| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: HEUR:Exploit.Java.CVE-2012-0507.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.04.2013, 21:26
| #1 |
 |  Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hallo, habe vorgerstern eine vollständige Systemuntersuchung durch Kaspersky durchgeführt. Hierbei wurde folgende "Malware" gefunden: HEUR:Exploit.Java.CVE-2012-0507.gen Der Status steht auf "gefunden, nicht verarbeitet". Ich glaube unmittelbar nach der Systemuntersuchung ergänzte Kaspersky auch "irreparabel". Löschen kann ich den Trojaner also nicht. Was mir am PC aufgefallen ist in den letzten Tagen / Wochen: - Videos (YouTube) laden sehr langsam - Bilder in eBay lassen sich nicht öffen bzw. werden nicht angezeigt (geht mittlerweile wieder) - sehr viele Spam-Emails in meinem web.de-Postfach (hatte ich früher eigentlich nie Probleme mit), Betreff immer ganz profan: "Hi" oder so in der Art, wurde aber immer als Spam erkannt und sofort gelöscht, nie geöffnet Was kann ich jetzt tun? Ich bin leider kein Experte was Comuter angeht (wenn möglich nicht mit Fachbegriffen erklären  )Gruß |
|
17.04.2013, 14:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
17.04.2013, 20:25
| #3 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hallo cosinus,
__________________ja, wenn ich unter "Erkannte Bedrohungen" gehe wird einiges aus der Vergangenheit aufgelistet (wurde aber von Kaspersky immer auf "Inaktiv" gesetzt, die o.g. Malware ist die erste die als "Gefunden, nicht verarbeitet" angezeigt wird. Ist einiges, hier ein Screenshot: (wie kann ich in Kaspersky den genauen Bericht zum Fund aufrufen und hier einstellen?) |
|
18.04.2013, 12:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2013, 22:38
| #5 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hallo cosinus, hier die beiden Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/18/2013 11:14:26 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free 6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS Computer Name: XYZ | User Name: XYZ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XYZ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe (Conduit Ltd.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{432C657B-AB37-491E-8C53-C4B369D39B1B}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{4D3A3268-0704-4E74-8AF4-A180761461D7}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE415 IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{A291A10C-3FC2-4308-A71D-A28B9849B72A}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04 IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{C31C8515-CC6B-4FA7-B621-A7AA4DE7497E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{FC3A14B0-228A-4D08-988E-AEBAC666BE78}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 19:05:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 19:20:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/21 22:13:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011/03/30 12:44:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1463205399-554048611-282685520-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell - "" = AutoRun O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell\AutoRun\command - "" = I:\Setup.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/18 22:14:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe [2013/04/10 18:28:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/10 18:28:25 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/10 18:28:25 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/10 18:28:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/04/10 18:28:20 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013/04/10 18:28:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013/04/10 18:28:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/10 18:28:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013/04/10 18:28:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/04/10 18:28:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/04/10 18:28:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/04/10 18:28:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/10 18:28:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/10 18:28:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/04/10 18:28:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/04/10 18:28:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/10 18:28:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/04/10 18:28:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/04/04 10:07:59 | 000,000,000 | R--D | C] -- C:\Users\XYZ\Desktop [2013/04/03 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Auto [2013/03/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Becker Content Manager [2013/03/26 19:38:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/18 23:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/18 22:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe [2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/18 22:04:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/18 22:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/18 22:03:53 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013/04/11 23:25:54 | 000,693,922 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2013/04/11 23:25:54 | 000,691,660 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013/04/11 23:25:54 | 000,690,194 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013/04/11 23:25:54 | 000,689,576 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2013/04/11 23:25:54 | 000,679,810 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2013/04/11 23:25:54 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/04/11 23:25:54 | 000,632,648 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2013/04/11 23:25:54 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/11 23:25:54 | 000,610,670 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2013/04/11 23:25:54 | 000,148,520 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2013/04/11 23:25:54 | 000,137,272 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2013/04/11 23:25:54 | 000,135,050 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013/04/11 23:25:54 | 000,133,962 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2013/04/11 23:25:54 | 000,133,150 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013/04/11 23:25:54 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/04/11 23:25:54 | 000,127,354 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2013/04/11 23:25:54 | 000,121,736 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2013/04/11 23:25:54 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/10 20:44:17 | 000,368,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/04 00:49:24 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2013/03/28 21:50:07 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk [211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/04 00:49:24 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2013/03/28 21:50:07 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk [2012/04/14 22:22:34 | 000,000,288 | ---- | C] () -- C:\Users\XYZ\AppData\Roaming\.backup.dm [2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Techno Kit [2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables [2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\System Image Utility [2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Textures [2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Pads [2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Vocal Transformer [2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures [2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs [2012/03/18 18:02:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012/01/14 19:53:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012/01/07 23:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\XYZ\AppData\Local\keyfile3.drm [2011/12/27 22:33:11 | 000,017,408 | ---- | C] () -- C:\Users\XYZ\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >  Hier der 2.:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/18/2013 11:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free
6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B74180-D76A-4C8F-A6F6-3103E109E941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07646CDD-4BD2-4800-94BF-8D1DDF9C754B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C96CB0D-2A7A-4A88-AFE0-BA38E61B4FE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{1310D265-A30C-4FCE-9A40-94039462C0CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ABA908A-78FE-4717-8768-7E751053645B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BCF41E0-8F66-4F4A-A7C7-ABA7FB11B270}" = rport=138 | protocol=17 | dir=out | app=system |
"{30FCB229-31D0-4705-AD07-8B7E61490568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5787F921-5431-4BA2-A3E2-0FAD3C661A8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D2B11F8-A097-4992-A229-DC6AA51A9A22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73BC6293-9162-4966-82B4-3042E2D74DEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7714FED0-79FC-4D57-B4DD-B98B4A1A9DC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B3AE9FE-3D74-4F90-B772-FF9ABF0FC216}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C1A9568-F520-4BBC-AB24-8B809B571F84}" = lport=445 | protocol=6 | dir=in | app=system |
