| |
| |||||||
Log-Analyse und Auswertung: Ca. 50GB unerwarteter Traffic / MonatWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.03.2013, 16:37
| #1 |
| |  Ca. 50GB unerwarteter Traffic / Monat Ein Rechner von mir produziert 50GB Traffic / Monat und ich kann nicht rausfinden, was es ist. Code:
ATTFilter OTL logfile created on: 06.03.2013 16:26:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catcher\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,49 Gb Available Physical Memory | 87,44% Memory free 23,98 Gb Paging File | 22,48 Gb Available in Paging File | 93,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,08 Gb Total Space | 8,76 Gb Free Space | 13,47% Space Free | Partition Type: NTFS Computer Name: RS-8558B2 | User Name: Catcher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.06 16:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe PRC - [2013.03.06 16:23:13 | 002,383,360 | ---- | M] () -- C:\Domain\server\Server.exe PRC - [2013.02.22 13:32:59 | 007,862,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2013.02.22 13:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2013.02.22 13:24:58 | 000,106,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.26 21:44:58 | 001,168,400 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe PRC - [2012.01.18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.03.27 11:18:20 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\FreeProxy\FreeProxy.exe ========== Modules (No Company Name) ========== MOD - [2013.03.06 16:23:13 | 002,383,360 | ---- | M] () -- C:\Domain\server\Server.exe MOD - [2010.05.28 22:14:08 | 001,578,787 | ---- | M] () -- C:\Domain\server\libeay32.dll MOD - [2010.05.28 22:13:24 | 000,632,226 | ---- | M] () -- C:\Domain\server\libssl32.dll MOD - [2010.05.28 22:09:48 | 000,734,208 | ---- | M] () -- C:\Domain\server\XB2NET.DLL MOD - [2003.03.27 09:00:00 | 000,198,144 | ---- | M] () -- C:\Alaska\XPPW32\LIB\SOM.DLL ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.05.12 00:09:44 | 001,780,224 | ---- | M] () [Auto | Running] -- C:\Program Files\AMCC\3DM2/3dm2.exe -- (3DM2) SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2013.03.06 15:25:08 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.22 13:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.26 21:44:58 | 001,168,400 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2012.03.26 09:48:28 | 008,278,336 | ---- | M] (Cerberus, LLC) [Auto | Running] -- C:\Programme\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -- (Cerberus FTP Server) SRV - [2010.03.27 11:18:20 | 000,565,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FreeProxy\FreeProxy.exe -- (FreeProxy) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.05.20 15:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64) DRV:64bit: - [2010.05.17 13:03:16 | 000,025,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\superbmc.sys -- (superbmc) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.25 06:11:34 | 000,102,400 | ---- | M] (AMCC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\3wareDrv.sys -- (3wareDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 F5 5D AA 88 65 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {55D91C40-545E-49A7-82C8-74A3209D28DE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{55D91C40-545E-49A7-82C8-74A3209D28DE}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [WinAVAlarm] C:\Programme\AMCC\3DM2\WinAVAlarm.exe (AMCC) O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E823730-4FF7-4130-9608-8F493B5FCB9C}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3A7BA25-82EC-4B77-990F-7B2AFCD0AD0F}: NameServer = 80.84.224.26,91.185.130.147,212.204.198.70,80.84.224.249 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22dace7f-d2de-11de-8d22-003048b990f7}\Shell - "" = AutoRun O33 - MountPoints2\{22dace7f-d2de-11de-8d22-003048b990f7}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.06 16:25:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2013.03.06 16:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe [2013.03.06 16:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.06 16:24:45 | 000,000,000 | ---- | M] () -- C:\Users\Catcher\defogger_reenable [2013.03.06 14:56:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 14:56:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 14:55:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.06 14:55:22 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.06 14:55:22 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.06 14:55:22 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.06 14:55:22 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.06 14:53:31 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2013.03.06 14:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.06 14:47:39 | 1066,762,238 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2013.03.06 16:24:45 | 000,000,000 | ---- | C] () -- C:\Users\Catcher\defogger_reenable [2011.10.28 13:26:36 | 000,136,192 | ---- | C] () -- C:\Windows\see32.dll [2009.11.15 17:53:15 | 000,007,648 | ---- | C] () -- C:\Users\Catcher\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.27 13:01:09 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Cerberus LLC [2012.04.11 03:56:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Colasoft Capsa 7 - Professional Edition [2012.04.11 03:56:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Colasoft MAC Scanner [2009.11.15 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\GHISLER [2012.04.20 13:16:15 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\IrfanView [2012.06.08 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\TightVNC ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.03.2013 16:26:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catcher\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,99 Gb Total Physical Memory | 10,49 Gb Available Physical Memory | 87,44% Memory free
23,98 Gb Paging File | 22,48 Gb Available in Paging File | 93,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,08 Gb Total Space | 8,76 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
Computer Name: RS-8558B2 | User Name: Catcher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043CB6FC-EB6C-40E3-89FE-289EAFCB4678}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{05619DC7-F7C7-4EDF-ABF2-D0C96F29B8FF}" = lport=137 | protocol=17 | dir=in | app=system |
"{13774E89-7FF1-49ED-8466-B836C13C2647}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{1F586EC5-4A48-4E97-8825-E4B41F099EF6}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A9AA32D-DCAA-46D7-9429-814F4A7250A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B1D2A3D-47D9-416C-A00E-A89B2CD2ABEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3912B483-D0F2-4A0A-B0E6-431667FBEA81}" = rport=445 | protocol=6 | dir=out | app=system |
"{3E787ED9-B96F-40B5-A2E8-9730B67F7333}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{448411A8-436B-476D-A306-4DF19C375E34}" = rport=138 | protocol=17 | dir=out | app=system |
"{65EF9971-F2E7-4BEF-8316-6C92DCD5DE60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FEEA6EC-ECBC-45E2-830A-1528024B4F02}" = rport=139 | protocol=6 | dir=out | app=system |
"{70350BB9-1DED-4A42-B8F2-0876A7BF6C2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71BFA7D0-2E02-4E68-B797-E44C46B831E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FF6F93E-2CAE-4A9B-812B-7FA901315E74}" = lport=138 | protocol=17 | dir=in | app=system |
"{815759DC-FE51-46ED-B82D-D54002D504F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{93911055-81EE-4AA3-89BC-410BCC76D706}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{98C76F1E-47B0-4515-BEC6-CBAB3527DDE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{B594CAB8-E6E9-4F8E-9462-1F6CDDB23E11}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C02BA3CE-6525-4B30-9EF3-C39EA960D14C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5162402-4DF1-4918-A4A5-49147665E5AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C537AB34-0432-418F-ACAB-B770E5177F72}" = lport=445 | protocol=6 | dir=in | app=system |
"{C5D0772C-8711-4B73-A7EF-23E0EB585F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9A9757D-EA86-410C-8AC6-1DA0BBA0F719}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBA99C50-96AC-40D7-831A-D368AEE22CE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C338D41-094F-483F-9D1D-4FC930978313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D8E1B43-4B69-4863-8733-0E8E32CB6585}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{14346E2A-16F5-420C-8CE6-A3D888C804D5}" = dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe |
"{224C0887-52EF-41F0-A6FA-D00F3D233674}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{256CBF2C-BD90-4891-9A11-8FFC3B0E2695}" = dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{2A1610B2-D5FB-4B0E-A263-8269BD73B91B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3DACA162-B9DB-4436-9490-30CA1D45C46B}" = protocol=6 | dir=in | app=c:\program files\cerberus ftp server\cerberusgui.exe |
"{5461CD9C-147A-467D-9870-BDCB1178135F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6ACBC888-9C98-49FC-A9F6-15F97A395A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6E1D5B9C-1F0B-4180-9267-67071EC2284F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7F1E2608-2B4D-4BAB-A6BF-D696332CC3A8}" = protocol=17 | dir=in | app=c:\program files\cerberus ftp server\cerberusgui.exe |
"{93C71ED4-020E-44CB-8708-1A66F90B521C}" = protocol=6 | dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe |
"{A88EF8E7-7E92-4CB7-9F84-DCE59BE387C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C9AF3CB3-A089-4663-B766-7BF93F044815}" = protocol=17 | dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe |
