| |
| |||||||
Log-Analyse und Auswertung: Firefox leitet Links an falsche Webseiten umWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.01.2013, 00:01
| #1 |
 |  Firefox leitet Links an falsche Webseiten um Hallo Forum! Seit 3 Wochen habe ich das Problem, daß Links in Firefox auf falsche Webseiten umgeleitet werden. Sowohl bei GOOGLE als auch z.B. bei BING. Genau zu diesem Zeitpunkt hatte ich ein Update von Firefox auf Vers. 17.0.1 durchgeführt. Im Internet hatte ich folgende Lösungsansätze gefunden: (a) Add-on virenbehaftet: Deaktivierung aller Add-ons behob das Problem nicht. Löschung aller Add-ons behob es auch nicht. (b) Virus sitzt im Benutzerprofil: Benutzerprofil gelöscht und neues angelegt - das Problem war zunächst weg, kam aber nach ein paar Tagen wieder. In beiden Fällen trat das Problem nicht im abgesicherten Modus des Firefox auf. Durch intensive Recherche bin ich auf euer Forum gestossen und erhoffe mir wirksame Hilfe. Anbei also die 3 Logfiles nach euer Anleitung erstellt. |
|
11.01.2013, 00:19
| #2 |
| /// Malware-holic   | Firefox leitet Links an falsche Webseiten um Hi
__________________öffne bitte Malwarebytes, Logs, poste Berichte mit Funden
__________________ |
|
11.01.2013, 00:34
| #3 |
| | Firefox leitet Links an falsche Webseiten um Den ersten Quickscans mit Malwarebytes hatte ich bereits letzte Woche durchgeführt mit folgendem Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.04.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 root :: HERBERT-PC [Administrator] Schutz: Aktiviert 04.01.2013 13:46:31 MBAM-log-2013-01-04 (13-52-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271753 Laufzeit: 3 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Program Files\StarDownloader\SDIEInt.dll (IPH.GenericBHO) -> Keine Aktion durchgeführt. (Ende) Den Scan habe ich jetzt nochmal durchgeführt mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Herbert :: HERBERT-PC [limitiert] Schutz: Deaktiviert 11.01.2013 00:16:39 mbam-log-2013-01-11 (00-16-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 98945 Laufzeit: 12 Minute(n), 29 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.01.2013, 01:58
| #4 |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um log 1 ist nicht vollständig: Infizierte Dateien: 2 gepostet hast du nur eine.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 22:18
| #5 |
| | Firefox leitet Links an falsche Webseiten um ... ups, ein Kopierfehler - sorry Ich verstehe das nicht: jetzt habe ich den Quick-Scan mit Malwarebytes seit Anfang letzter Woche dreimal durchgeführt. Der beim ersten Durchlauf detektierte "StarDownloader" wurde bereits vom PC entfernt. In den beiden folgenden Scans wurde seltsamerweise nichts mehr gefunden. Es scheint mir, das MAM hier nicht geeignet ist. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Herbert :: HERBERT-PC [limitiert] Schutz: Deaktiviert 11.01.2013 00:06:03 mbam-log-2013-01-11 (00-06-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 184688 Laufzeit: 2 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.01.2013, 22:20
| #6 |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um das log benötige ich MBAM-log-2013-01-04 (13-52-37).txt da fehlt eine Datei
__________________ --> Firefox leitet Links an falsche Webseiten um |
|
12.01.2013, 21:52
| #7 |
| | Firefox leitet Links an falsche Webseiten um ..leider habe ich das log nicht mehr. Nachdem ich bemerkt hatte, das MBAM die logs automatisch in einem Ordner auf C:\users\herbert\roaming\malwarebytes (oder so ähnlich) speichert, habe ich den Ordner mit dem ersten log gelöscht, den ich mir selbst angelegt hatte. Mir ist nicht gleich aufgefallen, daß gerade das erste log nicht automatisch gespeichert wurde. Aber sieh es doch mal pragmatisch: wenn die Funde vom 01.04. nicht nur zur Software "StarDownloader" gehören würden, müßten sie in folgenden Scans wieder auftauchen. Aber das tun sie gerade nicht. Was geben eigentlich meine Scans von OTL und GMER her (siehe erstes posting)? Gruß, Pascal |
|
14.01.2013, 16:16
| #8 |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 21:08
| #9 |
| | Firefox leitet Links an falsche Webseiten um tdsskiller wie beschreiben ausgeführt und folgende Ergebnisse erhalten: Code:
ATTFilter Processed: 440 objects
Found: 12 threats
Ist es richtig, daß nur Partition C:\ durchsucht wird? Die Programme sind bei diesem PC auf Partition D:\ installiert. |
|
16.01.2013, 15:48
| #10 |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um solange das nur partitionen und keine Festplatten sind, passt das. c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 20:49
| #11 |
| | Firefox leitet Links an falsche Webseiten um Ja, C:\ und D:\ sind beides Partitionen derselben Festplatte - ist also OK. Hier der Inhalt der ausführlichen log-Datei C:\TDSSKiller.2.8.15.0_15.01.2013_20.53.51_log.txt Code:
ATTFilter 20:53:51.0476 3000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:53:51.0835 3000 ============================================================
20:53:51.0835 3000 Current date / time: 2013/01/15 20:53:51.0835
20:53:51.0835 3000 SystemInfo:
20:53:51.0835 3000
20:53:51.0835 3000 OS Version: 6.1.7601 ServicePack: 1.0
20:53:51.0835 3000 Product type: Workstation
20:53:51.0835 3000 ComputerName: HERBERT-PC
20:53:51.0835 3000 UserName: root
20:53:51.0835 3000 Windows directory: C:\Windows
20:53:51.0835 3000 System windows directory: C:\Windows
20:53:51.0835 3000 Processor architecture: Intel x86
20:53:51.0835 3000 Number of processors: 4
20:53:51.0835 3000 Page size: 0x1000
20:53:51.0835 3000 Boot type: Normal boot
20:53:51.0835 3000 ============================================================
20:53:52.0170 3000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:53:52.0174 3000 ============================================================
20:53:52.0174 3000 \Device\Harddisk0\DR0:
20:53:52.0174 3000 MBR partitions:
20:53:52.0174 3000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:53:52.0174 3000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x95CD800
20:53:52.0174 3000 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9600800, BlocksNum 0x6400000
20:53:52.0191 3000 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xFA01000, BlocksNum 0x12C00000
20:53:52.0208 3000 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x22601800, BlocksNum 0x17D84000
20:53:52.0208 3000 ============================================================
20:53:52.0233 3000 C: <-> \Device\Harddisk0\DR0\Partition2
20:53:52.0258 3000 F: <-> \Device\Harddisk0\DR0\Partition5
20:53:52.0292 3000 E: <-> \Device\Harddisk0\DR0\Partition4
20:53:52.0317 3000 D: <-> \Device\Harddisk0\DR0\Partition3
20:53:52.0318 3000 ============================================================
20:53:52.0318 3000 Initialize success
20:53:52.0318 3000 ============================================================
20:54:50.0872 5636 ============================================================
20:54:50.0872 5636 Scan started
20:54:50.0872 5636 Mode: Manual; SigCheck; TDLFS;
20:54:50.0872 5636 ============================================================
20:54:51.0017 5636 ================ Scan system memory ========================
20:54:51.0017 5636 System memory - ok
20:54:51.0018 5636 ================ Scan services =============================
20:54:51.0123 5636 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:54:51.0218 5636 1394ohci - ok
20:54:51.0236 5636 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:54:51.0248 5636 ACPI - ok
20:54:51.0272 5636 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:54:51.0295 5636 AcpiPmi - ok
20:54:51.0339 5636 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:51.0366 5636 adp94xx - ok
20:54:51.0382 5636 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:54:51.0395 5636 adpahci - ok
20:54:51.0410 5636 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:54:51.0420 5636 adpu320 - ok
20:54:51.0441 5636 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:54:51.0475 5636 AeLookupSvc - ok
20:54:51.0516 5636 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:54:51.0546 5636 AFD - ok
20:54:51.0566 5636 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:54:51.0575 5636 agp440 - ok