"{93D50508-69FE-4C5E-B532-0C511EB50E75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9ACDED70-11A1-4D4C-8ECD-A482449B92AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0CC27A7-9A11-4826-925A-6F85F9A33CAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{A15040A5-2E7D-47D3-B496-55133D56F708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35DC2EA-9E0D-4F08-8681-48AD467A2981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF10D220-3861-4641-BCDB-ACFA81EDF20A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3F7F406-992C-4FD0-B448-970A8BAABB26}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D964598F-3CD9-4F7E-BB08-767C59DCB4A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2E95B6-C0E2-4763-9E92-2496398CEE48}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFEABD30-BFC3-4CCE-A191-7C4D90990D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F66BCFBD-B2E1-443A-AE50-D696DE926991}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC471ED0-36BF-403A-98C6-924DDDA231A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC0F2-836E-4A84-B8F6-7A6A083BE34E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{056F4C23-7EB4-468C-AD6E-11CD8DCEE687}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{087EFD99-E62A-4F9F-84EA-5F639E1BA320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0972544F-A9EF-4820-A959-BC5652A47D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B5B3474-02D5-41FB-8BE7-1A00B93CB5BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0DD76F02-0CB6-4CEE-965F-16849E1338F5}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{18D5E152-030D-433B-8459-F85965F86922}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E8312E3-AD9C-4571-81CA-096E569236F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26B4EB06-280F-4994-B6CC-B3DA46B68444}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{2B14787F-8F01-49ED-9062-8067830607BF}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2F1F19AA-2CC0-4CF2-A561-4F7E64587125}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34307912-13DA-47F9-84BD-EEFC76C89661}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4342EE36-DF66-48A8-BF20-4E7C975ADC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47113460-FF6D-44AB-A9F0-8CD28615B7DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{57B951B6-CC36-4F94-9D41-52F345B58648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BC15063-A98C-42EF-8687-F2C22B1E6D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BFE8A42-CCD1-4057-8B4D-DF256BE8C2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F2811AE-0F27-4702-9F6F-3C9333937DD9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{6F71CB98-89D4-4E4D-B6A8-18EB3F758F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708A2176-7AFC-4F3E-8458-55C8DF4B08F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BF3B4EF-16AF-4778-874A-5D57E96D710B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{9D9FCCDC-E783-484A-B2CE-DBF502633089}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1AC82B1-4E9F-49D1-896E-27467F231803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A60207D4-5143-47B2-BEB6-1CD7EC4F8017}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{AFE24910-1896-442A-A6D7-335F4C877CB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B5197E2F-C93E-449B-A3FB-0C37728F25F8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{BAF72E62-8F83-4521-9CC8-5D5DEB333F70}" = protocol=6 | dir=out | app=system |
"{C1EF6C8D-FC59-418B-95FE-4931E86AC009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C687FEEC-0745-40B9-81DB-A81853269CF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0CAABE8-6F10-45E2-95D6-6EB995F26B48}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DC23138F-AB29-4B58-BCCD-F6B2B4D8BD89}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{F9063565-9DE5-418F-986D-848F6E68A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD006F46-67D8-44BB-986F-3772F16FD129}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28F11027-A8BC-44D3-A59A-CA018ED73E8C}" = Compact&Easy
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Becker Content Manager" = Becker Content Manager 5.20.1008
"Content Manager 2" = Content Manager 2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/12/2013 2:55:47 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
Zeitstempel: 0x51317269 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000004 ID des fehlerhaften
Prozesses: 0x14c4 Startzeit der fehlerhaften Anwendung: 0x01ce37aeda71f89a Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 9563d935-a3a2-11e2-92d1-6c626d5ce55e
Error - 4/12/2013 3:27:42 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
Zeitstempel: 0x51317269 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000004 ID des fehlerhaften
Prozesses: 0xbac Startzeit der fehlerhaften Anwendung: 0x01ce37af57feb79d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 0b21c64b-a3a7-11e2-92d1-6c626d5ce55e
Error - 4/12/2013 3:47:16 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
Zeitstempel: 0x51317269 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000004 ID des fehlerhaften
Prozesses: 0x127c Startzeit der fehlerhaften Anwendung: 0x01ce37b60e9df6ac Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: c6c3603a-a3a9-11e2-92d1-6c626d5ce55e
Error - 4/14/2013 11:22:35 PM | Computer Name = XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Spigot\Search Settings\SearchSettings64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description =
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description =
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description =
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description =
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 128c Startzeit: 01ce3ad73a94ae92 Endzeit: 0 Anwendungspfad:
C:\Windows\system32\rundll32.exe Berichts-ID:
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9cc Startzeit: 01ce3ad73cb106f0 Endzeit: 0 Anwendungspfad: C:\Windows\system32\rundll32.exe
Berichts-ID:
[ System Events ]
Error - 4/14/2013 11:37:31 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für tr-TR kann von CBS nicht entfernt werden. Zurückgegebener
CBS-Fehlercode: 0x80073701.
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = CBS-Fehler 0x80073701 '' bei Verwendung des Benutzeroberflächen-Sprachpakets
für hu-HU.
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für hu-HU kann von CBS nicht entfernt werden. Zurückgegebener
CBS-Fehlercode: 0x80073701.
Error - 4/15/2013 1:08:15 AM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
Error - 4/16/2013 4:30:53 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
Error - 4/17/2013 3:02:20 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 22:30:16 unerwartet heruntergefahren.
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description =
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description =
Error - 4/17/2013 5:43:06 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
Error - 4/18/2013 4:04:04 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2013 um 23:43:08 unerwartet heruntergefahren.
< End of report >
|
|
19.04.2013, 01:03
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen |
|
19.04.2013, 21:41
| #7 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hallo, Schritt 1) Rootkitscan mit GMER hat funkioniert. Zu Schritt 2) Malwarebytes Anti-Rootkit (MBAR) habe ich Fragen / Verständnisprobleme. Ich habe das MBAR auf dem Desktop gespeichert. Es ist ein ZIP-Ordner. Was meinst du mit "Entpacke das Archiv auf deinem Desktop"? Das verstehe ich nicht. Dann: "Im neu erstellten Ordner starte bitte die mbar.exe" - meinst du in diesem ZIP-Ordner die Anwendung mbar? Wenn ich das drücke wird angezeigt, dass die Dateien vorher extrahiert werden müssen (was heißt das)? |
|
20.04.2013, 17:18
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.genZitat:
Zitat:
 Zb ZIP-Dateiformat ? Wikipedia oder 7-Zip ? Wikipedia 7zip Download: mit 7-Zip Dateien packen und entpacken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 18:01
| #9 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Hier das Log zu Schritt 1: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-19 21:54:26
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\XYZ\AppData\Local\Temp\uxlcypod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8CCDD392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8CCF824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x8CCF8580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8CCF88F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8CCDDE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8CCF7F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8CCDE37E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8CCDE26C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x8CCF83F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8CCDD14E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8CCDE496]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8CCDD9C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8CCDDB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x8CCDE5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x8CCF84B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8CCDE856]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8CCDDE4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8CCDF858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8CCDE948]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8CCDEEB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8CCF6722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8CCDE410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8CCDE2F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8CCDD5CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8CCDEC98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8CCDE528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8CCDD4C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8CCDE664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8CCF691A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0x8CCDF1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8CCDEAE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8CCF86E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8CCF8632]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8CCF8750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8CCDF6FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8CCF80BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8CCDDCAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8CCDE702]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8CCDF32A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8CCDF41E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8CCDF558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8CCDE778]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8CCDD76C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8CCDD6C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8CCDF092]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8CCDD858]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 