| |
| |||||||
Log-Analyse und Auswertung: Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen BankWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2013, 09:44
| #1 |
| |  Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Guten Morgen Trojaner-Board-Team, ich habe seit gestern ein Problem bei meinem Onlinebanking der Deutschen Bank. Jedesmal wenn ich versuche mich mit meinen Kundendaten einzuloggen, erscheint ein Popup- Fenster, welches 100 Tannummern fordert. Abbrechen kann ich nur wenn ich den gesamten Browser schliesse. Ansonsten erlaubt mir dieses Fenstern nur auf Absenden zu klicken. Das entsprechende Bild habe ich mit angehangen. Bei der Hotline der Deutschen Bank habe ich erfahren das, dies kein normaler oder neuer Prozess ist und vorsichtshalber, habe ich meine Nummern etc. ändern lassen. Antivir scheint nichts zu finden also habe ich einen weiteren Scan mit OTL gemacht. Die Txt habe ich mit angehangen. An dieser Stelle bin ich nun recht Ratlos, da ich ungerne mein System neu aufsetzen möchte, aber dennoch weiter mit dem Gerät arbeiten muss. Könnt ihr mir bitte bei dem Problem helfen? Grüße Leemur Anhang 54584 Anhang 54585  |
|
16.05.2013, 10:58
| #2 |
| /// Malwareteam / Visitor  | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Hi Leemur
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
16.05.2013, 13:22
| #3 |
| | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Hallo Smeenk,
__________________vielen Dank für deine schnelle Antwort! Nachfolgend nun die beiden Logs: TDSSKILLER: Code:
ATTFilter 13:57:24.0040 5188 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:57:24.0180 5188 ============================================================
13:57:24.0180 5188 Current date / time: 2013/05/16 13:57:24.0180
13:57:24.0180 5188 SystemInfo:
13:57:24.0180 5188
13:57:24.0180 5188 OS Version: 6.1.7600 ServicePack: 0.0
13:57:24.0180 5188 Product type: Workstation
13:57:24.0180 5188 ComputerName: ***
13:57:24.0180 5188 UserName: ***
13:57:24.0180 5188 Windows directory: C:\Windows
13:57:24.0180 5188 System windows directory: C:\Windows
13:57:24.0180 5188 Processor architecture: Intel x86
13:57:24.0180 5188 Number of processors: 4
13:57:24.0180 5188 Page size: 0x1000
13:57:24.0180 5188 Boot type: Normal boot
13:57:24.0180 5188 ============================================================
13:57:25.0241 5188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:57:25.0257 5188 ============================================================
13:57:25.0257 5188 \Device\Harddisk0\DR0:
13:57:25.0257 5188 MBR partitions:
13:57:25.0257 5188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
13:57:25.0257 5188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
13:57:25.0257 5188 ============================================================
13:57:25.0335 5188 C: <-> \Device\Harddisk0\DR0\Partition2
13:57:25.0335 5188 ============================================================
13:57:25.0335 5188 Initialize success
13:57:25.0335 5188 ============================================================
13:57:35.0007 5600 ============================================================
13:57:35.0007 5600 Scan started
13:57:35.0007 5600 Mode: Manual;
13:57:35.0007 5600 ============================================================
13:57:36.0520 5600 ================ Scan system memory ========================
13:57:36.0520 5600 System memory - ok
13:57:36.0520 5600 ================ Scan services =============================
13:57:36.0832 5600 [ BF02F806C873ABB04B197161E8E5A316 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:57:36.0848 5600 1394ohci - ok
13:57:36.0910 5600 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
13:57:36.0910 5600 Acceler - ok
13:57:36.0941 5600 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:57:36.0957 5600 ACPI - ok
13:57:37.0004 5600 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:57:37.0004 5600 AcpiPmi - ok
13:57:37.0097 5600 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:57:37.0128 5600 AdobeFlashPlayerUpdateSvc - ok
13:57:37.0175 5600 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:37.0191 5600 adp94xx - ok
13:57:37.0238 5600 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:57:37.0253 5600 adpahci - ok
13:57:37.0269 5600 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:57:37.0284 5600 adpu320 - ok
13:57:37.0331 5600 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:57:37.0331 5600 AeLookupSvc - ok
13:57:37.0456 5600 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
13:57:37.0456 5600 AESTFilters - ok
13:57:37.0534 5600 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
13:57:37.0534 5600 AFD - ok
13:57:37.0550 5600 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:57:37.0565 5600 agp440 - ok
13:57:37.0596 5600 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:57:37.0612 5600 aic78xx - ok
13:57:37.0643 5600 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:57:37.0659 5600 ALG - ok
13:57:37.0674 5600 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:57:37.0674 5600 aliide - ok
13:57:37.0690 5600 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
13:57:37.0706 5600 amdagp - ok
13:57:37.0737 5600 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:57:37.0752 5600 amdide - ok
13:57:37.0768 5600 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:57:37.0784 5600 AmdK8 - ok
13:57:37.0799 5600 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:57:37.0815 5600 AmdPPM - ok
13:57:37.0846 5600 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:57:37.0862 5600 amdsata - ok
13:57:37.0877 5600 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:37.0893 5600 amdsbs - ok
13:57:37.0908 5600 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:57:37.0908 5600 amdxata - ok
13:57:38.0080 5600 [ 56BEB1292DC71E49C824455EC582BFCE ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
13:57:38.0111 5600 AntiVirMailService - ok
13:57:38.0189 5600 [ 7ABE4092C35E7D4596487DFA075D84E1 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:57:38.0189 5600 AntiVirSchedulerService - ok
13:57:38.0236 5600 [ 5A37FFA608AE126C9702F5C07E07FC08 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:57:38.0252 5600 AntiVirService - ok
13:57:38.0283 5600 [ 5F2F39626586536CA86F402A1C947463 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:57:38.0314 5600 AntiVirWebService - ok
13:57:38.0376 5600 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:57:38.0392 5600 ApfiltrService - ok
13:57:38.0439 5600 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
13:57:38.0454 5600 AppID - ok
13:57:38.0517 5600 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:57:38.0532 5600 AppIDSvc - ok
13:57:38.0564 5600 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
13:57:38.0579 5600 Appinfo - ok
13:57:38.0673 5600 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:57:38.0688 5600 Apple Mobile Device - ok
13:57:38.0751 5600 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:57:38.0782 5600 AppMgmt - ok
13:57:38.0798 5600 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:57:38.0798 5600 arc - ok
13:57:38.0813 5600 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:57:38.0813 5600 arcsas - ok
13:57:38.0844 5600 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:38.0844 5600 AsyncMac - ok
13:57:38.0891 5600 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:57:38.0907 5600 atapi - ok
13:57:39.0000 5600 [ FF270313C14FC180B6C49BB0B302E0FB ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
13:57:39.0078 5600 ATService - ok
13:57:39.0141 5600 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:57:39.0188 5600 AudioEndpointBuilder - ok
13:57:39.0219 5600 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:57:39.0234 5600 Audiosrv - ok
13:57:39.0297 5600 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:57:39.0312 5600 avgntflt - ok
13:57:39.0375 5600 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:57:39.0390 5600 avipbb - ok
13:57:39.0406 5600 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:57:39.0406 5600 avkmgr - ok
13:57:39.0422 5600 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:57:39.0437 5600 AxInstSV - ok
13:57:39.0484 5600 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:57:39.0531 5600 b06bdrv - ok
13:57:39.0578 5600 [ 958438198ED140C6EB6348CF8A35B36C ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:57:39.0578 5600 b57nd60x - ok
13:57:39.0593 5600 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:57:39.0593 5600 BDESVC - ok
13:57:39.0624 5600 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:57:39.0624 5600 Beep - ok
13:57:39.0671 5600 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
13:57:39.0718 5600 BITS - ok
13:57:39.0765 5600 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:39.0765 5600 blbdrive - ok