20:54:51.0611 5636 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:54:51.0620 5636 aic78xx - ok
20:54:51.0764 5636 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
20:54:51.0764 5636 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
20:54:51.0774 5636 Akamai ( HiddenFile.Multi.Generic ) - warning
20:54:51.0774 5636 Akamai - detected HiddenFile.Multi.Generic (1)
20:54:51.0822 5636 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:54:51.0867 5636 ALG - ok
20:54:51.0906 5636 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:54:51.0925 5636 aliide - ok
20:54:51.0956 5636 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:54:51.0968 5636 amdagp - ok
20:54:51.0974 5636 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:54:51.0986 5636 amdide - ok
20:54:52.0006 5636 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:54:52.0041 5636 AmdK8 - ok
20:54:52.0045 5636 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:54:52.0070 5636 AmdPPM - ok
20:54:52.0093 5636 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:54:52.0104 5636 amdsata - ok
20:54:52.0115 5636 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:52.0127 5636 amdsbs - ok
20:54:52.0134 5636 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:54:52.0144 5636 amdxata - ok
20:54:52.0176 5636 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:54:52.0290 5636 AppID - ok
20:54:52.0314 5636 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:54:52.0357 5636 AppIDSvc - ok
20:54:52.0408 5636 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:54:52.0457 5636 Appinfo - ok
20:54:52.0478 5636 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:54:52.0487 5636 arc - ok
20:54:52.0498 5636 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:54:52.0507 5636 arcsas - ok
20:54:52.0538 5636 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
20:54:52.0549 5636 AsIO - ok
20:54:52.0582 5636 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\Windows\system32\drivers\Aspi32.sys
20:54:52.0594 5636 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
20:54:52.0594 5636 Aspi32 - detected UnsignedFile.Multi.Generic (1)
20:54:52.0614 5636 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
20:54:52.0631 5636 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
20:54:52.0631 5636 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
20:54:52.0670 5636 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\Windows\system32\drivers\AsUpIO.sys
20:54:52.0677 5636 AsUpIO - ok
20:54:52.0692 5636 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:52.0777 5636 AsyncMac - ok
20:54:52.0809 5636 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:54:52.0818 5636 atapi - ok
20:54:52.0854 5636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:54:52.0897 5636 AudioEndpointBuilder - ok
20:54:52.0905 5636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:54:52.0930 5636 Audiosrv - ok
20:54:52.0946 5636 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:54:52.0997 5636 AxInstSV - ok
20:54:53.0015 5636 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:54:53.0051 5636 b06bdrv - ok
20:54:53.0081 5636 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:54:53.0111 5636 b57nd60x - ok
20:54:53.0154 5636 [ FD217CCD94D414A2687150EDFDAFA4C0 ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
20:54:53.0170 5636 BCUService - ok
20:54:53.0193 5636 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:54:53.0227 5636 BDESVC - ok
20:54:53.0250 5636 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:54:53.0286 5636 Beep - ok
20:54:53.0322 5636 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:54:53.0360 5636 BFE - ok
20:54:53.0378 5636 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:54:53.0416 5636 BITS - ok
20:54:53.0437 5636 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:53.0446 5636 blbdrive - ok
20:54:53.0478 5636 [ C0152E77307DE863EBF6C728CF0A771D ] Bonifay C:\Windows\system32\DRIVERS\Bonifay.sys
20:54:53.0481 5636 Bonifay ( UnsignedFile.Multi.Generic ) - warning
20:54:53.0481 5636 Bonifay - detected UnsignedFile.Multi.Generic (1)
20:54:53.0514 5636 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:54:53.0533 5636 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
20:54:53.0533 5636 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
20:54:53.0567 5636 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:54:53.0603 5636 bowser - ok
20:54:53.0611 5636 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:53.0650 5636 BrFiltLo - ok
20:54:53.0672 5636 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:53.0701 5636 BrFiltUp - ok
20:54:53.0731 5636 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:54:53.0767 5636 Browser - ok
20:54:53.0791 5636 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:54:53.0823 5636 Brserid - ok
20:54:53.0834 5636 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:53.0858 5636 BrSerWdm - ok
20:54:53.0869 5636 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:53.0891 5636 BrUsbMdm - ok
20:54:53.0894 5636 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:53.0911 5636 BrUsbSer - ok
20:54:53.0922 5636 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:53.0941 5636 BTHMODEM - ok
20:54:53.0968 5636 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:54:53.0993 5636 bthserv - ok
20:54:54.0005 5636 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:54:54.0029 5636 cdfs - ok
20:54:54.0068 5636 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:54:54.0084 5636 cdrom - ok
20:54:54.0104 5636 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:54:54.0136 5636 CertPropSvc - ok
20:54:54.0146 5636 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:54:54.0157 5636 circlass - ok
20:54:54.0174 5636 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:54:54.0187 5636 CLFS - ok
20:54:54.0237 5636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:54.0256 5636 clr_optimization_v2.0.50727_32 - ok
20:54:54.0272 5636 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:54.0291 5636 CmBatt - ok
20:54:54.0312 5636 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:54:54.0322 5636 cmdide - ok
20:54:54.0354 5636 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
20:54:54.0376 5636 CNG - ok
20:54:54.0388 5636 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:54:54.0397 5636 Compbatt - ok
20:54:54.0416 5636 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:54:54.0436 5636 CompositeBus - ok
20:54:54.0444 5636 COMSysApp - ok
20:54:54.0453 5636 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:54:54.0461 5636 crcdisk - ok
20:54:54.0493 5636 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:54:54.0523 5636 CryptSvc - ok
20:54:54.0548 5636 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:54:54.0587 5636 DcomLaunch - ok
20:54:54.0612 5636 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:54:54.0647 5636 defragsvc - ok
20:54:54.0674 5636 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:54:54.0706 5636 DfsC - ok
20:54:54.0748 5636 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:54:54.0787 5636 Dhcp - ok
20:54:54.0811 5636 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:54:54.0842 5636 discache - ok
20:54:54.0874 5636 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:54:54.0883 5636 Disk - ok
20:54:54.0898 5636 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:54:54.0919 5636 Dnscache - ok
20:54:54.0949 5636 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:54:54.0990 5636 dot3svc - ok
20:54:55.0009 5636 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:54:55.0044 5636 DPS - ok
20:54:55.0068 5636 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:54:55.0089 5636 drmkaud - ok
20:54:55.0131 5636 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
20:54:55.0151 5636 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
20:54:55.0151 5636 DvmMDES - detected UnsignedFile.Multi.Generic (1)
20:54:55.0184 5636 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:54:55.0206 5636 DXGKrnl - ok
20:54:55.0232 5636 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:54:55.0274 5636 EapHost - ok
20:54:55.0345 5636 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:54:55.0414 5636 ebdrv - ok