83487829 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834AC132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 230 834B3910 4 Bytes [92, D3, CD, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 258 834B3938 8 Bytes [4A, 82, CF, 8C, 80, 85, CF, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 834B397C 4 Bytes [F6, 88, CF, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 2C8 834B39A8 4 Bytes [0C, DE, CD, 8C] {OR AL, 0xde; INT 0x8c}
.text ntkrnlpa.exe!RtlSidHashLookup + 2EC 834B39CC 4 Bytes [32, 7F, CF, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C31000, 0x2FBAB4, 0xE8000020]
---- User code sections - GMER 2.1 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] ntdll.dll!NtProtectVirtualMemory 77465000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] USER32.dll!NotifyWinEvent + 48B 76B8F724 4 Bytes [E0, 13, 54, 67]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] ntdll.dll!NtProtectVirtualMemory 77465000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] USER32.dll!NotifyWinEvent + 48B 76B8F724 4 Bytes [E0, 13, 54, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExA 76E21B96 5 Bytes JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExW 76E21C82 6 Bytes JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueW 76E3FA72 6 Bytes JMP 5A67BD70 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueA 76E6F529 5 Bytes JMP 5A67BD00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CreateWindowExW 76B80E51 5 Bytes JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamW 76BA4AA7 5 Bytes JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenu 76BA4B3B 5 Bytes JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamW 76BA564A 5 Bytes JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenuEx 76BA5F72 5 Bytes JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamA 76BBCF6A 5 Bytes JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamA 76BBD29C 5 Bytes JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectA 76BCE8C9 5 Bytes JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectW 76BCE9C3 5 Bytes JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExA 76BCEA29 5 Bytes JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExW 76BCEA4D 5 Bytes JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExA 76E21B96 5 Bytes JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExW 76E21C82 6 Bytes JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamW 76B79BFF 5 Bytes JMP 699AC5A8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EnableWindow 76B7A72E 5 Bytes JMP 699AC523 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetAsyncKeyState 76B7C09A 5 Bytes JMP 6996D6D9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!UnhookWindowsHookEx 76B7CC7B 5 Bytes JMP 69A683A2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CallNextHookEx 76B7CC8F 5 Bytes JMP 69A49D5C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateWindowExW 76B80E51 5 Bytes JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetWindowsHookExW 76B8210A 5 Bytes JMP 69A0464B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetKeyState 76B84FDA 5 Bytes JMP 699AD79A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessageW 76B86F06 5 Bytes JMP 69974274 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamA 76B93E79 5 Bytes JMP 69B82BE9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessage 76B9407A 5 Bytes JMP 69B8248A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamA 76B99110 5 Bytes JMP 69B82C20 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamW 76BA08AD 5 Bytes JMP 69B82C57 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamW 76BA4AA7 5 Bytes JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenu 76BA4B3B 5 Bytes JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EndDialog 76BA555C 5 Bytes JMP 69975AD9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamW 76BA564A 5 Bytes JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenuEx 76BA5F72 5 Bytes JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetKeyboardState 76BA6B52 5 Bytes JMP 69B827EF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SendInput 76BA7055 5 Bytes JMP 69B833B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetCursorPos 76BBC1D8 5 Bytes JMP 69B8340C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamA 76BBCF6A 5 Bytes JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamA 76BBD29C 5 Bytes JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectA 76BCE8C9 5 Bytes JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectW 76BCE9C3 5 Bytes JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExA 76BCEA29 5 Bytes JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExW 76BCEA4D 5 Bytes JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!keybd_event 76BCEC9B 5 Bytes JMP 69B8373F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45BA 7590B440 4 Bytes [11, 36, 05, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45C2 7590B448 8 Bytes [5F, 35, 05, 6B, D0, 73, 04, ...] {POP EDI; XOR EAX, 0x73d06b05; ADD AL, 0x6b}
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream 772C5BF6 3 Bytes JMP 69B82346 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream + 4 772C5BFA 1 Byte [F2]
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!CoCreateInstance 7731590C 5 Bytes JMP 69A58C65 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!closesocket 76F93BED 5 Bytes JMP 5F6141DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!socket 76F93F00 5 Bytes JMP 5F61354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!recv 76F947DF 5 Bytes JMP 5F614549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!connect 76F948BE 5 Bytes JMP 5F6135DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!getaddrinfo 76F96737 5 Bytes JMP 5F613704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!send 76F9C4C8 5 Bytes JMP 5F613B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys
AttachedDevice \Driver\tdx \Device\Udp kl1.sys
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Schritt 2): Es wurde keine Malware gefunden! WIe kann das denn sein? Hier das Logfile dazu: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.04.20.08 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 XYZ :: XYZ [administrator] 20.04.2013 18:56:45 mbar-log-2013-04-20 (18-56-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30405 Time elapsed: 14 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Geändert von tseb (20.04.2013 um 18:07 Uhr) |
|
20.04.2013, 18:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 22:17
| #11 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Gibt es in diesen Protokollen außer dem Namen noch weitere Daten die zwecks Datenschutz zu entfernen sind wenn ich sie hier einstelle? aswMBR: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-20 22:44:34 ----------------------------- 22:44:34.436 OS Version: Windows 6.1.7600 22:44:34.436 Number of processors: 2 586 0x170A 22:44:34.436 ComputerName: XYZ UserName: 22:44:38.446 Initialize success 22:52:52.689 AVAST engine defs: 13042000 23:06:32.408 The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt" TDSS-Killer: 23:08:21.0 4804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:08:21.0950 4804 ============================================================ 23:08:21.0950 4804 Current date / time: 2013/04/20 23:08:21.0950 23:08:21.0950 4804 SystemInfo: 23:08:21.0950 4804 23:08:21.0950 4804 OS Version: 6.1.7600 ServicePack: 0.0 23:08:21.0950 4804 Product type: Workstation 23:08:21.0950 4804 ComputerName: XYZ 23:08:21.0950 4804 UserName: XYZ 23:08:21.0950 4804 Windows directory: C:\Windows 23:08:21.0950 4804 System windows directory: C:\Windows 23:08:21.0950 4804 Processor architecture: Intel x86 23:08:21.0950 4804 Number of processors: 2 23:08:21.0950 4804 Page size: 0x1000 23:08:21.0950 4804 Boot type: Normal boot 23:08:21.0950 4804 ============================================================ 23:08:22.0543 4804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:08:22.0543 4804 ============================================================ 23:08:22.0543 4804 \Device\Harddisk0\DR0: 23:08:22.0543 4804 MBR partitions: 23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000 23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000 23:08:22.0543 4804 ============================================================ 23:08:22.0574 4804 C: <-> \Device\Harddisk0\DR0\Partition2 23:08:22.0637 4804 D: <-> \Device\Harddisk0\DR0\Partition3 23:08:22.0637 4804 ============================================================ 23:08:22.0637 4804 Initialize success 23:08:22.0637 4804 ============================================================ 23:08:38.0097 6284 ============================================================ 23:08:38.0097 6284 Scan started 23:08:38.0097 6284 Mode: Manual; 23:08:38.0097 6284 ============================================================ 23:08:39.0704 6284 ================ Scan system memory ======================== 23:08:39.0704 6284 System memory - ok 23:08:39.0704 6284 ================ Scan services ============================= 23:08:39.0923 6284 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 23:08:39.0923 6284 1394ohci - ok 23:08:40.0063 6284 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 23:08:40.0063 6284 ACDaemon - ok 23:08:40.0125 6284 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 23:08:40.0125 6284 ACPI - ok 23:08:40.0172 6284 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 23:08:40.0188 6284 AcpiPmi - ok 23:08:40.0297 6284 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:08:40.0297 6284 adp94xx - ok 23:08:40.0391 6284 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:08:40.0391 6284 adpahci - ok 23:08:40.0453 6284 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:08:40.0469 6284 adpu320 - ok 23:08:40.0500 6284 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:08:40.0500 6284 AeLookupSvc - ok 23:08:40.0625 6284 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 23:08:40.0625 6284 AFD - ok 23:08:40.0656 6284 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 23:08:40.0718 6284 agp440 - ok 23:08:40.0734 6284 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 23:08:40.0749 6284 aic78xx - ok 23:08:40.0765 6284 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 23:08:40.0765 6284 ALG - ok 23:08:40.0781 6284 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 23:08:40.0812 6284 aliide - ok 23:08:40.0827 6284 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 23:08:40.0843 6284 AMD External Events Utility - ok 23:08:40.0859 6284 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys 23:08:40.0874 6284 amdagp - ok 23:08:40.0905 6284 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 23:08:40.0921 6284 amdide - ok 23:08:40.0937 6284 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:08:40.0952 6284 AmdK8 - ok 23:08:41.0061 6284 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 23:08:41.0108 6284 amdkmdag - ok 23:08:41.0124 6284 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 23:08:41.0139 6284 amdkmdap - ok 23:08:41.0155 6284 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:08:41.0155 6284 AmdPPM - ok 23:08:41.0186 6284 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:08:41.0233 6284 amdsata - ok 23:08:41.0264 6284 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:08:41.0264 6284 amdsbs - ok 23:08:41.0280 6284 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:08:41.0280 6284 amdxata - ok 23:08:41.0295 6284 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 23:08:41.0295 6284 AppID - ok 23:08:41.0327 6284 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:08:41.0327 6284 AppIDSvc - ok 23:08:41.0342 6284 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 23:08:41.0342 6284 Appinfo - ok 23:08:41.0420 6284 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:08:41.0420 6284 Apple Mobile Device - ok 23:08:41.0529 6284 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe 23:08:41.0529 6284 Application Updater - ok 23:08:41.0561 6284 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 23:08:41.0576 6284 arc - ok 23:08:41.0592 6284 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:08:41.0592 6284 arcsas - ok 23:08:41.0607 6284 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:08:41.0607 6284 AsyncMac - ok 23:08:41.0639 6284 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys 23:08:41.0639 6284 atapi - ok 23:08:41.0701 6284 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 23:08:41.0732 6284 AtiHdmiService - ok 23:08:41.0763 6284 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:08:41.0763 6284 AudioEndpointBuilder - ok 23:08:41.0779 6284 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:08:41.0779 6284 Audiosrv - ok 23:08:41.0810 6284 AVP - ok 23:08:41.0826 6284 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:08:41.0826 6284 AxInstSV - ok 23:08:41.0857 6284 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 23:08:41.0888 6284 b06bdrv - ok 23:08:41.0904 6284 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 23:08:41.0919 6284 b57nd60x - ok 23:08:41.0966 6284 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 23:08:41.0966 6284 BDESVC - ok 23:08:41.0982 6284 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 23:08:41.0982 6284 Beep - ok 23:08:41.0997 6284 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 23:08:42.0013 6284 BFE - ok 23:08:42.0044 6284 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll 23:08:42.0060 6284 BITS - ok 23:08:42.0075 6284 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:08:42.0075 6284 blbdrive - ok 23:08:42.0122 6284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:08:42.0138 6284 Bonjour Service - ok 23:08:42.0153 6284 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:08:42.0153 6284 bowser - ok 23:08:42.0185 6284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:08:42.0247 6284 BrFiltLo - ok 23:08:42.0278 6284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:08:42.0278 6284 BrFiltUp - ok 23:08:42.0309 6284 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll 23:08:42.0309 6284 Browser - ok 23:08:42.0325 6284 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:08:42.0356 6284 Brserid - ok 23:08:42.0387 6284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:08:42.0419 6284 BrSerWdm - ok 23:08:42.0434 6284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:08:42.0481 6284 BrUsbMdm - ok 23:08:42.0497 6284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:08:42.0512 6284 BrUsbSer - ok 23:08:42.0528 6284 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:08:42.0543 6284 BTHMODEM - ok 23:08:42.0559 6284 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 23:08:42.0559 6284 bthserv - ok 23:08:42.0590 6284 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:08:42.0590 6284 cdfs - ok 23:08:42.0621 6284 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:08:42.0621 6284 cdrom - ok 23:08:42.0637 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 23:08:42.0637 6284 CertPropSvc - ok 23:08:42.0653 6284 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:08:42.0668 6284 circlass - ok 23:08:42.0684 6284 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 23:08:42.0684 6284 CLFS - ok 23:08:42.0731 6284 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:08:42.0731 6284 clr_optimization_v2.0.50727_32 - ok 23:08:42.0762 6284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:08:42.0809 6284 clr_optimization_v4.0.30319_32 - ok 23:08:42.0840 6284 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:08:42.0871 6284 CmBatt - ok 23:08:42.0902 6284 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 23:08:42.0933 6284 cmdide - ok 23:08:42.0965 6284 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys 23:08:42.0965 6284 CNG - ok 23:08:42.0980 6284 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:08:42.0996 6284 Compbatt - ok 23:08:43.0043 6284 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 23:08:43.0043 6284 CompositeBus - ok 23:08:43.0058 6284 COMSysApp - ok 23:08:43.0074 6284 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:08:43.0074 6284 crcdisk - ok 23:08:43.0121 6284 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:08:43.0121 6284 CryptSvc - ok 23:08:43.0183 6284 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 23:08:43.0199 6284 cvhsvc - ok 23:08:43.0245 6284 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 23:08:43.0261 6284 DcomLaunch - ok 23:08:43.0292 6284 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 23:08:43.0292 6284 defragsvc - ok 23:08:43.0323 6284 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:08:43.0323 6284 DfsC - ok 23:08:43.0339 6284 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 23:08:43.0355 6284 Dhcp - ok 23:08:43.0370 6284 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 23:08:43.0370 6284 discache - ok 23:08:43.0386 6284 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:08:43.0386 6284 Disk - ok 23:08:43.0417 6284 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:08:43.0417 6284 Dnscache - ok 23:08:43.0417 6284 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 23:08:43.0433 6284 dot3svc - ok 23:08:43.0448 6284 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 23:08:43.0448 6284 DPS - ok 23:08:43.0479 6284 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:08:43.0479 6284 drmkaud - ok 23:08:43.0511 6284 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:08:43.0526 6284 DXGKrnl - ok 23:08:43.0542 6284 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 23:08:43.0542 6284 EapHost - ok 23:08:43.0604 6284 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 23:08:43.0635 6284 ebdrv - ok 23:08:43.0651 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe 23:08:43.0651 6284 EFS - ok 23:08:43.0698 6284 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:08:43.0713 6284 ehRecvr - ok 23:08:43.0729 6284 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 23:08:43.0745 6284 ehSched - ok 23:08:43.0776 6284 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:08:43.0807 6284 elxstor - ok 23:08:43.0838 6284 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 23:08:43.0854 6284 ErrDev - ok 23:08:43.0885 6284 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 23:08:43.0901 6284 EventSystem - ok 23:08:43.0916 6284 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 23:08:43.0916 6284 exfat - ok 23:08:43.0932 6284 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:08:43.0932 6284 fastfat - ok 23:08:43.0963 6284 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 23:08:43.0963 6284 Fax - ok 23:08:43.0994 6284 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:08:43.0994 6284 fdc - ok 23:08:44.0010 6284 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 23:08:44.0010 6284 fdPHost - ok 23:08:44.0025 6284 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 23:08:44.0025 6284 FDResPub - ok 23:08:44.0057 6284 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:08:44.0057 6284 FileInfo - ok 23:08:44.0072 6284 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:08:44.0072 6284 Filetrace - ok 23:08:44.0088 6284 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:08:44.0103 6284 flpydisk - ok 23:08:44.0119 6284 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:08:44.0135 6284 FltMgr - ok 23:08:44.0166 6284 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll 23:08:44.0166 6284 FontCache - ok 23:08:44.0228 6284 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:08:44.0228 6284 FontCache3.0.0.0 - ok 23:08:44.0244 6284 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:08:44.0244 6284 FsDepends - ok 23:08:44.0275 6284 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:08:44.0275 6284 Fs_Rec - ok 23:08:44.0306 6284 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:08:44.0306 6284 fvevol - ok 23:08:44.0337 6284 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:08:44.0337 6284 gagp30kx - ok 23:08:44.0369 6284 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:08:44.0369 6284 GEARAspiWDM - ok 23:08:44.0400 6284 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 23:08:44.0415 6284 gpsvc - ok 23:08:44.0447 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 23:08:44.0462 6284 gupdate - ok 23:08:44.0478 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 23:08:44.0478 6284 gupdatem - ok 23:08:44.0493 6284 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 23:08:44.0493 6284 gusvc - ok 23:08:44.0525 6284 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:08:44.0540 6284 hcw85cir - ok 23:08:44.0556 6284 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:08:44.0603 6284 HdAudAddService - ok 23:08:44.0634 6284 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 23:08:44.0634 6284 HDAudBus - ok 23:08:44.0649 6284 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:08:44.0649 6284 HidBatt - ok 23:08:44.0665 6284 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:08:44.0665 6284 HidBth - ok 23:08:44.0681 6284 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:08:44.0681 6284 HidIr - ok 23:08:44.0712 6284 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 23:08:44.0712 6284 hidserv - ok 23:08:44.0727 6284 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:08:44.0727 6284 HidUsb - ok 23:08:44.0759 6284 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:08:44.0759 6284 hkmsvc - ok 23:08:44.0774 6284 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:08:44.0774 6284 HomeGroupListener - ok 23:08:44.0805 6284 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:08:44.0805 6284 HomeGroupProvider - ok 23:08:44.0821 6284 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 23:08:44.0837 6284 HpSAMD - ok 23:08:44.0852 6284 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:08:44.0852 6284 HTTP - ok 23:08:44.0868 6284 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:08:44.0868 6284 hwpolicy - ok 23:08:44.0915 6284 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:08:44.0915 6284 i8042prt - ok 23:08:44.0930 6284 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 23:08:44.0930 6284 iaStor - ok 23:08:44.0961 6284 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 23:08:44.0977 6284 IAStorDataMgrSvc - ok 23:08:44.0993 6284 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:08:44.0993 6284 iaStorV - ok 23:08:45.0055 6284 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe 23:08:45.0071 6284 ICQ Service - ok 23:08:45.0117 6284 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 23:08:45.0195 6284 IDriverT - ok 23:08:45.0258 6284 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:08:45.0273 6284 idsvc - ok 23:08:45.0398 6284 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 23:08:45.0476 6284 igfx - ok 23:08:45.0507 6284 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:08:45.0539 6284 iirsp - ok 23:08:45.0570 6284 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 23:08:45.0585 6284 IKEEXT - ok 23:08:45.0679 6284 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 23:08:45.0788 6284 IntcAzAudAddService - ok 23:08:45.0804 6284 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 23:08:45.0804 6284 intelide - ok 23:08:45.0835 6284 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:08:45.0835 6284 intelppm - ok 23:08:45.0851 6284 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:08:45.0866 6284 IPBusEnum - ok 23:08:45.0866 6284 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:08:45.0882 6284 IpFilterDriver - ok 23:08:45.0897 6284 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:08:45.0913 6284 iphlpsvc - ok 23:08:45.0929 6284 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 23:08:46.0038 6284 IPMIDRV - ok 23:08:46.0053 6284 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:08:46.0053 6284 IPNAT - ok 23:08:46.0100 6284 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:08:46.0178 6284 iPod Service - ok 23:08:46.0209 6284 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:08:46.0225 6284 IRENUM - ok 23:08:46.0225 6284 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 23:08:46.0241 6284 isapnp - ok 23:08:46.0272 6284 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 23:08:46.0272 6284 iScsiPrt - ok 23:08:46.0303 6284 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:08:46.0303 6284 kbdclass - ok 23:08:46.0334 6284 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:08:46.0334 6284 kbdhid - ok 23:08:46.0350 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe 23:08:46.0350 6284 KeyIso - ok 23:08:46.0397 6284 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 23:08:46.0397 6284 KL1 - ok 23:08:46.0412 6284 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys 23:08:46.0412 6284 kl2 - ok 23:08:46.0443 6284 [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF C:\Windows\system32\DRIVERS\klif.sys 23:08:46.0459 6284 KLIF - ok 23:08:46.0490 6284 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 23:08:46.0490 6284 KLIM6 - ok 23:08:46.0506 6284 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 23:08:46.0506 6284 klmouflt - ok 23:08:46.0537 6284 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:08:46.0537 6284 KSecDD - ok 23:08:46.0553 6284 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:08:46.0553 6284 KSecPkg - ok 23:08:46.0584 6284 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 23:08:46.0584 6284 KtmRm - ok 23:08:46.0615 6284 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll 23:08:46.0615 6284 LanmanServer - ok 23:08:46.0646 6284 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:08:46.0646 6284 LanmanWorkstation - ok 23:08:46.0677 6284 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:08:46.0693 6284 lltdio - ok 23:08:46.0693 6284 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:08:46.0709 6284 lltdsvc - ok 23:08:46.0709 6284 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 23:08:46.0709 6284 lmhosts - ok 23:08:46.0740 6284 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:08:46.0740 6284 LSI_FC - ok 23:08:46.0755 6284 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:08:46.0771 6284 LSI_SAS - ok 23:08:46.0787 6284 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:08:46.0802 6284 LSI_SAS2 - ok 23:08:46.0818 6284 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:08:46.0833 6284 LSI_SCSI - ok 23:08:46.0849 6284 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 23:08:46.0849 6284 luafv - ok 23:08:46.0880 6284 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:08:46.0880 6284 Mcx2Svc - ok 23:08:46.0896 6284 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:08:46.0896 6284 megasas - ok 23:08:46.0911 6284 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:08:46.0927 6284 MegaSR - ok 23:08:46.0943 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 23:08:46.0943 6284 MMCSS - ok 23:08:46.0958 6284 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 23:08:46.0958 6284 Modem - ok 23:08:46.0989 6284 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:08:46.0989 6284 monitor - ok 23:08:47.0005 6284 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:08:47.0005 6284 mouclass - ok 23:08:47.0036 6284 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:08:47.0052 6284 mouhid - ok 23:08:47.0067 6284 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:08:47.0067 6284 mountmgr - ok 23:08:47.0083 6284 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys 23:08:47.0099 6284 mpio - ok 23:08:47.0099 6284 