13:57:39.0812 5600 [ 8B9F91DEF5DBFB4F9B700DB51E0D00CC ] Blfp C:\Windows\system32\DRIVERS\basp.sys
13:57:39.0827 5600 Blfp - ok
13:57:39.0983 5600 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:57:39.0999 5600 Bonjour Service - ok
13:57:40.0046 5600 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:57:40.0061 5600 bowser - ok
13:57:40.0108 5600 [ 72331EB16A3D59386F600D12CF40D6A0 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
13:57:40.0186 5600 BrcmMgmtAgent - ok
13:57:40.0202 5600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:40.0217 5600 BrFiltLo - ok
13:57:40.0233 5600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:40.0248 5600 BrFiltUp - ok
13:57:40.0280 5600 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
13:57:40.0311 5600 Browser - ok
13:57:40.0342 5600 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:57:40.0358 5600 Brserid - ok
13:57:40.0389 5600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:40.0420 5600 BrSerWdm - ok
13:57:40.0436 5600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:40.0451 5600 BrUsbMdm - ok
13:57:40.0482 5600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:40.0482 5600 BrUsbSer - ok
13:57:40.0576 5600 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:57:40.0576 5600 BthEnum - ok
13:57:40.0592 5600 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:40.0592 5600 BTHMODEM - ok
13:57:40.0607 5600 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:57:40.0623 5600 BthPan - ok
13:57:40.0654 5600 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:57:40.0685 5600 BTHPORT - ok
13:57:40.0763 5600 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:57:40.0779 5600 bthserv - ok
13:57:40.0826 5600 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:57:40.0841 5600 BTHUSB - ok
13:57:40.0857 5600 [ F73511FDEF84BDCCC1BCEC4B0CDDF03C ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
13:57:40.0872 5600 btwampfl - ok
13:57:40.0904 5600 [ 81ECE570471E0589BF488E4B11E6357B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:57:40.0904 5600 btwaudio - ok
13:57:40.0966 5600 [ C770311B74599378990228E6D732C718 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
13:57:40.0966 5600 btwavdt - ok
13:57:41.0106 5600 [ 8E90A8C46B0EE7CE62304DF4D4ABDA1C ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:57:41.0138 5600 btwdins - ok
13:57:41.0153 5600 [ 4DDBB2A4D11EBE70DA3DB4F98E1A0344 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:57:41.0153 5600 btwl2cap - ok
13:57:41.0200 5600 [ 0634F4B7E3F4507C0C49A512CE4D93FF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:57:41.0200 5600 btwrchid - ok
13:57:41.0309 5600 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
13:57:41.0340 5600 buttonsvc32 - ok
13:57:41.0387 5600 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:57:41.0403 5600 cdfs - ok
13:57:41.0450 5600 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:57:41.0465 5600 cdrom - ok
13:57:41.0528 5600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
13:57:41.0543 5600 CertPropSvc - ok
13:57:41.0559 5600 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:57:41.0559 5600 circlass - ok
13:57:41.0590 5600 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:57:41.0606 5600 CLFS - ok
13:57:41.0699 5600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:41.0715 5600 clr_optimization_v2.0.50727_32 - ok
13:57:41.0808 5600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:57:41.0808 5600 clr_optimization_v4.0.30319_32 - ok
13:57:41.0824 5600 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:41.0840 5600 CmBatt - ok
13:57:41.0855 5600 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:57:41.0855 5600 cmdide - ok
13:57:41.0902 5600 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
13:57:41.0933 5600 CNG - ok
13:57:41.0964 5600 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:57:41.0980 5600 Compbatt - ok
13:57:42.0011 5600 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:57:42.0011 5600 CompositeBus - ok
13:57:42.0027 5600 COMSysApp - ok
13:57:42.0058 5600 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:42.0058 5600 crcdisk - ok
13:57:42.0105 5600 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:57:42.0120 5600 CryptSvc - ok
13:57:42.0167 5600 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
13:57:42.0198 5600 CSC - ok
13:57:42.0214 5600 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
13:57:42.0245 5600 CscService - ok
13:57:42.0292 5600 [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv C:\Windows\system32\Drivers\CtAudDrv.sys
13:57:42.0323 5600 CtAudDrv - ok
13:57:42.0354 5600 [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:57:42.0370 5600 CtClsFlt - ok
13:57:42.0417 5600 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
13:57:42.0432 5600 DcomLaunch - ok
13:57:42.0495 5600 [ 1F145EA867F4A28B168AB253C28DAA7D ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
13:57:42.0526 5600 dcpsysmgrsvc - ok
13:57:42.0573 5600 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:57:42.0588 5600 defragsvc - ok
13:57:42.0635 5600 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:57:42.0651 5600 DfsC - ok
13:57:42.0666 5600 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:57:42.0698 5600 Dhcp - ok
13:57:42.0729 5600 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:57:42.0744 5600 discache - ok
13:57:42.0760 5600 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:57:42.0776 5600 Disk - ok
13:57:42.0822 5600 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:57:42.0838 5600 Dnscache - ok
13:57:42.0869 5600 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
13:57:42.0885 5600 dot3svc - ok
13:57:42.0900 5600 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
13:57:42.0900 5600 DPS - ok
13:57:42.0932 5600 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:57:42.0947 5600 drmkaud - ok
13:57:42.0994 5600 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:57:43.0025 5600 DXGKrnl - ok
13:57:43.0072 5600 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:57:43.0088 5600 EapHost - ok
13:57:43.0166 5600 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:57:43.0259 5600 ebdrv - ok
13:57:43.0290 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
13:57:43.0306 5600 EFS - ok
13:57:43.0384 5600 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:57:43.0431 5600 ehRecvr - ok
13:57:43.0478 5600 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:57:43.0493 5600 ehSched - ok
13:57:43.0509 5600 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:57:43.0540 5600 elxstor - ok
13:57:43.0556 5600 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:57:43.0556 5600 ErrDev - ok
13:57:43.0571 5600 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:57:43.0602 5600 EventSystem - ok
13:57:43.0696 5600 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:57:43.0743 5600 EvtEng - ok
13:57:43.0758 5600 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:57:43.0774 5600 exfat - ok
13:57:43.0790 5600 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:57:43.0805 5600 fastfat - ok
13:57:43.0821 5600 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
13:57:43.0836 5600 Fax - ok
13:57:43.0868 5600 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:57:43.0868 5600 fdc - ok
13:57:43.0883 5600 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:57:43.0899 5600 fdPHost - ok
13:57:43.0914 5600 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:57:43.0914 5600 FDResPub - ok
13:57:43.0930 5600 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:57:43.0930 5600 FileInfo - ok
13:57:43.0946 5600 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:57:43.0961 5600 Filetrace - ok
13:57:43.0977 5600 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:43.0977 5600 flpydisk - ok
13:57:43.0992 5600 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:57:44.0024 5600 FltMgr - ok
13:57:44.0086 5600 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
13:57:44.0164 5600 FontCache - ok
13:57:44.0226 5600 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:57:44.0242 5600 FontCache3.0.0.0 - ok
13:57:44.0258 5600 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:57:44.0273 5600 FsDepends - ok
13:57:44.0304 5600 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:57:44.0320 5600 Fs_Rec - ok
13:57:44.0367 5600 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:57:44.0367 5600 fvevol - ok
13:57:44.0398 5600 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:44.0866 5600 gagp30kx - ok
13:57:44.0913 5600 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:57:44.0913 5600 GEARAspiWDM - ok
13:57:44.0975 5600 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
13:57:45.0022 5600 gpsvc - ok
13:57:45.0100 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:57:45.0100 5600 gupdate - ok