20:54:55.0436 5636 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:54:55.0461 5636 EFS - ok
20:54:55.0521 5636 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:54:55.0562 5636 ehRecvr - ok
20:54:55.0584 5636 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:54:55.0609 5636 ehSched - ok
20:54:55.0636 5636 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:54:55.0654 5636 elxstor - ok
20:54:55.0688 5636 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
20:54:55.0704 5636 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
20:54:55.0704 5636 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
20:54:55.0721 5636 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:54:55.0737 5636 ErrDev - ok
20:54:55.0770 5636 [ 24E564F710D887ECC75CFE59882ECC5D ] es1371 C:\Windows\system32\drivers\es1371mp.sys
20:54:55.0807 5636 es1371 - ok
20:54:55.0837 5636 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:54:55.0878 5636 EventSystem - ok
20:54:55.0903 5636 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:54:55.0941 5636 exfat - ok
20:54:55.0953 5636 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:54:55.0983 5636 fastfat - ok
20:54:56.0019 5636 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:54:56.0042 5636 Fax - ok
20:54:56.0055 5636 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:54:56.0064 5636 fdc - ok
20:54:56.0091 5636 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:54:56.0126 5636 fdPHost - ok
20:54:56.0138 5636 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:54:56.0174 5636 FDResPub - ok
20:54:56.0191 5636 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:54:56.0201 5636 FileInfo - ok
20:54:56.0211 5636 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:54:56.0243 5636 Filetrace - ok
20:54:56.0300 5636 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:54:56.0339 5636 FLEXnet Licensing Service - ok
20:54:56.0364 5636 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:56.0376 5636 flpydisk - ok
20:54:56.0391 5636 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:54:56.0404 5636 FltMgr - ok
20:54:56.0445 5636 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:54:56.0482 5636 FontCache - ok
20:54:56.0523 5636 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:54:56.0541 5636 FontCache3.0.0.0 - ok
20:54:56.0553 5636 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:54:56.0564 5636 FsDepends - ok
20:54:56.0590 5636 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:54:56.0599 5636 Fs_Rec - ok
20:54:56.0631 5636 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:54:56.0644 5636 fvevol - ok
20:54:56.0678 5636 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
20:54:56.0710 5636 FWLANUSB - ok
20:54:56.0719 5636 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:54:56.0728 5636 gagp30kx - ok
20:54:56.0775 5636 [ 673D63ADD112DCE1EA58A4E418EDDB86 ] Gonzales C:\Windows\system32\DRIVERS\Gonzales.sys
20:54:56.0778 5636 Gonzales ( UnsignedFile.Multi.Generic ) - warning
20:54:56.0778 5636 Gonzales - detected UnsignedFile.Multi.Generic (1)
20:54:56.0814 5636 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:54:56.0856 5636 gpsvc - ok
20:54:56.0900 5636 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:56.0910 5636 gupdate - ok
20:54:56.0933 5636 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:56.0940 5636 gupdatem - ok
20:54:56.0957 5636 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:54:56.0988 5636 hcw85cir - ok
20:54:57.0012 5636 [ D5D7E646FD544E88FFAFB1C412C4D935 ] HCW88AUD C:\Windows\system32\drivers\hcw88aud.sys
20:54:57.0040 5636 HCW88AUD - ok
20:54:57.0058 5636 [ 9B258D99FB13B47AEB74A45CFDCAA900 ] HCW88BDA C:\Windows\system32\drivers\hcw88bda.sys
20:54:57.0085 5636 HCW88BDA - ok
20:54:57.0096 5636 [ 36ADEA382505758ADE5D0AAF1B04B9C5 ] hcw88rc5 C:\Windows\system32\Drivers\hcw88rc5.sys
20:54:57.0123 5636 hcw88rc5 - ok
20:54:57.0138 5636 [ F087BA0417459F77640390366A090E8A ] HCW88TSE C:\Windows\system32\drivers\hcw88tse.sys
20:54:57.0161 5636 HCW88TSE - ok
20:54:57.0184 5636 [ 65A48741BDA062B52D7E436BA985CD1C ] HCW88TUNE C:\Windows\system32\drivers\hcw88tun.sys
20:54:57.0193 5636 HCW88TUNE - ok
20:54:57.0207 5636 [ 60DDBC46D61AA63406D3F88831D06184 ] hcw88vid C:\Windows\system32\drivers\hcw88vid.sys
20:54:57.0227 5636 hcw88vid - ok
20:54:57.0245 5636 [ 0329F81C379ED71984CBF318150ACAF5 ] HCW88XBAR C:\Windows\system32\drivers\HCW88BAR.sys
20:54:57.0262 5636 HCW88XBAR - ok
20:54:57.0292 5636 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:54:57.0334 5636 HdAudAddService - ok
20:54:57.0358 5636 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:54:57.0386 5636 HDAudBus - ok
20:54:57.0410 5636 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:54:57.0442 5636 HidBatt - ok
20:54:57.0469 5636 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:54:57.0489 5636 HidBth - ok
20:54:57.0505 5636 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:54:57.0527 5636 HidIr - ok
20:54:57.0557 5636 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:54:57.0591 5636 hidserv - ok
20:54:57.0631 5636 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:54:57.0651 5636 HidUsb - ok
20:54:57.0669 5636 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:54:57.0693 5636 hkmsvc - ok
20:54:57.0702 5636 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:54:57.0727 5636 HomeGroupListener - ok
20:54:57.0760 5636 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:54:57.0785 5636 HomeGroupProvider - ok
20:54:57.0806 5636 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:54:57.0816 5636 HpSAMD - ok
20:54:57.0845 5636 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:54:57.0870 5636 HTTP - ok
20:54:57.0894 5636 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:54:57.0902 5636 hwpolicy - ok
20:54:57.0913 5636 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:54:57.0933 5636 i8042prt - ok
20:54:57.0993 5636 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:54:58.0018 5636 IAANTMON - ok
20:54:58.0038 5636 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:54:58.0050 5636 iaStor - ok
20:54:58.0083 5636 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:54:58.0096 5636 iaStorV - ok
20:54:58.0145 5636 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:54:58.0158 5636 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:54:58.0158 5636 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:54:58.0228 5636 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:54:58.0296 5636 idsvc - ok
20:54:58.0346 5636 [ 506801C7D47BE8CD1CF342BF28EB17EC ] IGDCTRL D:\_Hardware\FritzBox\Fritz!DSL\IGDCTRL.EXE
20:54:58.0362 5636 IGDCTRL - ok
20:54:58.0388 5636 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:54:58.0400 5636 iirsp - ok
20:54:58.0445 5636 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:54:58.0498 5636 IKEEXT - ok
20:54:58.0522 5636 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:54:58.0533 5636 intelide - ok
20:54:58.0553 5636 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:54:58.0576 5636 intelppm - ok
20:54:58.0597 5636 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:54:58.0636 5636 IPBusEnum - ok
20:54:58.0660 5636 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:58.0693 5636 IpFilterDriver - ok
20:54:58.0722 5636 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:54:58.0756 5636 iphlpsvc - ok
20:54:58.0775 5636 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:54:58.0787 5636 IPMIDRV - ok
20:54:58.0805 5636 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:54:58.0839 5636 IPNAT - ok
20:54:58.0852 5636 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:54:58.0894 5636 IRENUM - ok
20:54:58.0917 5636 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:54:58.0927 5636 isapnp - ok
20:54:58.0938 5636 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:54:58.0949 5636 iScsiPrt - ok
20:54:58.0993 5636 [ DC8E2779CDF0348A35AAFFA3A1BDE0C9 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:54:59.0019 5636 JRAID - ok
20:54:59.0034 5636 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:54:59.0044 5636 kbdclass - ok
