| |
| |||||||
Log-Analyse und Auswertung: Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.01.2013, 14:39
| #1 |
 |  Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Liebe Forenmitglieder!  Folgendes Problem auf meinem Samsung Aura R510 Notebook mit Windows Vista: Meine Antiviren-Software Panda GP 2012 findet in letzter Zeit in immer kürzer werdenden Abständen den oben genannten Virus im oben genannten Verzeichnis mit dem Ergebnis, dass dieser geblockt wäre. In letzter Zeit geschieht dies immer häufiger, zeitweise im 5-Minuten-Takt, immer genau die gleiche Fehlermeldung. Dazu hängt der Computer sich immer häufiger auf oder er fährt in etwa 2 Sekunden einfach eigenmächtig runter. Außerdem sind zeitweise INternetseiten extrem langsam oder Verzeichnisse im Datei-Manager lassen sich nur extrem langsam öffnen und stürzen dann ab. Alles wie gesagt mit in letzter Zeit stark zunehmender Frequenz. Was ist zu tun? Vielen Dank schon im Vorraus für eure Mühe! Ich hoffe ich habe bei der Erstellung der Logfiles alles richtig gemacht. Viele Grüße!  HM |
|
06.01.2013, 14:54
| #2 |
| /// TB-Ausbilder  | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
06.01.2013, 15:23
| #3 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Vielen Dank für die schnelle Hilfe!
__________________Alles gelesen und verstanden! noch eine frage vorab: muss ich die internetverbindung und meine antivirussoftware (panda) währenddessen ausmachen? Gruß |
|
06.01.2013, 15:37
| #4 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Kannst du machen, musst aber nur, wenn es in einer Anleitung auftaucht.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 14:13
| #5 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 21:56
| #6 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE bin beruflich eingespannt, sorry! defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:48 on 08/01/2013 (Björn)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
09.01.2013, 16:19
| #7 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Ja das glaube ich. Es ist jedoch wichtig, dass man da dran bleibt.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.01.2013, 00:10
| #8 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE ok, jetzt alles vollständig: 1.) defogger: siehe oben 2.) asw MBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-09 22:23:02
-----------------------------
22:23:02.147 OS Version: Windows 6.0.6002 Service Pack 2
22:23:02.147 Number of processors: 2 586 0xF0D
22:23:02.149 ComputerName: SAMSUNGR510 UserName: Björn
22:23:03.642 Initialize success
22:27:07.791 AVAST engine defs: 13010900
22:29:21.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:21.268 Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3
22:29:21.283 Disk 0 MBR read successfully
22:29:21.286 Disk 0 MBR scan
22:29:21.291 Disk 0 Windows VISTA default MBR code
22:29:21.308 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
22:29:21.336 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295003 MB offset 20973568
22:29:21.351 Disk 0 scanning sectors +625139712
22:29:21.424 Disk 0 scanning C:\Windows\system32\drivers
22:29:45.122 Service scanning
22:30:15.477 Modules scanning
22:30:36.939 Disk 0 trace - called modules:
22:30:36.973 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:30:36.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e33ac8]
22:30:36.987 3 CLASSPNP.SYS[8aea78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84687028]
22:30:38.343 AVAST engine scan C:\Windows
22:30:43.033 AVAST engine scan C:\Windows\system32
22:36:38.354 AVAST engine scan C:\Windows\system32\drivers
22:36:56.150 AVAST engine scan C:\Users\Björn
23:19:50.298 AVAST engine scan C:\ProgramData
23:23:59.863 Scan finished successfully
23:48:44.118 Disk 0 MBR has been saved successfully to "C:\Users\Björn\Desktop\MBR.dat"
23:48:44.130 The log file has been saved successfully to "C:\Users\Björn\Desktop\aswMBR.txt"
3.) TDSS: Code:
ATTFilter 23:53:22.0236 4212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:53:23.0656 4212 ============================================================
23:53:23.0656 4212 Current date / time: 2013/01/09 23:53:23.0656
23:53:23.0656 4212 SystemInfo:
23:53:23.0656 4212
23:53:23.0656 4212 OS Version: 6.0.6002 ServicePack: 2.0
23:53:23.0656 4212 Product type: Workstation
23:53:23.0656 4212 ComputerName: SAMSUNGR510
23:53:23.0656 4212 UserName: Björn
23:53:23.0656 4212 Windows directory: C:\Windows
23:53:23.0656 4212 System windows directory: C:\Windows
23:53:23.0656 4212 Processor architecture: Intel x86
23:53:23.0656 4212 Number of processors: 2
23:53:23.0656 4212 Page size: 0x1000
23:53:23.0656 4212 Boot type: Normal boot
23:53:23.0656 4212 ============================================================
23:53:24.0867 4212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:53:24.0884 4212 ============================================================
23:53:24.0884 4212 \Device\Harddisk0\DR0:
23:53:24.0907 4212 MBR partitions:
23:53:24.0907 4212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800
23:53:24.0907 4212 ============================================================
23:53:25.0064 4212 C: <-> \Device\Harddisk0\DR0\Partition1
23:53:25.0064 4212 ============================================================
23:53:25.0064 4212 Initialize success
23:53:25.0064 4212 ============================================================
23:54:25.0960 3696 ============================================================
23:54:25.0960 3696 Scan started
23:54:25.0960 3696 Mode: Manual; TDLFS;
23:54:25.0960 3696 ============================================================
23:54:26.0236 3696 ================ Scan system memory ========================
23:54:26.0236 3696 System memory - ok
23:54:26.0239 3696 ================ Scan services =============================
23:54:26.0505 3696 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
23:54:26.0506 3696 AAV UpdateService - ok
23:54:26.0928 3696 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:54:26.0937 3696 ACPI - ok
23:54:27.0065 3696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:54:27.0073 3696 AdobeARMservice - ok
23:54:27.0170 3696 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:54:27.0172 3696 AdobeFlashPlayerUpdateSvc - ok
23:54:27.0234 3696 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:54:27.0239 3696 adp94xx - ok
23:54:27.0273 3696 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:54:27.0276 3696 adpahci - ok
23:54:27.0298 3696 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:54:27.0299 3696 adpu160m - ok
23:54:27.0406 3696 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:54:27.0408 3696 adpu320 - ok
23:54:27.0486 3696 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:54:27.0495 3696 AeLookupSvc - ok
23:54:27.0541 3696 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:54:27.0548 3696 AFD - ok
23:54:27.0596 3696 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:54:27.0597 3696 agp440 - ok
23:54:27.0634 3696 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:54:27.0634 3696 aic78xx - ok
23:54:27.0683 3696 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:54:27.0694 3696 ALG - ok
23:54:27.0732 3696 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:54:27.0732 3696 aliide - ok
23:54:27.0764 3696 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:54:27.0765 3696 amdagp - ok
23:54:27.0796 3696 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:54:27.0796 3696 amdide - ok
23:54:27.0847 3696 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:54:27.0847 3696 AmdK7 - ok
23:54:27.0865 3696 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:54:27.0866 3696 AmdK8 - ok
23:54:27.0901 3696 [ 36B58A8BAFE100DE90C87A3C0E56A3F2 ] AmFSM C:\Windows\system32\DRIVERS\amm8660.sys
23:54:27.0908 3696 AmFSM - ok
23:54:27.0981 3696 [ 6B467E791EC470D010BD50E5E98BF467 ] APPFLT C:\Windows\system32\Drivers\APPFLT.SYS
23:54:27.0986 3696 APPFLT - ok
23:54:28.0039 3696 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:54:28.0054 3696 Appinfo - ok
23:54:28.0172 3696 [ 536FCD2CEC5161BFCC91CC21726B9DB2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:54:28.0186 3696 Apple Mobile Device - ok
23:54:28.0249 3696 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:54:28.0253 3696 arc - ok