"{D334CB96-5452-48B9-9E47-7646BEA5DF62}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"TCP Query User{05CF8263-D43D-4162-BB8A-4073BDB6E549}C:\domain\server\server.exe" = protocol=6 | dir=in | app=c:\domain\server\server.exe |
"TCP Query User{0AD85624-335E-4782-8DC1-A6EC10993D51}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{0BDB4B24-2980-4CD5-B364-67E95DFEAAEC}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"TCP Query User{66E4A4CF-DE9E-437F-8E2D-F3FC5171054D}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"TCP Query User{6E9894F6-D027-46BD-ACA4-70576179864D}C:\program files (x86)\freeproxy\freeproxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeproxy\freeproxy.exe |
"TCP Query User{D8E2F8EF-AF05-427F-94B8-66325E866A2E}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"TCP Query User{FA54D479-EC5F-49BF-BA83-17705A58CD1D}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"UDP Query User{2A960065-178B-4956-A144-A133A53E38EC}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"UDP Query User{2E29E83A-B136-4B2E-9798-ACF8B5966260}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{45315411-5227-48D6-AE24-05E3DB903EC2}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{631AC425-BD33-43D9-B40F-898367B00A89}C:\domain\server\server.exe" = protocol=17 | dir=in | app=c:\domain\server\server.exe |
"UDP Query User{A95E4251-01D7-4C55-9070-915BD8A87E47}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{DADECBEC-25FF-428A-8183-8ED14433BEEF}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"UDP Query User{E81BD2A9-C217-4BC9-AF84-F7E296CCF7A9}C:\program files (x86)\freeproxy\freeproxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeproxy\freeproxy.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74D1CD47-8943-4685-B53F-C7DF6599296B}" = Supermicro IPMI Configuration Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{BFC1179C-74D1-4AF3-85CE-AF9060C49273}" = Cerberus FTP Server
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"8c793da9f0aa7e94d3b4faba721006ff-1001563592" = 3ware Disk Management Tools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A396897-3AC8-46BD-ABB8-95BE31419FDE}" = TightVNC
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"7b22a4882850672b90d3153f64d71c3e" = IPMIView
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Colasoft Capsa 7 Professional_is1" = Colasoft Capsa 7 Professional
"FreeProxy/FreeWeb_is1" = FreeProxy version 4.10
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"TeamViewer 7" = TeamViewer 7
"Tftpd64" = Tftpd64 Standalone Edition (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.12.2012 16:39:33 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 10.12.2012 17:00:47 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 10.12.2012 17:08:01 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 10.12.2012 17:15:34 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 10.12.2012 17:27:07 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 12.12.2012 10:14:33 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 12.12.2012 17:32:41 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 12.12.2012 19:36:20 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 12.12.2012 19:37:45 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 12.12.2012 22:45:22 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
[ System Events ]
Error - 06.03.2013 09:23:56 | Computer Name = RS-8558B2 | Source = TermDD | ID = 655416
Description =
Error - 06.03.2013 10:00:36 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7360N Printer (Hamburg) erforderliche
Treiber Brother MFC-7360N Printer ist unbekannt. Wenden Sie sich an den Administrator,
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7440N (Home) erforderliche Treiber
Brother MFC-7440N Printer ist unbekannt. Wenden Sie sich an den Administrator,
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7440N (Toner) erforderliche Treiber
Brother MFC-7440N Printer ist unbekannt. Wenden Sie sich an den Administrator,
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother PC-FAX v.2.1 erforderliche Treiber Brother
PC-FAX v.2.1 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber
zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:38 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother PC-FAX v.2.1 #2 erforderliche Treiber
Brother PC-FAX v.2.1 ist unbekannt. Wenden Sie sich an den Administrator, um den
Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:38 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Dell Color Laser 3010cn (LP) erforderliche Treiber
Dell Color Laser 3010cn ist unbekannt. Wenden Sie sich an den Administrator, um
den Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:39 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker eDocPrintPro erforderliche Treiber eDocPrintPro
ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren,
bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:40 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker HP LaserJet 4050 (Toner) erforderliche Treiber
HP LaserJet 4050 Series PCL 5 ist unbekannt. Wenden Sie sich an den Administrator,
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
Error - 06.03.2013 10:00:43 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker PaperPort Image Printer erforderliche Treiber
Nuance Image Printer Driver ist unbekannt. Wenden Sie sich an den Administrator,
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 17:35:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0 AMCC____ rev.4.08 65,18GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Catcher\AppData\Local\Temp\pfliipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74]
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74]
.text ... * 2
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74]
.text C:\Program Files (x86)\TightVNC\tvnserver.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076042da4 5 bytes JMP 000000016ebb9ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007605cbf3 5 bytes JMP 000000016ed0902e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007605cfca 5 bytes JMP 000000016eb11893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007607cb0c 5 bytes JMP 000000016ed08fc9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007607ce64 5 bytes JMP 000000016ed09093
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007608fbd1 5 bytes JMP 000000016ed08f50
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007608fc9d 5 bytes JMP 000000016ed08ed7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007608fcd6 5 bytes JMP 000000016ed08e73
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007608fcfa 5 bytes JMP 000000016ed08e0f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748393ec 5 bytes JMP 000000016ed09248
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007298388e 5 bytes JMP 000000016ed090f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072a27922 5 bytes JMP 000000016ed091a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016ed09440
? C:\Windows\system32\mssprxy.dll [6028] entry point in ".rdata" section 00000000737471e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000770625fd 6 bytes JMP 000000016ebd8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077072a63 6 bytes JMP 000000016eb7980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074f934a5 5 bytes JMP 000000016eb775e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076038a29 5 bytes JMP 000000016ebe03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007603d22e 5 bytes JMP 000000016eb83643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076042da4 5 bytes JMP 000000016ebb9ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076046285 5 bytes JMP 000000016ebd7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076047603 5 bytes JMP 000000016ebb25b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007605cbf3 5 bytes JMP 000000016ed0902e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007605cfca 5 bytes JMP 000000016eb11893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007605f52b 5 bytes JMP 000000016ebfed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007607cb0c 5 bytes JMP 000000016ed08fc9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007607ce64 5 bytes JMP 000000016ed09093
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007608fbd1 5 bytes JMP 000000016ed08f50
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007608fc9d 5 bytes JMP 000000016ed08ed7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007608fcd6 5 bytes JMP 000000016ed08e73
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007608fcfa 5 bytes JMP 000000016ed08e0f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000074ad6143 5 bytes JMP 000000016ed097fc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000747d3e59 5 bytes JMP 000000016ed098f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000747d3eae 5 bytes JMP 000000016ed09972
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000747d4731 5 bytes JMP 000000016ed09866
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000747d5dee 5 bytes JMP 000000016ed09912
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748393ec 5 bytes JMP 000000016ed09248
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007298388e 5 bytes JMP 000000016ed090f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072a27922 5 bytes JMP 000000016ed091a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016ed09440
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1204:648] 000007fef2b4239c
Thread C:\Windows\System32\svchost.exe [1204:616] 000007fef6be9688
---- EOF - GMER 2.1 ----
|
|
06.03.2013, 16:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ca. 50GB unerwarteter Traffic / Monat Hallo,
__________________könntest du uns vllt mal mitteilen wie genau du diese 50 GB ermittelt hast? Was sol ldas sein, reiner WAN-Traffic (Internet) oder ist da auch LAN-Trafic mit drin?
