| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanerbefund(mehr als 1er)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2013, 14:54
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojanerbefund(mehr als 1er) na wie auch immer, ich find so eine Aussage nur höchst interessant  Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 14:20
| #17 |
 | Trojanerbefund(mehr als 1er) Die Textdatei des erstes Programmes hab ich , aber wofür ist die Textdatei.Brauchst du die oder ist die für das zweite Programm?
__________________Naja , das zweite Programm hat nichts gefunden.Windows Essentials wiederrum findet immer wieder einen Exploit:Java.Daraufhinn habe ich Java komplett gelöscht und neu installiert. |
|
03.04.2013, 20:48
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) Wird das aus den Anleitungen nicht deutlich?
__________________Du sollst beide Logs posten in CODE-Tags
__________________ |
|
03.04.2013, 21:46
| #19 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-03 15:13:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST310005 rev.JC4B 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\WIN7~1\AppData\Local\Temp\uwdiypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000143c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000143c08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
.text C:\Program Files (x86)\Steam\Steam.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007691549c 5 bytes JMP 00000001000f0800
---- Threads - GMER 2.1 ----
Thread c:\Program Files\Microsoft Security Client\NisSrv.exe [2456:2480] 000007feff6fa808
Thread c:\Program Files\Microsoft Security Client\NisSrv.exe [2456:2668] 000007fefe316e60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [696:1760] 000007fefbfb2a7c
---- EOF - GMER 2.1 ----
|
|
03.04.2013, 21:53
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) Was ist mit dem anderen Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 22:37
| #21 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.592000 GHz
Memory total: 8568582144, free: 4565307392
------------ Kernel report ------------
04/03/2013 22:50:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\ScreamingBAudio64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\SaiMini.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\SaiU1708.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\SaiK1708.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\WIN7~1\AppData\Local\Temp\uwdiypog.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a9e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xfffffa80077d88f0
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xfffffa800d99c090
Downloaded database version: v2013.04.03.08
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80078e09d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800776dac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80077d88f0, DeviceName: \Device\00000069\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00238e620, 0xfffffa8007a9e060, 0xfffffa800dabd470
Lower DeviceData: 0xfffff8a016e38200, 0xfffffa80077d88f0, 0xfffffa800d99c090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4ACDBD90
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953314816
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
|
|
04.04.2013, 10:36
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) Das ist das falsche Log, bitte das angeforderte Log wie in der Anleitung erwähnt posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 11:49
| #23 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Win 7 :: MARCEL-PC [administrator]
04.04.2013 12:43:50
mbar-log-2013-04-04 (12-43-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30328
Time elapsed: 13 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
04.04.2013, 11:52
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 14:12
| #25 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-04 14:43:22
-----------------------------
14:43:22.798 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:22.799 Number of processors: 4 586 0x102
14:43:22.800 ComputerName: MARCEL-PC UserName: Win 7
14:43:25.241 Initialize success
14:48:01.474 AVAST engine defs: 13040400
14:48:34.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
14:48:34.784 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
14:48:34.873 Disk 0 MBR read successfully
14:48:34.875 Disk 0 MBR scan
14:48:34.879 Disk 0 Windows 7 default MBR code
14:48:34.888 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:48:34.914 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:48:34.965 Disk 0 scanning C:\Windows\system32\drivers
14:48:47.672 Service scanning
14:49:11.517 Modules scanning
14:49:11.522 Disk 0 trace - called modules:
14:49:11.547 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:49:11.550 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a9d060]
14:49:11.555 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa80077eeac0]
14:49:11.558 5 amd_xata.sys[fffff8800119cd00] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80077d9060]
14:49:13.282 AVAST engine scan C:\Windows
14:49:16.328 AVAST engine scan C:\Windows\system32
14:53:19.671 AVAST engine scan C:\Windows\system32\drivers
14:53:34.499 AVAST engine scan C:\Users\Win 7
14:58:24.159 AVAST engine scan C:\ProgramData
14:59:41.306 Scan finished successfully
15:05:13.216 Disk 0 MBR has been saved successfully to "C:\Users\Win 7\Downloads\MBR.dat"
15:05:13.263 The log file has been saved successfully to "C:\Users\Win 7\Downloads\aswMBR.txt"
Code:
ATTFilter 15:09:31.0484 4304 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:09:32.0155 4304 ============================================================
15:09:32.0156 4304 Current date / time: 2013/04/04 15:09:32.0155
15:09:32.0156 4304 SystemInfo:
15:09:32.0156 4304
15:09:32.0156 4304 OS Version: 6.1.7601 ServicePack: 1.0
15:09:32.0156 4304 Product type: Workstation
15:09:32.0156 4304 ComputerName: MARCEL-PC
15:09:32.0156 4304 UserName: Win 7
15:09:32.0156 4304 Windows directory: C:\Windows
15:09:32.0156 4304 System windows directory: C:\Windows
15:09:32.0156 4304 Running under WOW64
15:09:32.0156 4304 Processor architecture: Intel x64
15:09:32.0156 4304 Number of processors: 4
15:09:32.0156 4304 Page size: 0x1000
15:09:32.0156 4304 Boot type: Normal boot
15:09:32.0156 4304 ============================================================
15:09:32.0776 4304 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:09:32.0781 4304 ============================================================
15:09:32.0781 4304 \Device\Harddisk0\DR0:
15:09:32.0782 4304 MBR partitions:
15:09:32.0782 4304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:09:32.0782 4304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:09:32.0782 4304 ============================================================
15:09:32.0793 4304 C: <-> \Device\Harddisk0\DR0\Partition2
15:09:32.0793 4304 ============================================================
15:09:32.0793 4304 Initialize success
15:09:32.0793 4304 ============================================================
15:09:44.0859 3836 ============================================================
15:09:44.0859 3836 Scan started
15:09:44.0859 3836 Mode: Manual;
15:09:44.0859 3836 ============================================================
15:09:45.0178 3836 ================ Scan system memory ========================
15:09:45.0178 3836 System memory - ok
15:09:45.0178 3836 ================ Scan services =============================
15:09:45.0257 3836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:09:45.0258 3836 1394ohci - ok
15:09:45.0318 3836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:09:45.0320 3836 ACPI - ok
15:09:45.0339 3836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:09:45.0339 3836 AcpiPmi - ok
15:09:45.0444 3836 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:09:45.0446 3836 AdobeFlashPlayerUpdateSvc - ok
15:09:45.0472 3836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:09:45.0475 3836 adp94xx - ok
15:09:45.0487 3836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:09:45.0489 3836 adpahci - ok
15:09:45.0501 3836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:09:45.0502 3836 adpu320 - ok
15:09:45.0527 3836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:09:45.0528 3836 AeLookupSvc - ok