23:54:28.0323 3696 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:54:28.0327 3696 arcsas - ok
23:54:28.0364 3696 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:28.0365 3696 AsyncMac - ok
23:54:28.0424 3696 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:54:28.0427 3696 atapi - ok
23:54:28.0631 3696 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys
23:54:28.0673 3696 athr - ok
23:54:28.0723 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:54:28.0735 3696 AudioEndpointBuilder - ok
23:54:28.0824 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:54:28.0827 3696 Audiosrv - ok
23:54:28.0875 3696 AvFlt - ok
23:54:28.0941 3696 [ 5C9D3986BFD7CE9FE1F63596DE76EF63 ] BandLuxe_Service C:\Program Files\o2 Verbindungsmanager\BRService.exe
23:54:28.0967 3696 BandLuxe_Service - ok
23:54:29.0036 3696 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:54:29.0036 3696 Beep - ok
23:54:29.0096 3696 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:54:29.0099 3696 BFE - ok
23:54:29.0165 3696 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:54:29.0172 3696 BITS - ok
23:54:29.0228 3696 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:54:29.0261 3696 blbdrive - ok
23:54:29.0305 3696 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:54:29.0653 3696 Bonjour Service - ok
23:54:29.0719 3696 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:54:29.0750 3696 bowser - ok
23:54:29.0825 3696 [ BAEAE0AB3F321DC72F1A84A66149783C ] br3gmdm C:\Windows\system32\DRIVERS\br3gmdm.sys
23:54:29.0827 3696 br3gmdm - ok
23:54:29.0884 3696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:54:29.0887 3696 BrFiltLo - ok
23:54:29.0935 3696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:54:29.0936 3696 BrFiltUp - ok
23:54:30.0006 3696 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:54:30.0019 3696 Browser - ok
23:54:30.0119 3696 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:54:30.0120 3696 Brserid - ok
23:54:30.0180 3696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:54:30.0185 3696 BrSerWdm - ok
23:54:30.0224 3696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:54:30.0225 3696 BrUsbMdm - ok
23:54:30.0264 3696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:54:30.0264 3696 BrUsbSer - ok
23:54:30.0314 3696 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:54:30.0315 3696 BTHMODEM - ok
23:54:30.0342 3696 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:54:30.0371 3696 cdfs - ok
23:54:30.0412 3696 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:54:30.0416 3696 cdrom - ok
23:54:30.0459 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:54:30.0615 3696 CertPropSvc - ok
23:54:30.0654 3696 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:54:30.0654 3696 circlass - ok
23:54:30.0710 3696 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:54:30.0742 3696 CLFS - ok
23:54:30.0823 3696 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:54:30.0824 3696 clr_optimization_v2.0.50727_32 - ok
23:54:30.0959 3696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:32.0260 3696 clr_optimization_v4.0.30319_32 - ok
23:54:32.0335 3696 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:32.0339 3696 CmBatt - ok
23:54:32.0370 3696 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:54:32.0371 3696 cmdide - ok
23:54:32.0413 3696 [ D9C33E68F61F27D8206F65B0190DC5CF ] ComFiltr C:\Windows\system32\DRIVERS\COMFiltr.sys
23:54:32.0422 3696 ComFiltr - ok
23:54:32.0436 3696 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:54:32.0440 3696 Compbatt - ok
23:54:32.0451 3696 COMSysApp - ok
23:54:32.0457 3696 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:54:32.0463 3696 crcdisk - ok
23:54:32.0485 3696 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:54:32.0485 3696 Crusoe - ok
23:54:32.0546 3696 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:54:32.0562 3696 CryptSvc - ok
23:54:32.0607 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:54:32.0614 3696 DcomLaunch - ok
23:54:32.0666 3696 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:54:32.0671 3696 DfsC - ok
23:54:32.0788 3696 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:54:32.0803 3696 DFSR - ok
23:54:32.0857 3696 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:54:32.0859 3696 Dhcp - ok
23:54:32.0899 3696 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:54:32.0900 3696 disk - ok
23:54:32.0934 3696 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:54:32.0943 3696 Dnscache - ok
23:54:32.0968 3696 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:54:32.0981 3696 dot3svc - ok
23:54:33.0023 3696 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:54:33.0024 3696 Dot4 - ok
23:54:33.0045 3696 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:54:33.0049 3696 Dot4Print - ok
23:54:33.0059 3696 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:54:33.0060 3696 dot4usb - ok
23:54:33.0093 3696 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:54:33.0108 3696 DPS - ok
23:54:33.0146 3696 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:54:33.0147 3696 drmkaud - ok
23:54:33.0180 3696 [ 5BB0F91FFD84057D094D106D9FF53298 ] DSAFLT C:\Windows\system32\Drivers\DSAFLT.SYS
23:54:33.0189 3696 DSAFLT - ok
23:54:33.0224 3696 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:54:33.0245 3696 DXGKrnl - ok
23:54:33.0279 3696 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:54:33.0281 3696 E1G60 - ok
23:54:33.0312 3696 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:54:33.0326 3696 EapHost - ok
23:54:33.0365 3696 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:54:33.0377 3696 Ecache - ok
23:54:33.0422 3696 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:54:33.0438 3696 ehRecvr - ok
23:54:33.0457 3696 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:54:33.0470 3696 ehSched - ok
23:54:33.0480 3696 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:54:33.0489 3696 ehstart - ok
23:54:33.0517 3696 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:54:33.0519 3696 elxstor - ok
23:54:33.0567 3696 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:54:33.0598 3696 EMDMgmt - ok
23:54:33.0644 3696 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:54:33.0645 3696 ErrDev - ok
23:54:33.0673 3696 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:54:33.0684 3696 EventSystem - ok
23:54:33.0716 3696 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:54:33.0718 3696 exfat - ok
23:54:33.0738 3696 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:54:33.0743 3696 fastfat - ok
23:54:33.0758 3696 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:54:33.0758 3696 fdc - ok
23:54:33.0785 3696 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:54:33.0798 3696 fdPHost - ok
23:54:33.0807 3696 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:54:33.0822 3696 FDResPub - ok
23:54:33.0839 3696 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:54:33.0844 3696 FileInfo - ok
23:54:33.0871 3696 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:54:33.0872 3696 Filetrace - ok
23:54:33.0899 3696 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:33.0900 3696 flpydisk - ok
23:54:33.0924 3696 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:54:33.0931 3696 FltMgr - ok
23:54:33.0966 3696 [ A38B9BA7A4C17F7DCE9EC4E8F7870026 ] FNETMON C:\Windows\system32\Drivers\fnetmon.SYS
23:54:33.0976 3696 FNETMON - ok
23:54:34.0035 3696 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:54:34.0061 3696 FontCache - ok
23:54:34.0110 3696 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:54:34.0112 3696 FontCache3.0.0.0 - ok
23:54:34.0139 3696 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:54:34.0139 3696 Fs_Rec - ok
23:54:34.0164 3696 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:54:34.0167 3696 gagp30kx - ok
23:54:34.0200 3696 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:54:34.0205 3696 GEARAspiWDM - ok
23:54:34.0250 3696 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:54:34.0270 3696 gpsvc - ok
23:54:34.0308 3696 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:54:34.0311 3696 HdAudAddService - ok
23:54:34.0340 3696 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:54:34.0369 3696 HDAudBus - ok