__________________ |
|
08.03.2013, 14:00
| #3 |
| | Ca. 50GB unerwarteter Traffic / Monat (Sorry, hatte eine Benachrichtigung bei einer Antwort erwartet, kam aber keine, deshalb die Verzögerung.)
__________________Der Rechner ist zur Zeit bei meinem Arbeitgeber im Rechenzentrum geparkt. Er ist ansonsten nicht in Benutzung. Er produziert 40-50 GB Traffic pro Monat ins Internet. Wenn ich ihn ausschalte, dann gibts keinen Traffic. Alles nach der Software meines Arbeitegbers, der damit auch seine Kunden abrechnet. Wir haben schon endlose Diskusionen darum gehabt. Es ist NICHT der Traffic von hereinkommenen Verbindungen als ehemaliger Webserver für ein gemeinnütziges Projekt. Deshalb mein Versuch, mal nach Viren / Trojanern zu schauen. |
|
08.03.2013, 15:36
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / Monat Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2013, 21:15
| #5 |
| | Ca. 50GB unerwarteter Traffic / Monat Hallo, dies ist kein Firmenrechner, ich darf ihn nur da unterstellen. Hilfe von dort bekomme ich auch nicht. Ich habe hier übrigens schon gesspendet (24.2.) Viele Grüße Stephan |
|
08.03.2013, 23:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / Monat Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Ca. 50GB unerwarteter Traffic / Monat |
|
09.03.2013, 19:43
| #7 |
| | Ca. 50GB unerwarteter Traffic / Monat Ich schaffe es nicht, die drei Tools downzuloaden, werde es weiter versuchen. |
|
10.03.2013, 15:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / Monat Wenn du vom befallenen Rechner das nicht runterladen kannst, dann lade die Tools von einem sauberen Rechner runter und dann alle zusammen gepackt hier hochladen => File-Upload.net - Ihr kostenloser File Hoster! Mit dem Downloadlink solltest du die Tools vom befallenen Rechner runterladen können
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 02:22
| #9 |
| | Ca. 50GB unerwarteter Traffic / Monat Ich hoffe ich habe die richtigen Log-Files: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.10.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Catcher :: RS-8558B2 [administrator]
10.03.2013 13:30:55
mbar-log-2013-03-10 (13-30-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28928
Time elapsed: 4 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 14:05:48
-----------------------------
14:05:48.623 OS Version: Windows x64 6.1.7601 Service Pack 1
14:05:48.623 Number of processors: 8 586 0x1A05
14:05:48.623 ComputerName: RS-8558B2 UserName: Catcher
14:05:48.982 Initialize success
14:06:08.586 AVAST engine defs: 13031000
14:06:30.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0
14:06:30.177 Disk 0 Vendor: AMCC____ 4.08 Size: 66747MB BusType: 8
14:06:30.186 Disk 0 MBR read successfully
14:06:30.188 Disk 0 MBR scan
14:06:30.191 Disk 0 Windows 7 default MBR code
14:06:30.200 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:06:30.209 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66645 MB offset 206848
14:06:30.278 Disk 0 scanning C:\Windows\system32\drivers
14:06:38.044 Service scanning
14:06:51.151 Modules scanning
14:06:51.154 Disk 0 trace - called modules:
14:06:51.162 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll 3wareDrv.sys
14:06:51.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ad95790]
14:06:51.167 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0[0xfffffa800ab4f050]
14:06:51.508 AVAST engine scan C:\Windows
14:06:52.280 AVAST engine scan C:\Windows\system32
14:08:33.856 AVAST engine scan C:\Windows\system32\drivers
14:08:42.152 AVAST engine scan C:\Users\Catcher
14:09:04.947 AVAST engine scan C:\ProgramData
14:09:12.372 Scan finished successfully
14:31:57.401 Disk 0 MBR has been saved successfully to "C:\Users\Catcher\Desktop\MBR.dat"
14:31:57.417 The log file has been saved successfully to "C:\Users\Catcher\Desktop\aswMBR.txt"
Code:
ATTFilter 01:26:53.0517 132176 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:26:53.0627 132176 ============================================================
01:26:53.0627 132176 Current date / time: 2013/03/11 01:26:53.0627
01:26:53.0627 132176 SystemInfo:
01:26:53.0627 132176
01:26:53.0627 132176 OS Version: 6.1.7601 ServicePack: 1.0
01:26:53.0627 132176 Product type: Workstation
01:26:53.0627 132176 ComputerName: RS-8558B2
01:26:53.0627 132176 UserName: Catcher
01:26:53.0627 132176 Windows directory: C:\Windows
01:26:53.0627 132176 System windows directory: C:\Windows
01:26:53.0627 132176 Running under WOW64
01:26:53.0627 132176 Processor architecture: Intel x64
01:26:53.0627 132176 Number of processors: 8
01:26:53.0627 132176 Page size: 0x1000
01:26:53.0627 132176 Boot type: Normal boot
01:26:53.0627 132176 ============================================================
01:26:53.0924 132176 Drive \Device\Harddisk0\DR0 - Size: 0x104BB00000 (65.18 Gb), SectorSize: 0x200, Cylinders: 0x7D76, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000048
01:26:53.0924 132176 ============================================================
01:26:53.0924 132176 \Device\Harddisk0\DR0:
01:26:53.0924 132176 MBR partitions:
01:26:53.0924 132176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:26:53.0924 132176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x822A800
01:26:53.0924 132176 ============================================================
01:26:53.0939 132176 C: <-> \Device\Harddisk0\DR0\Partition2
01:26:53.0939 132176 ============================================================
01:26:53.0939 132176 Initialize success
01:26:53.0939 132176 ============================================================
01:27:05.0549 120960 ============================================================
01:27:05.0549 120960 Scan started
01:27:05.0549 120960 Mode: Manual; SigCheck; TDLFS;
01:27:05.0549 120960 ============================================================
01:27:05.0767 120960 ================ Scan system memory ========================
01:27:05.0767 120960 System memory - ok
01:27:05.0783 120960 ================ Scan services =============================
01:27:05.0892 120960 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:27:05.0924 120960 1394ohci - ok
01:27:05.0986 120960 [ A546426F04DD8AE6EE6FEFD30A1A2B12 ] 3DM2 C:\Program Files\AMCC\3DM2/3dm2.exe
01:27:05.0986 120960 Suspicious file (Hidden): C:\Program Files\AMCC\3DM2/3dm2.exe. md5: A546426F04DD8AE6EE6FEFD30A1A2B12
01:27:06.0002 120960 3DM2 ( HiddenFile.Multi.Generic ) - warning
01:27:06.0002 120960 3DM2 - detected HiddenFile.Multi.Generic (1)
01:27:06.0033 120960 [ C42D2BD350F6A86F4E30EEC5336C28C1 ] 3wareDrv C:\Windows\system32\DRIVERS\3wareDrv.sys
01:27:06.0049 120960 3wareDrv - ok
01:27:06.0080 120960 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:27:06.0095 120960 ACPI - ok
01:27:06.0127 120960 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:27:06.0127 120960 AcpiPmi - ok
01:27:06.0205 120960 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:27:06.0205 120960 AdobeFlashPlayerUpdateSvc - ok
01:27:06.0252 120960 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:27:06.0267 120960 adp94xx - ok
01:27:06.0283 120960 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:27:06.0299 120960 adpahci - ok
01:27:06.0314 120960 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:27:06.0330 120960 adpu320 - ok
01:27:06.0345 120960 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:27:06.0377 120960 AeLookupSvc - ok
01:27:06.0424 120960 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:27:06.0439 120960 AFD - ok
01:27:06.0455 120960 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:27:06.0470 120960 agp440 - ok
01:27:06.0470 120960 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:27:06.0486 120960 ALG - ok
01:27:06.0502 120960 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:27:06.0517 120960 aliide - ok
01:27:06.0517 120960 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:27:06.0533 120960 amdide - ok
01:27:06.0564 120960 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:27:06.0580 120960 AmdK8 - ok
01:27:06.0595 120960 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:27:06.0595 120960 AmdPPM - ok
01:27:06.0627 120960 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:27:06.0627 120960 amdsata - ok
01:27:06.0658 120960 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:27:06.0658 120960 amdsbs - ok
01:27:06.0674 120960 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:27:06.0689 120960 amdxata - ok
01:27:06.0705 120960 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:27:06.0736 120960 AppID - ok