15:09:45.0566 3836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:09:45.0568 3836 AFD - ok
15:09:45.0583 3836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:09:45.0584 3836 agp440 - ok
15:09:45.0605 3836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:09:45.0606 3836 ALG - ok
15:09:45.0618 3836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:09:45.0619 3836 aliide - ok
15:09:45.0632 3836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:09:45.0633 3836 amdide - ok
15:09:45.0647 3836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:09:45.0648 3836 AmdK8 - ok
15:09:45.0657 3836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:09:45.0657 3836 AmdPPM - ok
15:09:45.0670 3836 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:09:45.0671 3836 amdsata - ok
15:09:45.0685 3836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:09:45.0686 3836 amdsbs - ok
15:09:45.0703 3836 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:09:45.0704 3836 amdxata - ok
15:09:45.0734 3836 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
15:09:45.0735 3836 amd_sata - ok
15:09:45.0745 3836 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
15:09:45.0745 3836 amd_xata - ok
15:09:45.0765 3836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:09:45.0765 3836 AppID - ok
15:09:45.0781 3836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:09:45.0781 3836 AppIDSvc - ok
|
|
04.04.2013, 16:18
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 17:12
| #27 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter 18:07:37.0065 5732 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:07:37.0313 5732 ============================================================
18:07:37.0313 5732 Current date / time: 2013/04/04 18:07:37.0313
18:07:37.0313 5732 SystemInfo:
18:07:37.0313 5732
18:07:37.0313 5732 OS Version: 6.1.7601 ServicePack: 1.0
18:07:37.0313 5732 Product type: Workstation
18:07:37.0313 5732 ComputerName: MARCEL-PC
18:07:37.0313 5732 UserName: Win 7
18:07:37.0313 5732 Windows directory: C:\Windows
18:07:37.0313 5732 System windows directory: C:\Windows
18:07:37.0313 5732 Running under WOW64
18:07:37.0313 5732 Processor architecture: Intel x64
18:07:37.0313 5732 Number of processors: 4
18:07:37.0313 5732 Page size: 0x1000
18:07:37.0313 5732 Boot type: Normal boot
18:07:37.0313 5732 ============================================================
18:07:38.0160 5732 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:38.0166 5732 ============================================================
18:07:38.0166 5732 \Device\Harddisk0\DR0:
18:07:38.0166 5732 MBR partitions:
18:07:38.0166 5732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:07:38.0166 5732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:07:38.0166 5732 ============================================================
18:07:38.0185 5732 C: <-> \Device\Harddisk0\DR0\Partition2
18:07:38.0185 5732 ============================================================
18:07:38.0185 5732 Initialize success
18:07:38.0185 5732 ============================================================
18:07:43.0885 3756 ============================================================
18:07:43.0885 3756 Scan started
18:07:43.0885 3756 Mode: Manual; SigCheck; TDLFS;
18:07:43.0885 3756 ============================================================
18:07:44.0198 3756 ================ Scan system memory ========================
18:07:44.0198 3756 System memory - ok
18:07:44.0199 3756 ================ Scan services =============================
18:07:44.0289 3756 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:07:44.0459 3756 1394ohci - ok
18:07:44.0524 3756 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:07:44.0539 3756 ACPI - ok
18:07:44.0562 3756 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:07:44.0604 3756 AcpiPmi - ok
18:07:44.0751 3756 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:44.0766 3756 AdobeFlashPlayerUpdateSvc - ok
18:07:44.0804 3756 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:07:44.0822 3756 adp94xx - ok
18:07:44.0835 3756 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:07:44.0850 3756 adpahci - ok
18:07:44.0865 3756 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:07:44.0878 3756 adpu320 - ok
18:07:44.0909 3756 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:07:45.0069 3756 AeLookupSvc - ok
18:07:45.0105 3756 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:07:45.0165 3756 AFD - ok
18:07:45.0173 3756 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:07:45.0183 3756 agp440 - ok
18:07:45.0195 3756 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:07:45.0255 3756 ALG - ok
18:07:45.0283 3756 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:07:45.0294 3756 aliide - ok
18:07:45.0305 3756 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:07:45.0314 3756 amdide - ok
18:07:45.0329 3756 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:07:45.0379 3756 AmdK8 - ok
18:07:45.0396 3756 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:07:45.0440 3756 AmdPPM - ok
18:07:45.0526 3756 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:07:45.0541 3756 amdsata - ok
18:07:45.0583 3756 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:07:45.0595 3756 amdsbs - ok
18:07:45.0609 3756 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:07:45.0618 3756 amdxata - ok
18:07:45.0640 3756 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
18:07:45.0648 3756 amd_sata - ok
18:07:45.0659 3756 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
18:07:45.0668 3756 amd_xata - ok
18:07:45.0687 3756 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:07:45.0923 3756 AppID - ok
18:07:45.0953 3756 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:07:45.0998 3756 AppIDSvc - ok
18:07:46.0046 3756 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:07:46.0092 3756 Appinfo - ok
18:07:46.0139 3756 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:07:46.0199 3756 AppMgmt - ok
18:07:46.0206 3756 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:07:46.0217 3756 arc - ok
18:07:46.0224 3756 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:07:46.0235 3756 arcsas - ok
18:07:46.0367 3756 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:07:46.0377 3756 aspnet_state - ok
18:07:46.0398 3756 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:46.0441 3756 AsyncMac - ok
18:07:46.0481 3756 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:07:46.0492 3756 atapi - ok
18:07:46.0537 3756 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:07:46.0592 3756 AudioEndpointBuilder - ok
18:07:46.0599 3756 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:07:46.0634 3756 AudioSrv - ok
18:07:46.0664 3756 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:07:46.0747 3756 AxInstSV - ok
18:07:46.0772 3756 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:07:46.0838 3756 b06bdrv - ok
18:07:46.0876 3756 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:07:46.0911 3756 b57nd60a - ok
18:07:46.0934 3756 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:07:46.0970 3756 BDESVC - ok
18:07:46.0977 3756 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:07:47.0021 3756 Beep - ok
18:07:47.0076 3756 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:07:47.0115 3756 BFE - ok
18:07:47.0177 3756 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:07:47.0247 3756 BITS - ok
18:07:47.0273 3756 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:47.0298 3756 blbdrive - ok
18:07:47.0335 3756 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:07:47.0404 3756 bowser - ok
18:07:47.0422 3756 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:07:47.0496 3756 BrFiltLo - ok
18:07:47.0507 3756 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:07:47.0532 3756 BrFiltUp - ok
18:07:47.0566 3756 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:07:47.0602 3756 Browser - ok
18:07:47.0626 3756 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:07:47.0770 3756 Brserid - ok
18:07:47.0783 3756 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:47.0810 3756 BrSerWdm - ok
18:07:47.0833 3756 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:47.0870 3756 BrUsbMdm - ok
18:07:47.0891 3756 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:47.0903 3756 BrUsbSer - ok
18:07:47.0919 3756 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:07:47.0950 3756 BTHMODEM - ok