13:57:45.0116 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:57:45.0116 5600 gupdatem - ok
13:57:45.0162 5600 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:57:45.0178 5600 gusvc - ok
13:57:45.0194 5600 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:57:45.0209 5600 hcw85cir - ok
13:57:45.0225 5600 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:45.0225 5600 HDAudBus - ok
13:57:45.0256 5600 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
13:57:45.0272 5600 HECI - ok
13:57:45.0287 5600 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:45.0287 5600 HidBatt - ok
13:57:45.0318 5600 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:57:45.0318 5600 HidBth - ok
13:57:45.0334 5600 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:57:45.0334 5600 HidIr - ok
13:57:45.0350 5600 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:57:45.0365 5600 hidserv - ok
13:57:45.0381 5600 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:57:45.0396 5600 HidUsb - ok
13:57:45.0428 5600 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:57:45.0443 5600 hkmsvc - ok
13:57:45.0459 5600 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:57:45.0490 5600 HomeGroupListener - ok
13:57:45.0521 5600 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:57:45.0537 5600 HomeGroupProvider - ok
13:57:45.0552 5600 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:57:45.0568 5600 HpSAMD - ok
13:57:45.0584 5600 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:57:45.0599 5600 HTTP - ok
13:57:45.0615 5600 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:57:45.0615 5600 hwpolicy - ok
13:57:45.0646 5600 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:57:45.0662 5600 i8042prt - ok
13:57:45.0693 5600 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:57:45.0693 5600 iaStor - ok
13:57:45.0740 5600 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:57:45.0755 5600 iaStorV - ok
13:57:45.0833 5600 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:57:45.0942 5600 idsvc - ok
13:57:46.0130 5600 [ 0DAB2D553BE272359BCCE55C3449937E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:57:46.0348 5600 igfx - ok
13:57:46.0379 5600 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:57:46.0395 5600 iirsp - ok
13:57:46.0457 5600 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
13:57:46.0504 5600 IKEEXT - ok
13:57:46.0535 5600 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
13:57:46.0551 5600 Impcd - ok
13:57:46.0629 5600 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
13:57:46.0629 5600 InstallFilterService - ok
13:57:46.0660 5600 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:57:46.0676 5600 IntcDAud - ok
13:57:46.0707 5600 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:57:46.0707 5600 intelide - ok
13:57:46.0722 5600 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:57:46.0738 5600 intelppm - ok
13:57:46.0754 5600 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:57:46.0769 5600 IPBusEnum - ok
13:57:46.0785 5600 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:46.0785 5600 IpFilterDriver - ok
13:57:46.0800 5600 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:57:46.0816 5600 IPMIDRV - ok
13:57:46.0832 5600 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:57:46.0832 5600 IPNAT - ok
13:57:46.0910 5600 [ 02682AE021F0FB92F5768B49776B8B5B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:57:46.0925 5600 iPod Service - ok
13:57:46.0941 5600 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:57:46.0956 5600 IRENUM - ok
13:57:46.0956 5600 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:57:46.0972 5600 isapnp - ok
13:57:46.0988 5600 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:57:47.0003 5600 iScsiPrt - ok
13:57:47.0034 5600 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:47.0034 5600 kbdclass - ok
13:57:47.0050 5600 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:47.0066 5600 kbdhid - ok
13:57:47.0081 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
13:57:47.0081 5600 KeyIso - ok
13:57:47.0112 5600 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:57:47.0128 5600 KSecDD - ok
13:57:47.0175 5600 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:57:47.0190 5600 KSecPkg - ok
13:57:47.0222 5600 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:57:47.0253 5600 KtmRm - ok
13:57:47.0300 5600 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
13:57:47.0315 5600 LanmanServer - ok
13:57:47.0346 5600 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:57:47.0362 5600 LanmanWorkstation - ok
13:57:47.0378 5600 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:57:47.0393 5600 lltdio - ok
13:57:47.0440 5600 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:57:47.0456 5600 lltdsvc - ok
13:57:47.0471 5600 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:57:47.0487 5600 lmhosts - ok
13:57:47.0518 5600 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:47.0518 5600 LSI_FC - ok
13:57:47.0534 5600 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:47.0549 5600 LSI_SAS - ok
13:57:47.0565 5600 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:47.0565 5600 LSI_SAS2 - ok
13:57:47.0580 5600 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:47.0596 5600 LSI_SCSI - ok
13:57:47.0612 5600 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:57:47.0627 5600 luafv - ok
13:57:47.0658 5600 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:57:47.0674 5600 Mcx2Svc - ok
13:57:47.0690 5600 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:57:47.0705 5600 megasas - ok
13:57:47.0721 5600 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:47.0736 5600 MegaSR - ok
13:57:47.0752 5600 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:57:47.0752 5600 MMCSS - ok
13:57:47.0768 5600 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:57:47.0783 5600 Modem - ok
13:57:47.0783 5600 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:57:47.0783 5600 monitor - ok
13:57:47.0814 5600 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:57:47.0814 5600 mouclass - ok
13:57:47.0830 5600 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:57:47.0846 5600 mouhid - ok
13:57:47.0861 5600 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:57:47.0861 5600 mountmgr - ok
13:57:47.0955 5600 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:57:47.0970 5600 MozillaMaintenance - ok
13:57:47.0986 5600 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:57:48.0002 5600 mpio - ok
13:57:48.0002 5600 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:57:48.0017 5600 mpsdrv - ok
13:57:48.0033 5600 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:57:48.0033 5600 MRxDAV - ok
13:57:48.0080 5600 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:48.0095 5600 mrxsmb - ok
13:57:48.0126 5600 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:48.0158 5600 mrxsmb10 - ok
13:57:48.0189 5600 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:48.0204 5600 mrxsmb20 - ok
13:57:48.0236 5600 [ CB5D37E91135B0F15CEE64D1F1BA5DE5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:57:48.0251 5600 msahci - ok
13:57:48.0267 5600 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:57:48.0282 5600 msdsm - ok
13:57:48.0329 5600 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:57:48.0345 5600 MSDTC - ok
13:57:48.0376 5600 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:57:48.0376 5600 Msfs - ok
13:57:48.0392 5600 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:57:48.0392 5600 mshidkmdf - ok
13:57:48.0407 5600 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:57:48.0423 5600 msisadrv - ok
13:57:48.0470 5600 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:57:48.0485 5600 MSiSCSI - ok
13:57:48.0485 5600 msiserver - ok
13:57:48.0516 5600 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:57:48.0516 5600 MSKSSRV - ok
13:57:48.0532 5600 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:48.0548 5600 MSPCLOCK - ok
13:57:48.0548 5600 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:57:48.0563 5600 MSPQM - ok
13:57:48.0579 5600 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:57:48.0579 5600 MsRPC - ok
13:57:48.0594 5600 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:57:48.0594 5600 mssmbios - ok
13:57:48.0610 5600 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:57:48.0610 5600 MSTEE - ok
13:57:48.0626 5600 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:48.0626 5600 MTConfig - ok
13:57:48.0657 5600 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:57:48.0657 5600 Mup - ok
13:57:48.0704 5600 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
13:57:48.0704 5600 napagent - ok
13:57:48.0766 5600 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:57:48.0782 5600 NativeWifiP - ok