20:54:59.0067 5636 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:54:59.0086 5636 kbdhid - ok
20:54:59.0098 5636 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:54:59.0107 5636 KeyIso - ok
20:54:59.0130 5636 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:54:59.0139 5636 KSecDD - ok
20:54:59.0151 5636 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:54:59.0161 5636 KSecPkg - ok
20:54:59.0181 5636 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:54:59.0215 5636 KtmRm - ok
20:54:59.0249 5636 [ E141AB3701EA166109212DCA4B28CA2C ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
20:54:59.0272 5636 L8042Kbd - ok
20:54:59.0307 5636 [ F0F944E4DA9A75DEE6A37D4AFC7E1BBC ] L8042mou C:\Windows\system32\DRIVERS\L8042mou.Sys
20:54:59.0342 5636 L8042mou - ok
20:54:59.0375 5636 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:54:59.0412 5636 LanmanServer - ok
20:54:59.0425 5636 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:54:59.0450 5636 LanmanWorkstation - ok
20:54:59.0483 5636 [ B28C741AE2912A079CF90041A9E5C0A4 ] LBeepKE C:\Windows\system32\Drivers\LBeepKE.sys
20:54:59.0496 5636 LBeepKE ( UnsignedFile.Multi.Generic ) - warning
20:54:59.0496 5636 LBeepKE - detected UnsignedFile.Multi.Generic (1)
20:54:59.0537 5636 [ DD40C03D85649205EC086722474C8A63 ] LHidKe C:\Windows\system32\DRIVERS\LHidKE.Sys
20:54:59.0556 5636 LHidKe - ok
20:54:59.0575 5636 [ 9FFC80E9CB4ACC844E5B3CF2FA8CE1EC ] LHidUsbK C:\Windows\system32\Drivers\LHidUsbK.Sys
20:54:59.0593 5636 LHidUsbK - ok
20:54:59.0622 5636 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:54:59.0649 5636 lltdio - ok
20:54:59.0684 5636 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:54:59.0708 5636 lltdsvc - ok
20:54:59.0719 5636 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:54:59.0750 5636 lmhosts - ok
20:54:59.0777 5636 [ 2EBD4C02D259944869630A912EC86BCE ] LMouKE C:\Windows\system32\DRIVERS\LMouKE.Sys
20:54:59.0798 5636 LMouKE - ok
20:54:59.0829 5636 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:54:59.0852 5636 LSI_FC - ok
20:54:59.0877 5636 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:54:59.0888 5636 LSI_SAS - ok
20:54:59.0898 5636 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:54:59.0909 5636 LSI_SAS2 - ok
20:54:59.0925 5636 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:54:59.0934 5636 LSI_SCSI - ok
20:54:59.0943 5636 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:54:59.0971 5636 luafv - ok
20:55:00.0010 5636 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:55:00.0022 5636 LVRS - ok
20:55:00.0093 5636 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
20:55:00.0192 5636 LVUVC - ok
20:55:00.0227 5636 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:55:00.0233 5636 MBAMProtector - ok
20:55:00.0270 5636 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler D:\Malwarebytes-Anti-Malware\mbamscheduler.exe
20:55:00.0283 5636 MBAMScheduler - ok
20:55:00.0301 5636 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService D:\Malwarebytes-Anti-Malware\mbamservice.exe
20:55:00.0319 5636 MBAMService - ok
20:55:00.0362 5636 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:55:00.0374 5636 Mcx2Svc - ok
20:55:00.0393 5636 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:55:00.0403 5636 megasas - ok
20:55:00.0420 5636 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:55:00.0433 5636 MegaSR - ok
20:55:00.0457 5636 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:55:00.0485 5636 MMCSS - ok
20:55:00.0491 5636 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:55:00.0524 5636 Modem - ok
20:55:00.0552 5636 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:55:00.0574 5636 monitor - ok
20:55:00.0618 5636 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:55:00.0629 5636 mouclass - ok
20:55:00.0637 5636 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:55:00.0665 5636 mouhid - ok
20:55:00.0691 5636 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:55:00.0701 5636 mountmgr - ok
20:55:00.0725 5636 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:55:00.0735 5636 mpio - ok
20:55:00.0743 5636 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:55:00.0763 5636 mpsdrv - ok
20:55:00.0793 5636 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:55:00.0834 5636 MpsSvc - ok
20:55:00.0857 5636 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:55:00.0870 5636 MRxDAV - ok
20:55:00.0898 5636 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:55:00.0930 5636 mrxsmb - ok
20:55:00.0954 5636 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:55:00.0980 5636 mrxsmb10 - ok
20:55:00.0995 5636 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:55:01.0016 5636 mrxsmb20 - ok
20:55:01.0037 5636 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:55:01.0046 5636 msahci - ok
20:55:01.0084 5636 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:55:01.0096 5636 msdsm - ok
20:55:01.0116 5636 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:55:01.0141 5636 MSDTC - ok
20:55:01.0161 5636 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:55:01.0192 5636 Msfs - ok
20:55:01.0205 5636 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:55:01.0226 5636 mshidkmdf - ok
20:55:01.0235 5636 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:55:01.0244 5636 msisadrv - ok
20:55:01.0279 5636 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:55:01.0304 5636 MSiSCSI - ok
20:55:01.0308 5636 msiserver - ok
20:55:01.0329 5636 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:55:01.0359 5636 MSKSSRV - ok
20:55:01.0374 5636 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:55:01.0395 5636 MSPCLOCK - ok
20:55:01.0409 5636 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:55:01.0441 5636 MSPQM - ok
20:55:01.0458 5636 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:55:01.0468 5636 MsRPC - ok
20:55:01.0494 5636 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:55:01.0502 5636 mssmbios - ok
20:55:01.0514 5636 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:55:01.0536 5636 MSTEE - ok
20:55:01.0540 5636 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:55:01.0557 5636 MTConfig - ok
20:55:01.0584 5636 [ CBE71C122434805CB73FFB6619F60598 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:55:01.0591 5636 MTsensor - ok
20:55:01.0600 5636 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:55:01.0609 5636 Mup - ok
20:55:01.0633 5636 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:55:01.0667 5636 napagent - ok
20:55:01.0689 5636 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:55:01.0712 5636 NativeWifiP - ok
20:55:01.0750 5636 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:55:01.0769 5636 NDIS - ok
20:55:01.0780 5636 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:55:01.0831 5636 NdisCap - ok
20:55:01.0847 5636 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:55:01.0869 5636 NdisTapi - ok
20:55:01.0903 5636 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:55:01.0925 5636 Ndisuio - ok
20:55:01.0950 5636 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:55:01.0979 5636 NdisWan - ok
20:55:01.0989 5636 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:55:02.0018 5636 NDProxy - ok
20:55:02.0038 5636 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:55:02.0066 5636 NetBIOS - ok
20:55:02.0089 5636 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:55:02.0124 5636 NetBT - ok
20:55:02.0137 5636 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:55:02.0146 5636 Netlogon - ok
20:55:02.0172 5636 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:55:02.0197 5636 Netman - ok
20:55:02.0223 5636 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:55:02.0248 5636 netprofm - ok
20:55:02.0269 5636 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:55:02.0277 5636 NetTcpPortSharing - ok
20:55:02.0298 5636 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:55:02.0309 5636 nfrd960 - ok
20:55:02.0336 5636 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:55:02.0361 5636 NlaSvc - ok
20:55:02.0438 5636 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:55:02.0450 5636 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
20:55:02.0450 5636 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