18:07:48.0001 3756 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:07:48.0050 3756 bthserv - ok
18:07:48.0073 3756 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:07:48.0104 3756 cdfs - ok
18:07:48.0123 3756 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:07:48.0135 3756 cdrom - ok
18:07:48.0151 3756 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:07:48.0195 3756 CertPropSvc - ok
18:07:48.0221 3756 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:07:48.0248 3756 circlass - ok
18:07:48.0278 3756 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:07:48.0292 3756 CLFS - ok
18:07:48.0334 3756 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:48.0344 3756 clr_optimization_v2.0.50727_32 - ok
18:07:48.0365 3756 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:48.0375 3756 clr_optimization_v2.0.50727_64 - ok
18:07:48.0432 3756 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:48.0442 3756 clr_optimization_v4.0.30319_32 - ok
18:07:48.0502 3756 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:48.0513 3756 clr_optimization_v4.0.30319_64 - ok
18:07:48.0526 3756 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:07:48.0556 3756 CmBatt - ok
18:07:48.0588 3756 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:07:48.0597 3756 cmdide - ok
18:07:48.0642 3756 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:07:48.0695 3756 CNG - ok
18:07:48.0708 3756 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:07:48.0718 3756 Compbatt - ok
18:07:48.0746 3756 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:07:48.0774 3756 CompositeBus - ok
18:07:48.0809 3756 COMSysApp - ok
18:07:48.0820 3756 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:07:48.0829 3756 crcdisk - ok
18:07:48.0874 3756 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:07:48.0919 3756 CryptSvc - ok
18:07:48.0947 3756 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:07:49.0011 3756 CSC - ok
18:07:49.0071 3756 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:07:49.0110 3756 CscService - ok
18:07:49.0356 3756 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
18:07:49.0364 3756 DAUpdaterSvc - ok
18:07:49.0391 3756 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:07:49.0444 3756 DcomLaunch - ok
18:07:49.0477 3756 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:07:49.0522 3756 defragsvc - ok
18:07:49.0554 3756 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:07:49.0623 3756 DfsC - ok
18:07:49.0654 3756 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:07:49.0693 3756 Dhcp - ok
18:07:49.0713 3756 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:07:49.0754 3756 discache - ok
18:07:49.0790 3756 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:07:49.0801 3756 Disk - ok
18:07:49.0822 3756 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:07:49.0923 3756 Dnscache - ok
18:07:49.0939 3756 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:07:49.0975 3756 dot3svc - ok
18:07:49.0985 3756 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:07:50.0032 3756 DPS - ok
18:07:50.0071 3756 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:07:50.0097 3756 drmkaud - ok
18:07:50.0171 3756 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:07:50.0195 3756 DXGKrnl - ok
18:07:50.0223 3756 EagleX64 - ok
18:07:50.0243 3756 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:07:50.0274 3756 EapHost - ok
18:07:50.0324 3756 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:07:50.0393 3756 ebdrv - ok
18:07:50.0420 3756 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:07:50.0459 3756 EFS - ok
18:07:50.0503 3756 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:07:50.0584 3756 ehRecvr - ok
18:07:50.0605 3756 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:07:50.0668 3756 ehSched - ok
18:07:50.0695 3756 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:07:50.0713 3756 elxstor - ok
18:07:50.0739 3756 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:07:50.0749 3756 ErrDev - ok
18:07:50.0773 3756 [ 5209CEEF4D201DC978A5402F2A7CC07F ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
18:07:50.0803 3756 EtronHub3 - ok
18:07:50.0833 3756 [ DC07B3AE7AB7FF4FACFA5C33BD480F37 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
18:07:50.0843 3756 EtronXHCI - ok
18:07:50.0865 3756 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:07:50.0917 3756 EventSystem - ok
18:07:50.0950 3756 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:07:50.0982 3756 exfat - ok
18:07:51.0009 3756 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:07:51.0057 3756 fastfat - ok
18:07:51.0093 3756 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:07:51.0162 3756 Fax - ok
18:07:51.0200 3756 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:07:51.0221 3756 fdc - ok
18:07:51.0245 3756 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:07:51.0289 3756 fdPHost - ok
18:07:51.0316 3756 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:07:51.0374 3756 FDResPub - ok
18:07:51.0396 3756 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:07:51.0407 3756 FileInfo - ok
18:07:51.0410 3756 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:07:51.0457 3756 Filetrace - ok
18:07:51.0472 3756 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:07:51.0486 3756 flpydisk - ok
18:07:51.0500 3756 [ CF145A57AEBA71B82B1C6F103461F6FA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:07:51.0515 3756 FltMgr - ok
18:07:51.0560 3756 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:07:51.0604 3756 FontCache - ok
18:07:51.0634 3756 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:07:51.0643 3756 FontCache3.0.0.0 - ok
18:07:51.0658 3756 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:07:51.0668 3756 FsDepends - ok
18:07:51.0691 3756 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:07:51.0701 3756 Fs_Rec - ok
18:07:51.0747 3756 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:07:51.0764 3756 fvevol - ok
18:07:51.0782 3756 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:07:51.0793 3756 gagp30kx - ok
18:07:51.0816 3756 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:07:51.0880 3756 gpsvc - ok
18:07:51.0932 3756 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:07:51.0941 3756 hamachi - ok
18:07:52.0027 3756 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:07:52.0105 3756 Hamachi2Svc - ok
18:07:52.0123 3756 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:07:52.0177 3756 hcw85cir - ok
18:07:52.0214 3756 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:07:52.0233 3756 HdAudAddService - ok
18:07:52.0272 3756 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:07:52.0299 3756 HDAudBus - ok
18:07:52.0310 3756 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:07:52.0340 3756 HidBatt - ok
18:07:52.0354 3756 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:07:52.0370 3756 HidBth - ok
18:07:52.0387 3756 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:07:52.0401 3756 HidIr - ok
18:07:52.0424 3756 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:07:52.0472 3756 hidserv - ok
18:07:52.0517 3756 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:07:52.0560 3756 HidUsb - ok
18:07:52.0647 3756 [ 5A457C3D00C1C701230A12AA1580114D ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
18:07:52.0675 3756 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
18:07:52.0675 3756 HiPatchService - detected UnsignedFile.Multi.Generic (1)
18:07:52.0711 3756 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:07:52.0756 3756 hkmsvc - ok
18:07:52.0793 3756 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:07:52.0837 3756 HomeGroupListener - ok
18:07:52.0881 3756 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:07:52.0894 3756 HomeGroupProvider - ok
18:07:52.0904 3756 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:07:52.0914 3756 HpSAMD - ok
18:07:52.0947 3756 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:07:52.0994 3756 HTTP - ok
18:07:53.0013 3756 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:07:53.0055 3756 hwpolicy - ok
18:07:53.0118 3756 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:07:53.0131 3756 i8042prt - ok
18:07:53.0156 3756 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:07:53.0171 3756 iaStorV - ok
18:07:53.0225 3756 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:07:53.0248 3756 idsvc - ok