13:57:48.0813 5600 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:57:48.0844 5600 NDIS - ok
13:57:48.0844 5600 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:48.0860 5600 NdisCap - ok
13:57:48.0875 5600 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:48.0891 5600 NdisTapi - ok
13:57:48.0906 5600 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:48.0906 5600 Ndisuio - ok
13:57:48.0922 5600 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:48.0938 5600 NdisWan - ok
13:57:48.0953 5600 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:57:48.0969 5600 NDProxy - ok
13:57:49.0000 5600 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
13:57:49.0016 5600 Netaapl - ok
13:57:49.0031 5600 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:57:49.0031 5600 NetBIOS - ok
13:57:49.0062 5600 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:57:49.0062 5600 NetBT - ok
13:57:49.0078 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
13:57:49.0078 5600 Netlogon - ok
13:57:49.0125 5600 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:57:49.0140 5600 Netman - ok
13:57:49.0156 5600 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:57:49.0172 5600 netprofm - ok
13:57:49.0203 5600 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:57:49.0234 5600 NetTcpPortSharing - ok
13:57:49.0374 5600 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
13:57:49.0484 5600 NETw5s32 - ok
13:57:49.0499 5600 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:49.0515 5600 nfrd960 - ok
13:57:49.0546 5600 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
13:57:49.0577 5600 NlaSvc - ok
13:57:49.0593 5600 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:57:49.0593 5600 Npfs - ok
13:57:49.0608 5600 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:57:49.0608 5600 nsi - ok
13:57:49.0624 5600 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:57:49.0624 5600 nsiproxy - ok
13:57:49.0702 5600 [ A8F59428E9F361C7AC42A94AC1560BC9 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:57:49.0764 5600 Ntfs - ok
13:57:49.0780 5600 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:57:49.0780 5600 Null - ok
13:57:49.0811 5600 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:57:49.0827 5600 nvraid - ok
13:57:49.0842 5600 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:57:49.0858 5600 nvstor - ok
13:57:49.0858 5600 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:57:49.0874 5600 nv_agp - ok
13:57:49.0920 5600 [ DD03BDD1459D1966EE640F63221C175A ] odysseyIM3 C:\Windows\system32\DRIVERS\odysseyIM3.sys
13:57:49.0920 5600 odysseyIM3 - ok
13:57:49.0952 5600 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:57:49.0967 5600 ohci1394 - ok
13:57:50.0076 5600 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:57:50.0092 5600 ose - ok
13:57:50.0248 5600 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:57:50.0342 5600 osppsvc - ok
13:57:50.0388 5600 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:57:50.0420 5600 p2pimsvc - ok
13:57:50.0451 5600 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:57:50.0482 5600 p2psvc - ok
13:57:50.0498 5600 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:57:50.0513 5600 Parport - ok
13:57:50.0544 5600 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:57:50.0544 5600 partmgr - ok
13:57:50.0560 5600 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:57:50.0576 5600 Parvdm - ok
13:57:50.0622 5600 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
13:57:50.0622 5600 PBADRV - ok
13:57:50.0638 5600 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:57:50.0669 5600 PcaSvc - ok
13:57:50.0700 5600 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
13:57:50.0716 5600 pci - ok
13:57:50.0747 5600 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:57:50.0763 5600 pciide - ok
13:57:50.0778 5600 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:50.0794 5600 pcmcia - ok
13:57:50.0810 5600 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:57:50.0825 5600 pcw - ok
13:57:50.0841 5600 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:57:50.0888 5600 PEAUTH - ok
13:57:50.0950 5600 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:57:51.0012 5600 PeerDistSvc - ok
13:57:51.0059 5600 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
13:57:51.0168 5600 pla - ok
13:57:51.0215 5600 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:57:51.0262 5600 PlugPlay - ok
13:57:51.0262 5600 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:57:51.0278 5600 PNRPAutoReg - ok
13:57:51.0309 5600 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:57:51.0309 5600 PNRPsvc - ok
13:57:51.0356 5600 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:57:51.0371 5600 PolicyAgent - ok
13:57:51.0387 5600 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
13:57:51.0402 5600 Power - ok
13:57:51.0418 5600 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:57:51.0418 5600 PptpMiniport - ok
13:57:51.0434 5600 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:57:51.0449 5600 Processor - ok
13:57:51.0480 5600 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
13:57:51.0512 5600 ProfSvc - ok
13:57:51.0527 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:57:51.0527 5600 ProtectedStorage - ok
13:57:51.0558 5600 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:57:51.0574 5600 Psched - ok
13:57:51.0621 5600 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:57:51.0636 5600 PxHelp20 - ok
13:57:51.0683 5600 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:57:51.0761 5600 ql2300 - ok
13:57:51.0777 5600 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:51.0792 5600 ql40xx - ok
13:57:51.0824 5600 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:57:51.0855 5600 QWAVE - ok
13:57:51.0870 5600 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:57:51.0870 5600 QWAVEdrv - ok
13:57:51.0886 5600 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:57:51.0902 5600 RasAcd - ok
13:57:51.0902 5600 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:51.0917 5600 RasAgileVpn - ok
13:57:51.0933 5600 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:57:51.0948 5600 RasAuto - ok
13:57:51.0964 5600 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:51.0964 5600 Rasl2tp - ok
13:57:52.0011 5600 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
13:57:52.0042 5600 RasMan - ok
13:57:52.0058 5600 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:52.0058 5600 RasPppoe - ok
13:57:52.0089 5600 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:57:52.0104 5600 RasSstp - ok
13:57:52.0120 5600 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:57:52.0136 5600 rdbss - ok
13:57:52.0151 5600 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:52.0151 5600 rdpbus - ok
13:57:52.0167 5600 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:52.0182 5600 RDPCDD - ok
13:57:52.0214 5600 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:57:52.0229 5600 RDPDR - ok
13:57:52.0245 5600 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:57:52.0245 5600 RDPENCDD - ok
13:57:52.0260 5600 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:57:52.0260 5600 RDPREFMP - ok
13:57:52.0307 5600 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:57:52.0323 5600 RDPWD - ok
13:57:52.0338 5600 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:57:52.0370 5600 rdyboost - ok
13:57:52.0432 5600 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:57:52.0463 5600 RegSrvc - ok
13:57:52.0510 5600 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:57:52.0526 5600 RemoteAccess - ok
13:57:52.0557 5600 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:57:52.0572 5600 RemoteRegistry - ok
13:57:52.0604 5600 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:57:52.0619 5600 RFCOMM - ok
13:57:52.0650 5600 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
13:57:52.0666 5600 rimspci - ok
13:57:52.0682 5600 [ 5312F15DBEB47D906DCA2E334DC4C97D ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
13:57:52.0697 5600 risdpcie - ok
13:57:52.0713 5600 [ CF2DE2365FD99E5B8E38C9F3467DCDB8 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
13:57:52.0713 5600 rixdpcie - ok
13:57:52.0728 5600 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:57:52.0744 5600 RpcEptMapper - ok
13:57:52.0760 5600 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:57:52.0760 5600 RpcLocator - ok
13:57:52.0791 5600 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
13:57:52.0791 5600 RpcSs - ok
13:57:52.0822 5600 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:57:52.0838 5600 rspndr - ok
13:57:52.0869 5600 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
13:57:52.0884 5600 s3cap - ok
13:57:52.0884 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
13:57:52.0900 5600 SamSs - ok