23:54:34.0388 3696 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:54:34.0397 3696 HidBth - ok
23:54:34.0420 3696 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:54:34.0421 3696 HidIr - ok
23:54:34.0463 3696 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:54:34.0473 3696 hidserv - ok
23:54:34.0502 3696 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:54:34.0502 3696 HidUsb - ok
23:54:34.0536 3696 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:54:34.0547 3696 hkmsvc - ok
23:54:34.0585 3696 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:54:34.0586 3696 HpCISSs - ok
23:54:34.0677 3696 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:54:34.0681 3696 hpqcxs08 - ok
23:54:34.0714 3696 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:54:34.0730 3696 hpqddsvc - ok
23:54:34.0799 3696 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:54:35.0198 3696 HTTP - ok
23:54:35.0218 3696 [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:54:35.0219 3696 hwdatacard - ok
23:54:35.0257 3696 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:54:35.0265 3696 i2omp - ok
23:54:35.0304 3696 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:54:35.0308 3696 i8042prt - ok
23:54:35.0335 3696 [ F263A9036F8897FFA2AE54685E03AD60 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:54:35.0338 3696 iaStor - ok
23:54:35.0359 3696 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:54:35.0363 3696 iaStorV - ok
23:54:35.0426 3696 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:54:35.0427 3696 IDriverT - ok
23:54:35.0456 3696 [ C4E887CF7BA2D3624233231AECD34C9D ] IDSFLT C:\Windows\system32\Drivers\IDSFLT.SYS
23:54:35.0470 3696 IDSFLT - ok
23:54:35.0540 3696 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:54:35.0557 3696 idsvc - ok
23:54:35.0575 3696 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:54:35.0576 3696 iirsp - ok
23:54:35.0607 3696 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:54:35.0637 3696 IKEEXT - ok
23:54:35.0727 3696 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:54:35.0809 3696 IntcAzAudAddService - ok
23:54:35.0841 3696 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:54:35.0841 3696 intelide - ok
23:54:35.0869 3696 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:54:35.0870 3696 intelppm - ok
23:54:35.0897 3696 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:54:35.0898 3696 IPBusEnum - ok
23:54:35.0913 3696 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:35.0919 3696 IpFilterDriver - ok
23:54:35.0957 3696 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:54:35.0959 3696 iphlpsvc - ok
23:54:35.0964 3696 IpInIp - ok
23:54:35.0985 3696 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:54:35.0989 3696 IPMIDRV - ok
23:54:36.0011 3696 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:54:36.0013 3696 IPNAT - ok
23:54:36.0060 3696 [ 05CF6A56FBF436C347BB87FD1957ADC1 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:54:36.0064 3696 iPod Service - ok
23:54:36.0088 3696 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:54:36.0091 3696 IRENUM - ok
23:54:36.0112 3696 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:54:36.0112 3696 isapnp - ok
23:54:36.0158 3696 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:54:36.0161 3696 iScsiPrt - ok
23:54:36.0184 3696 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:54:36.0185 3696 iteatapi - ok
23:54:36.0199 3696 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:54:36.0200 3696 iteraid - ok
23:54:36.0217 3696 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:54:36.0222 3696 kbdclass - ok
23:54:36.0250 3696 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:54:36.0251 3696 kbdhid - ok
23:54:36.0265 3696 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:54:36.0273 3696 KeyIso - ok
23:54:36.0301 3696 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
23:54:36.0305 3696 KMDFMEMIO - ok
23:54:36.0335 3696 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:54:36.0356 3696 KSecDD - ok
23:54:36.0406 3696 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:54:36.0425 3696 KtmRm - ok
23:54:36.0481 3696 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:54:36.0498 3696 LanmanServer - ok
23:54:36.0547 3696 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:54:36.0563 3696 LanmanWorkstation - ok
23:54:36.0614 3696 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:54:36.0623 3696 LightScribeService - ok
23:54:36.0650 3696 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:54:36.0657 3696 lltdio - ok
23:54:36.0719 3696 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:54:36.0746 3696 lltdsvc - ok
23:54:36.0770 3696 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:54:36.0795 3696 lmhosts - ok
23:54:36.0829 3696 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:54:36.0836 3696 LSI_FC - ok
23:54:36.0867 3696 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:54:36.0869 3696 LSI_SAS - ok
23:54:36.0917 3696 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:54:36.0919 3696 LSI_SCSI - ok
23:54:36.0945 3696 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:54:36.0952 3696 luafv - ok
23:54:37.0012 3696 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
23:54:37.0050 3696 McComponentHostService - ok
23:54:37.0103 3696 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:54:37.0121 3696 Mcx2Svc - ok
23:54:37.0178 3696 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:54:37.0186 3696 megasas - ok
23:54:37.0230 3696 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:54:37.0234 3696 MegaSR - ok
23:54:37.0305 3696 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:54:37.0306 3696 Microsoft Office Groove Audit Service - ok
23:54:37.0331 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:54:37.0333 3696 MMCSS - ok
23:54:37.0340 3696 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:54:37.0344 3696 Modem - ok
23:54:37.0354 3696 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:54:37.0360 3696 monitor - ok
23:54:37.0382 3696 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:54:37.0386 3696 mouclass - ok
23:54:37.0400 3696 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:54:37.0405 3696 mouhid - ok
23:54:37.0426 3696 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:54:37.0431 3696 MountMgr - ok
23:54:37.0491 3696 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:54:38.0584 3696 MozillaMaintenance - ok
23:54:38.0649 3696 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:54:38.0651 3696 mpio - ok
23:54:38.0668 3696 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:54:38.0672 3696 mpsdrv - ok
23:54:38.0699 3696 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:54:38.0714 3696 MpsSvc - ok
23:54:38.0746 3696 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:54:38.0747 3696 Mraid35x - ok
23:54:38.0783 3696 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:54:38.0788 3696 MRxDAV - ok
23:54:38.0813 3696 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:38.0819 3696 mrxsmb - ok
23:54:38.0844 3696 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:38.0846 3696 mrxsmb10 - ok
23:54:38.0857 3696 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:38.0863 3696 mrxsmb20 - ok
23:54:38.0882 3696 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
23:54:38.0892 3696 msahci - ok
23:54:38.0913 3696 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:54:38.0915 3696 msdsm - ok
23:54:38.0941 3696 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:54:38.0944 3696 MSDTC - ok
23:54:38.0975 3696 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:54:38.0979 3696 Msfs - ok
23:54:39.0014 3696 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:54:39.0018 3696 msisadrv - ok
23:54:39.0053 3696 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:54:39.0068 3696 MSiSCSI - ok
23:54:39.0077 3696 msiserver - ok
23:54:39.0120 3696 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:54:39.0121 3696 MSKSSRV - ok
23:54:39.0141 3696 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:39.0142 3696 MSPCLOCK - ok
23:54:39.0155 3696 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:54:39.0156 3696 MSPQM - ok
23:54:39.0179 3696 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:54:39.0181 3696 MsRPC - ok