20:55:02.0464 5636 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:55:02.0511 5636 Npfs - ok
20:55:02.0526 5636 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:55:02.0562 5636 nsi - ok
20:55:02.0582 5636 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:55:02.0617 5636 nsiproxy - ok
20:55:02.0655 5636 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:55:02.0696 5636 Ntfs - ok
20:55:02.0710 5636 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:55:02.0732 5636 Null - ok
20:55:02.0913 5636 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:55:03.0178 5636 nvlddmkm - ok
20:55:03.0208 5636 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:55:03.0218 5636 nvraid - ok
20:55:03.0225 5636 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:55:03.0235 5636 nvstor - ok
20:55:03.0274 5636 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:55:03.0307 5636 nvsvc - ok
20:55:03.0377 5636 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:55:03.0432 5636 nvUpdatusService - ok
20:55:03.0466 5636 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:55:03.0477 5636 nv_agp - ok
20:55:03.0538 5636 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:55:03.0557 5636 odserv - ok
20:55:03.0585 5636 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:55:03.0615 5636 ohci1394 - ok
20:55:03.0657 5636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:55:03.0677 5636 ose - ok
20:55:03.0710 5636 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:55:03.0746 5636 p2pimsvc - ok
20:55:03.0771 5636 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:55:03.0799 5636 p2psvc - ok
20:55:03.0822 5636 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:55:03.0841 5636 Parport - ok
20:55:03.0865 5636 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:55:03.0876 5636 partmgr - ok
20:55:03.0887 5636 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:55:03.0910 5636 Parvdm - ok
20:55:03.0944 5636 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:55:03.0967 5636 PcaSvc - ok
20:55:04.0002 5636 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:55:04.0013 5636 pci - ok
20:55:04.0051 5636 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:55:04.0061 5636 pciide - ok
20:55:04.0077 5636 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:55:04.0089 5636 pcmcia - ok
20:55:04.0103 5636 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:55:04.0114 5636 pcw - ok
20:55:04.0148 5636 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:55:04.0185 5636 PEAUTH - ok
20:55:04.0270 5636 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:55:04.0366 5636 pla - ok
20:55:04.0392 5636 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:55:04.0413 5636 PlugPlay - ok
20:55:04.0434 5636 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:55:04.0458 5636 PNRPAutoReg - ok
20:55:04.0476 5636 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:55:04.0489 5636 PNRPsvc - ok
20:55:04.0502 5636 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:55:04.0536 5636 PolicyAgent - ok
20:55:04.0558 5636 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:55:04.0581 5636 Power - ok
20:55:04.0602 5636 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:55:04.0625 5636 PptpMiniport - ok
20:55:04.0633 5636 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:55:04.0647 5636 Processor - ok
20:55:04.0675 5636 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:55:04.0705 5636 ProfSvc - ok
20:55:04.0718 5636 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:55:04.0729 5636 ProtectedStorage - ok
20:55:04.0741 5636 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:55:04.0775 5636 Psched - ok
20:55:04.0802 5636 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:55:04.0831 5636 ql2300 - ok
20:55:04.0839 5636 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:55:04.0848 5636 ql40xx - ok
20:55:04.0873 5636 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:55:04.0901 5636 QWAVE - ok
20:55:04.0918 5636 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:55:04.0938 5636 QWAVEdrv - ok
20:55:04.0954 5636 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:55:04.0976 5636 RasAcd - ok
20:55:04.0998 5636 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:55:05.0019 5636 RasAgileVpn - ok
20:55:05.0026 5636 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:55:05.0057 5636 RasAuto - ok
20:55:05.0070 5636 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:55:05.0092 5636 Rasl2tp - ok
20:55:05.0131 5636 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:55:05.0174 5636 RasMan - ok
20:55:05.0186 5636 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:55:05.0218 5636 RasPppoe - ok
20:55:05.0233 5636 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:55:05.0267 5636 RasSstp - ok
20:55:05.0280 5636 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:55:05.0309 5636 rdbss - ok
20:55:05.0326 5636 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:55:05.0345 5636 rdpbus - ok
20:55:05.0370 5636 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:55:05.0402 5636 RDPCDD - ok
20:55:05.0413 5636 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:55:05.0432 5636 RDPENCDD - ok
20:55:05.0442 5636 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:55:05.0464 5636 RDPREFMP - ok
20:55:05.0506 5636 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:55:05.0530 5636 RdpVideoMiniport - ok
20:55:05.0561 5636 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:55:05.0583 5636 RDPWD - ok
20:55:05.0617 5636 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:55:05.0628 5636 rdyboost - ok
20:55:05.0649 5636 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:55:05.0682 5636 RemoteAccess - ok
20:55:05.0701 5636 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:55:05.0732 5636 RemoteRegistry - ok
20:55:05.0749 5636 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:55:05.0784 5636 RpcEptMapper - ok
20:55:05.0800 5636 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:55:05.0823 5636 RpcLocator - ok
20:55:05.0836 5636 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:55:05.0862 5636 RpcSs - ok
20:55:05.0885 5636 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:55:05.0908 5636 rspndr - ok
20:55:05.0940 5636 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:55:05.0955 5636 RTL8167 - ok
20:55:05.0966 5636 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:55:05.0977 5636 SamSs - ok
20:55:05.0995 5636 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:55:06.0005 5636 sbp2port - ok
20:55:06.0046 5636 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService D:\Spybot\SDWinSec.exe
20:55:06.0081 5636 SBSDWSCService - ok
20:55:06.0104 5636 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:55:06.0153 5636 SCardSvr - ok
20:55:06.0164 5636 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:55:06.0190 5636 scfilter - ok
20:55:06.0220 5636 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:55:06.0254 5636 Schedule - ok
20:55:06.0263 5636 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:55:06.0284 5636 SCPolicySvc - ok
20:55:06.0320 5636 [ 5AAF9869CC6279FD747412BE7457ABDC ] scsiscan C:\Windows\system32\DRIVERS\scsiscan.sys
20:55:06.0331 5636 scsiscan - ok
20:55:06.0351 5636 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:55:06.0386 5636 SDRSVC - ok
20:55:06.0406 5636 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:55:06.0438 5636 secdrv - ok
20:55:06.0465 5636 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:55:06.0516 5636 seclogon - ok
20:55:06.0530 5636 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:55:06.0570 5636 SENS - ok
20:55:06.0589 5636 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:55:06.0611 5636 SensrSvc - ok
20:55:06.0632 5636 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:55:06.0642 5636 Serenum - ok
20:55:06.0649 5636 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:55:06.0672 5636 Serial - ok
20:55:06.0694 5636 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:55:06.0710 5636 sermouse - ok
20:55:06.0744 5636 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:55:06.0773 5636 SessionEnv - ok