13:57:52.0916 5600 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:57:52.0931 5600 sbp2port - ok
13:57:52.0962 5600 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:57:52.0978 5600 SCardSvr - ok
13:57:52.0978 5600 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:57:52.0994 5600 scfilter - ok
13:57:53.0040 5600 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
13:57:53.0118 5600 Schedule - ok
13:57:53.0134 5600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:57:53.0134 5600 SCPolicySvc - ok
13:57:53.0150 5600 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:57:53.0165 5600 SDRSVC - ok
13:57:53.0181 5600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:57:53.0181 5600 secdrv - ok
13:57:53.0196 5600 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:57:53.0196 5600 seclogon - ok
13:57:53.0306 5600 [ F6A6DBD275EC9EF7B573E48B3FD8D3DF ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
13:57:53.0384 5600 SecureStorageService - ok
13:57:53.0399 5600 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:57:53.0399 5600 SENS - ok
13:57:53.0446 5600 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:57:53.0462 5600 SensrSvc - ok
13:57:53.0493 5600 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:57:53.0508 5600 Serenum - ok
13:57:53.0508 5600 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:57:53.0524 5600 Serial - ok
13:57:53.0540 5600 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:57:53.0555 5600 sermouse - ok
13:57:53.0571 5600 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
13:57:53.0586 5600 SessionEnv - ok
13:57:53.0602 5600 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:57:53.0602 5600 sffdisk - ok
13:57:53.0602 5600 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:57:53.0618 5600 sffp_mmc - ok
13:57:53.0633 5600 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:57:53.0633 5600 sffp_sd - ok
13:57:53.0649 5600 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:53.0649 5600 sfloppy - ok
13:57:53.0711 5600 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:57:53.0742 5600 ShellHWDetection - ok
13:57:53.0789 5600 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
13:57:53.0789 5600 sisagp - ok
13:57:53.0820 5600 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:53.0836 5600 SiSRaid2 - ok
13:57:53.0852 5600 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:53.0867 5600 SiSRaid4 - ok
13:57:53.0914 5600 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:57:53.0930 5600 Smb - ok
13:57:53.0976 5600 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:57:53.0992 5600 SNMPTRAP - ok
13:57:54.0008 5600 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:57:54.0008 5600 spldr - ok
13:57:54.0054 5600 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
13:57:54.0086 5600 Spooler - ok
13:57:54.0195 5600 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
13:57:54.0273 5600 sppsvc - ok
13:57:54.0288 5600 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:57:54.0288 5600 sppuinotify - ok
13:57:54.0366 5600 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
13:57:54.0366 5600 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
13:57:54.0366 5600 sptd ( LockedFile.Multi.Generic ) - warning
13:57:54.0366 5600 sptd - detected LockedFile.Multi.Generic (1)
13:57:54.0413 5600 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:57:54.0429 5600 srv - ok
13:57:54.0444 5600 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:57:54.0460 5600 srv2 - ok
13:57:54.0476 5600 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:57:54.0491 5600 srvnet - ok
13:57:54.0507 5600 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:57:54.0522 5600 SSDPSRV - ok
13:57:54.0569 5600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:57:54.0569 5600 ssmdrv - ok
13:57:54.0585 5600 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:57:54.0600 5600 SstpSvc - ok
13:57:54.0725 5600 [ 0A8FA56553913E87AA24A6CE218B88DE ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
13:57:54.0741 5600 STacSV - ok
13:57:54.0772 5600 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
13:57:54.0788 5600 stdflt - ok
13:57:54.0819 5600 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:57:54.0834 5600 stexstor - ok
13:57:54.0850 5600 [ 2B50CFED920D4CD973ADBAAAD3FE704F ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
13:57:54.0928 5600 STHDA - ok
13:57:55.0240 5600 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:57:55.0240 5600 StillCam - ok
13:57:55.0256 5600 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
13:57:55.0302 5600 StiSvc - ok
13:57:55.0349 5600 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:57:55.0365 5600 stllssvr - ok
13:57:55.0412 5600 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:57:55.0427 5600 storflt - ok
13:57:55.0458 5600 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:57:55.0474 5600 StorSvc - ok
13:57:55.0490 5600 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
13:57:55.0505 5600 storvsc - ok
13:57:55.0521 5600 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:57:55.0521 5600 swenum - ok
13:57:55.0536 5600 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:57:55.0552 5600 swprv - ok
13:57:55.0583 5600 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
13:57:55.0614 5600 SysMain - ok
13:57:55.0630 5600 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:57:55.0646 5600 TabletInputService - ok
13:57:55.0661 5600 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
13:57:55.0677 5600 TapiSrv - ok
13:57:55.0692 5600 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:57:55.0708 5600 TBS - ok
13:57:55.0755 5600 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:57:55.0833 5600 Tcpip - ok
13:57:55.0880 5600 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:57:55.0895 5600 TCPIP6 - ok
13:57:55.0926 5600 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:57:55.0942 5600 tcpipreg - ok
13:57:56.0020 5600 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
13:57:56.0114 5600 tcsd_win32.exe - ok
13:57:56.0176 5600 [ 55FF1B851D685C928807DFA84529BE9F ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
13:57:56.0223 5600 TdmService - ok
13:57:56.0238 5600 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:57:56.0238 5600 TDPIPE - ok
13:57:56.0270 5600 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:57:56.0285 5600 TDTCP - ok
13:57:56.0301 5600 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:57:56.0316 5600 tdx - ok
13:57:56.0426 5600 [ 1A35E7079C650D9EB17B55E4FF4C0DCD ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
13:57:56.0441 5600 TeamViewer5 - ok
13:57:56.0457 5600 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:57:56.0457 5600 TermDD - ok
13:57:56.0504 5600 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
13:57:56.0566 5600 TermService - ok
13:57:56.0582 5600 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:57:56.0582 5600 Themes - ok
13:57:56.0597 5600 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:57:56.0597 5600 THREADORDER - ok
13:57:56.0613 5600 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:57:56.0628 5600 TrkWks - ok
13:57:56.0675 5600 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:57:56.0675 5600 TrustedInstaller - ok
13:57:56.0706 5600 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:56.0706 5600 tssecsrv - ok
13:57:56.0738 5600 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:57:56.0753 5600 tunnel - ok
13:57:56.0769 5600 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:57:56.0769 5600 uagp35 - ok
13:57:56.0800 5600 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:57:56.0831 5600 udfs - ok
13:57:56.0847 5600 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:57:56.0862 5600 UI0Detect - ok
13:57:56.0878 5600 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:57:56.0894 5600 uliagpkx - ok
13:57:56.0940 5600 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:57:56.0940 5600 umbus - ok
13:57:56.0956 5600 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:57:56.0972 5600 UmPass - ok
13:57:57.0003 5600 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:57:57.0034 5600 UmRdpService - ok
13:57:57.0050 5600 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:57:57.0081 5600 upnphost - ok
13:57:57.0128 5600 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:57:57.0143 5600 USBAAPL - ok
13:57:57.0174 5600 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:57.0190 5600 usbccgp - ok
13:57:57.0206 5600 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:57:57.0221 5600 usbcir - ok
13:57:57.0221 5600 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:57:57.0237 5600 usbehci - ok
13:57:57.0252 5600 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:57:57.0268 5600 usbhub - ok
13:57:57.0315 5600 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:57:57.0315 5600 usbohci - ok