01:27:06.0736 120960 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:27:06.0767 120960 AppIDSvc - ok
01:27:06.0799 120960 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:27:06.0830 120960 Appinfo - ok
01:27:06.0845 120960 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:27:06.0861 120960 AppMgmt - ok
01:27:06.0877 120960 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:27:06.0892 120960 arc - ok
01:27:06.0908 120960 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:27:06.0908 120960 arcsas - ok
01:27:06.0924 120960 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:06.0955 120960 AsyncMac - ok
01:27:06.0986 120960 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:27:07.0002 120960 atapi - ok
01:27:07.0033 120960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:27:07.0064 120960 AudioEndpointBuilder - ok
01:27:07.0080 120960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:27:07.0111 120960 AudioSrv - ok
01:27:07.0127 120960 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:27:07.0142 120960 AxInstSV - ok
01:27:07.0174 120960 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:27:07.0189 120960 b06bdrv - ok
01:27:07.0205 120960 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:27:07.0220 120960 b57nd60a - ok
01:27:07.0236 120960 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:27:07.0236 120960 BDESVC - ok
01:27:07.0252 120960 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:27:07.0283 120960 Beep - ok
01:27:07.0330 120960 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:27:07.0345 120960 BFE - ok
01:27:07.0377 120960 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:27:07.0408 120960 BITS - ok
01:27:07.0424 120960 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:27:07.0439 120960 blbdrive - ok
01:27:07.0455 120960 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:27:07.0470 120960 bowser - ok
01:27:07.0486 120960 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:27:07.0502 120960 BrFiltLo - ok
01:27:07.0502 120960 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:27:07.0502 120960 BrFiltUp - ok
01:27:07.0533 120960 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:27:07.0549 120960 Browser - ok
01:27:07.0564 120960 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:27:07.0564 120960 Brserid - ok
01:27:07.0595 120960 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:27:07.0595 120960 BrSerWdm - ok
01:27:07.0611 120960 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:27:07.0611 120960 BrUsbMdm - ok
01:27:07.0627 120960 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:27:07.0627 120960 BrUsbSer - ok
01:27:07.0627 120960 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:27:07.0642 120960 BTHMODEM - ok
01:27:07.0674 120960 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:27:07.0689 120960 bthserv - ok
01:27:07.0705 120960 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:27:07.0736 120960 cdfs - ok
01:27:07.0767 120960 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:27:07.0783 120960 cdrom - ok
01:27:07.0939 120960 [ 811F92DE474D7BEC24314DD32E6980DF ] Cerberus FTP Server C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
01:27:08.0033 120960 Cerberus FTP Server - ok
01:27:08.0080 120960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:27:08.0095 120960 CertPropSvc - ok
01:27:08.0095 120960 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:27:08.0111 120960 circlass - ok
01:27:08.0127 120960 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:27:08.0142 120960 CLFS - ok
01:27:08.0189 120960 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:08.0189 120960 clr_optimization_v2.0.50727_32 - ok
01:27:08.0236 120960 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:08.0236 120960 clr_optimization_v2.0.50727_64 - ok
01:27:08.0299 120960 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:08.0314 120960 clr_optimization_v4.0.30319_32 - ok
01:27:08.0330 120960 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:08.0345 120960 clr_optimization_v4.0.30319_64 - ok
01:27:08.0361 120960 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:08.0361 120960 CmBatt - ok
01:27:08.0377 120960 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:27:08.0392 120960 cmdide - ok
01:27:08.0424 120960 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:27:08.0439 120960 CNG - ok
01:27:08.0455 120960 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:27:08.0470 120960 Compbatt - ok
01:27:08.0486 120960 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:27:08.0502 120960 CompositeBus - ok
01:27:08.0502 120960 COMSysApp - ok
01:27:08.0517 120960 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:27:08.0533 120960 crcdisk - ok
01:27:08.0549 120960 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:27:08.0674 120960 CryptSvc - ok
01:27:08.0705 120960 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
01:27:08.0705 120960 CSC - ok
01:27:08.0736 120960 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
01:27:08.0752 120960 CscService - ok
01:27:08.0752 120960 CSN5PDTS82 - ok
01:27:08.0783 120960 [ E7956DB62954ECA3FFD2AC88F6B83BB4 ] CSN5PDTS82x64 C:\Windows\system32\Drivers\CSN5PDTS82x64.sys
01:27:08.0783 120960 CSN5PDTS82x64 - ok
01:27:08.0814 120960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:27:08.0845 120960 DcomLaunch - ok
01:27:08.0845 120960 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:27:08.0877 120960 defragsvc - ok
01:27:08.0908 120960 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:27:08.0924 120960 DfsC - ok
01:27:08.0955 120960 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:27:08.0970 120960 Dhcp - ok
01:27:08.0986 120960 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:27:09.0236 120960 discache - ok
01:27:09.0236 120960 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:27:09.0252 120960 Disk - ok
01:27:09.0267 120960 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:27:09.0267 120960 Dnscache - ok
01:27:09.0299 120960 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:27:09.0330 120960 dot3svc - ok
01:27:09.0345 120960 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:27:09.0377 120960 DPS - ok
01:27:09.0408 120960 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:27:09.0424 120960 DXGKrnl - ok
01:27:09.0455 120960 [ 235C3283DDBFAD74FB451E268CBF0A5D ] e1qexpress C:\Windows\system32\DRIVERS\e1q60x64.sys
01:27:09.0470 120960 e1qexpress - ok
01:27:09.0486 120960 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:27:09.0502 120960 EapHost - ok
01:27:09.0564 120960 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:27:09.0611 120960 ebdrv - ok
01:27:09.0611 120960 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:27:09.0627 120960 EFS - ok
01:27:09.0674 120960 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:27:09.0689 120960 ehRecvr - ok
01:27:09.0705 120960 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:27:09.0720 120960 ehSched - ok
01:27:09.0736 120960 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:27:09.0752 120960 elxstor - ok
01:27:09.0767 120960 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:27:09.0783 120960 ErrDev - ok
01:27:09.0799 120960 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:27:09.0830 120960 EventSystem - ok
01:27:09.0845 120960 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:27:09.0877 120960 exfat - ok
01:27:09.0892 120960 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:27:09.0924 120960 fastfat - ok
01:27:09.0970 120960 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:27:09.0970 120960 Fax - ok
01:27:10.0002 120960 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:27:10.0017 120960 fdc - ok
01:27:10.0033 120960 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:27:10.0049 120960 fdPHost - ok
01:27:10.0080 120960 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:27:10.0111 120960 FDResPub - ok
01:27:10.0127 120960 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:27:10.0127 120960 FileInfo - ok
01:27:10.0142 120960 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:27:10.0174 120960 Filetrace - ok
01:27:10.0174 120960 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:10.0189 120960 flpydisk - ok
01:27:10.0220 120960 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:27:10.0220 120960 FltMgr - ok
01:27:10.0267 120960 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:27:10.0283 120960 FontCache - ok
01:27:10.0330 120960 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:10.0330 120960 FontCache3.0.0.0 - ok