23:54:39.0193 3696 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:54:39.0197 3696 mssmbios - ok
23:54:39.0227 3696 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:54:39.0228 3696 MSTEE - ok
23:54:39.0251 3696 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:54:39.0255 3696 Mup - ok
23:54:39.0286 3696 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:54:39.0290 3696 napagent - ok
23:54:39.0326 3696 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:54:39.0332 3696 NativeWifiP - ok
23:54:39.0377 3696 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:54:39.0686 3696 NDIS - ok
23:54:39.0713 3696 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:39.0721 3696 NdisTapi - ok
23:54:39.0737 3696 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:39.0740 3696 Ndisuio - ok
23:54:39.0762 3696 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:39.0767 3696 NdisWan - ok
23:54:39.0784 3696 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:54:39.0788 3696 NDProxy - ok
23:54:39.0827 3696 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:54:39.0834 3696 Net Driver HPZ12 - ok
23:54:39.0875 3696 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:54:39.0876 3696 NetBIOS - ok
23:54:39.0905 3696 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:54:39.0912 3696 netbt - ok
23:54:39.0949 3696 [ D8F44FC13DB193C9379297973EE42272 ] NETFLTDI C:\Windows\system32\Drivers\NETFLTDI.SYS
23:54:39.0958 3696 NETFLTDI - ok
23:54:39.0984 3696 [ 9DEE136C4863D5065437D07262BB5C40 ] NETIMFLT01060044 C:\Windows\system32\DRIVERS\neti1644.sys
23:54:39.0987 3696 NETIMFLT01060044 - ok
23:54:39.0998 3696 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:54:40.0000 3696 Netlogon - ok
23:54:40.0023 3696 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:54:40.0040 3696 Netman - ok
23:54:40.0061 3696 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:54:40.0065 3696 netprofm - ok
23:54:40.0085 3696 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:54:40.0091 3696 NetTcpPortSharing - ok
23:54:40.0126 3696 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:54:40.0133 3696 nfrd960 - ok
23:54:40.0155 3696 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:54:40.0158 3696 NlaSvc - ok
23:54:40.0188 3696 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:54:40.0189 3696 Npfs - ok
23:54:40.0207 3696 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:54:40.0218 3696 nsi - ok
23:54:40.0230 3696 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:54:40.0234 3696 nsiproxy - ok
23:54:40.0280 3696 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:54:40.0668 3696 Ntfs - ok
23:54:40.0680 3696 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:54:40.0681 3696 ntrigdigi - ok
23:54:40.0692 3696 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:54:40.0693 3696 Null - ok
23:54:40.0900 3696 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:54:41.0170 3696 nvlddmkm - ok
23:54:41.0232 3696 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:54:41.0233 3696 nvraid - ok
23:54:41.0254 3696 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:54:41.0254 3696 nvstor - ok
23:54:41.0274 3696 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:54:41.0286 3696 nvsvc - ok
23:54:41.0319 3696 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:54:41.0320 3696 nv_agp - ok
23:54:41.0326 3696 NwlnkFlt - ok
23:54:41.0335 3696 NwlnkFwd - ok
23:54:41.0426 3696 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:54:41.0487 3696 odserv - ok
23:54:41.0519 3696 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:54:41.0523 3696 ohci1394 - ok
23:54:41.0565 3696 OpenVPNService - ok
23:54:41.0609 3696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:41.0620 3696 ose - ok
23:54:41.0666 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:54:41.0672 3696 p2pimsvc - ok
23:54:41.0733 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:54:41.0741 3696 p2psvc - ok
23:54:41.0789 3696 [ 78B7642B0C51F24F0835C0226540D58B ] Panda Software Controller C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe
23:54:41.0790 3696 Panda Software Controller - ok
23:54:41.0873 3696 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:54:41.0877 3696 Parport - ok
23:54:41.0932 3696 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:54:41.0933 3696 partmgr - ok
23:54:41.0985 3696 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:54:41.0986 3696 Parvdm - ok
23:54:42.0059 3696 [ 55D654258A9C509B671310C314BD30B4 ] pavboot C:\Windows\system32\Drivers\pavboot.sys
23:54:42.0084 3696 pavboot - ok
23:54:42.0202 3696 [ 3BB71BD8B4873C5FECA890EFC6BF9257 ] PAVFNSVR C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
23:54:42.0212 3696 PAVFNSVR - ok
23:54:42.0294 3696 [ A110035FDC4B8F8F0CD5E71D031274E1 ] PavProc C:\Windows\system32\DRIVERS\PavProc.sys
23:54:42.0311 3696 PavProc - ok
23:54:42.0327 3696 [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
23:54:42.0335 3696 PavPrSrv - ok
23:54:42.0342 3696 PavSRK.sys - ok
23:54:42.0385 3696 [ 97005413310966001FB6F4A5C503149C ] PAVSRV C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
23:54:42.0707 3696 PAVSRV - ok
23:54:42.0712 3696 PavTPK.sys - ok
23:54:42.0762 3696 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:54:42.0779 3696 PcaSvc - ok
23:54:42.0807 3696 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:54:42.0810 3696 pci - ok
23:54:42.0847 3696 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
23:54:42.0848 3696 pciide - ok
23:54:42.0871 3696 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:54:42.0873 3696 pcmcia - ok
23:54:42.0879 3696 PDNMp50 - ok
23:54:42.0885 3696 PDNSp50 - ok
23:54:42.0939 3696 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:54:42.0983 3696 PEAUTH - ok
23:54:43.0047 3696 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:54:43.0091 3696 pla - ok
23:54:43.0124 3696 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:54:43.0142 3696 PlugPlay - ok
23:54:43.0199 3696 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:54:43.0206 3696 Pml Driver HPZ12 - ok
23:54:43.0244 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:54:43.0251 3696 PNRPAutoReg - ok
23:54:43.0288 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:54:43.0295 3696 PNRPsvc - ok
23:54:43.0326 3696 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:54:43.0330 3696 PolicyAgent - ok
23:54:43.0375 3696 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:54:43.0380 3696 PptpMiniport - ok
23:54:43.0421 3696 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:54:43.0421 3696 Processor - ok
23:54:43.0462 3696 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:54:43.0476 3696 ProfSvc - ok
23:54:43.0488 3696 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:54:43.0490 3696 ProtectedStorage - ok
23:54:43.0520 3696 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:54:43.0525 3696 PSched - ok
23:54:43.0589 3696 [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE
23:54:43.0602 3696 PSHost - ok
23:54:43.0639 3696 [ 196C450F2779D0B462C444DA4906EA7F ] PSIMSVC C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe
23:54:43.0977 3696 PSIMSVC - ok
23:54:44.0005 3696 [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe
23:54:44.0013 3696 PskSvcRetail - ok
23:54:44.0068 3696 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:54:44.0075 3696 ql2300 - ok
23:54:44.0120 3696 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:54:44.0122 3696 ql40xx - ok
23:54:44.0164 3696 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:54:44.0178 3696 QWAVE - ok
23:54:44.0208 3696 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:54:44.0216 3696 QWAVEdrv - ok
23:54:44.0237 3696 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:54:44.0238 3696 RasAcd - ok
23:54:44.0257 3696 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:54:44.0271 3696 RasAuto - ok
23:54:44.0306 3696 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:44.0308 3696 Rasl2tp - ok
23:54:44.0385 3696 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:54:44.0390 3696 RasMan - ok
23:54:44.0432 3696 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:44.0434 3696 RasPppoe - ok
23:54:44.0474 3696 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:54:44.0482 3696 RasSstp - ok