13:57:57.0346 5600 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:57:57.0346 5600 usbprint - ok
13:57:57.0377 5600 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:57:57.0377 5600 usbscan - ok
13:57:57.0408 5600 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:57.0424 5600 USBSTOR - ok
13:57:57.0440 5600 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:57:57.0440 5600 usbuhci - ok
13:57:57.0471 5600 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:57:57.0486 5600 usbvideo - ok
13:57:57.0486 5600 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:57:57.0502 5600 UxSms - ok
13:57:57.0518 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
13:57:57.0518 5600 VaultSvc - ok
13:57:57.0549 5600 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:57:57.0549 5600 vdrvroot - ok
13:57:57.0564 5600 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
13:57:57.0596 5600 vds - ok
13:57:57.0596 5600 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:57.0611 5600 vga - ok
13:57:57.0611 5600 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:57:57.0627 5600 VgaSave - ok
13:57:57.0642 5600 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:57:57.0642 5600 vhdmp - ok
13:57:57.0674 5600 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
13:57:57.0689 5600 viaagp - ok
13:57:57.0689 5600 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:57:57.0705 5600 ViaC7 - ok
13:57:57.0720 5600 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:57:57.0736 5600 viaide - ok
13:57:57.0767 5600 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
13:57:57.0798 5600 vmbus - ok
13:57:57.0814 5600 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
13:57:57.0814 5600 VMBusHID - ok
13:57:57.0830 5600 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:57:57.0830 5600 volmgr - ok
13:57:57.0845 5600 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:57:57.0861 5600 volmgrx - ok
13:57:57.0908 5600 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:57:57.0923 5600 volsnap - ok
13:57:57.0970 5600 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:57.0986 5600 vsmraid - ok
13:57:58.0017 5600 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
13:57:58.0095 5600 VSS - ok
13:57:58.0110 5600 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:57:58.0110 5600 vwifibus - ok
13:57:58.0126 5600 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:57:58.0142 5600 vwififlt - ok
13:57:58.0173 5600 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:57:58.0173 5600 vwifimp - ok
13:57:58.0188 5600 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:57:58.0204 5600 W32Time - ok
13:57:58.0220 5600 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:57:58.0220 5600 WacomPen - ok
13:57:58.0251 5600 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:57:58.0266 5600 WANARP - ok
13:57:58.0266 5600 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:57:58.0266 5600 Wanarpv6 - ok
13:57:58.0360 5600 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:57:58.0469 5600 WatAdminSvc - ok
13:57:58.0516 5600 [ B5A4DC2AA19F0D4594F7897E87A10D21 ] WavxDMgr C:\Windows\system32\DRIVERS\WavxDMgr.sys
13:57:58.0532 5600 WavxDMgr - ok
13:57:58.0594 5600 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
13:57:58.0672 5600 wbengine - ok
13:57:58.0688 5600 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:57:58.0703 5600 WbioSrvc - ok
13:57:58.0719 5600 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:57:58.0734 5600 wcncsvc - ok
13:57:58.0734 5600 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:57:58.0750 5600 WcsPlugInService - ok
13:57:58.0750 5600 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:57:58.0766 5600 Wd - ok
13:57:58.0797 5600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:57:58.0859 5600 Wdf01000 - ok
13:57:58.0875 5600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:57:58.0890 5600 WdiServiceHost - ok
13:57:58.0906 5600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:57:58.0906 5600 WdiSystemHost - ok
13:57:58.0953 5600 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
13:57:58.0984 5600 WebClient - ok
13:57:58.0984 5600 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:57:59.0000 5600 Wecsvc - ok
13:57:59.0015 5600 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:57:59.0015 5600 wercplsupport - ok
13:57:59.0046 5600 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:57:59.0062 5600 WerSvc - ok
13:57:59.0078 5600 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:59.0093 5600 WfpLwf - ok
13:57:59.0109 5600 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:57:59.0109 5600 WIMMount - ok
13:57:59.0124 5600 WinHttpAutoProxySvc - ok
13:57:59.0202 5600 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:57:59.0218 5600 Winmgmt - ok
13:57:59.0265 5600 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
13:57:59.0358 5600 WinRM - ok
13:57:59.0405 5600 [ B5BA3CC19D00F2EBA92F1CFBEBB5D650 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:59.0421 5600 WinUsb - ok
13:57:59.0452 5600 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:57:59.0499 5600 Wlansvc - ok
13:57:59.0530 5600 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:57:59.0530 5600 WmiAcpi - ok
13:57:59.0546 5600 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:57:59.0561 5600 wmiApSrv - ok
13:57:59.0639 5600 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:57:59.0670 5600 WMPNetworkSvc - ok
13:57:59.0686 5600 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:57:59.0702 5600 WPCSvc - ok
13:57:59.0717 5600 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:57:59.0717 5600 WPDBusEnum - ok
13:57:59.0764 5600 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:57:59.0764 5600 ws2ifsl - ok
13:57:59.0764 5600 WSearch - ok
13:57:59.0858 5600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:57:59.0920 5600 wuauserv - ok
13:57:59.0982 5600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:57:59.0982 5600 WudfPf - ok
13:58:00.0014 5600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:58:00.0029 5600 WUDFRd - ok
13:58:00.0060 5600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:58:00.0076 5600 wudfsvc - ok
13:58:00.0092 5600 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:58:00.0107 5600 WwanSvc - ok
13:58:00.0138 5600 ================ Scan global ===============================
13:58:00.0185 5600 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
13:58:00.0232 5600 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
13:58:00.0279 5600 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
13:58:00.0326 5600 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:58:00.0341 5600 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:58:00.0372 5600 [Global] - ok
13:58:00.0372 5600 ================ Scan MBR ==================================
13:58:00.0388 5600 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:58:00.0684 5600 \Device\Harddisk0\DR0 - ok
13:58:00.0684 5600 ================ Scan VBR ==================================
13:58:00.0684 5600 [ 037901941CA83E7931AE88A56E47FE07 ] \Device\Harddisk0\DR0\Partition1
13:58:00.0684 5600 \Device\Harddisk0\DR0\Partition1 - ok
13:58:00.0700 5600 [ B38BFD6727C24498D6F7FD91EBDA2BC4 ] \Device\Harddisk0\DR0\Partition2
13:58:00.0716 5600 \Device\Harddisk0\DR0\Partition2 - ok
13:58:00.0716 5600 ============================================================
13:58:00.0716 5600 Scan finished
13:58:00.0716 5600 ============================================================
13:58:00.0731 5608 Detected object count: 1
13:58:00.0731 5608 Actual detected object count: 1
13:58:15.0520 5608 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:58:15.0520 5608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Schwoy on 16.05.2013 at 13:45:15,94.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2148369650-1481080501-3592823048-1116\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\$Recycle.Bin\S-1-5-18\$dc1d3e9f9e8d427e40f64d94cf90f8f6" not found
"C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0e7jn55h.default\extensions\qtss3wbj@fyoaa-.org" not found
"C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgblamdbnlccegnoeflgeelfkojpiae" not found
"C:\$Recycle.Bin\S-1-5-21-2148369650-1481080501-3592823048-1116\$dc1d3e9f9e8d427e40f64d94cf90f8f6\@" deleted
"C:\$Recycle.Bin\S-1-5-21-2148369650-1481080501-3592823048-1116\$dc1d3e9f9e8d427e40f64d94cf90f8f6" deleted
"C:\$Recycle.Bin\S-1-5-21-2148369650-1481080501-3592823048-1116\$dc1d3e9f9e8d427e40f64d94cf90f8f6\L" deleted
"C:\$Recycle.Bin\S-1-5-21-2148369650-1481080501-3592823048-1116\$dc1d3e9f9e8d427e40f64d94cf90f8f6\U" deleted
==== Registry Search Results for "$dc1d3e9f9e8d427e40f64d94cf90f8f6" ======================
No instances of string "$dc1d3e9f9e8d427e40f64d94cf90f8f6" found.