01:27:10.0377 120960 FreeProxy - ok
01:27:10.0392 120960 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:27:10.0392 120960 FsDepends - ok
01:27:10.0408 120960 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:27:10.0424 120960 Fs_Rec - ok
01:27:10.0455 120960 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:27:10.0470 120960 fvevol - ok
01:27:10.0486 120960 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:27:10.0502 120960 gagp30kx - ok
01:27:10.0533 120960 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:27:10.0564 120960 gpsvc - ok
01:27:10.0580 120960 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:27:10.0580 120960 hcw85cir - ok
01:27:10.0611 120960 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:27:10.0611 120960 HDAudBus - ok
01:27:10.0627 120960 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:27:10.0627 120960 HidBatt - ok
01:27:10.0642 120960 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:27:10.0658 120960 HidBth - ok
01:27:10.0658 120960 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:27:10.0674 120960 HidIr - ok
01:27:10.0689 120960 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:27:10.0720 120960 hidserv - ok
01:27:10.0736 120960 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:27:10.0752 120960 HidUsb - ok
01:27:10.0767 120960 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:27:10.0799 120960 hkmsvc - ok
01:27:10.0814 120960 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:27:10.0830 120960 HomeGroupListener - ok
01:27:10.0845 120960 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:27:10.0861 120960 HomeGroupProvider - ok
01:27:10.0892 120960 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:27:10.0892 120960 HpSAMD - ok
01:27:10.0939 120960 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:27:10.0970 120960 HTTP - ok
01:27:11.0002 120960 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:27:11.0002 120960 hwpolicy - ok
01:27:11.0033 120960 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:27:11.0033 120960 i8042prt - ok
01:27:11.0064 120960 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:27:11.0080 120960 iaStorV - ok
01:27:11.0111 120960 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:11.0127 120960 idsvc - ok
01:27:11.0142 120960 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:27:11.0142 120960 iirsp - ok
01:27:11.0174 120960 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:27:11.0205 120960 IKEEXT - ok
01:27:11.0220 120960 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:27:11.0220 120960 intelide - ok
01:27:11.0236 120960 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:27:11.0252 120960 intelppm - ok
01:27:11.0252 120960 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:27:11.0283 120960 IPBusEnum - ok
01:27:11.0314 120960 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:11.0345 120960 IpFilterDriver - ok
01:27:11.0361 120960 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:27:11.0392 120960 iphlpsvc - ok
01:27:11.0408 120960 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:27:11.0408 120960 IPMIDRV - ok
01:27:11.0424 120960 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:27:11.0455 120960 IPNAT - ok
01:27:11.0470 120960 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:27:11.0486 120960 IRENUM - ok
01:27:11.0486 120960 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:27:11.0502 120960 isapnp - ok
01:27:11.0517 120960 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:27:11.0517 120960 iScsiPrt - ok
01:27:11.0533 120960 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:27:11.0549 120960 kbdclass - ok
01:27:11.0564 120960 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:27:11.0580 120960 kbdhid - ok
01:27:11.0580 120960 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:27:11.0595 120960 KeyIso - ok
01:27:11.0611 120960 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:27:11.0627 120960 KSecDD - ok
01:27:11.0642 120960 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:27:11.0658 120960 KSecPkg - ok
01:27:11.0658 120960 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:27:11.0689 120960 ksthunk - ok
01:27:11.0720 120960 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:27:11.0752 120960 KtmRm - ok
01:27:11.0752 120960 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:27:11.0783 120960 LanmanServer - ok
01:27:11.0799 120960 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:27:11.0830 120960 LanmanWorkstation - ok
01:27:11.0845 120960 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:27:11.0877 120960 lltdio - ok
01:27:11.0908 120960 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:27:11.0939 120960 lltdsvc - ok
01:27:11.0955 120960 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:27:11.0986 120960 lmhosts - ok
01:27:12.0033 120960 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:27:12.0033 120960 LSI_FC - ok
01:27:12.0049 120960 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:27:12.0064 120960 LSI_SAS - ok
01:27:12.0095 120960 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:27:12.0095 120960 LSI_SAS2 - ok
01:27:12.0111 120960 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:27:12.0111 120960 LSI_SCSI - ok
01:27:12.0142 120960 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:27:12.0174 120960 luafv - ok
01:27:12.0220 120960 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:27:12.0220 120960 MBAMProtector - ok
01:27:12.0267 120960 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:27:12.0283 120960 MBAMScheduler - ok
01:27:12.0299 120960 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:27:12.0314 120960 MBAMService - ok
01:27:12.0345 120960 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:27:12.0361 120960 Mcx2Svc - ok
01:27:12.0377 120960 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:27:12.0392 120960 megasas - ok
01:27:12.0392 120960 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:27:12.0408 120960 MegaSR - ok
01:27:12.0424 120960 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:27:12.0455 120960 MMCSS - ok
01:27:12.0470 120960 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:27:12.0486 120960 Modem - ok
01:27:12.0502 120960 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:27:12.0517 120960 monitor - ok
01:27:12.0533 120960 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:27:12.0549 120960 mouclass - ok
01:27:12.0564 120960 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:27:12.0564 120960 mouhid - ok
01:27:12.0580 120960 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:27:12.0595 120960 mountmgr - ok
01:27:12.0611 120960 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:27:12.0627 120960 mpio - ok
01:27:12.0642 120960 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:27:12.0658 120960 mpsdrv - ok
01:27:12.0736 120960 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:27:12.0767 120960 MpsSvc - ok
01:27:12.0799 120960 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:27:12.0814 120960 MRxDAV - ok
01:27:12.0830 120960 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:12.0845 120960 mrxsmb - ok
01:27:12.0861 120960 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:12.0861 120960 mrxsmb10 - ok
01:27:12.0892 120960 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:12.0908 120960 mrxsmb20 - ok
01:27:12.0924 120960 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:27:12.0939 120960 msahci - ok
01:27:12.0955 120960 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:27:12.0970 120960 msdsm - ok
01:27:12.0970 120960 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:27:12.0986 120960 MSDTC - ok
01:27:13.0002 120960 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:27:13.0033 120960 Msfs - ok
01:27:13.0049 120960 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:27:13.0064 120960 mshidkmdf - ok
01:27:13.0080 120960 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:27:13.0095 120960 msisadrv - ok
01:27:13.0111 120960 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:27:13.0142 120960 MSiSCSI - ok
01:27:13.0142 120960 msiserver - ok
01:27:13.0174 120960 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:27:13.0189 120960 MsRPC - ok
01:27:13.0205 120960 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:27:13.0220 120960 mssmbios - ok
01:27:13.0345 120960 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
01:27:13.0392 120960 msvsmon90 - ok
01:27:13.0408 120960 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:27:13.0424 120960 MTConfig - ok