23:54:44.0523 3696 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:54:44.0530 3696 rdbss - ok
23:54:44.0561 3696 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:44.0562 3696 RDPCDD - ok
23:54:44.0609 3696 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:54:44.0612 3696 rdpdr - ok
23:54:44.0624 3696 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:54:44.0625 3696 RDPENCDD - ok
23:54:44.0722 3696 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:54:44.0725 3696 RDPWD - ok
23:54:44.0813 3696 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:54:44.0829 3696 RemoteAccess - ok
23:54:44.0862 3696 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:54:44.0872 3696 RemoteRegistry - ok
23:54:44.0924 3696 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:54:44.0938 3696 RichVideo - ok
23:54:44.0972 3696 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:54:44.0973 3696 ROOTMODEM - ok
23:54:44.0999 3696 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:54:45.0008 3696 RpcLocator - ok
23:54:45.0053 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:54:45.0059 3696 RpcSs - ok
23:54:45.0078 3696 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:54:45.0082 3696 rspndr - ok
23:54:45.0090 3696 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:54:45.0092 3696 SamSs - ok
23:54:45.0130 3696 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:54:45.0131 3696 sbp2port - ok
23:54:45.0191 3696 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:54:45.0204 3696 SCardSvr - ok
23:54:45.0252 3696 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:54:45.0262 3696 Schedule - ok
23:54:45.0284 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:54:45.0285 3696 SCPolicySvc - ok
23:54:45.0318 3696 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:54:45.0330 3696 SDRSVC - ok
23:54:45.0363 3696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:54:45.0373 3696 secdrv - ok
23:54:45.0410 3696 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:54:45.0420 3696 seclogon - ok
23:54:45.0441 3696 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:54:45.0444 3696 SENS - ok
23:54:45.0466 3696 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:54:45.0468 3696 Serenum - ok
23:54:45.0500 3696 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:54:45.0501 3696 Serial - ok
23:54:45.0554 3696 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:54:45.0554 3696 sermouse - ok
23:54:45.0600 3696 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:54:45.0615 3696 SessionEnv - ok
23:54:45.0657 3696 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:54:45.0661 3696 sffdisk - ok
23:54:45.0687 3696 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:54:45.0687 3696 sffp_mmc - ok
23:54:45.0720 3696 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:54:45.0721 3696 sffp_sd - ok
23:54:45.0765 3696 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:54:45.0774 3696 sfloppy - ok
23:54:45.0811 3696 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:54:45.0847 3696 SharedAccess - ok
23:54:45.0886 3696 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:54:45.0901 3696 ShellHWDetection - ok
23:54:45.0939 3696 [ 32D6F7632234F0354C79E915CA4613D4 ] ShldDrv C:\Windows\system32\DRIVERS\ShlDrv51.sys
23:54:45.0951 3696 ShldDrv - ok
23:54:46.0041 3696 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:54:46.0042 3696 sisagp - ok
23:54:46.0075 3696 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:54:46.0076 3696 SiSRaid2 - ok
23:54:46.0131 3696 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:54:46.0131 3696 SiSRaid4 - ok
23:54:46.0194 3696 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:54:51.0642 3696 SkypeUpdate - ok
23:54:51.0749 3696 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:54:51.0842 3696 slsvc - ok
23:54:51.0900 3696 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:54:51.0914 3696 SLUINotify - ok
23:54:51.0985 3696 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:54:51.0989 3696 Smb - ok
23:54:52.0034 3696 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:54:52.0045 3696 SNMPTRAP - ok
23:54:52.0079 3696 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:54:52.0087 3696 spldr - ok
23:54:52.0122 3696 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:54:52.0136 3696 Spooler - ok
23:54:52.0179 3696 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:54:52.0184 3696 srv - ok
23:54:52.0222 3696 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:54:52.0229 3696 srv2 - ok
23:54:52.0284 3696 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:54:52.0289 3696 srvnet - ok
23:54:52.0314 3696 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:54:52.0324 3696 SSDPSRV - ok
23:54:52.0360 3696 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:54:52.0373 3696 SstpSvc - ok
23:54:52.0418 3696 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:54:52.0438 3696 stisvc - ok
23:54:52.0473 3696 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:54:52.0476 3696 swenum - ok
23:54:52.0517 3696 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:54:52.0533 3696 swprv - ok
23:54:52.0568 3696 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:54:52.0569 3696 Symc8xx - ok
23:54:52.0609 3696 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:54:52.0619 3696 Sym_hi - ok
23:54:52.0740 3696 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:54:52.0742 3696 Sym_u3 - ok
23:54:52.0798 3696 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:54:52.0804 3696 SynTP - ok
23:54:52.0859 3696 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:54:52.0877 3696 SysMain - ok
23:54:52.0935 3696 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:54:52.0946 3696 TabletInputService - ok
23:54:52.0997 3696 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\Windows\system32\DRIVERS\tap0801.sys
23:54:53.0001 3696 tap0801 - ok
23:54:53.0065 3696 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:54:53.0080 3696 TapiSrv - ok
23:54:53.0096 3696 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:54:53.0113 3696 TBS - ok
23:54:53.0164 3696 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:54:53.0540 3696 Tcpip - ok
23:54:53.0575 3696 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:54:53.0581 3696 Tcpip6 - ok
23:54:53.0610 3696 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:54:53.0612 3696 tcpipreg - ok
23:54:53.0641 3696 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:54:53.0642 3696 TDPIPE - ok
23:54:53.0669 3696 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:54:53.0670 3696 TDTCP - ok
23:54:53.0713 3696 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:54:53.0717 3696 tdx - ok
23:54:53.0739 3696 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:54:53.0745 3696 TermDD - ok
23:54:53.0770 3696 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:54:53.0790 3696 TermService - ok
23:54:53.0810 3696 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:54:53.0814 3696 Themes - ok
23:54:53.0834 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:54:53.0836 3696 THREADORDER - ok
23:54:53.0887 3696 [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
23:54:53.0923 3696 TOSHIBA Bluetooth Service - ok
23:54:53.0956 3696 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
23:54:53.0956 3696 tosporte - ok
23:54:53.0983 3696 [ A594DBD80CA5426E2E558BF79195A110 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
23:54:53.0987 3696 tosrfbd - ok
23:54:54.0013 3696 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
23:54:54.0015 3696 tosrfbnp - ok
23:54:54.0040 3696 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
23:54:54.0048 3696 Tosrfcom - ok
23:54:54.0085 3696 [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
23:54:54.0086 3696 Tosrfhid - ok
23:54:54.0113 3696 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
23:54:54.0114 3696 tosrfnds - ok
23:54:54.0147 3696 [ 7C0999169EF696F10761BF8275027330 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
23:54:54.0148 3696 TosRfSnd - ok
23:54:54.0174 3696 [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
23:54:54.0175 3696 Tosrfusb - ok
23:54:54.0219 3696 [ F7F79FCB3331BC2DB57572E33A5A969D ] TPSrv C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe
23:54:54.0220 3696 TPSrv - ok