18:07:53.0264 3756 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:07:53.0273 3756 iirsp - ok
18:07:53.0292 3756 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:07:53.0335 3756 IKEEXT - ok
18:07:53.0446 3756 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:07:53.0539 3756 IntcAzAudAddService - ok
18:07:53.0570 3756 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:07:53.0579 3756 intelide - ok
18:07:53.0632 3756 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:07:53.0671 3756 intelppm - ok
18:07:53.0698 3756 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:07:53.0743 3756 IPBusEnum - ok
18:07:53.0767 3756 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:53.0813 3756 IpFilterDriver - ok
18:07:53.0851 3756 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:07:53.0901 3756 iphlpsvc - ok
18:07:53.0924 3756 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:07:53.0935 3756 IPMIDRV - ok
18:07:53.0945 3756 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:07:53.0986 3756 IPNAT - ok
18:07:54.0002 3756 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:07:54.0063 3756 IRENUM - ok
18:07:54.0077 3756 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:07:54.0086 3756 isapnp - ok
18:07:54.0106 3756 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:07:54.0121 3756 iScsiPrt - ok
18:07:54.0146 3756 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:07:54.0156 3756 kbdclass - ok
18:07:54.0166 3756 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:07:54.0189 3756 kbdhid - ok
18:07:54.0208 3756 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:07:54.0218 3756 KeyIso - ok
18:07:54.0288 3756 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:07:54.0299 3756 KSecDD - ok
18:07:54.0347 3756 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:07:54.0359 3756 KSecPkg - ok
18:07:54.0368 3756 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:07:54.0416 3756 ksthunk - ok
18:07:54.0481 3756 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:07:54.0523 3756 KtmRm - ok
18:07:54.0563 3756 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:07:54.0606 3756 LanmanServer - ok
18:07:54.0637 3756 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:07:54.0696 3756 LanmanWorkstation - ok
18:07:54.0778 3756 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:07:54.0820 3756 lltdio - ok
18:07:54.0839 3756 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:07:54.0879 3756 lltdsvc - ok
18:07:54.0903 3756 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:07:54.0935 3756 lmhosts - ok
18:07:54.0953 3756 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:07:54.0963 3756 LSI_FC - ok
18:07:55.0000 3756 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:07:55.0012 3756 LSI_SAS - ok
18:07:55.0025 3756 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:07:55.0036 3756 LSI_SAS2 - ok
18:07:55.0054 3756 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:07:55.0064 3756 LSI_SCSI - ok
18:07:55.0079 3756 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:07:55.0127 3756 luafv - ok
18:07:55.0185 3756 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:07:55.0194 3756 MBAMProtector - ok
18:07:55.0299 3756 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:07:55.0312 3756 MBAMScheduler - ok
18:07:55.0338 3756 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:07:55.0355 3756 MBAMService - ok
18:07:55.0388 3756 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
18:07:55.0397 3756 MBfilt - ok
18:07:55.0418 3756 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:07:55.0443 3756 Mcx2Svc - ok
18:07:55.0463 3756 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:07:55.0473 3756 megasas - ok
18:07:55.0516 3756 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:07:55.0536 3756 MegaSR - ok
18:07:55.0623 3756 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:07:55.0632 3756 Microsoft Office Groove Audit Service - ok
18:07:55.0645 3756 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:07:55.0692 3756 MMCSS - ok
18:07:55.0702 3756 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:07:55.0743 3756 Modem - ok
18:07:55.0767 3756 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:07:55.0797 3756 monitor - ok
18:07:55.0846 3756 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:07:55.0857 3756 mouclass - ok
18:07:55.0872 3756 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:07:55.0883 3756 mouhid - ok
18:07:55.0919 3756 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:07:55.0930 3756 mountmgr - ok
18:07:55.0999 3756 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:07:56.0015 3756 MpFilter - ok
18:07:56.0040 3756 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:07:56.0052 3756 mpio - ok
18:07:56.0064 3756 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:07:56.0095 3756 mpsdrv - ok
18:07:56.0127 3756 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:07:56.0166 3756 MpsSvc - ok
18:07:56.0187 3756 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:07:56.0203 3756 MRxDAV - ok
18:07:56.0223 3756 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:07:56.0261 3756 mrxsmb - ok
18:07:56.0275 3756 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:07:56.0300 3756 mrxsmb10 - ok
18:07:56.0336 3756 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:07:56.0353 3756 mrxsmb20 - ok
18:07:56.0377 3756 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:07:56.0387 3756 msahci - ok
18:07:56.0399 3756 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:07:56.0411 3756 msdsm - ok
18:07:56.0426 3756 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:07:56.0451 3756 MSDTC - ok
18:07:56.0478 3756 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:07:56.0507 3756 Msfs - ok
18:07:56.0518 3756 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:07:56.0565 3756 mshidkmdf - ok
18:07:56.0612 3756 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:07:56.0622 3756 msisadrv - ok
18:07:56.0652 3756 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:07:56.0697 3756 MSiSCSI - ok
18:07:56.0700 3756 msiserver - ok
18:07:56.0731 3756 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:07:56.0773 3756 MSKSSRV - ok
18:07:56.0935 3756 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:07:56.0946 3756 MsMpSvc - ok
18:07:56.0956 3756 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:07:57.0002 3756 MSPCLOCK - ok
18:07:57.0030 3756 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:07:57.0073 3756 MSPQM - ok
18:07:57.0104 3756 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:07:57.0122 3756 MsRPC - ok
18:07:57.0156 3756 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:07:57.0166 3756 mssmbios - ok
18:07:57.0174 3756 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:07:57.0216 3756 MSTEE - ok
18:07:57.0238 3756 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:07:57.0248 3756 MTConfig - ok
18:07:57.0263 3756 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:07:57.0273 3756 Mup - ok
18:07:57.0300 3756 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:07:57.0348 3756 napagent - ok
18:07:57.0384 3756 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:07:57.0419 3756 NativeWifiP - ok
18:07:57.0484 3756 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:07:57.0507 3756 NDIS - ok
18:07:57.0519 3756 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:07:57.0550 3756 NdisCap - ok
18:07:57.0568 3756 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:07:57.0614 3756 NdisTapi - ok
18:07:57.0656 3756 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:07:57.0698 3756 Ndisuio - ok
18:07:57.0732 3756 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:07:57.0772 3756 NdisWan - ok
18:07:57.0808 3756 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:07:57.0850 3756 NDProxy - ok
18:07:57.0872 3756 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:07:57.0924 3756 NetBIOS - ok
18:07:57.0956 3756 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:07:57.0988 3756 NetBT - ok
18:07:57.0997 3756 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:07:58.0007 3756 Netlogon - ok
18:07:58.0025 3756 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:07:58.0060 3756 Netman - ok
18:07:58.0106 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:58.0117 3756 NetMsmqActivator - ok