01:27:13.0439 120960 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:27:13.0439 120960 Mup - ok
01:27:13.0455 120960 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:27:13.0486 120960 napagent - ok
01:27:13.0502 120960 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:27:13.0517 120960 NativeWifiP - ok
01:27:13.0564 120960 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:27:13.0580 120960 NDIS - ok
01:27:13.0580 120960 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:27:13.0611 120960 NdisCap - ok
01:27:13.0627 120960 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:13.0658 120960 NdisTapi - ok
01:27:13.0674 120960 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:13.0705 120960 Ndisuio - ok
01:27:13.0720 120960 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:13.0752 120960 NdisWan - ok
01:27:13.0767 120960 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:27:13.0799 120960 NDProxy - ok
01:27:13.0799 120960 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:27:13.0830 120960 NetBIOS - ok
01:27:13.0845 120960 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:27:13.0861 120960 NetBT - ok
01:27:13.0877 120960 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:27:13.0892 120960 Netlogon - ok
01:27:13.0908 120960 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:27:13.0939 120960 Netman - ok
01:27:13.0955 120960 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:27:13.0986 120960 netprofm - ok
01:27:14.0033 120960 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:14.0049 120960 NetTcpPortSharing - ok
01:27:14.0049 120960 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:27:14.0064 120960 nfrd960 - ok
01:27:14.0080 120960 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:27:14.0111 120960 NlaSvc - ok
01:27:14.0111 120960 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:27:14.0142 120960 Npfs - ok
01:27:14.0142 120960 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:27:14.0174 120960 nsi - ok
01:27:14.0174 120960 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:27:14.0205 120960 nsiproxy - ok
01:27:14.0252 120960 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:27:14.0267 120960 Ntfs - ok
01:27:14.0299 120960 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:27:14.0314 120960 Null - ok
01:27:14.0345 120960 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:27:14.0361 120960 nvraid - ok
01:27:14.0392 120960 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:27:14.0392 120960 nvstor - ok
01:27:14.0424 120960 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:27:14.0424 120960 nv_agp - ok
01:27:14.0455 120960 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:27:14.0470 120960 ohci1394 - ok
01:27:14.0486 120960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:27:14.0502 120960 p2pimsvc - ok
01:27:14.0517 120960 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:27:14.0533 120960 p2psvc - ok
01:27:14.0533 120960 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:27:14.0549 120960 Parport - ok
01:27:14.0580 120960 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:27:14.0595 120960 partmgr - ok
01:27:14.0611 120960 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:27:14.0627 120960 PcaSvc - ok
01:27:14.0627 120960 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:27:14.0642 120960 pci - ok
01:27:14.0642 120960 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:27:14.0658 120960 pciide - ok
01:27:14.0674 120960 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:27:14.0674 120960 pcmcia - ok
01:27:14.0689 120960 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:27:14.0705 120960 pcw - ok
01:27:14.0720 120960 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:27:14.0752 120960 PEAUTH - ok
01:27:14.0783 120960 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:27:14.0799 120960 PeerDistSvc - ok
01:27:14.0845 120960 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:27:14.0861 120960 PerfHost - ok
01:27:14.0924 120960 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:27:14.0955 120960 pla - ok
01:27:14.0986 120960 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:27:15.0002 120960 PlugPlay - ok
01:27:15.0017 120960 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:27:15.0033 120960 PNRPAutoReg - ok
01:27:15.0064 120960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:27:15.0064 120960 PNRPsvc - ok
01:27:15.0111 120960 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:27:15.0142 120960 PolicyAgent - ok
01:27:15.0158 120960 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:27:15.0189 120960 Power - ok
01:27:15.0220 120960 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:27:15.0252 120960 PptpMiniport - ok
01:27:15.0252 120960 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:27:15.0267 120960 Processor - ok
01:27:15.0299 120960 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:27:15.0314 120960 ProfSvc - ok
01:27:15.0330 120960 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:27:15.0345 120960 ProtectedStorage - ok
01:27:15.0361 120960 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:27:15.0392 120960 Psched - ok
01:27:15.0424 120960 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:27:15.0455 120960 ql2300 - ok
01:27:15.0470 120960 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:27:15.0470 120960 ql40xx - ok
01:27:15.0502 120960 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:27:15.0502 120960 QWAVE - ok
01:27:15.0533 120960 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:27:15.0549 120960 QWAVEdrv - ok
01:27:15.0549 120960 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:27:15.0580 120960 RasAcd - ok
01:27:15.0611 120960 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:27:15.0627 120960 RasAgileVpn - ok
01:27:15.0642 120960 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:27:15.0674 120960 RasAuto - ok
01:27:15.0689 120960 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:15.0720 120960 Rasl2tp - ok
01:27:15.0752 120960 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:27:15.0783 120960 RasMan - ok
01:27:15.0799 120960 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:15.0830 120960 RasPppoe - ok
01:27:15.0845 120960 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:27:15.0861 120960 RasSstp - ok
01:27:15.0892 120960 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:27:15.0908 120960 rdbss - ok
01:27:15.0924 120960 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:27:15.0924 120960 rdpbus - ok
01:27:15.0939 120960 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:15.0970 120960 RDPCDD - ok
01:27:16.0002 120960 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:27:16.0002 120960 RDPDR - ok
01:27:16.0017 120960 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:27:16.0049 120960 RDPENCDD - ok
01:27:16.0049 120960 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:27:16.0080 120960 RDPREFMP - ok
01:27:16.0111 120960 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:27:16.0111 120960 RDPWD - ok
01:27:16.0142 120960 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:27:16.0142 120960 rdyboost - ok
01:27:16.0158 120960 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:27:16.0189 120960 RemoteAccess - ok
01:27:16.0189 120960 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:27:16.0220 120960 RemoteRegistry - ok
01:27:16.0252 120960 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:27:16.0267 120960 RpcEptMapper - ok
01:27:16.0283 120960 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:27:16.0299 120960 RpcLocator - ok
01:27:16.0314 120960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:27:16.0345 120960 RpcSs - ok
01:27:16.0345 120960 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:27:16.0377 120960 rspndr - ok
01:27:16.0392 120960 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
01:27:16.0392 120960 s3cap - ok
01:27:16.0408 120960 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:27:16.0408 120960 SamSs - ok
01:27:16.0439 120960 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:27:16.0439 120960 sbp2port - ok
01:27:16.0455 120960 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:27:16.0470 120960 SCardSvr - ok
01:27:16.0486 120960 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:27:16.0517 120960 scfilter - ok
01:27:16.0564 120960 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:27:16.0611 120960 Schedule - ok