20:55:06.0796 5636 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:55:06.0826 5636 sffdisk - ok
20:55:06.0831 5636 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:55:06.0845 5636 sffp_mmc - ok
20:55:06.0861 5636 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:55:06.0879 5636 sffp_sd - ok
20:55:06.0901 5636 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:55:06.0909 5636 sfloppy - ok
20:55:06.0931 5636 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:55:06.0959 5636 SharedAccess - ok
20:55:06.0971 5636 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:55:06.0995 5636 ShellHWDetection - ok
20:55:07.0015 5636 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:55:07.0024 5636 sisagp - ok
20:55:07.0034 5636 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:55:07.0043 5636 SiSRaid2 - ok
20:55:07.0051 5636 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:55:07.0060 5636 SiSRaid4 - ok
20:55:07.0107 5636 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:55:07.0117 5636 SkypeUpdate - ok
20:55:07.0131 5636 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:55:07.0162 5636 Smb - ok
20:55:07.0184 5636 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:55:07.0193 5636 SNMPTRAP - ok
20:55:07.0199 5636 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:55:07.0207 5636 spldr - ok
20:55:07.0234 5636 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:55:07.0257 5636 Spooler - ok
20:55:07.0319 5636 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:55:07.0404 5636 sppsvc - ok
20:55:07.0435 5636 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:55:07.0458 5636 sppuinotify - ok
20:55:07.0488 5636 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
20:55:07.0488 5636 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
20:55:07.0489 5636 sptd ( LockedFile.Multi.Generic ) - warning
20:55:07.0489 5636 sptd - detected LockedFile.Multi.Generic (1)
20:55:07.0515 5636 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:55:07.0545 5636 srv - ok
20:55:07.0559 5636 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:55:07.0584 5636 srv2 - ok
20:55:07.0601 5636 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:55:07.0621 5636 srvnet - ok
20:55:07.0649 5636 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:55:07.0673 5636 SSDPSRV - ok
20:55:07.0680 5636 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:55:07.0714 5636 SstpSvc - ok
20:55:07.0774 5636 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:55:07.0788 5636 Stereo Service - ok
20:55:07.0807 5636 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:55:07.0816 5636 stexstor - ok
20:55:07.0851 5636 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:55:07.0881 5636 StiSvc - ok
20:55:07.0899 5636 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:55:07.0910 5636 swenum - ok
20:55:07.0937 5636 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:55:07.0971 5636 swprv - ok
20:55:08.0004 5636 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:55:08.0037 5636 SysMain - ok
20:55:08.0051 5636 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:55:08.0074 5636 TabletInputService - ok
20:55:08.0099 5636 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:55:08.0122 5636 TapiSrv - ok
20:55:08.0131 5636 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:55:08.0161 5636 TBS - ok
20:55:08.0201 5636 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:55:08.0231 5636 Tcpip - ok
20:55:08.0259 5636 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:55:08.0284 5636 TCPIP6 - ok
20:55:08.0293 5636 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:55:08.0308 5636 tcpipreg - ok
20:55:08.0337 5636 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:55:08.0354 5636 TDPIPE - ok
20:55:08.0373 5636 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:55:08.0399 5636 TDTCP - ok
20:55:08.0414 5636 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:55:08.0442 5636 tdx - ok
20:55:08.0563 5636 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 D:\Teamviewer8\TeamViewer_Service.exe
20:55:08.0631 5636 TeamViewer8 - ok
20:55:08.0658 5636 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
20:55:08.0688 5636 teamviewervpn - ok
20:55:08.0708 5636 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:55:08.0718 5636 TermDD - ok
20:55:08.0753 5636 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:55:08.0791 5636 TermService - ok
20:55:08.0810 5636 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:55:08.0823 5636 Themes - ok
20:55:08.0833 5636 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:55:08.0856 5636 THREADORDER - ok
20:55:08.0863 5636 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:55:08.0898 5636 TrkWks - ok
20:55:08.0939 5636 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:55:09.0004 5636 TrustedInstaller - ok
20:55:09.0017 5636 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:55:09.0044 5636 tssecsrv - ok
20:55:09.0078 5636 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:55:09.0111 5636 TsUsbFlt - ok
20:55:09.0142 5636 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:55:09.0180 5636 tunnel - ok
20:55:09.0206 5636 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:55:09.0215 5636 uagp35 - ok
20:55:09.0228 5636 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:55:09.0262 5636 udfs - ok
20:55:09.0284 5636 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:55:09.0301 5636 UI0Detect - ok
20:55:09.0337 5636 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:55:09.0346 5636 uliagpkx - ok
20:55:09.0364 5636 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:55:09.0384 5636 umbus - ok
20:55:09.0412 5636 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:55:09.0435 5636 UmPass - ok
20:55:09.0488 5636 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:55:09.0506 5636 UMVPFSrv - ok
20:55:09.0535 5636 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:55:09.0562 5636 upnphost - ok
20:55:09.0573 5636 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:55:09.0591 5636 usbaudio - ok
20:55:09.0612 5636 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:55:09.0634 5636 usbccgp - ok
20:55:09.0665 5636 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:55:09.0678 5636 usbcir - ok
20:55:09.0697 5636 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:55:09.0708 5636 usbehci - ok
20:55:09.0736 5636 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:55:09.0758 5636 usbhub - ok
20:55:09.0785 5636 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:55:09.0796 5636 usbohci - ok
20:55:09.0836 5636 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:55:09.0850 5636 usbprint - ok
20:55:09.0883 5636 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:55:09.0896 5636 usbscan - ok
20:55:09.0909 5636 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:55:09.0933 5636 USBSTOR - ok
20:55:09.0945 5636 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:55:09.0962 5636 usbuhci - ok
20:55:09.0990 5636 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:55:10.0019 5636 UxSms - ok
20:55:10.0030 5636 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:55:10.0039 5636 VaultSvc - ok
20:55:10.0069 5636 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:55:10.0078 5636 vdrvroot - ok
20:55:10.0106 5636 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:55:10.0147 5636 vds - ok
20:55:10.0161 5636 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:55:10.0178 5636 vga - ok
20:55:10.0187 5636 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:55:10.0223 5636 VgaSave - ok
20:55:10.0250 5636 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:55:10.0260 5636 vhdmp - ok
20:55:10.0281 5636 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:55:10.0291 5636 viaagp - ok
20:55:10.0298 5636 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:55:10.0314 5636 ViaC7 - ok
20:55:10.0344 5636 [ A6CAB31A6CFCD41E5213A924B2413EF1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:55:10.0375 5636 VIAHdAudAddService - ok
20:55:10.0389 5636 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:55:10.0398 5636 viaide - ok
20:55:10.0410 5636 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:55:10.0419 5636 volmgr - ok