18:07:58.0121 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:58.0130 3756 NetPipeActivator - ok
18:07:58.0146 3756 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:07:58.0199 3756 netprofm - ok
18:07:58.0203 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:58.0212 3756 NetTcpActivator - ok
18:07:58.0216 3756 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:58.0225 3756 NetTcpPortSharing - ok
18:07:58.0265 3756 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:07:58.0275 3756 nfrd960 - ok
18:07:58.0334 3756 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:07:58.0346 3756 NisDrv - ok
18:07:58.0385 3756 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:07:58.0404 3756 NisSrv - ok
18:07:58.0438 3756 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:07:58.0494 3756 NlaSvc - ok
18:07:58.0514 3756 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:07:58.0544 3756 Npfs - ok
18:07:58.0547 3756 npggsvc - ok
18:07:58.0558 3756 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:07:58.0604 3756 nsi - ok
18:07:58.0630 3756 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:07:58.0678 3756 nsiproxy - ok
18:07:58.0733 3756 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:07:58.0789 3756 Ntfs - ok
18:07:58.0804 3756 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:07:58.0834 3756 Null - ok
18:07:58.0875 3756 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:07:58.0887 3756 NVHDA - ok
18:07:59.0161 3756 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:07:59.0417 3756 nvlddmkm - ok
18:07:59.0445 3756 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:07:59.0457 3756 nvraid - ok
18:07:59.0481 3756 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:07:59.0493 3756 nvstor - ok
18:07:59.0526 3756 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:07:59.0549 3756 nvsvc - ok
18:07:59.0617 3756 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:07:59.0660 3756 nvUpdatusService - ok
18:07:59.0672 3756 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:07:59.0683 3756 nv_agp - ok
18:07:59.0739 3756 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:07:59.0754 3756 odserv - ok
18:07:59.0767 3756 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:07:59.0796 3756 ohci1394 - ok
18:07:59.0846 3756 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:59.0859 3756 ose - ok
18:07:59.0897 3756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:07:59.0942 3756 p2pimsvc - ok
18:07:59.0960 3756 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:07:59.0975 3756 p2psvc - ok
18:07:59.0995 3756 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:08:00.0007 3756 Parport - ok
18:08:00.0022 3756 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:08:00.0032 3756 partmgr - ok
18:08:00.0047 3756 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:08:00.0080 3756 PcaSvc - ok
18:08:00.0114 3756 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:08:00.0127 3756 pci - ok
18:08:00.0143 3756 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:08:00.0153 3756 pciide - ok
18:08:00.0167 3756 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:00.0180 3756 pcmcia - ok
18:08:00.0201 3756 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:08:00.0211 3756 pcw - ok
18:08:00.0227 3756 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:08:00.0278 3756 PEAUTH - ok
18:08:00.0373 3756 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:08:00.0477 3756 PeerDistSvc - ok
18:08:00.0512 3756 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:08:00.0533 3756 PerfHost - ok
18:08:00.0647 3756 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:08:00.0749 3756 pla - ok
18:08:00.0785 3756 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:08:00.0806 3756 PlugPlay - ok
18:08:00.0826 3756 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:08:00.0865 3756 PNRPAutoReg - ok
18:08:00.0896 3756 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:08:00.0911 3756 PNRPsvc - ok
18:08:00.0939 3756 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:08:00.0988 3756 PolicyAgent - ok
18:08:01.0014 3756 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:08:01.0060 3756 Power - ok
18:08:01.0103 3756 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:08:01.0145 3756 PptpMiniport - ok
18:08:01.0170 3756 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:08:01.0192 3756 Processor - ok
18:08:01.0230 3756 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:08:01.0269 3756 ProfSvc - ok
18:08:01.0285 3756 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:08:01.0295 3756 ProtectedStorage - ok
18:08:01.0329 3756 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:08:01.0376 3756 Psched - ok
18:08:01.0424 3756 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:08:01.0493 3756 ql2300 - ok
18:08:01.0506 3756 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:08:01.0517 3756 ql40xx - ok
18:08:01.0546 3756 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:08:01.0579 3756 QWAVE - ok
18:08:01.0607 3756 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:08:01.0656 3756 QWAVEdrv - ok
18:08:01.0671 3756 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:08:01.0705 3756 RasAcd - ok
18:08:01.0749 3756 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:01.0779 3756 RasAgileVpn - ok
18:08:01.0793 3756 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:08:01.0825 3756 RasAuto - ok
18:08:01.0836 3756 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:01.0887 3756 Rasl2tp - ok
18:08:01.0916 3756 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:08:01.0965 3756 RasMan - ok
18:08:02.0015 3756 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:02.0061 3756 RasPppoe - ok
18:08:02.0088 3756 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:08:02.0120 3756 RasSstp - ok
18:08:02.0149 3756 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:08:02.0183 3756 rdbss - ok
18:08:02.0190 3756 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:08:02.0204 3756 rdpbus - ok
18:08:02.0246 3756 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:02.0275 3756 RDPCDD - ok
18:08:02.0290 3756 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:08:02.0309 3756 RDPDR - ok
18:08:02.0334 3756 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:08:02.0381 3756 RDPENCDD - ok
18:08:02.0404 3756 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:08:02.0435 3756 RDPREFMP - ok
18:08:02.0462 3756 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:08:02.0526 3756 RdpVideoMiniport - ok
18:08:02.0560 3756 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:08:02.0597 3756 RDPWD - ok
18:08:02.0633 3756 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:08:02.0646 3756 rdyboost - ok
18:08:02.0667 3756 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:08:02.0710 3756 RemoteAccess - ok
18:08:02.0777 3756 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:08:02.0840 3756 RemoteRegistry - ok
18:08:02.0858 3756 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:08:02.0904 3756 RpcEptMapper - ok
18:08:02.0935 3756 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:08:02.0946 3756 RpcLocator - ok
18:08:02.0996 3756 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:08:03.0045 3756 RpcSs - ok
18:08:03.0077 3756 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:08:03.0119 3756 rspndr - ok
18:08:03.0163 3756 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:08:03.0182 3756 RTL8167 - ok
18:08:03.0221 3756 [ FC00C0DE6DC83DE1B2B01420E2195B21 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
18:08:03.0275 3756 RTL8192su - ok
18:08:03.0348 3756 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:08:03.0398 3756 s3cap - ok
18:08:03.0438 3756 [ 20FF3D56E9BF9C8FAE2582C5EF6355F2 ] SaiK1708 C:\Windows\system32\DRIVERS\SaiK1708.sys
18:08:03.0464 3756 SaiK1708 - ok
18:08:03.0472 3756 [ A80E47F2316CED3BB54C05AF016915F2 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
18:08:03.0492 3756 SaiMini - ok
18:08:03.0523 3756 [ A5AF334FEE9B4FB4523C3B016F7FFACC ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
18:08:03.0547 3756 SaiNtBus - ok
18:08:03.0633 3756 [ 79C7A79943FDB25615C97CF84AA873BE ] SaiU1708 C:\Windows\system32\DRIVERS\SaiU1708.sys
18:08:03.0655 3756 SaiU1708 - ok
18:08:03.0666 3756 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:08:03.0676 3756 SamSs - ok