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\***\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-05-15 14:28:29 D0F47BFDDE810912F65E079B5956D6C7 94112 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-05-15 13:58:06 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-24 07:44:42 A8F59428E9F361C7AC42A94AC1560BC9 1210728 ----a-w- C:\Windows\System32\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Schwoy\AppData\Roaming ======
2013-05-16 09:38:34 -------- d-----w- C:\users\***\AppData\Roaming\webex
2013-05-15 15:33:50 0F728A9504EFCD674A56198A5BF5419C 61952 ----a-w- C:\users\***\AppData\Roaming\ie_util.exe
2013-05-15 13:57:23 -------- d-----w- C:\users\***\AppData\Local\Programs
2013-05-14 11:46:25 -------- d-----w- C:\users\***\AppData\Roaming\Reac
2013-05-14 11:46:25 -------- d-----w- C:\users\***\AppData\Roaming\Ibha
2013-05-14 11:46:25 -------- d-----w- C:\users\***\AppData\Roaming\Daxoqi
====== C:\Users\*** ======
2013-05-16 08:01:37 -------- d-----w- C:\ProgramData\WebEx
====== C: exe-files ==
2013-05-16 08:03:23 75E9E13757717F487CA877F5FCD2A8CC 46672 ----a-w- C:\ProgramData\WebEx\WebEx\1124\atasanot.exe
2013-05-16 08:03:18 86C397E1A562011D4276EB36BB78EF39 108112 ----a-w- C:\ProgramData\WebEx\WebEx\1124\wbxdmsupload.exe
2013-05-16 08:03:09 0E4AA434519437D9908C046A43E07DCA 212560 ----a-w- C:\ProgramData\WebEx\WebEx\1124\wbxreport.exe
2013-05-16 08:03:01 E680FF2A542DAB8D36C40CF6FF197020 516176 ----a-w- C:\ProgramData\WebEx\atcliun.exe
2013-05-16 08:02:12 3221C6CF60D6717019F1AED9284A27A4 582224 ----a-w- C:\ProgramData\WebEx\WebEx\1124\atmgr.exe
2013-05-16 08:01:34 DFE0A736D4F91BC1D9561D2C4D1BAE5F 140368 ----a-w- C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JEEEQ2A\L255a2xpbmUvMTIzODExMTAxNS8tMTIxMjgzMTUxNzsxMjEyODMxNTE3L01DLzB8MC8wNjU1ZmZjZg==_webex[1].exe
2013-05-16 08:01:31 DFE0A736D4F91BC1D9561D2C4D1BAE5F 140368 ----a-w- C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X25NI2R5\L255a2xpbmUvMTIzODExMTAxNS8tMTIxMjgzMTUxNzsxMjEyODMxNTE3L01DLzB8MC8wNjU1ZmZjZg==_webex[1].exe
2013-05-15 15:33:50 0F728A9504EFCD674A56198A5BF5419C 61952 ----a-w- C:\Users\***\AppData\Roaming\ie_util.exe
2013-05-15 15:33:50 0F728A9504EFCD674A56198A5BF5419C 61952 ----a-w- C:\Users\***\AppData\Local\Temp\tmp0c57f3a9\17.exe
2013-05-15 14:43:39 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\***\Desktop\OTL.exe
2013-05-15 13:57:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88IQ56TB\mbam-setup-1.75.0.1300[1].exe
=== C: other files ==
2013-05-16 08:01:47 CECDF65A59A3394CB47B57DF14A8219F 151 ----a-w- C:\ProgramData\WebEx\reggpc.bat
2013-05-15 13:58:06 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2148369650-1481080501-3592823048-1116\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Bouqu"="C:\Users\***\AppData\Roaming\Reac\ebqou.exe"
"IExplorer Util"="C:\Users\***\AppData\Roaming\ie_util.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"DellControlPoint"="C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe"
"USCService"="C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe"
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe"
"MFNetworkScanUtility"="C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Bouqu"="C:\Users\***\AppData\Roaming\Reac\ebqou.exe"
"IExplorer Util"="C:\Users\***\AppData\Roaming\ie_util.exe"
==== Startup Folders ======================
2010-08-16 21:50:46 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2010-08-16 21:43:38 2273 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
2010-08-16 21:48:40 2213 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 11:18]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11.10.2010 14:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undertermined Task]
==== Firefox Extensions ======================
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kld8xk1k.default
- DAEMON Tools Toolbar - %ProfilePath%\extensions\DTToolbar@toolbarnet.com
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- DVDVideoSoftTB Toolbar - %ProfilePath%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
- DVDVideoSoft Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebrxyid0.default
- Undetermined - %ProfilePath%\extensions\staged
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebrxyid0.default
E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
C1FD5EE5FD1F65CE223A5C3AE846DDF6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
C1FD5EE5FD1F65CE223A5C3AE846DDF6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
After Reboot
|
|
16.05.2013, 14:24
| #4 |
| /// Malwareteam / Visitor | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Wir machen weiter
|
|
16.05.2013, 15:59
| #5 |
| | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Supi =D Incoming Logfile: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 30-04-2013
Tool run by *** on 16.05.2013 at 16:40:37,73.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
==== Older Logs ======================
C:\zoek-results16.05.2013-1639.log 17858 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bouqu"=-
"IExplorer Util"=-
==== Deleting Files \ Folders ======================
"C:\Users\***\AppData\Local\WavXMapDrive.bat" not deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kld8xk1k.default
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- DVDVideoSoft Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebrxyid0.default
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Schwoy\AppData\Roaming\Mozilla\Firefox\Profiles\ebrxyid0.default
E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
C1FD5EE5FD1F65CE223A5C3AE846DDF6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
3509063A268A4197CF8E713BD22B0978 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
4CD43010502A7E1337D72E2AD296B239 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
C1FD5EE5FD1F65CE223A5C3AE846DDF6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{2E5477D5-EE7B-4E9F-97B1-604E9E507E08} 1und1 Suche Url="hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}"
{2FD1614C-4DA5-4A34-BE62-75EC57D3ACB7} WEB.DE Suche Url="hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}"
{4D9042FC-D1C4-4BF2-A8AB-C707A66B0E05} GMX search Url="hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E5F508BA-0E7A-4F2C-9DEE-D3771E9BA685} GMX Suche Url="hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}"
==== Empty IE Cache ======================
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\administrator.***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\***\AppData\Local\Mozilla\Firefox\Profiles\kld8xk1k.default\Cache emptied successfully
C:\users\***\AppData\Local\Mozilla\Firefox\Profiles\ebrxyid0.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\***\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\***\AppData\Local\WavXMapDrive.bat" not found
"C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
Für einen Laien ist das viel Text ohne viel Bedeutung... ^^ Grüße leemur |
|
16.05.2013, 16:38
| #6 | |
| /// Malwareteam / Visitor | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen BankZitat:
Ich lass Zoek suchen nach Ordner und Dateien die zur Infektion gehören
|
|
17.05.2013, 08:58
| #7 |
| | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Guten Morgen Smeenk, hier der nächste Log. =) Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 30-04-2013
Tool run by *** on 17.05.2013 at 9:52:53,54.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
==== Older Logs ======================
C:\zoek-results17.05.2013-0951.log 9094 bytes
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Schwoy\Desktop\CASS\zoek.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
==== Folders Found In %appdata% ======================
2012-10-11 15:34:23 d-----w- C:\Users\***\AppData\Roaming\Media Center Programs
2012-10-11 15:34:23 d-s---w- C:\Users\***\AppData\Roaming\Microsoft
2012-10-11 15:34:53 d-----w- C:\Users\***\AppData\Roaming\TeamViewer
2012-10-11 15:35:01 d-----w- C:\Users\***\AppData\Roaming\Identities
2012-10-11 15:35:20 d-----w- C:\Users\***\AppData\Roaming\Apple Computer
2012-10-11 15:35:21 d-----w- C:\Users\***\AppData\Roaming\Creative
2012-10-11 15:35:29 d-----w- C:\Users\***\AppData\Roaming\Broadcom
2012-10-11 15:35:29 d-----w- C:\Users\***\AppData\Roaming\Wave Systems Corp
2012-10-11 15:39:05 d-----w- C:\Users\***\AppData\Roaming\Intel
2012-10-11 16:06:05 d-----w- C:\Users\***\AppData\Roaming\Adobe
2012-10-11 16:38:46 d-----w- C:\Users\***\AppData\Roaming\CyberLink
2012-10-11 17:33:32 d-----w- C:\Users\***\AppData\Roaming\Google
2012-10-11 17:35:50 d-----w- C:\Users\***\AppData\Roaming\Macromedia
2012-10-12 16:12:24 d-----w- C:\Users\***\AppData\Roaming\Canon
2012-12-21 08:50:24 d-----w- C:\Users\***\AppData\Roaming\Avira
2013-02-21 14:21:49 d-----w- C:\Users\***\AppData\Roaming\Mozilla