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:08:47.0114 6284 mpsdrv - ok 23:08:47.0145 6284 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 23:08:47.0145 6284 MpsSvc - ok 23:08:47.0161 6284 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:08:47.0161 6284 MRxDAV - ok 23:08:47.0192 6284 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:08:47.0192 6284 mrxsmb - ok 23:08:47.0255 6284 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:08:47.0255 6284 mrxsmb10 - ok 23:08:47.0270 6284 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:08:47.0286 6284 mrxsmb20 - ok 23:08:47.0317 6284 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 23:08:47.0317 6284 msahci - ok 23:08:47.0333 6284 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 23:08:47.0348 6284 msdsm - ok 23:08:47.0364 6284 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 23:08:47.0364 6284 MSDTC - ok 23:08:47.0395 6284 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:08:47.0395 6284 Msfs - ok 23:08:47.0411 6284 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:08:47.0411 6284 mshidkmdf - ok 23:08:47.0426 6284 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 23:08:47.0426 6284 msisadrv - ok 23:08:47.0457 6284 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:08:47.0473 6284 MSiSCSI - ok 23:08:47.0473 6284 msiserver - ok 23:08:47.0504 6284 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:08:47.0504 6284 MSKSSRV - ok 23:08:47.0520 6284 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:08:47.0520 6284 MSPCLOCK - ok 23:08:47.0535 6284 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:08:47.0535 6284 MSPQM - ok 23:08:47.0551 6284 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:08:47.0567 6284 MsRPC - ok 23:08:47.0582 6284 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 23:08:47.0582 6284 mssmbios - ok 23:08:47.0598 6284 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:08:47.0598 6284 MSTEE - ok 23:08:47.0613 6284 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:08:47.0629 6284 MTConfig - ok 23:08:47.0645 6284 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 23:08:47.0645 6284 Mup - ok 23:08:47.0660 6284 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 23:08:47.0660 6284 napagent - ok 23:08:47.0691 6284 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:08:47.0691 6284 NativeWifiP - ok 23:08:47.0723 6284 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:08:47.0723 6284 NDIS - ok 23:08:47.0738 6284 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:08:47.0738 6284 NdisCap - ok 23:08:47.0769 6284 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:08:47.0769 6284 NdisTapi - ok 23:08:47.0769 6284 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:08:47.0769 6284 Ndisuio - ok 23:08:47.0785 6284 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:08:47.0785 6284 NdisWan - ok 23:08:47.0801 6284 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:08:47.0801 6284 NDProxy - ok 23:08:47.0816 6284 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:08:47.0816 6284 NetBIOS - ok 23:08:47.0832 6284 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:08:47.0832 6284 NetBT - ok 23:08:47.0832 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe 23:08:47.0847 6284 Netlogon - ok 23:08:47.0863 6284 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 23:08:47.0863 6284 Netman - ok 23:08:47.0879 6284 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 23:08:47.0879 6284 netprofm - ok 23:08:47.0910 6284 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:08:47.0910 6284 NetTcpPortSharing - ok 23:08:47.0925 6284 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:08:47.0941 6284 nfrd960 - ok 23:08:47.0941 6284 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 23:08:47.0957 6284 NlaSvc - ok 23:08:47.0957 6284 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:08:47.0972 6284 Npfs - ok 23:08:47.0972 6284 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 23:08:47.0972 6284 nsi - ok 23:08:48.0003 6284 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:08:48.0003 6284 nsiproxy - ok 23:08:48.0050 6284 [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:08:48.0081 6284 Ntfs - ok 23:08:48.0097 6284 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 23:08:48.0097 6284 Null - ok 23:08:48.0113 6284 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:08:48.0113 6284 nvraid - ok 23:08:48.0128 6284 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:08:48.0128 6284 nvstor - ok 23:08:48.0144 6284 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 23:08:48.0159 6284 nv_agp - ok 23:08:48.0159 6284 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 23:08:48.0175 6284 ohci1394 - ok 23:08:48.0206 6284 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:08:48.0206 6284 ose - ok 23:08:48.0315 6284 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:08:48.0534 6284 osppsvc - ok 23:08:48.0565 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:08:48.0565 6284 p2pimsvc - ok 23:08:48.0581 6284 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 23:08:48.0581 6284 p2psvc - ok 23:08:48.0596 6284 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:08:48.0627 6284 Parport - ok 23:08:48.0659 6284 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:08:48.0659 6284 partmgr - ok 23:08:48.0674 6284 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 23:08:48.0690 6284 Parvdm - ok 23:08:48.0705 6284 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:08:48.0705 6284 PcaSvc - ok 23:08:48.0721 6284 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys 23:08:48.0721 6284 pci - ok 23:08:48.0737 6284 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys 23:08:48.0737 6284 pciide - ok 23:08:48.0768 6284 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:08:48.0768 6284 pcmcia - ok 23:08:48.0783 6284 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 23:08:48.0783 6284 pcw - ok 23:08:48.0815 6284 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:08:48.0815 6284 PEAUTH - ok 23:08:48.0861 6284 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 23:08:48.0893 6284 pla - ok 23:08:48.0908 6284 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:08:48.0908 6284 PlugPlay - ok 23:08:48.0924 6284 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:08:48.0924 6284 PNRPAutoReg - ok 23:08:48.0939 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:08:48.0939 6284 PNRPsvc - ok 23:08:48.0955 6284 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:08:48.0955 6284 PolicyAgent - ok 23:08:48.0986 6284 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 23:08:48.0986 6284 Power - ok 23:08:49.0017 6284 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:08:49.0017 6284 PptpMiniport - ok 23:08:49.0033 6284 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:08:49.0033 6284 Processor - ok 23:08:49.0080 6284 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll 23:08:49.0080 6284 ProfSvc - ok 23:08:49.0080 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:08:49.0095 6284 ProtectedStorage - ok 23:08:49.0111 6284 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:08:49.0111 6284 Psched - ok 23:08:49.0142 6284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 23:08:49.0158 6284 PSI_SVC_2 - ok 23:08:49.0189 6284 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:08:49.0220 6284 ql2300 - ok 23:08:49.0251 6284 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:08:49.0267 6284 ql40xx - ok 23:08:49.0283 6284 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 23:08:49.0298 6284 QWAVE - ok 23:08:49.0314 6284 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:08:49.0314 6284 QWAVEdrv - ok 23:08:49.0329 6284 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:08:49.0329 6284 RasAcd - ok 23:08:49.0345 6284 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:08:49.0345 6284 RasAgileVpn - ok 23:08:49.0361 6284 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 23:08:49.0361 6284 RasAuto - ok 23:08:49.0376 6284 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:08:49.0376 6284 Rasl2tp - ok 23:08:49.0407 6284 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 23:08:49.0407 6284 RasMan - ok 23:08:49.0423 6284 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:08:49.0423 6284 RasPppoe - ok 23:08:49.0423 6284 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:08:49.0423 6284 RasSstp - ok 23:08:49.0439 6284 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:08:49.0439 6284 rdbss - ok 23:08:49.0470 6284 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:08:49.0470 6284 rdpbus - ok 23:08:49.0485 6284 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:08:49.0485 6284 RDPCDD - ok 23:08:49.0517 6284 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:08:49.0517 6284 RDPENCDD - ok 23:08:49.0517 6284 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:08:49.0517 6284 RDPREFMP - ok 23:08:49.0563 6284 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:08:49.0563 6284 RDPWD - ok 23:08:49.0595 6284 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:08:49.0595 6284 rdyboost - ok 23:08:49.0610 6284 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 23:08:49.0610 6284 RemoteAccess - ok 23:08:49.0641 6284 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:08:49.0641 6284 RemoteRegistry - ok 23:08:49.0657 6284 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:08:49.0657 6284 RpcEptMapper - ok 23:08:49.0673 6284 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 23:08:49.0673 6284 RpcLocator - ok 23:08:49.0688 6284 