23:54:54.0261 3696 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:54:54.0275 3696 TrkWks - ok
23:54:54.0323 3696 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:54.0333 3696 TrustedInstaller - ok
23:54:54.0375 3696 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:54.0376 3696 tssecsrv - ok
23:54:54.0419 3696 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:54:54.0422 3696 tunmp - ok
23:54:54.0449 3696 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:54:54.0450 3696 tunnel - ok
23:54:54.0479 3696 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:54:54.0480 3696 uagp35 - ok
23:54:54.0544 3696 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:54:54.0550 3696 udfs - ok
23:54:54.0584 3696 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:54:54.0597 3696 UI0Detect - ok
23:54:54.0617 3696 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:54:54.0618 3696 uliagpkx - ok
23:54:54.0656 3696 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:54:54.0658 3696 uliahci - ok
23:54:54.0687 3696 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:54:54.0688 3696 UlSata - ok
23:54:54.0740 3696 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:54:54.0742 3696 ulsata2 - ok
23:54:54.0772 3696 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:54:54.0773 3696 umbus - ok
23:54:54.0802 3696 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:54:54.0814 3696 upnphost - ok
23:54:54.0862 3696 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:54:54.0863 3696 USBAAPL - ok
23:54:54.0916 3696 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:54:54.0917 3696 usbaudio - ok
23:54:54.0969 3696 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:54.0970 3696 usbccgp - ok
23:54:55.0017 3696 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:54:55.0018 3696 usbcir - ok
23:54:55.0071 3696 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:54:55.0071 3696 usbehci - ok
23:54:55.0096 3696 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:54:55.0102 3696 usbhub - ok
23:54:55.0121 3696 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:54:55.0122 3696 usbohci - ok
23:54:55.0152 3696 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:54:55.0152 3696 usbprint - ok
23:54:55.0175 3696 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:54:55.0176 3696 usbscan - ok
23:54:55.0197 3696 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:55.0201 3696 USBSTOR - ok
23:54:55.0225 3696 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:55.0228 3696 usbuhci - ok
23:54:55.0272 3696 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:54:55.0274 3696 usbvideo - ok
23:54:55.0317 3696 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:54:55.0329 3696 UxSms - ok
23:54:55.0362 3696 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:54:55.0381 3696 vds - ok
23:54:55.0418 3696 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:55.0418 3696 vga - ok
23:54:55.0443 3696 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:54:55.0450 3696 VgaSave - ok
23:54:55.0480 3696 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:54:55.0481 3696 viaagp - ok
23:54:55.0513 3696 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:54:55.0514 3696 ViaC7 - ok
23:54:55.0544 3696 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:54:55.0544 3696 viaide - ok
23:54:55.0593 3696 [ 86721C65A2010A9E34E3DC59DA0183CF ] VMC302 C:\Windows\system32\Drivers\VMC302.sys
23:54:55.0602 3696 VMC302 - ok
23:54:55.0628 3696 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:54:55.0632 3696 volmgr - ok
23:54:55.0703 3696 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:54:55.0710 3696 volmgrx - ok
23:54:55.0746 3696 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:54:55.0753 3696 volsnap - ok
23:54:55.0797 3696 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:54:55.0801 3696 vsmraid - ok
23:54:55.0860 3696 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:54:55.0896 3696 VSS - ok
23:54:55.0937 3696 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:54:55.0951 3696 W32Time - ok
23:54:55.0982 3696 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:54:55.0982 3696 WacomPen - ok
23:54:56.0013 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:54:56.0018 3696 Wanarp - ok
23:54:56.0025 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:54:56.0027 3696 Wanarpv6 - ok
23:54:56.0055 3696 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:54:56.0070 3696 wcncsvc - ok
23:54:56.0106 3696 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:56.0121 3696 WcsPlugInService - ok
23:54:56.0215 3696 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:54:56.0216 3696 Wd - ok
23:54:56.0270 3696 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:54:56.0291 3696 Wdf01000 - ok
23:54:56.0312 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:54:56.0315 3696 WdiServiceHost - ok
23:54:56.0327 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:54:56.0331 3696 WdiSystemHost - ok
23:54:56.0374 3696 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:54:56.0390 3696 WebClient - ok
23:54:56.0430 3696 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:54:56.0434 3696 Wecsvc - ok
23:54:56.0457 3696 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:54:56.0466 3696 wercplsupport - ok
23:54:56.0504 3696 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:54:56.0526 3696 WerSvc - ok
23:54:56.0576 3696 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:54:56.0589 3696 WinDefend - ok
23:54:56.0606 3696 WinHttpAutoProxySvc - ok
23:54:56.0656 3696 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:56.0671 3696 Winmgmt - ok
23:54:56.0742 3696 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:56.0825 3696 WinRM - ok
23:54:56.0884 3696 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:56.0891 3696 Wlansvc - ok
23:54:56.0928 3696 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:54:56.0929 3696 WmiAcpi - ok
23:54:56.0981 3696 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:56.0995 3696 wmiApSrv - ok
23:54:57.0066 3696 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:57.0091 3696 WMPNetworkSvc - ok
23:54:57.0141 3696 [ 0411D0433E8C48AD24B2EF32D7C97AE0 ] WNMFLT C:\Windows\system32\Drivers\WNMFLT.SYS
23:54:57.0146 3696 WNMFLT - ok
23:54:57.0177 3696 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:57.0181 3696 WPCSvc - ok
23:54:57.0225 3696 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:57.0243 3696 WPDBusEnum - ok
23:54:57.0280 3696 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:54:57.0281 3696 WpdUsb - ok
23:54:57.0377 3696 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:55:01.0045 3696 WPFFontCache_v0400 - ok
23:55:01.0097 3696 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:55:01.0098 3696 ws2ifsl - ok
23:55:01.0136 3696 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:55:01.0140 3696 wscsvc - ok
23:55:01.0151 3696 WSearch - ok
23:55:01.0224 3696 [ A583F4BF607EBC5709578433207A76A8 ] WTGService C:\Program Files\Verbindungsassistent\wtgservice.exe
23:55:01.0528 3696 WTGService - ok
23:55:01.0627 3696 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:55:01.0642 3696 wuauserv - ok
23:55:01.0670 3696 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:55:01.0674 3696 WudfPf - ok
23:55:01.0732 3696 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:01.0734 3696 WUDFRd - ok
23:55:01.0778 3696 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:55:01.0792 3696 wudfsvc - ok
23:55:01.0850 3696 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
23:55:01.0857 3696 yukonwlh - ok
23:55:01.0900 3696 ================ Scan global ===============================
23:55:01.0929 3696 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:55:01.0977 3696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:02.0011 3696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:02.0057 3696 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:55:02.0061 3696 [Global] - ok
23:55:02.0064 3696 ================ Scan MBR ==================================
23:55:02.0085 3696 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:55:02.0472 3696 \Device\Harddisk0\DR0 - ok
23:55:02.0475 3696 ================ Scan VBR ==================================