01:27:16.0627 120960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:27:16.0658 120960 SCPolicySvc - ok
01:27:16.0674 120960 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:27:16.0689 120960 SDRSVC - ok
01:27:16.0705 120960 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:27:16.0736 120960 secdrv - ok
01:27:16.0752 120960 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:27:16.0783 120960 seclogon - ok
01:27:16.0799 120960 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:27:16.0830 120960 SENS - ok
01:27:16.0830 120960 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:27:16.0845 120960 SensrSvc - ok
01:27:16.0845 120960 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:27:16.0861 120960 Serenum - ok
01:27:16.0861 120960 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:27:16.0877 120960 Serial - ok
01:27:16.0892 120960 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:27:16.0892 120960 sermouse - ok
01:27:16.0908 120960 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:27:16.0939 120960 SessionEnv - ok
01:27:16.0970 120960 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:27:16.0970 120960 sffdisk - ok
01:27:17.0033 120960 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:27:17.0033 120960 sffp_mmc - ok
01:27:17.0080 120960 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:27:17.0095 120960 sffp_sd - ok
01:27:17.0111 120960 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:27:17.0111 120960 sfloppy - ok
01:27:17.0127 120960 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:27:17.0158 120960 SharedAccess - ok
01:27:17.0189 120960 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:27:17.0220 120960 ShellHWDetection - ok
01:27:17.0236 120960 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:27:17.0236 120960 SiSRaid2 - ok
01:27:17.0252 120960 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:27:17.0252 120960 SiSRaid4 - ok
01:27:17.0267 120960 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:27:17.0283 120960 Smb - ok
01:27:17.0299 120960 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:27:17.0314 120960 SNMPTRAP - ok
01:27:17.0330 120960 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:27:17.0330 120960 spldr - ok
01:27:17.0361 120960 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:27:17.0377 120960 Spooler - ok
01:27:17.0439 120960 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:27:17.0502 120960 sppsvc - ok
01:27:17.0502 120960 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:27:17.0533 120960 sppuinotify - ok
01:27:17.0564 120960 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:27:17.0564 120960 srv - ok
01:27:17.0580 120960 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:27:17.0595 120960 srv2 - ok
01:27:17.0611 120960 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:27:17.0627 120960 srvnet - ok
01:27:17.0642 120960 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:27:17.0674 120960 SSDPSRV - ok
01:27:17.0674 120960 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:27:17.0705 120960 SstpSvc - ok
01:27:17.0705 120960 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:27:17.0720 120960 stexstor - ok
01:27:17.0752 120960 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:27:17.0767 120960 stisvc - ok
01:27:17.0799 120960 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
01:27:17.0799 120960 storflt - ok
01:27:17.0830 120960 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
01:27:17.0830 120960 StorSvc - ok
01:27:17.0845 120960 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:27:17.0861 120960 storvsc - ok
01:27:17.0877 120960 [ 7F258C0161E9EDCA8E7F85AC0DD68E46 ] superbmc C:\Windows\system32\drivers\superbmc.sys
01:27:17.0877 120960 superbmc - ok
01:27:17.0908 120960 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:27:17.0908 120960 swenum - ok
01:27:17.0939 120960 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:27:17.0970 120960 swprv - ok
01:27:18.0017 120960 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:27:18.0049 120960 SysMain - ok
01:27:18.0064 120960 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:27:18.0080 120960 TabletInputService - ok
01:27:18.0111 120960 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:27:18.0127 120960 TapiSrv - ok
01:27:18.0142 120960 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:27:18.0174 120960 TBS - ok
01:27:18.0220 120960 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:27:18.0252 120960 Tcpip - ok
01:27:18.0283 120960 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:27:18.0314 120960 TCPIP6 - ok
01:27:18.0330 120960 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:27:18.0361 120960 tcpipreg - ok
01:27:18.0377 120960 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:27:18.0377 120960 TDPIPE - ok
01:27:18.0392 120960 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:27:18.0408 120960 TDTCP - ok
01:27:18.0424 120960 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:27:18.0455 120960 tdx - ok
01:27:18.0533 120960 [ B1B546EA1D908A8F90EBEB02E5878AA0 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:27:18.0580 120960 TeamViewer7 - ok
01:27:18.0580 120960 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:27:18.0595 120960 TermDD - ok
01:27:18.0627 120960 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:27:18.0658 120960 TermService - ok
01:27:18.0658 120960 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:27:18.0674 120960 Themes - ok
01:27:18.0674 120960 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:27:18.0705 120960 THREADORDER - ok
01:27:18.0720 120960 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:27:18.0752 120960 TrkWks - ok
01:27:18.0783 120960 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:27:18.0799 120960 TrustedInstaller - ok
01:27:18.0830 120960 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:18.0861 120960 tssecsrv - ok
01:27:18.0861 120960 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:27:18.0877 120960 TsUsbFlt - ok
01:27:18.0908 120960 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:27:18.0924 120960 tunnel - ok
01:27:19.0002 120960 [ 72534F43386F4EF243F22C4ADE3314AA ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
01:27:19.0033 120960 tvnserver - ok
01:27:19.0033 120960 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:27:19.0049 120960 uagp35 - ok
01:27:19.0064 120960 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:27:19.0095 120960 udfs - ok
01:27:19.0111 120960 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:27:19.0127 120960 UI0Detect - ok
01:27:19.0127 120960 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:27:19.0142 120960 uliagpkx - ok
01:27:19.0158 120960 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:27:19.0158 120960 umbus - ok
01:27:19.0174 120960 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:27:19.0174 120960 UmPass - ok
01:27:19.0205 120960 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
01:27:19.0205 120960 UmRdpService - ok
01:27:19.0236 120960 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:27:19.0267 120960 upnphost - ok
01:27:19.0283 120960 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
01:27:19.0299 120960 usbccgp - ok
01:27:19.0314 120960 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:27:19.0330 120960 usbcir - ok
01:27:19.0345 120960 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:27:19.0361 120960 usbehci - ok
01:27:19.0377 120960 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:27:19.0392 120960 usbhub - ok
01:27:19.0392 120960 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:27:19.0408 120960 usbohci - ok
01:27:19.0424 120960 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:27:19.0424 120960 usbprint - ok
01:27:19.0439 120960 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
01:27:19.0439 120960 USBSTOR - ok
01:27:19.0455 120960 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:27:19.0455 120960 usbuhci - ok
01:27:19.0470 120960 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:27:19.0486 120960 UxSms - ok
01:27:19.0502 120960 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:27:19.0517 120960 VaultSvc - ok
01:27:19.0517 120960 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:27:19.0533 120960 vdrvroot - ok
01:27:19.0549 120960 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:27:19.0580 120960 vds - ok
01:27:19.0595 120960 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:19.0611 120960 vga - ok
01:27:19.0627 120960 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:27:19.0642 120960 VgaSave - ok