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 23:08:49.0688 6284 RpcSs - ok 23:08:49.0704 6284 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:08:49.0704 6284 rspndr - ok 23:08:49.0735 6284 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 23:08:49.0751 6284 RTL8167 - ok 23:08:49.0797 6284 [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 23:08:49.0813 6284 RTL8192su - ok 23:08:49.0813 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe 23:08:49.0829 6284 SamSs - ok 23:08:49.0844 6284 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 23:08:49.0844 6284 sbp2port - ok 23:08:49.0860 6284 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:08:49.0875 6284 SCardSvr - ok 23:08:49.0891 6284 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:08:49.0891 6284 scfilter - ok 23:08:49.0922 6284 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 23:08:49.0922 6284 Schedule - ok 23:08:49.0938 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 23:08:49.0938 6284 SCPolicySvc - ok 23:08:49.0969 6284 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:08:49.0969 6284 SDRSVC - ok 23:08:50.0031 6284 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 23:08:50.0031 6284 SeaPort - ok 23:08:50.0047 6284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:08:50.0094 6284 secdrv - ok 23:08:50.0109 6284 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 23:08:50.0109 6284 seclogon - ok 23:08:50.0125 6284 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 23:08:50.0125 6284 SENS - ok 23:08:50.0141 6284 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:08:50.0141 6284 SensrSvc - ok 23:08:50.0172 6284 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:08:50.0187 6284 Serenum - ok 23:08:50.0203 6284 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:08:50.0219 6284 Serial - ok 23:08:50.0219 6284 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:08:50.0250 6284 sermouse - ok 23:08:50.0281 6284 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 23:08:50.0281 6284 SessionEnv - ok 23:08:50.0297 6284 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 23:08:50.0312 6284 sffdisk - ok 23:08:50.0328 6284 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 23:08:50.0328 6284 sffp_mmc - ok 23:08:50.0343 6284 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 23:08:50.0343 6284 sffp_sd - ok 23:08:50.0359 6284 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:08:50.0359 6284 sfloppy - ok 23:08:50.0390 6284 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 23:08:50.0406 6284 Sftfs - ok 23:08:50.0453 6284 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe 23:08:50.0453 6284 sftlist - ok 23:08:50.0484 6284 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 23:08:50.0499 6284 Sftplay - ok 23:08:50.0499 6284 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 23:08:50.0499 6284 Sftredir - ok 23:08:50.0515 6284 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 23:08:50.0531 6284 Sftvol - ok 23:08:50.0546 6284 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe 23:08:50.0546 6284 sftvsa - ok 23:08:50.0562 6284 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:08:50.0562 6284 SharedAccess - ok 23:08:50.0593 6284 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:08:50.0609 6284 ShellHWDetection - ok 23:08:50.0624 6284 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys 23:08:50.0655 6284 sisagp - ok 23:08:50.0671 6284 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:08:50.0702 6284 SiSRaid2 - ok 23:08:50.0718 6284 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:08:50.0733 6284 SiSRaid4 - ok 23:08:50.0749 6284 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:08:50.0765 6284 Smb - ok 23:08:50.0874 6284 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:08:50.0874 6284 SNMPTRAP - ok 23:08:50.0905 6284 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 23:08:50.0905 6284 spldr - ok 23:08:50.0952 6284 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe 23:08:50.0952 6284 Spooler - ok 23:08:51.0030 6284 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 23:08:51.0061 6284 sppsvc - ok 23:08:51.0077 6284 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:08:51.0092 6284 sppuinotify - ok 23:08:51.0123 6284 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:08:51.0123 6284 srv - ok 23:08:51.0139 6284 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:08:51.0139 6284 srv2 - ok 23:08:51.0139 6284 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:08:51.0139 6284 srvnet - ok 23:08:51.0170 6284 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:08:51.0170 6284 SSDPSRV - ok 23:08:51.0186 6284 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:08:51.0186 6284 SstpSvc - ok 23:08:51.0201 6284 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:08:51.0233 6284 stexstor - ok 23:08:51.0279 6284 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 23:08:51.0295 6284 StiSvc - ok 23:08:51.0295 6284 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 23:08:51.0326 6284 swenum - ok 23:08:51.0342 6284 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 23:08:51.0357 6284 swprv - ok 23:08:51.0389 6284 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 23:08:51.0404 6284 SysMain - ok 23:08:51.0420 6284 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:08:51.0435 6284 TabletInputService - ok 23:08:51.0435 6284 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 23:08:51.0451 6284 TapiSrv - ok 23:08:51.0451 6284 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 23:08:51.0467 6284 TBS - ok 23:08:51.0513 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:08:51.0529 6284 Tcpip - ok 23:08:51.0560 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:08:51.0560 6284 TCPIP6 - ok 23:08:51.0591 6284 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:08:51.0591 6284 tcpipreg - ok 23:08:51.0607 6284 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:08:51.0607 6284 TDPIPE - ok 23:08:51.0623 6284 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:08:51.0623 6284 TDTCP - ok 23:08:51.0638 6284 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:08:51.0638 6284 tdx - ok 23:08:51.0654 6284 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 23:08:51.0654 6284 TermDD - ok 23:08:51.0685 6284 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 23:08:51.0685 6284 TermService - ok 23:08:51.0747 6284 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 23:08:51.0747 6284 Themes - ok 23:08:51.0763 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 23:08:51.0763 6284 THREADORDER - ok 23:08:51.0794 6284 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 23:08:51.0794 6284 TrkWks - ok 23:08:51.0857 6284 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:08:51.0857 6284 TrustedInstaller - ok 23:08:51.0872 6284 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:08:51.0872 6284 tssecsrv - ok 23:08:51.0919 6284 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:08:51.0919 6284 tunnel - ok 23:08:51.0935 6284 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:08:51.0966 6284 uagp35 - ok 23:08:51.0981 6284 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:08:51.0981 6284 udfs - ok 23:08:51.0997 6284 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:08:51.0997 6284 UI0Detect - ok 23:08:52.0013 6284 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 23:08:52.0028 6284 uliagpkx - ok 23:08:52.0044 6284 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 23:08:52.0075 6284 umbus - ok 23:08:52.0106 6284 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:08:52.0106 6284 UmPass - ok 23:08:52.0137 6284 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 23:08:52.0137 6284 upnphost - ok 23:08:52.0184 6284 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 23:08:52.0184 6284 USBAAPL - ok 23:08:52.0215 6284 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:08:52.0231 6284 usbccgp - ok 23:08:52.0247 6284 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 23:08:52.0247 6284 usbcir - ok 23:08:52.0262 6284 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:08:52.0293 6284 usbehci - ok 23:08:52.0309 6284 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:08:52.0325 6284 usbhub - ok 23:08:52.0340 6284 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:08:52.0340 6284 usbohci - ok 23:08:52.0387 6284 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:08:52.0387 6284 usbprint - ok 23:08:52.0403 6284 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:08:52.0403 6284 usbscan - ok 23:08:52.0403 6284 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:08:52.0418 6284 USBSTOR - ok 23:08:52.0434 6284 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:08:52.0449 6284 usbuhci - ok 23:08:52.0465 6284 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 23:08:52.0465 6284 UxSms - ok 23:08:52.0481 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe 23:08:52.0481 6284 VaultSvc - ok 23:08:52.0512 6284 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 23:08:52.0512 6284 vdrvroot - ok 23:08:52.0527 6284 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 23:08:52.0543 6284 vds - ok 23:08:52.0543 6284 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:08:52.0559 6284 vga - ok 23:08:52.0574 6284 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 23:08:52.0574 6284 VgaSave - ok 23:08:52.0605 6284 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 23:08:52.0637 6284 vhdmp - ok 23:08:52.0652 6284 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys 23:08:52.0668 6284 viaagp - ok 23:08:52.0683 6284 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 