23:55:02.0478 3696 [ 1BBB7B6706D1441B7B54AA0CC68F832E ] \Device\Harddisk0\DR0\Partition1
23:55:02.0480 3696 \Device\Harddisk0\DR0\Partition1 - ok
23:55:02.0483 3696 ============================================================
23:55:02.0483 3696 Scan finished
23:55:02.0483 3696 ============================================================
23:55:02.0496 1388 Detected object count: 0
23:55:02.0496 1388 Actual detected object count: 0
4.) DDS: dds.txt: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Björn at 0:00:03 on 2013-01-10
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2011 [GMT 1:00]
.
AV: Panda Global Protection 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Global Protection 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\o2 Verbindungsmanager\BRService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE
c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verbindungsassistent\wtgservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2012\apvxdwin.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PavBckPT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
mDefault_Page_URL = hxxp://alice.aol.de
uProxyServer = proxy.charite.de:80
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2012\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] <no file>
StartupFolder: c:\users\bjrn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Alles mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Alle &Filme mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Free YouTube to MP3 Converter - c:\users\björn\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Mit BitComet herunter&laden - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : NameServer = 213.191.92.87,192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : DHCPNameServer = 192.168.1.1
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\common files\fluxdvd\lib\xeb\xebnavigation.ax
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: avldr - avldr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\björn\appdata\roaming\mozilla\firefox\profiles\0x9ws559.default\
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-2-14 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-2-14 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-2-14 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-2-14 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-2-14 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-2-14 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-2-14 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-2-14 46856]
R2 AAV UpdateService;AAV UpdateService;c:\program files\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe [2008-10-24 128296]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2012-2-14 54344]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\o2 verbindungsmanager\BRService.exe [2009-6-14 87264]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2012-2-14 13880]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-12-19 13312]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2012\PsCtrlS.exe [2012-2-14 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2012\PavFnSvr.exe [2012-2-14 202016]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-2-14 163848]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-2-14 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2012\pavsrvx86.exe [2012-2-14 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2012\psksvc.exe [2012-2-14 28992]
R2 WTGService;WTGService;c:\program files\verbindungsassistent\WTGService.exe [2010-6-2 330696]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-2-14 201032]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-4-23 243840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-12-23 104448]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .js: JSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2013-01-08 21:03:55 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d392570-70a8-444b-afb2-227951344b96}\mpengine.dll
2013-01-05 14:54:28 -------- d-----w- c:\users\björn\appdata\roaming\HpUpdate
2013-01-05 14:54:19 -------- d-----w- c:\windows\Hewlett-Packard
2012-12-21 15:20:19 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 15:20:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-15 14:47:59 916960 ----a-w- c:\program files\mozilla firefox\firefox.exe
2012-12-15 14:47:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-12-15 14:47:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-12-15 14:47:58 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-12-15 14:47:56 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-12-15 14:47:56 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-12-15 14:47:56 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-12-13 21:13:41 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 21:13:32 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 21:13:32 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:13:32 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 21:13:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:13:31 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:13:30 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:13:30 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:13:28 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 21:13:28 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 21:13:28 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 20:53:50 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 20:53:49 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 20:53:49 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 20:53:48 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:53:25 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2013-01-08 20:54:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54:52 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 10:08:26 518432 ----a-w- c:\windows\system32\PavSHook.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:01:14,75 ===============
attach.txt: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17.12.2008 11:14:40
System Uptime: 09.01.2013 22:19:15 (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R510/P510
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 48,886 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-6zu4-Adapter
Device ID: ROOT\*6TO4MP\0030
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0030
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0023
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #15
PNP Device ID: ROOT\*ISATAP\0023
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.62
AAVUpdateManager
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Amazon MP3-Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
BitComet 1.15
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
C4400
C4420_Help
Cards_Calendar_OrderGift_DoMorePlugout
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink Power2Go
DC Software
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
EndNote
eSupportQFolder
GPBaseService
Haufe iDesk-Browser
Haufe iDesk-Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
imagine digital freedom - Samsung
Intel® Matrix Storage Manager
Irodio Photo & Video Studio
ISI ResearchSoft - Export Helper
iTunes
IZArc 4.1.2
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.0
LabelPrint
Lager
LightScribe System Software 1.12.37.1
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SOAP Toolkit 2.0 SP2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Media Player for Internet Explorer
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
o2 Verbindungsmanager
OCR Software by I.R.I.S. 11.0
OpenVPN 2.0.9-gui-1.0.3
Panda Global Protection 2012
Panda Secure Vault 5
PanoStandAlone
Play AVStation
PlayCamera
PowerDirector
PowerDVD
PowerProducer
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PS_AIO_03_C4420_ProductContext
PSSWCORE
QuickSteuer 2009
QuickTime
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype™ 6.0
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Steuer-Spar-Erklärung 2009
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
User Guide
Veetle TV 0.9.18
Verbindungsassistent
VideoToolkit01
Vimicro UVC Camera
VLC media player 1.1.6
WebReg
Windows Media Player Firefox Plugin
yEd Graph Editor
yEd Graph Editor 3.6.1.1
.
