55:02.0480 3696 \Device\Harddisk0\DR0\Partition1 - ok 23:55:02.0483 3696 ============================================================ 23:55:02.0483 3696 Scan finished 23:55:02.0483 3696 ============================================================ 23:55:02.0496 1388 Detected object count: 0 23:55:02.0496 1388 Actual detected object count: 0 4.) DDS: dds.txt: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Björn at 0:00:03 on 2013-01-10 #Option MBR scan is disabled. Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2011 [GMT 1:00] . AV: Panda Global Protection 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Global Protection 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\o2 Verbindungsmanager\BRService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Verbindungsassistent\wtgservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Panda Security\Panda Global Protection 2012\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Global Protection 2012\apvxdwin.exe C:\Program Files\Panda Security\Panda Global Protection 2012\PavBckPT.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.arcor.de/ mStart Page = hxxp://alice.aol.de mDefault_Page_URL = hxxp://alice.aol.de uProxyServer = proxy.charite.de:80 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2012\APVXDWIN.EXE" /s mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2012\Inicio.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [hpqSRMon] <no file> StartupFolder: c:\users\bjrn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Alles mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: Alle &Filme mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: Free YouTube to MP3 Converter - c:\users\björn\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Mit BitComet herunter&laden - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : NameServer = 213.191.92.87,192.168.1.1 TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : DHCPNameServer = 192.168.1.1 Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\common files\fluxdvd\lib\xeb\xebnavigation.ax Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: avldr - avldr.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\björn\appdata\roaming\mozilla\firefox\profiles\0x9ws559.default\ . ============= SERVICES / DRIVERS =============== . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-2-14 26696] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-2-14 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-2-14 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-2-14 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-2-14 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-2-14 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-2-14 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-2-14 46856] R2 AAV UpdateService;AAV UpdateService;c:\program files\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe [2008-10-24 128296] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2012-2-14 54344] R2 BandLuxe_Service;BandLuxe Service;c:\program files\o2 verbindungsmanager\BRService.exe [2009-6-14 87264] R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2012-2-14 13880] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-12-19 13312] R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2012\PsCtrlS.exe [2012-2-14 173312] R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2012\PavFnSvr.exe [2012-2-14 202016] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-2-14 163848] R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-2-14 62768] R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2012\pavsrvx86.exe [2012-2-14 314176] R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2012\psksvc.exe [2012-2-14 28992] R2 WTGService;WTGService;c:\program files\verbindungsassistent\WTGService.exe [2010-6-2 330696] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-2-14 201032] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624] R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-4-23 243840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-12-23 104448] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %* FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %* FileExt: .js: JSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %* FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %* FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %* . =============== Created Last 30 ================ . 2013-01-08 21:03:55 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d392570-70a8-444b-afb2-227951344b96}\mpengine.dll 2013-01-05 14:54:28 -------- d-----w- c:\users\björn\appdata\roaming\HpUpdate 2013-01-05 14:54:19 -------- d-----w- c:\windows\Hewlett-Packard 2012-12-21 15:20:19 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 15:20:18 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-15 14:47:59 916960 ----a-w- c:\program files\mozilla firefox\firefox.exe 2012-12-15 14:47:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-12-15 14:47:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-12-15 14:47:58 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-12-15 14:47:56 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-12-15 14:47:56 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-12-15 14:47:56 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-12-13 21:13:41 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 21:13:32 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 21:13:32 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 21:13:32 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 21:13:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 21:13:31 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 21:13:30 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 21:13:30 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 21:13:28 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 21:13:28 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 21:13:28 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 20:53:50 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 20:53:49 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 20:53:49 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 20:53:48 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 20:53:25 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2013-01-08 20:54:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 20:54:52 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-16 10:08:26 518432 ----a-w- c:\windows\system32\PavSHook.