18:08:03.0689 3756 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:08:03.0700 3756 sbp2port - ok
18:08:03.0722 3756 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:08:03.0768 3756 SCardSvr - ok
18:08:03.0832 3756 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:08:03.0899 3756 scfilter - ok
18:08:03.0949 3756 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:08:04.0014 3756 Schedule - ok
18:08:04.0037 3756 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:08:04.0080 3756 SCPolicySvc - ok
18:08:04.0147 3756 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:08:04.0157 3756 ScreamBAudioSvc - ok
18:08:04.0173 3756 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:08:04.0197 3756 SDRSVC - ok
18:08:04.0228 3756 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:08:04.0271 3756 secdrv - ok
18:08:04.0294 3756 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:08:04.0340 3756 seclogon - ok
18:08:04.0369 3756 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:08:04.0416 3756 SENS - ok
18:08:04.0427 3756 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:08:04.0443 3756 SensrSvc - ok
18:08:04.0470 3756 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:08:04.0490 3756 Serenum - ok
18:08:04.0512 3756 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:08:04.0524 3756 Serial - ok
18:08:04.0541 3756 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:08:04.0551 3756 sermouse - ok
18:08:04.0581 3756 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:08:04.0629 3756 SessionEnv - ok
18:08:04.0648 3756 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:08:04.0705 3756 sffdisk - ok
18:08:04.0713 3756 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:08:04.0723 3756 sffp_mmc - ok
18:08:04.0730 3756 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:08:04.0755 3756 sffp_sd - ok
18:08:04.0780 3756 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:04.0791 3756 sfloppy - ok
18:08:04.0811 3756 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:08:04.0844 3756 SharedAccess - ok
18:08:04.0882 3756 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:08:04.0920 3756 ShellHWDetection - ok
18:08:04.0958 3756 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:08:04.0968 3756 SiSRaid2 - ok
18:08:04.0978 3756 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:08:04.0989 3756 SiSRaid4 - ok
18:08:05.0052 3756 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:08:05.0064 3756 SkypeUpdate - ok
18:08:05.0077 3756 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:08:05.0119 3756 Smb - ok
18:08:05.0187 3756 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:08:05.0200 3756 SNMPTRAP - ok
18:08:05.0208 3756 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:08:05.0218 3756 spldr - ok
18:08:05.0266 3756 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:08:05.0312 3756 Spooler - ok
18:08:05.0389 3756 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:08:05.0509 3756 sppsvc - ok
18:08:05.0532 3756 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:08:05.0579 3756 sppuinotify - ok
18:08:05.0616 3756 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:08:05.0639 3756 srv - ok
18:08:05.0669 3756 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:08:05.0710 3756 srv2 - ok
18:08:05.0765 3756 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:08:05.0786 3756 srvnet - ok
18:08:05.0819 3756 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:08:05.0867 3756 SSDPSRV - ok
18:08:05.0877 3756 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:08:05.0911 3756 SstpSvc - ok
18:08:05.0933 3756 Steam Client Service - ok
18:08:06.0007 3756 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:08:06.0021 3756 Stereo Service - ok
18:08:06.0040 3756 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:08:06.0050 3756 stexstor - ok
18:08:06.0085 3756 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:08:06.0123 3756 stisvc - ok
18:08:06.0157 3756 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:08:06.0166 3756 storflt - ok
18:08:06.0178 3756 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:08:06.0188 3756 storvsc - ok
18:08:06.0196 3756 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:08:06.0206 3756 swenum - ok
18:08:06.0224 3756 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:08:06.0276 3756 swprv - ok
18:08:06.0279 3756 Synth3dVsc - ok
18:08:06.0340 3756 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:08:06.0401 3756 SysMain - ok
18:08:06.0438 3756 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:08:06.0455 3756 TabletInputService - ok
18:08:06.0551 3756 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
18:08:06.0604 3756 tap0901t ( UnsignedFile.Multi.Generic ) - warning
18:08:06.0604 3756 tap0901t - detected UnsignedFile.Multi.Generic (1)
18:08:06.0628 3756 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:08:06.0638 3756 taphss - ok
18:08:06.0652 3756 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:08:06.0700 3756 TapiSrv - ok
18:08:06.0704 3756 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:08:06.0736 3756 TBS - ok
18:08:06.0816 3756 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:08:06.0893 3756 Tcpip - ok
18:08:06.0926 3756 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:08:06.0960 3756 TCPIP6 - ok
18:08:06.0998 3756 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:08:07.0030 3756 tcpipreg - ok
18:08:07.0050 3756 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:08:07.0076 3756 TDPIPE - ok
18:08:07.0130 3756 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:08:07.0151 3756 TDTCP - ok
18:08:07.0183 3756 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:08:07.0213 3756 tdx - ok
18:08:07.0435 3756 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:08:07.0521 3756 TeamViewer8 - ok
18:08:07.0566 3756 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:08:07.0577 3756 TermDD - ok
18:08:07.0626 3756 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:08:07.0677 3756 TermService - ok
18:08:07.0712 3756 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:08:07.0738 3756 Themes - ok
18:08:07.0768 3756 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:08:07.0798 3756 THREADORDER - ok
18:08:07.0823 3756 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:08:07.0880 3756 TrkWks - ok
18:08:07.0939 3756 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:08:07.0982 3756 TrustedInstaller - ok
18:08:08.0017 3756 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:08.0046 3756 tssecsrv - ok
18:08:08.0071 3756 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:08:08.0134 3756 TsUsbFlt - ok
18:08:08.0138 3756 tsusbhub - ok
18:08:08.0201 3756 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:08:08.0232 3756 tunnel - ok
18:08:08.0266 3756 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
18:08:08.0659 3756 TunngleService ( UnsignedFile.Multi.Generic ) - warning
18:08:08.0659 3756 TunngleService - detected UnsignedFile.Multi.Generic (1)
18:08:08.0698 3756 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:08:08.0710 3756 uagp35 - ok
18:08:08.0740 3756 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:08:08.0787 3756 udfs - ok
18:08:08.0821 3756 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:08:08.0833 3756 UI0Detect - ok
18:08:08.0852 3756 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:08:08.0864 3756 uliagpkx - ok
18:08:08.0900 3756 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:08:08.0937 3756 umbus - ok
18:08:08.0990 3756 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:08:09.0005 3756 UmPass - ok
18:08:09.0027 3756 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:08:09.0052 3756 UmRdpService - ok
18:08:09.0084 3756 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:08:09.0118 3756 upnphost - ok
18:08:09.0132 3756 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
18:08:09.0172 3756 usbccgp - ok
18:08:09.0204 3756 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:08:09.0220 3756 usbcir - ok
18:08:09.0234 3756 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:08:09.0245 3756 usbehci - ok
18:08:09.0310 3756 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:08:09.0318 3756 usbfilter - ok
18:08:09.0343 3756 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:08:09.0374 3756 usbhub - ok