23:08:52.0683 6284 ViaC7 - ok 23:08:52.0699 6284 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys 23:08:52.0715 6284 viaide - ok 23:08:52.0730 6284 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 23:08:52.0730 6284 volmgr - ok 23:08:52.0746 6284 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:08:52.0746 6284 volmgrx - ok 23:08:52.0761 6284 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:08:52.0761 6284 volsnap - ok 23:08:52.0793 6284 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:08:52.0824 6284 vsmraid - ok 23:08:52.0855 6284 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 23:08:52.0871 6284 VSS - ok 23:08:52.0886 6284 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:08:52.0886 6284 vwifibus - ok 23:08:52.0902 6284 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:08:52.0902 6284 vwififlt - ok 23:08:52.0933 6284 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 23:08:52.0933 6284 W32Time - ok 23:08:52.0964 6284 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:08:52.0980 6284 WacomPen - ok 23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:08:52.0995 6284 WANARP - ok 23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:08:52.0995 6284 Wanarpv6 - ok 23:08:53.0027 6284 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 23:08:53.0042 6284 wbengine - ok 23:08:53.0058 6284 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:08:53.0058 6284 WbioSrvc - ok 23:08:53.0089 6284 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:08:53.0089 6284 wcncsvc - ok 23:08:53.0120 6284 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:08:53.0120 6284 WcsPlugInService - ok 23:08:53.0151 6284 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:08:53.0151 6284 Wd - ok 23:08:53.0183 6284 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:08:53.0198 6284 Wdf01000 - ok 23:08:53.0214 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:08:53.0214 6284 WdiServiceHost - ok 23:08:53.0229 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:08:53.0229 6284 WdiSystemHost - ok 23:08:53.0261 6284 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll 23:08:53.0261 6284 WebClient - ok 23:08:53.0276 6284 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:08:53.0276 6284 Wecsvc - ok 23:08:53.0292 6284 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:08:53.0292 6284 wercplsupport - ok 23:08:53.0323 6284 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 23:08:53.0323 6284 WerSvc - ok 23:08:53.0354 6284 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:08:53.0354 6284 WfpLwf - ok 23:08:53.0370 6284 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:08:53.0370 6284 WIMMount - ok 23:08:53.0401 6284 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 23:08:53.0417 6284 WinDefend - ok 23:08:53.0417 6284 WinHttpAutoProxySvc - ok 23:08:53.0463 6284 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:08:53.0479 6284 Winmgmt - ok 23:08:53.0510 6284 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 23:08:53.0526 6284 WinRM - ok 23:08:53.0573 6284 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:08:53.0588 6284 WinUsb - ok 23:08:53.0619 6284 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:08:53.0635 6284 Wlansvc - ok 23:08:53.0697 6284 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:08:53.0775 6284 wlidsvc - ok 23:08:53.0791 6284 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 23:08:53.0807 6284 WmiAcpi - ok 23:08:53.0838 6284 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:08:53.0838 6284 wmiApSrv - ok 23:08:53.0885 6284 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 23:08:53.0900 6284 WMPNetworkSvc - ok 23:08:53.0916 6284 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:08:53.0916 6284 WPCSvc - ok 23:08:53.0931 6284 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:08:53.0931 6284 WPDBusEnum - ok 23:08:53.0947 6284 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:08:53.0947 6284 ws2ifsl - ok 23:08:53.0963 6284 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll 23:08:53.0978 6284 wscsvc - ok 23:08:53.0978 6284 WSearch - ok 23:08:54.0041 6284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 23:08:54.0056 6284 wuauserv - ok 23:08:54.0087 6284 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:08:54.0087 6284 WudfPf - ok 23:08:54.0103 6284 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:08:54.0103 6284 WUDFRd - ok 23:08:54.0134 6284 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:08:54.0134 6284 wudfsvc - ok 23:08:54.0165 6284 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 23:08:54.0165 6284 WwanSvc - ok 23:08:54.0181 6284 ================ Scan global =============================== 23:08:54.0197 6284 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 23:08:54.0228 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll 23:08:54.0243 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll 23:08:54.0259 6284 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 23:08:54.0275 6284 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 23:08:54.0290 6284 [Global] - ok 23:08:54.0290 6284 ================ Scan MBR ================================== 23:08:54.0290 6284 [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0 23:08:56.0521 6284 \Device\Harddisk0\DR0 - ok 23:08:56.0521 6284 ================ Scan VBR ================================== 23:08:56.0521 6284 [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1 23:08:56.0521 6284 \Device\Harddisk0\DR0\Partition1 - ok 23:08:56.0537 6284 [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2 23:08:56.0537 6284 \Device\Harddisk0\DR0\Partition2 - ok 23:08:56.0583 6284 [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3 23:08:56.0583 6284 \Device\Harddisk0\DR0\Partition3 - ok 23:08:56.0583 6284 ============================================================ 23:08:56.0583 6284 Scan finished 23:08:56.0583 6284 ============================================================ 23:08:56.0599 3320 Detected object count: 0 23:08:56.0599 3320 Actual detected object count: 0701 |
|
21.04.2013, 00:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Nochmal: Bitte die (folgenden) Logs in CODE-Tags posten, wurde anfangs schon ausführlichst beschrieben wie das geht. aswMBR lief nicht richtig, bitte nochmal wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2013, 10:36
| #13 | |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Also das aswMBR funktioniert irgendwie nicht richtig, ich denke es hängt sich nach einigen Minuten immer auf. Zitat:
-> diese Frage wurde mir gar nicht gestellt. Es wurde nur von Kaspersky gemeldet, ich habe es freigegeben und dann Scan gedrückt. Die Meldung " Scan finished successfully " ist auch nicht gekommen. Das Tool läuft einige Miunuten und bleibt dann an der Stelle wie im Anhang zu sehen stehen. |
|
21.04.2013, 22:52
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen Guck mal was da noch in der Anleitung stand: Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2013, 22:13
| #15 |
| | Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen So, zunächst hat es sich nochmal aufgehangen. Anschließend mit der Einstellung "none" hat es funktioniert: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 22:44:34
-----------------------------
22:44:34.436 OS Version: Windows 6.1.7600
22:44:34.436 Number of processors: 2 586 0x170A
22:44:34.436 ComputerName: ´XYZ UserName:
22:44:38.446 Initialize success
22:52:52.689 AVAST engine defs: 13042000
23:06:32.408 The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 22:55:17
-----------------------------
22:55:17.984 OS Version: Windows 6.1.7600
22:55:17.984 Number of processors: 2 586 0x170A
22:55:17.994 ComputerName: UserName:
22:55:20.074 Initialize success
22:55:31.045 AVAST engine defs: 13042201
22:55:42.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:42.672 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
22:55:43.232 Disk 0 MBR read successfully
22:55:43.232 Disk 0 MBR scan
22:55:43.604 Disk 0 unknown MBR code
22:55:43.834 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:55:44.134 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 911782 MB offset 206848
22:55:44.194 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 1867536384
22:55:44.444 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
22:55:44.494 Disk 0 scanning sectors +1953521664
22:55:45.314 Disk 0 scanning C:\Windows\system32\drivers
22:56:08.797 Service scanning
22:56:16.550 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:56:16.620 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:56:16.730 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:56:16.760 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:56:27.472 Modules scanning
22:56:45.340 Disk 0 trace - called modules:
22:56:45.380 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:56:45.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d9d7a0]
22:56:45.390 3 CLASSPNP.SYS[8cb9359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86edf028]
22:56:45.400 Scan finished successfully
23:08:01.143 Disk 0 MBR has been saved successfully to "C:\Users\\Desktop\MBR.dat"
23:08:01.153 The log file has been saved successfully to "C:\Users\\Desktop\aswMBR.txt"
|
|
| Themen zu Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen |
| angezeigt, betreff, bilder, comuter, ebay, erkannt, erklären, experte, folge, folgende, gelöscht, heur, heur:exploit.java.cve-2012-0507.gen, kaspersky, laden, löschen, malware, nciht, probleme, sofort, status, troja, trojaner, videos, woche, wochen, youtube |
Linear-Darstellung