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 0:01:14,75 =============== attach.txt: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 17.12.2008 11:14:40 System Uptime: 09.01.2013 22:19:15 (2 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R510/P510 Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 48,886 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0030 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0030 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0023 Manufacturer: Microsoft Name: Microsoft-ISATAP-Adapter #15 PNP Device ID: ROOT\*ISATAP\0023 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7-Zip 4.62 AAVUpdateManager Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Amazon MP3-Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros WLAN Client BitComet 1.15 Bluetooth Stack for Windows by Toshiba Bonjour BufferChm C4400 C4420_Help Cards_Calendar_OrderGift_DoMorePlugout CustomerResearchQFolder CyberLink DVD Suite CyberLink Power2Go DC Software Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder Dropbox Easy Battery Manager Easy Display Manager Easy Network Manager 3.0 Easy SpeedUp Manager EndNote eSupportQFolder GPBaseService Haufe iDesk-Browser Haufe iDesk-Service Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 11.0 HP Imaging Device Functions 11.0 HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3 HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Smart Web Printing HP Solution Center 11.0 HP Update HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply imagine digital freedom - Samsung Intel® Matrix Storage Manager Irodio Photo & Video Studio ISI ResearchSoft - Export Helper iTunes IZArc 4.1.2 Java 7 Update 9 Java Auto Updater JavaFX 2.1.0 LabelPrint Lager LightScribe System Software 1.12.37.1 MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SOAP Toolkit 2.0 SP2 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Networks Media Player for Internet Explorer Mozilla Firefox 17.0.1 (x86 de) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers o2 Verbindungsmanager OCR Software by I.R.I.S. 11.0 OpenVPN 2.0.9-gui-1.0.3 Panda Global Protection 2012 Panda Secure Vault 5 PanoStandAlone Play AVStation PlayCamera PowerDirector PowerDVD PowerProducer PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PS_AIO_03_C4420_ProductContext PSSWCORE QuickSteuer 2009 QuickTime Realtek High Definition Audio Driver Samsung Magic Doctor Samsung Recovery Solution III Samsung Update Plus Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shop for HP Supplies Skype Toolbars Skype™ 6.0 SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Status Steuer-Spar-Erklärung 2009 Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition User Guide Veetle TV 0.9.18 Verbindungsassistent VideoToolkit01 Vimicro UVC Camera VLC media player 1.1.6 WebReg Windows Media Player Firefox Plugin yEd Graph Editor yEd Graph Editor 3.6.1.1 . ==== End Of File =========================== |
10.01.2013, 10:52 | #9 | |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Dann weiter: Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
11.01.2013, 15:42 | #10 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Keine Hilfe per privater Nachricht. Alle Fragen die du hast klären wir hier. Bitte die Logfiles hier posten
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
11.01.2013, 16:15 | #11 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE ok. also: 1. soll ich vorher noch daten sichern oder nicht? 2. aus reinem interesse etwas zu lernen: hat die bisherige analyse schon etwas aufschluss gebracht und was haben wir gemacht bzw. haben wir noch vor und wie schätzt du die sachen ein? 3. was kann bei combo-fix schiefgehen? schritte 1 bis 3 sind erledigt, combo-fix folgt heute oder morgen. als der tfc-cleaner lief bekam ich eine fehlermeldung panda permanent protection würde nicht mehr funktionieren. nach neustart jedoch keine probleme. bis bald! |
11.01.2013, 16:28 | #12 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE 1. Normalerweise ist es nicht nötig etwas zu sicher. An Daten sollte nichts verloren gehen. 2. Wir haben ein paar Vortests gemacht und jetzt gehts zum Bereinigen. 3. Normalerweise geht da nichts schief. Du musst bitte verstehen, dass wir hier bei der kostenlosen Hilfe keine individuelle Analyse liefern. Wenn du mehr über Malware lernen willst, dann könntest du dich beispielsweise bei unserer Akademie anmelden.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
11.01.2013, 17:39 | #13 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE kurze frage noch vor combofix: panda meldet momentan ungefähr alle 3 min. dass der besagte trojaner gefunden worden sei und blockiert worden sei. habe nur bedenken was passiert wenn ich jetz panda ausmachen, wie ja für den combofix-scan verlangt... |
11.01.2013, 17:46 | #14 |
/// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Dein Panda hat dich auch nicht vor der Infektion bewahrt oder? Wir fertigen hier 500 Leute im Monat ab. Wir wissen, was wir machen ...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
12.01.2013, 09:59 | #15 |
| Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE 1. defender ist abgeschaltet. 2. adw-cleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 20:18:05 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Björn - SAMSUNGR510 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Björn\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0.1 (de) Datei : C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\prefs.js C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. Datei : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\8wec85he.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\167bwns0.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1081 octets] - [10/01/2013 20:18:05] ########## EOF - C:\AdwCleaner[S1].txt - [1141 octets] ########## 3. TFC: erledigt. wie gesagt währenddessen fehlermeldung panda permanent protection würde nicht mehr funktionieren. 4. combofix: Code:
ATTFilter ComboFix 13-01-11.01 - Björn 11.01.2013 20:22:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1788 [GMT 1:00] ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22} SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\NVIDIA c:\programdata\NVIDIA\NvApps.xml c:\programdata\NVIDIA\NvStarted c:\users\Nadja\AppData\Roaming\Skype c:\users\Nadja\AppData\Roaming\Skype\shared.lck c:\users\Nadja\AppData\Roaming\Skype\shared.xml . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 )))))))))))))))))))))))))))))) . . 2013-01-11 19:31 . 2013-01-11 19:31 -------- d-----w- c:\users\Björn\AppData\Local\temp 2013-01-10 19:37 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-10 19:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-10 19:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-08 21:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392570-70A8-444B-AFB2-227951344B96}\mpengine.dll 2013-01-05 18:36 . 2013-01-05 18:37 -------- d-----w- c:\users\Björn\AppData\Local\Unity 2013-01-05 14:54 . 2013-01-05 14:56 -------- d-----w- c:\users\Björn\AppData\Roaming\HpUpdate 2013-01-05 14:54 . 2013-01-05 14:54 -------- d-----w- c:\windows\Hewlett-Packard 2013-01-05 14:06 . 2013-01-05 14:06 -------- d-----w- c:\programdata\HP Product Assistant 2013-01-02 21:56 . 2013-01-02 21:56 -------- d-----w- c:\program files\Common Files\Adobe 2012-12-21 15:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 15:20 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 21:13 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 21:13 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 21:13 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 21:13 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 21:13 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 21:13 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 21:13 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 21:13 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 21:13 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 21:13 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 21:13 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 20:53 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 20:53 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 20:53 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 20:53 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 20:54 . 2012-10-31 14:20 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 20:54 . 2012-10-31 14:20 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-16 10:08 . 2012-02-14 15:02 518432 ----a-w- c:\windows\system32\PavSHook.dll 2012-12-15 14:48 . 2012-12-15 14:47 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] . c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 11:55 55552 ----a-w- c:\windows\System32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] NA [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 20:54] . 2012-10-10 c:\windows\Tasks\Grundlegende Bereinigung.job - c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-02-14 13:23] . 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job - c:\windows\system32\msfeedssync.exe [2011-05-20 08:33] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.arcor.de/ mStart Page = hxxp://alice.aol.de uInternet Settings,ProxyServer = proxy.charite.de:80 uInternet Settings,ProxyOverride = *.local IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Alle &Filme mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Free YouTube to MP3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1 FF - ProfilePath - c:\users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-02-19 18:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF - ExtSQL: !HIDDEN! 2009-09-02 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-hpqSRMon - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-01-11 20:31 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(2636) c:\program files\Panda Security\Panda Global Protection 2012\pavoepl.dll c:\windows\system32\ieframe.dll . Zeit der Fertigstellung: 2013-01-11 20:33:59 ComboFix-quarantined-files.txt 2013-01-11 19:33 . Vor Suchlauf: 14 Verzeichnis(se), 56.415.666.176 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 56.294.129.664 Bytes frei . - - End Of File - - 64E17658F952548FBB1F6D88B60DA1F6 gruß |
Themen zu Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE |
absturz ohne grund, computer, einfach, ergebnis, geblockt, hängt, interne, internetseite, langsam, logfiles, notebook, panda, problem, ransom, richtig, samsung, seite, seiten, sekunden, stark, stürzen, trojaner, verzeichnis, virus, vista, windows, windows vista, öffnen |