2013-05-15 13:58:20 d-----w- C:\Users\***\AppData\Roaming\Malwarebytes
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2148369650-1481080501-3592823048-1116\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"DellControlPoint"="C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe"
"USCService"="C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe"
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe"
"MFNetworkScanUtility"="C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
==== Startup Folders ======================
2010-08-16 21:50:46 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2010-08-16 21:43:38 2273 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
2010-08-16 21:48:40 2213 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 11:18]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11.10.2010 14:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undertermined Task]
Grüße Leemur |
|
17.05.2013, 10:40
| #8 |
| /// Malwareteam / Visitor | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Es sieht eigentlich sehr gut aus  Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Erzähle mir auch ob Du momentan noch Probleme bemerkst ? |
|
17.05.2013, 14:37
| #9 |
| | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Also so bemerke ich keine Probleme weiter. Allerdings muss ich auch dazu sagen das ich das mit dem Onlinebanking erst wieder Testen kann, wenn ich meine neuen Nummern zugesand bekommen habe. Ich danke dir aber auf jedenfall schonmal hier für deine Intensive Hilfe. Es ist nicht umbedingt selbstverständlich das einem so geholfen wirrd =) Anbei nun noch die Logs. AdwCleanerS1 Code:
ATTFilter # AdwCleaner v2.301 - Datei am 17/05/2013 um 14:44:29 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional (32 bits)
# Benutzer : schwoy - PCGNBMS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\CASS\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.17267
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ebrxyid0.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kld8xk1k.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1198 octets] - [17/05/2013 14:44:29]
########## EOF - C:\AdwCleaner[S1].txt - [1258 octets] ##########
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 8.0.7600.16385
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3680346112, free: 2480623616
------------ Kernel report ------------
05/17/2013 14:50:10
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sppv.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdpe86.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\b57nd60x.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\System32\Drivers\ajrz6l15.SYS
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\odysseyIM3.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\WavxDMgr.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Program Files\DAEMON Tools Lite\Engine.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff888b9598
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8878ec00
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff883d6030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff867e2028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.17.04
Downloaded database version: v2013.05.14.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff883d6030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883d51d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883d6030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff883d5530, DeviceName: Unknown, DriverName: \Driver\stdflt\
DevicePointer: 0xffffffff868339b8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff867e2028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb65940a0, 0xffffffff883d6030, 0xffffffff8621e3d8
Lower DeviceData: 0xffffffffb7047130, 0xffffffff867e2028, 0xffffffff86158cf0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80E7D225
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457593200
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff888b9598, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff888da020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff888b9598, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8878ec00, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb7c71478, 0xffffffff888b9598, 0xffffffff86222440
Lower DeviceData: 0xffffffffb6541ac0, 0xffffffff8878ec00, 0xffffffff8610aab8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5EDEED
Partition information:
Partition 0 type is Other (0xe)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 997568
Partition file system is FAT
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 510787072 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 8.0.7600.16385
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3680346112, free: 2786340864
Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 8.0.7600.16385
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3680346112, free: 2626117632
------------ Kernel report ------------
05/17/2013 15:09:36
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spju.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdpe86.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\b57nd60x.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\System32\Drivers\a46496mc.SYS
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\odysseyIM3.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\WavxDMgr.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Program Files\DAEMON Tools Lite\Engine.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a648ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xffffffff8a3eb498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff883d0030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff867e1028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff883d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883d0d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff883cf700, DeviceName: Unknown, DriverName: \Driver\stdflt\
DevicePointer: 0xffffffff868789b8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff867e1028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb7d63828, 0xffffffff883d0030, 0xffffffff85c1e4b0
Lower DeviceData: 0xffffffffb814b048, 0xffffffff867e1028, 0xffffffff85d90d18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80E7D225
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457593200
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a648ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3528b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a648ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3eb498, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb3f00cc8, 0xffffffff8a648ac8, 0xffffffff85c41048
Lower DeviceData: 0xffffffffb2690c70, 0xffffffff8a3eb498, 0xffffffff8842c4a8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5EDEED
Partition information:
Partition 0 type is Other (0xe)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 997568
Partition file system is FAT
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 510787072 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.04
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: *** [administrator]
17.05.2013 15:05:28
mbar-log-2013-05-17 (15-05-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28407
Time elapsed: 13 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.04
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: *** [administrator]
17.05.2013 15:25:05
mbar-log-2013-05-17 (15-25-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28407
Time elapsed: 15 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Leemur |
|
17.05.2013, 15:00
| #10 |
| /// Malwareteam / Visitor | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Es sieht gut aus Downloade Dir bitte  SecurityCheck und:
|
|
17.05.2013, 15:20
| #11 |
| | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Hier nun der Security Check Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` leemur |
|
17.05.2013, 15:33
| #12 |
| /// Malwareteam / Visitor | Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank Veraltete Software ist eine Sicherheitsrisiko, hier gibt es noch einiges zu tun  Windows 7 und Windows Server 2008 R2 Service Pack 1 (KB976932) aus dem Microsoft Download Center herunterladen. Firefox auf die letzte Version aktualisieren | Hilfe zu Firefox Adobe - Adobe Reader herunterladen - Alle Versionen Wenn Du alles abgearbeitet hast eine neue SecurityCheck-Log erstellen. Poste mir bitte diese Log |
|
| Themen zu Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank |
| arbeiten, aufsetzen, bild, browser, daten, deutsche, ebanking, erlaubt, gestern, guten, klicke, kunde, kundendaten, morgen, neuer, nichts, nummern, onlinebanking, problem, prozess, ratlos, recht, scan, stelle, system, system neu, tan, versuche, ändern |
Linear-Darstellung