==== End Of File ===========================
|
|
10.01.2013, 10:52
| #9 | |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Dann weiter: Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.01.2013, 15:42
| #10 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Keine Hilfe per privater Nachricht. Alle Fragen die du hast klären wir hier. Bitte die Logfiles hier posten 
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.01.2013, 16:15
| #11 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE ok. also: 1. soll ich vorher noch daten sichern oder nicht? 2. aus reinem interesse etwas zu lernen: hat die bisherige analyse schon etwas aufschluss gebracht und was haben wir gemacht bzw. haben wir noch vor und wie schätzt du die sachen ein? 3. was kann bei combo-fix schiefgehen? schritte 1 bis 3 sind erledigt, combo-fix folgt heute oder morgen. als der tfc-cleaner lief bekam ich eine fehlermeldung panda permanent protection würde nicht mehr funktionieren. nach neustart jedoch keine probleme. bis bald! |
|
11.01.2013, 16:28
| #12 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE 1. Normalerweise ist es nicht nötig etwas zu sicher. An Daten sollte nichts verloren gehen. 2. Wir haben ein paar Vortests gemacht und jetzt gehts zum Bereinigen. 3. Normalerweise geht da nichts schief. Du musst bitte verstehen, dass wir hier bei der kostenlosen Hilfe keine individuelle Analyse liefern. Wenn du mehr über Malware lernen willst, dann könntest du dich beispielsweise bei unserer Akademie anmelden.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.01.2013, 17:39
| #13 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE kurze frage noch vor combofix: panda meldet momentan ungefähr alle 3 min. dass der besagte trojaner gefunden worden sei und blockiert worden sei. habe nur bedenken was passiert wenn ich jetz panda ausmachen, wie ja für den combofix-scan verlangt... |
|
11.01.2013, 17:46
| #14 |
| /// TB-Ausbilder | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE Dein Panda hat dich auch nicht vor der Infektion bewahrt oder? Wir fertigen hier 500 Leute im Monat ab. Wir wissen, was wir machen ...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.01.2013, 09:59
| #15 |
| | Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE 1. defender ist abgeschaltet. 2. adw-cleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 20:18:05 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Björn - SAMSUNGR510
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Björn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\prefs.js
C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\8wec85he.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\167bwns0.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1081 octets] - [10/01/2013 20:18:05]
########## EOF - C:\AdwCleaner[S1].txt - [1141 octets] ##########
3. TFC: erledigt. wie gesagt währenddessen fehlermeldung panda permanent protection würde nicht mehr funktionieren. 4. combofix: Code:
ATTFilter ComboFix 13-01-11.01 - Björn 11.01.2013 20:22:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1788 [GMT 1:00]
ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe
AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\Nadja\AppData\Roaming\Skype
c:\users\Nadja\AppData\Roaming\Skype\shared.lck
c:\users\Nadja\AppData\Roaming\Skype\shared.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 ))))))))))))))))))))))))))))))
.
.
2013-01-11 19:31 . 2013-01-11 19:31 -------- d-----w- c:\users\Björn\AppData\Local\temp
2013-01-10 19:37 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 19:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 19:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 21:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392570-70A8-444B-AFB2-227951344B96}\mpengine.dll
2013-01-05 18:36 . 2013-01-05 18:37 -------- d-----w- c:\users\Björn\AppData\Local\Unity
2013-01-05 14:54 . 2013-01-05 14:56 -------- d-----w- c:\users\Björn\AppData\Roaming\HpUpdate
2013-01-05 14:54 . 2013-01-05 14:54 -------- d-----w- c:\windows\Hewlett-Packard
2013-01-05 14:06 . 2013-01-05 14:06 -------- d-----w- c:\programdata\HP Product Assistant
2013-01-02 21:56 . 2013-01-02 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-21 15:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 15:20 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 21:13 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 21:13 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 21:13 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:13 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:13 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 21:13 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:13 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:13 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:13 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 21:13 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 21:13 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 20:53 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 20:53 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 20:53 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:53 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:54 . 2012-10-31 14:20 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-10-31 14:20 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 10:08 . 2012-02-14 15:02 518432 ----a-w- c:\windows\system32\PavSHook.dll
2012-12-15 14:48 . 2012-12-15 14:47 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
.
c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 20:54]
.
2012-10-10 c:\windows\Tasks\Grundlegende Bereinigung.job
- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-02-14 13:23]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job
- c:\windows\system32\msfeedssync.exe [2011-05-20 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
uInternet Settings,ProxyServer = proxy.charite.de:80
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Alle &Filme mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Free YouTube to MP3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
FF - ProfilePath - c:\users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-02-19 18:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2009-09-02 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-11 20:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\program files\Panda Security\Panda Global Protection 2012\pavoepl.dll
c:\windows\system32\ieframe.dll
.
Zeit der Fertigstellung: 2013-01-11 20:33:59
ComboFix-quarantined-files.txt 2013-01-11 19:33
.
Vor Suchlauf: 14 Verzeichnis(se), 56.415.666.176 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 56.294.129.664 Bytes frei
.
- - End Of File - - 64E17658F952548FBB1F6D88B60DA1F6
gruß |
|
| Themen zu Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE |
| absturz ohne grund, computer, einfach, ergebnis, geblockt, hängt, interne, internetseite, langsam, logfiles, notebook, panda, problem, ransom, richtig, samsung, seite, seiten, sekunden, stark, stürzen, trojaner, verzeichnis, virus, vista, windows, windows vista, öffnen |
Linear-Darstellung