20:55:10.0435 5636 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:55:10.0447 5636 volmgrx - ok
20:55:10.0461 5636 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:55:10.0473 5636 volsnap - ok
20:55:10.0496 5636 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:55:10.0506 5636 vsmraid - ok
20:55:10.0544 5636 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:55:10.0590 5636 VSS - ok
20:55:10.0606 5636 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:55:10.0617 5636 vwifibus - ok
20:55:10.0651 5636 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:55:10.0677 5636 W32Time - ok
20:55:10.0685 5636 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:55:10.0694 5636 WacomPen - ok
20:55:10.0726 5636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:55:10.0747 5636 WANARP - ok
20:55:10.0750 5636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:55:10.0770 5636 Wanarpv6 - ok
20:55:10.0799 5636 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:55:10.0858 5636 wbengine - ok
20:55:10.0887 5636 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:55:10.0911 5636 WbioSrvc - ok
20:55:10.0939 5636 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:55:10.0956 5636 wcncsvc - ok
20:55:10.0967 5636 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:55:10.0994 5636 WcsPlugInService - ok
20:55:11.0014 5636 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:55:11.0023 5636 Wd - ok
20:55:11.0056 5636 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:55:11.0073 5636 Wdf01000 - ok
20:55:11.0083 5636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:55:11.0116 5636 WdiServiceHost - ok
20:55:11.0119 5636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:55:11.0133 5636 WdiSystemHost - ok
20:55:11.0160 5636 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:55:11.0186 5636 WebClient - ok
20:55:11.0204 5636 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:55:11.0239 5636 Wecsvc - ok
20:55:11.0252 5636 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:55:11.0274 5636 wercplsupport - ok
20:55:11.0292 5636 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:55:11.0329 5636 WerSvc - ok
20:55:11.0354 5636 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:55:11.0385 5636 WfpLwf - ok
20:55:11.0400 5636 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:55:11.0408 5636 WIMMount - ok
20:55:11.0446 5636 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:55:11.0466 5636 WinDefend - ok
20:55:11.0471 5636 WinHttpAutoProxySvc - ok
20:55:11.0509 5636 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:55:11.0571 5636 Winmgmt - ok
20:55:11.0619 5636 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:55:11.0676 5636 WinRM - ok
20:55:11.0724 5636 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:55:11.0736 5636 WinUsb - ok
20:55:11.0765 5636 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:55:11.0799 5636 Wlansvc - ok
20:55:11.0816 5636 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:55:11.0837 5636 WmiAcpi - ok
20:55:11.0870 5636 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:55:11.0882 5636 wmiApSrv - ok
20:55:11.0959 5636 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:55:12.0029 5636 WMPNetworkSvc - ok
20:55:12.0047 5636 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:55:12.0060 5636 WPCSvc - ok
20:55:12.0081 5636 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:55:12.0093 5636 WPDBusEnum - ok
20:55:12.0114 5636 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:55:12.0144 5636 ws2ifsl - ok
20:55:12.0158 5636 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:55:12.0173 5636 wscsvc - ok
20:55:12.0176 5636 WSearch - ok
20:55:12.0228 5636 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:55:12.0289 5636 wuauserv - ok
20:55:12.0307 5636 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:55:12.0331 5636 WudfPf - ok
20:55:12.0359 5636 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:55:12.0370 5636 WUDFRd - ok
20:55:12.0393 5636 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:55:12.0405 5636 wudfsvc - ok
20:55:12.0431 5636 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:55:12.0460 5636 WwanSvc - ok
20:55:12.0479 5636 ================ Scan global ===============================
20:55:12.0502 5636 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:55:12.0521 5636 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:55:12.0528 5636 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:55:12.0557 5636 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:55:12.0575 5636 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:55:12.0578 5636 [Global] - ok
20:55:12.0579 5636 ================ Scan MBR ==================================
20:55:12.0592 5636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:55:12.0779 5636 \Device\Harddisk0\DR0 - ok
20:55:12.0780 5636 ================ Scan VBR ==================================
20:55:12.0798 5636 [ A8E59E6473F36D7E6112972C4318EDC0 ] \Device\Harddisk0\DR0\Partition1
20:55:12.0800 5636 \Device\Harddisk0\DR0\Partition1 - ok
20:55:12.0814 5636 [ 16CEF360C7AFFBEE770D9D17C6EAE6B2 ] \Device\Harddisk0\DR0\Partition2
20:55:12.0816 5636 \Device\Harddisk0\DR0\Partition2 - ok
20:55:12.0830 5636 [ F4050A95523242B4DCD78093D3242473 ] \Device\Harddisk0\DR0\Partition3
20:55:12.0832 5636 \Device\Harddisk0\DR0\Partition3 - ok
20:55:12.0862 5636 [ 10C3A74A5D5C75C3950A11333A41DBC5 ] \Device\Harddisk0\DR0\Partition4
20:55:12.0864 5636 \Device\Harddisk0\DR0\Partition4 - ok
20:55:12.0880 5636 [ 604223999D83E3C1414C32A904D26B8C ] \Device\Harddisk0\DR0\Partition5
20:55:12.0881 5636 \Device\Harddisk0\DR0\Partition5 - ok
20:55:12.0882 5636 ============================================================
20:55:12.0882 5636 Scan finished
20:55:12.0882 5636 ============================================================
20:55:12.0903 5716 Detected object count: 12
20:55:12.0903 5716 Actual detected object count: 12
00:22:37.0320 5716 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:22:37.0320 5716 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:22:37.0323 5716 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0324 5716 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0326 5716 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0326 5716 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0328 5716 Bonifay ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0328 5716 Bonifay ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0330 5716 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0330 5716 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0332 5716 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0332 5716 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0334 5716 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0334 5716 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0335 5716 Gonzales ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0335 5716 Gonzales ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0337 5716 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0337 5716 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0338 5716 LBeepKE ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0339 5716 LBeepKE ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0340 5716 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:37.0340 5716 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:37.0341 5716 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:22:37.0341 5716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:24:12.0627 5268 Deinitialize success
|
|
17.01.2013, 19:58
| #12 | |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um passt. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 21:26
| #13 |
| | Firefox leitet Links an falsche Webseiten um Hier die Inhalte der Datei C:\ComboFix.txt Code:
ATTFilter ComboFix 13-01-17.03 - root 17.01.2013 20:57:27.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2039.1245 [GMT 1:00]
ausgeführt von:: c:\users\Herbert\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Herbert\AppData\Roaming\pcaui8.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-17 bis 2013-01-17 ))))))))))))))))))))))))))))))
.
.