18:08:09.0400 3756 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:08:09.0425 3756 usbohci - ok
18:08:09.0452 3756 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:08:09.0521 3756 usbprint - ok
18:08:09.0551 3756 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:09.0596 3756 USBSTOR - ok
18:08:09.0633 3756 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:08:09.0655 3756 usbuhci - ok
18:08:09.0683 3756 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:08:09.0732 3756 UxSms - ok
18:08:09.0777 3756 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:08:09.0789 3756 VaultSvc - ok
18:08:09.0821 3756 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:08:09.0831 3756 vdrvroot - ok
18:08:09.0862 3756 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:08:09.0899 3756 vds - ok
18:08:09.0911 3756 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:09.0924 3756 vga - ok
18:08:09.0938 3756 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:08:09.0968 3756 VgaSave - ok
18:08:09.0971 3756 VGPU - ok
18:08:09.0985 3756 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:08:09.0998 3756 vhdmp - ok
18:08:10.0011 3756 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:08:10.0021 3756 viaide - ok
18:08:10.0042 3756 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:08:10.0054 3756 vmbus - ok
18:08:10.0104 3756 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:08:10.0125 3756 VMBusHID - ok
18:08:10.0148 3756 vmci - ok
18:08:10.0151 3756 VMnetAdapter - ok
18:08:10.0161 3756 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:08:10.0172 3756 volmgr - ok
18:08:10.0190 3756 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:08:10.0204 3756 volmgrx - ok
18:08:10.0217 3756 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:08:10.0230 3756 volsnap - ok
18:08:10.0246 3756 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:08:10.0258 3756 vsmraid - ok
18:08:10.0353 3756 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:08:10.0448 3756 VSS - ok
18:08:10.0461 3756 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:08:10.0490 3756 vwifibus - ok
18:08:10.0516 3756 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:08:10.0542 3756 vwififlt - ok
18:08:10.0596 3756 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:08:10.0635 3756 W32Time - ok
18:08:10.0657 3756 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:08:10.0683 3756 WacomPen - ok
18:08:10.0768 3756 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
18:08:10.0776 3756 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
18:08:10.0776 3756 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
18:08:10.0821 3756 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:08:10.0853 3756 WANARP - ok
18:08:10.0865 3756 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:08:10.0894 3756 Wanarpv6 - ok
18:08:10.0932 3756 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:08:11.0024 3756 wbengine - ok
18:08:11.0052 3756 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:08:11.0073 3756 WbioSrvc - ok
18:08:11.0111 3756 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:08:11.0130 3756 wcncsvc - ok
18:08:11.0152 3756 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:08:11.0204 3756 WcsPlugInService - ok
18:08:11.0231 3756 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:08:11.0240 3756 Wd - ok
18:08:11.0263 3756 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:08:11.0286 3756 Wdf01000 - ok
18:08:11.0301 3756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:08:11.0473 3756 WdiServiceHost - ok
18:08:11.0477 3756 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:08:11.0493 3756 WdiSystemHost - ok
18:08:11.0590 3756 [ D75398987C968DCBABC411E08029E387 ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
18:08:11.0603 3756 Web Assistant - ok
18:08:11.0639 3756 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:08:11.0685 3756 WebClient - ok
18:08:11.0711 3756 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:08:11.0774 3756 Wecsvc - ok
18:08:11.0803 3756 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:08:11.0853 3756 wercplsupport - ok
18:08:11.0903 3756 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:08:11.0941 3756 WerSvc - ok
18:08:11.0991 3756 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:08:12.0021 3756 WfpLwf - ok
18:08:12.0031 3756 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:08:12.0040 3756 WIMMount - ok
18:08:12.0043 3756 WinDefend - ok
18:08:12.0050 3756 WinHttpAutoProxySvc - ok
18:08:12.0091 3756 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:08:12.0124 3756 Winmgmt - ok
18:08:12.0196 3756 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:08:12.0282 3756 WinRM - ok
18:08:12.0323 3756 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:08:12.0350 3756 Wlansvc - ok
18:08:12.0370 3756 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:08:12.0396 3756 WmiAcpi - ok
18:08:12.0419 3756 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:08:12.0453 3756 wmiApSrv - ok
18:08:12.0479 3756 WMPNetworkSvc - ok
18:08:12.0516 3756 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:08:12.0535 3756 WPCSvc - ok
18:08:12.0556 3756 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:08:12.0584 3756 WPDBusEnum - ok
18:08:12.0608 3756 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:08:12.0653 3756 ws2ifsl - ok
18:08:12.0669 3756 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:08:12.0704 3756 wscsvc - ok
18:08:12.0708 3756 WSearch - ok
18:08:12.0871 3756 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:08:12.0954 3756 wuauserv - ok
18:08:12.0995 3756 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:08:13.0041 3756 WudfPf - ok
18:08:13.0075 3756 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:13.0097 3756 WUDFRd - ok
18:08:13.0149 3756 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:08:13.0161 3756 wudfsvc - ok
18:08:13.0175 3756 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:08:13.0193 3756 WwanSvc - ok
18:08:13.0213 3756 ================ Scan global ===============================
18:08:13.0244 3756 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:08:13.0309 3756 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:08:13.0316 3756 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:08:13.0326 3756 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:08:13.0352 3756 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:08:13.0356 3756 [Global] - ok
18:08:13.0357 3756 ================ Scan MBR ==================================
18:08:13.0362 3756 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:08:13.0844 3756 \Device\Harddisk0\DR0 - ok
18:08:13.0845 3756 ================ Scan VBR ==================================
18:08:13.0847 3756 [ B76E87E6C9B32C09A7F632DBD8744DE0 ] \Device\Harddisk0\DR0\Partition1
18:08:13.0848 3756 \Device\Harddisk0\DR0\Partition1 - ok
18:08:13.0878 3756 [ C7B6E225543803612ACEB72D7F703ADD ] \Device\Harddisk0\DR0\Partition2
18:08:13.0879 3756 \Device\Harddisk0\DR0\Partition2 - ok
18:08:13.0880 3756 ============================================================
18:08:13.0880 3756 Scan finished
18:08:13.0880 3756 ============================================================
18:08:13.0887 4832 Detected object count: 4
18:08:13.0887 4832 Actual detected object count: 4
18:08:28.0968 4832 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:28.0968 4832 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:28.0969 4832 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:28.0969 4832 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:28.0970 4832 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:28.0970 4832 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:28.0971 4832 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:28.0972 4832 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:46.0426 2832 Deinitialize success
|
|
04.04.2013, 22:44
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2013, 13:35
| #29 |
| | Trojanerbefund(mehr als 1er)Code:
ATTFilter ComboFix 13-04-04.01 - Win 7 05.04.2013 14:19:20.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8172.6233 [GMT 2:00]
ausgeführt von:: c:\users\Win 7\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2012-12-19_18-11-27_r3dlog.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-05 bis 2013-04-05 ))))))))))))))))))))))))))))))
.