01:27:19.0674 120960 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:27:19.0674 120960 vhdmp - ok
01:27:19.0689 120960 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:27:19.0705 120960 viaide - ok
01:27:19.0705 120960 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
01:27:19.0720 120960 vmbus - ok
01:27:19.0736 120960 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
01:27:19.0736 120960 VMBusHID - ok
01:27:19.0752 120960 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:27:19.0752 120960 volmgr - ok
01:27:19.0767 120960 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:27:19.0783 120960 volmgrx - ok
01:27:19.0799 120960 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:27:19.0814 120960 volsnap - ok
01:27:19.0830 120960 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
01:27:19.0845 120960 vpcbus - ok
01:27:19.0861 120960 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
01:27:19.0877 120960 vpcnfltr - ok
01:27:19.0877 120960 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
01:27:19.0892 120960 vpcusb - ok
01:27:19.0924 120960 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
01:27:19.0939 120960 vpcvmm - ok
01:27:19.0970 120960 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:27:19.0970 120960 vsmraid - ok
01:27:20.0017 120960 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:27:20.0049 120960 VSS - ok
01:27:20.0064 120960 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:27:20.0080 120960 vwifibus - ok
01:27:20.0095 120960 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:27:20.0127 120960 W32Time - ok
01:27:20.0142 120960 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:27:20.0142 120960 WacomPen - ok
01:27:20.0158 120960 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:27:20.0189 120960 WANARP - ok
01:27:20.0205 120960 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:27:20.0220 120960 Wanarpv6 - ok
01:27:20.0283 120960 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:27:20.0299 120960 WatAdminSvc - ok
01:27:20.0345 120960 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:27:20.0361 120960 wbengine - ok
01:27:20.0377 120960 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:27:20.0392 120960 WbioSrvc - ok
01:27:20.0424 120960 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:27:20.0439 120960 wcncsvc - ok
01:27:20.0455 120960 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:27:20.0455 120960 WcsPlugInService - ok
01:27:20.0470 120960 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:27:20.0486 120960 Wd - ok
01:27:20.0502 120960 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:27:20.0517 120960 Wdf01000 - ok
01:27:20.0533 120960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:27:20.0549 120960 WdiServiceHost - ok
01:27:20.0564 120960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:27:20.0564 120960 WdiSystemHost - ok
01:27:20.0595 120960 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:27:20.0611 120960 WebClient - ok
01:27:20.0627 120960 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:27:20.0642 120960 Wecsvc - ok
01:27:20.0674 120960 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:27:20.0689 120960 wercplsupport - ok
01:27:20.0705 120960 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:27:20.0736 120960 WerSvc - ok
01:27:20.0752 120960 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:27:20.0767 120960 WfpLwf - ok
01:27:20.0783 120960 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:27:20.0799 120960 WIMMount - ok
01:27:20.0799 120960 WinDefend - ok
01:27:20.0814 120960 WinHttpAutoProxySvc - ok
01:27:20.0845 120960 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:27:20.0877 120960 Winmgmt - ok
01:27:20.0939 120960 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:27:20.0970 120960 WinRM - ok
01:27:21.0017 120960 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:27:21.0033 120960 Wlansvc - ok
01:27:21.0064 120960 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:27:21.0064 120960 WmiAcpi - ok
01:27:21.0095 120960 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:27:21.0111 120960 wmiApSrv - ok
01:27:21.0111 120960 WMPNetworkSvc - ok
01:27:21.0127 120960 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:27:21.0142 120960 WPCSvc - ok
01:27:21.0158 120960 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:27:21.0174 120960 WPDBusEnum - ok
01:27:21.0174 120960 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:27:21.0205 120960 ws2ifsl - ok
01:27:21.0220 120960 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:27:21.0236 120960 wscsvc - ok
01:27:21.0236 120960 WSearch - ok
01:27:21.0299 120960 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:27:21.0330 120960 wuauserv - ok
01:27:21.0361 120960 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:27:21.0377 120960 WudfPf - ok
01:27:21.0392 120960 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:21.0424 120960 WUDFRd - ok
01:27:21.0455 120960 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:27:21.0470 120960 wudfsvc - ok
01:27:21.0502 120960 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:27:21.0502 120960 WwanSvc - ok
01:27:21.0517 120960 ================ Scan global ===============================
01:27:21.0533 120960 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:27:21.0564 120960 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:27:21.0564 120960 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:27:21.0580 120960 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:27:21.0595 120960 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:27:21.0595 120960 [Global] - ok
01:27:21.0595 120960 ================ Scan MBR ==================================
01:27:21.0611 120960 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:27:21.0783 120960 \Device\Harddisk0\DR0 - ok
01:27:21.0783 120960 ================ Scan VBR ==================================
01:27:21.0783 120960 [ AD8B2C5A5CCC2DF6EF3EE8FE5932B860 ] \Device\Harddisk0\DR0\Partition1
01:27:21.0783 120960 \Device\Harddisk0\DR0\Partition1 - ok
01:27:21.0799 120960 [ 98096B4B23F55F712DC01B66ACCE1CEC ] \Device\Harddisk0\DR0\Partition2
01:27:21.0799 120960 \Device\Harddisk0\DR0\Partition2 - ok
01:27:21.0799 120960 ============================================================
01:27:21.0799 120960 Scan finished
01:27:21.0799 120960 ============================================================
01:27:21.0814 132424 Detected object count: 1
01:27:21.0814 132424 Actual detected object count: 1
01:27:39.0564 132424 3DM2 ( HiddenFile.Multi.Generic ) - skipped by user
01:27:39.0564 132424 3DM2 ( HiddenFile.Multi.Generic ) - User select action: Skip
|
|
11.03.2013, 10:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / Monat Ist alles noch recht unauffällig Du solltest mal mit einem Überwachungstool bzw. Trafficmeter nachsehen, welcher Prozess soviel Traffic erzeugt. Da könnte man zB NetLimiter nehmen, vllt reicht auch schon tcpview von Microsoft.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 20:40
| #11 |
| | Ca. 50GB unerwarteter Traffic / Monat Danke, ja ich werde mal den Traffic weiter im Auge behalten, ich melde mich hierzu wieder, ich habe da noch einen Verdacht. |
|
11.03.2013, 20:47
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / MonatZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 20:20
| #13 |
| | Ca. 50GB unerwarteter Traffic / Monat Die Kiste hat ein Supermicro Board das eine IPMI eingebaut hat. (Remote Control). Habe mal irgendwo gehört, dass die angegriffen werden konnte. Bin mit Supermicro in Kontakt. |
|
15.03.2013, 11:22
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ca. 50GB unerwarteter Traffic / Monat Hm, IPMI kenn ich jetzt nur im Zusammenhang mit nagios Was hat es denn mit der Schnittstelle auf sich, wozu genau brauchst du die, wie ist die von extern verfügbar, wird der Rechner überhaupt durch eine Firewall geschützt? Und mit Firewall mein ich jetzt weder so ein Zeig wie zB ZoneAlarm, Kerio und auch nicht die Windows-Firewall, sondern eher etwas professionelleres wie zB eine extra-Kiste mit Sophos UTM
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ca. 50GB unerwarteter Traffic / Monat |
| adobe, bho, error, explorer, firefox, flash player, format, ftp, helper, home, iexplore.exe, install.exe, logfile, ntdll.dll, object, plug-in, programme, registry, rundll, scan, security, server, software, svchost.exe, temp, total commander, udp, visual studio, windows, windows xp |
Linear-Darstellung