2013-01-17 20:03 . 2013-01-17 20:04 -------- d-----w- c:\users\root\AppData\Local\temp
2013-01-17 20:03 . 2013-01-17 20:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-17 20:03 . 2013-01-17 20:03 -------- d-----w- c:\users\Herbert\AppData\Local\temp
2013-01-17 20:03 . 2013-01-17 20:03 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-01-17 20:03 . 2013-01-17 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-13 22:35 . 2013-01-13 22:35 -------- d-----w- c:\program files\Common Files\Java
2013-01-13 22:31 . 2013-01-13 22:31 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-13 22:31 . 2013-01-13 22:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-13 22:31 . 2013-01-13 22:31 -------- d-----w- c:\program files\Java
2013-01-13 22:30 . 2013-01-13 22:30 -------- d-----w- c:\users\Herbert\AppData\Local\Macromedia
2013-01-13 22:29 . 2013-01-13 22:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\Herbert\AppData\Roaming\Malwarebytes
2013-01-04 12:44 . 2013-01-04 12:44 -------- d-----w- c:\users\root\AppData\Roaming\Malwarebytes
2013-01-04 12:44 . 2013-01-04 12:44 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 12:44 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 12:42 . 2013-01-04 12:42 -------- d-----w- c:\users\root\AppData\Local\Programs
2012-12-22 11:11 . 2007-09-07 16:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2012-12-22 11:11 . 2007-03-28 17:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2012-12-22 11:11 . 2006-12-19 17:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2012-12-22 11:11 . 2006-12-19 17:20 77824 ----a-w- c:\windows\system32\EBAPI.dll
2012-12-22 11:11 . 2003-12-17 00:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2012-12-22 11:11 . 2012-12-22 11:11 -------- d-----w- c:\program files\Common Files\EPSON
2012-12-22 11:10 . 2008-08-08 01:09 86528 ----a-w- c:\windows\system32\E_FLBDAE.DLL
2012-12-22 11:10 . 2006-04-19 01:00 62976 ----a-w- c:\windows\system32\E_FD4BDAE.DLL
2012-12-22 11:10 . 2004-09-10 19:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-12-22 11:10 . 2012-12-22 11:11 -------- d-----w- c:\programdata\EPSON
2012-12-21 21:21 . 1999-07-02 07:20 73728 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe
2012-12-21 21:20 . 1999-07-02 07:21 295744 ------w- c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
2012-12-21 21:20 . 1999-07-13 23:13 139264 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\Wheel2EE.dll
2012-12-21 21:20 . 1999-07-02 07:44 77824 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\SfcSvr10.exe
2012-12-21 21:20 . 1999-07-02 07:42 131072 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\RefSV.dll
2012-12-21 21:20 . 1999-07-02 07:42 122880 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\RefJIC.dll
2012-12-21 21:20 . 1999-07-02 07:21 197312 ------w- c:\program files\Common Files\Microsoft Shared\Information Retrieval\itircl51.dll
2012-12-21 21:20 . 1999-07-02 07:21 162544 ------w- c:\program files\Common Files\Microsoft Shared\Information Retrieval\itcc51.dll
2012-12-21 21:20 . 1999-07-02 07:45 40960 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\treedata.dll
2012-12-21 21:20 . 1999-07-02 07:30 456704 ------w- c:\program files\Common Files\Microsoft Shared\MsInfoRf\MSInfo32.exe
2012-12-21 21:20 . 1999-07-02 07:30 18432 ------w- c:\program files\Common Files\Microsoft Shared\MsInfoRf\ImgWalk.dll
2012-12-21 21:20 . 1999-07-02 07:30 16304 ------w- c:\program files\Common Files\Microsoft Shared\MsInfoRf\Msinf16h.exe
2012-12-21 21:19 . 1999-07-13 23:44 618496 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\D\ERSR2000.DLL
2012-12-21 21:19 . 1999-07-13 23:51 77824 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\D\ERS2000.EXE
2012-12-21 21:19 . 1999-07-13 23:44 16384 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\D\SFCR10.DLL
2012-12-21 21:19 . 1999-07-07 06:30 630853 ------w- c:\program files\Common Files\Microsoft Shared\Reference Titles\SHRL30.dll
2012-12-21 20:05 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-21 20:05 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-21 20:05 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-21 20:05 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-21 20:05 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-21 20:05 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-21 20:05 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-21 20:05 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-21 20:05 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-21 20:05 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-21 20:04 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-21 20:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-21 20:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-21 18:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-12-21 18:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-12-21 18:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-12-21 18:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-12-21 18:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-12-21 18:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-12-21 18:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-12-21 18:47 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-21 18:47 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-12-21 17:36 . 2012-12-21 17:36 -------- d-----w- c:\users\root\AppData\Roaming\TeamViewer
2012-12-21 17:31 . 2012-11-28 17:49 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-12-21 17:23 . 2012-12-21 17:27 -------- d-----w- c:\users\root\AppData\Roaming\Winamp
2012-12-21 16:58 . 2012-12-21 17:23 -------- d-----w- c:\users\root\AppData\Roaming\Skype
2012-12-19 15:56 . 2012-12-19 15:56 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 22:31 . 2011-03-05 21:25 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-13 22:29 . 2011-07-26 16:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="d:\spybot\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 1474560]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"ClamWin"="d:\clamwin\bin\ClamTray.exe" [2012-10-01 86016]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"QFan Help"="d:\_hardware\Mainboard\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Cpu Level Up help"="d:\_hardware\Mainboard\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"T Probe"="d:\_hardware\Mainboard\T Probe\TProbe.exe" [2009-09-09 4008960]
"WinampAgent"="d:\winamp\winampa.exe" [2010-01-13 37888]
"Adobe Acrobat Speed Launcher"="d:\adobe_photoshopcs4\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="d:\adobe_reader9\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="d:\adobe_photoshopcs4\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
"LBU1000"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1001"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1002"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1003"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1004"="c:\program files\Common Files\Microsoft Shared\Reference Titles\SfcSvr10.exe" [1999-07-02 77824]
"LBU1005"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1006"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
"LBU1007"="c:\program files\Common Files\Microsoft Shared\Reference Titles\RefReg.exe" [1999-07-02 73728]
" Malwarebytes Anti-Malware "="d:\malwarebytes-anti-malware\mbamgui.exe" [2012-12-14 512360]
"SpybotDeletingA8007"="command.com" [2009-07-13 50648]
.
c:\users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - d:\freecom_personalmediasuite\FCPMS.exe [2010-2-28 3338296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [x]
R2 MBAMService;MBAMService;d:\malwarebytes-anti-malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 Gonzales;Gonzales;c:\windows\system32\DRIVERS\Gonzales.sys [x]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [x]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [x]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [x]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [x]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [x]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 scsiscan;SCSI-Scannertreiber;c:\windows\system32\DRIVERS\scsiscan.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;d:\_hardware\FritzBox\Fritz!DSL\IGDCTRL.EXE [x]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [x]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes-anti-malware\mbamscheduler.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;d:\spybot\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;d:\teamviewer8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 Bonifay;Bonifay;c:\windows\system32\DRIVERS\Bonifay.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
Akamai REG_MULTI_SZ Akamai
GPSvcGroup REG_MULTI_SZ GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:08]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\im6gienf.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-FRITZ!protect - FwebProt.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-3799887905-1240588120-229784217-1004)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3799887905-1240588120-229784217-1004)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-3799887905-1240588120-229784217-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-17 21:09:04
ComboFix-quarantined-files.txt 2013-01-17 20:09
.
Vor Suchlauf: 10 Verzeichnis(se), 44.612.980.736 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 44.412.493.824 Bytes frei
.
- - End Of File - - 1E7F87B35DD68C1221D6D32C99489628
|
|
17.01.2013, 21:33
| #14 |
| /// Malware-holic | Firefox leitet Links an falsche Webseiten um Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2013, 21:30
| #15 |
| | Firefox leitet Links an falsche Webseiten um Die Programmliste mit CCleaner ist schon erstellt. Doch ich habe den Eindruck, daß das Problem jetzt schon behoben ist. Seit einer Woche ist es nicht mehr aufgetreten, daß die Links von Google umgeleitet wurden! Juchu! Einzig eine Fehlermeldung erscheint nach jedem Hochfahren von Windows7: "C:/Users/Herbert/AppData/Roaming/pcaui8ll kann nicht gefunden werden". Läßt sich wegklicken, ist aber lästig. Wird die Datei benötigt? Schon einmal hatte ich den Virus wohl kurzzeitig abgewendet: Das erste Mal, nachdem ich das Firefox-Profil gelöscht und ein neues erstellt hatte. Nach rund 10 Klicks in Google war das Problem wieder da. |
|
| Themen zu Firefox leitet Links an falsche Webseiten um |
| abgesicherten, anleitung, benutzerprofil, erstellt, falsche, firefox, folge, folgende, forum, gelöscht, google, internet, leitet, links, logfiles, löschung, modus, neues, problem, umgeleitet, update, virus, webseite, webseiten, webseiten umgeleitet, woche |
Linear-Darstellung