.
2013-04-05 12:28 . 2013-04-05 12:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-05 12:28 . 2013-04-05 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-04 15:00 . 2013-04-04 15:00 -------- d-----w- C:\Games
2013-04-04 14:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF55032A-BF2D-4D8A-96C3-55383DFD0D87}\mpengine.dll
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\program files (x86)\Wajam
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\users\Win 7\AppData\Roaming\SmartPCFix
2013-04-03 13:13 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-02 08:46 . 2013-04-02 08:46 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-02 08:46 . 2013-04-02 08:46 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-02 08:46 . 2013-04-02 08:46 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-02 08:46 . 2013-04-02 08:46 188320 ----a-w- c:\windows\system32\java.exe
2013-04-02 08:46 . 2013-04-02 08:46 -------- d-----w- c:\program files\Java
2013-03-29 11:51 . 2012-11-28 15:35 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB6483E-34EF-4DCB-A23D-972B933C4902}\gapaengine.dll
2013-03-29 11:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 18:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 16:58 . 2013-03-29 11:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-28 16:41 . 2013-03-28 16:52 -------- d-----w- c:\users\Win 7\AppData\Roaming\Irveyz
2013-03-17 12:01 . 2013-03-17 12:01 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-17 12:01 . 2013-03-17 12:01 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-13 22:42 . 2013-03-13 22:42 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:42 . 2013-03-13 22:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-11 18:55 . 2013-03-11 18:55 -------- d-----w- c:\users\Win 7\AppData\Local\SmartTechnology
2013-03-11 18:23 . 2013-03-11 18:23 -------- d-----w- c:\programdata\SmartTechnology
2013-03-11 18:23 . 2013-03-11 18:23 -------- d-----w- c:\program files\SmartTechnology
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2012-04-16 18:59 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 08:46 . 2012-10-01 18:19 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-02 08:46 . 2012-04-16 16:50 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-28 18:28 . 2013-01-31 15:19 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-28 18:28 . 2013-01-31 15:19 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 22:45 . 2012-04-16 19:28 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-04 09:00 . 2012-09-11 13:29 1316144 ----a-w- c:\windows\system32\dmwu.exe
2013-03-04 08:59 . 2012-09-11 13:29 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-03-04 08:07 . 2011-01-07 13:02 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-04 08:07 . 2011-01-07 13:02 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-25 23:32 . 2013-02-25 23:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 23:32 . 2012-10-10 20:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2012-10-10 20:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 23:32 . 2013-02-25 23:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 23:32 . 2012-10-10 20:23 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2013-02-25 23:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 23:32 . 2012-10-10 20:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 23:32 . 2012-04-16 19:05 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2013-02-25 23:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 23:32 . 2013-02-25 23:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 23:32 . 2013-02-25 23:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 23:32 . 2013-02-25 23:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 23:32 . 2013-02-25 23:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 23:32 . 2013-02-25 23:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 23:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2013-02-25 23:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 23:32 . 2012-04-16 19:05 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 23:32 . 2013-02-25 23:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 23:32 . 2013-02-25 23:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 23:32 . 2013-02-25 23:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 23:32 . 2012-10-10 20:23 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 23:32 . 2013-02-25 23:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 23:32 . 2013-02-25 23:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-12 05:45 . 2013-03-13 13:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-01 07:43 . 2013-02-01 07:43 52640 ----a-w- c:\windows\system32\drivers\SaiBus.sys
2013-02-01 07:43 . 2013-02-01 07:43 25120 ----a-w- c:\windows\system32\drivers\SaiMini.sys
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2011-04-27 13:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 15:00 . 2012-04-16 19:06 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-04-16 19:06 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-04-16 19:06 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-04-16 19:06 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-04-16 19:06 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2012-04-16 19:06 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-04-16 19:06 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 07:15 . 2013-01-18 07:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-01-13 21:17 . 2013-02-27 14:11 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 14:11 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 14:11 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 14:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:11 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:11 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 14:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:11 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:11 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 14:11 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 14:11 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 14:11 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 14:11 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 14:11 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 14:11 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 14:11 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 14:11 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 14:11 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 14:11 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 14:11 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 14:11 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 14:11 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 14:11 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 14:11 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 14:11 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 14:11 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 14:11 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 14:11 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 14:11 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 14:11 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 14:11 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 14:11 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 14:11 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 14:11 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 14:11 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 14:11 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 14:11 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 14:11 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 14:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 14:11 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:28 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2013-01-10 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2013-03-28 109064]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-29 188760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-03-01 60800]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-03-01 85632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]
S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys [2012-09-20 180544]
S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys [2012-09-20 47168]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 18:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-01-31 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-01-31 158208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-05 14:30:58
ComboFix-quarantined-files.txt 2013-04-05 12:30
.
Vor Suchlauf: 13 Verzeichnis(se), 689.055.150.080 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 690.094.186.496 Bytes frei
.
- - End Of File - - DB753E7E86C4DA05F21B2CDE103ACCE6
|
|
05.04.2013, 15:02
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerbefund(mehr als 1er) JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojanerbefund(mehr als 1er) |
| arten, backup, dringende, eingestuft, entferne, erklärung, essen, essentials, falsch, gelöscht, kleines, min, neue, neustarten, nötig, security, security essentials, system, tauchen, troja, trojaner, trojaner - windows security alert, trojanerbefund, versuche, woche, wochen |
Linear-Darstellung
