| |
| |||||||
Log-Analyse und Auswertung: "nero.bat"-Fenster bei jedem StartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2013, 14:01
| #1 |
 |  "nero.bat"-Fenster bei jedem Start Hallo, ich habe das Problem, dass sich bei jedem Start meines PCs ein Fenster mit dem Titel "nero.bat" öffnet und eine ganze Menge Dateien aufgeführt werden, mit dem Zusatz "Zugriff verweigert". Die Scans mit OTL und GMER habe ich gemacht, allerdings hat OTL bei mir nur die OTL.txt-Datei ausgespuckt, keine Extras.txt. |
|
03.06.2013, 14:13
| #2 |
| /// Malware-holic   | "nero.bat"-Fenster bei jedem Start Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nero.bat.lnk = C:\Windows\SysWOW64\nero.bat ()
:files
C:\Windows\SysWOW64\nero.bat
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
03.06.2013, 14:33
| #3 |
| | "nero.bat"-Fenster bei jedem Start Danke für die schnelle Antwort!
__________________Der Upload müsste geklappt haben. |
|
03.06.2013, 14:38
| #4 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start passt. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 14:48
| #5 |
| | "nero.bat"-Fenster bei jedem Start Hier der Inhalt der Logfile: Code:
ATTFilter 15:42:23.0389 2088 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:42:25.0391 2088 ============================================================
15:42:25.0391 2088 Current date / time: 2013/06/03 15:42:25.0391
15:42:25.0392 2088 SystemInfo:
15:42:25.0392 2088
15:42:25.0392 2088 OS Version: 6.1.7601 ServicePack: 1.0
15:42:25.0392 2088 Product type: Workstation
15:42:25.0392 2088 ComputerName: ALEX-HP
15:42:25.0393 2088 UserName: Alex
15:42:25.0393 2088 Windows directory: C:\Windows
15:42:25.0393 2088 System windows directory: C:\Windows
15:42:25.0393 2088 Running under WOW64
15:42:25.0393 2088 Processor architecture: Intel x64
15:42:25.0393 2088 Number of processors: 4
15:42:25.0393 2088 Page size: 0x1000
15:42:25.0393 2088 Boot type: Normal boot
15:42:25.0393 2088 ============================================================
15:42:25.0868 2088 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:25.0874 2088 ============================================================
15:42:25.0874 2088 \Device\Harddisk0\DR0:
15:42:25.0874 2088 MBR partitions:
15:42:25.0874 2088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:42:25.0874 2088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37AAE000
15:42:25.0874 2088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37B12000, BlocksNum 0x2084000
15:42:25.0874 2088 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
15:42:25.0874 2088 ============================================================
15:42:25.0939 2088 C: <-> \Device\Harddisk0\DR0\Partition2
15:42:26.0067 2088 D: <-> \Device\Harddisk0\DR0\Partition3
15:42:26.0151 2088 E: <-> \Device\Harddisk0\DR0\Partition4
15:42:26.0151 2088 ============================================================
15:42:26.0151 2088 Initialize success
15:42:26.0151 2088 ============================================================
15:44:48.0193 3300 ============================================================
15:44:48.0193 3300 Scan started
15:44:48.0193 3300 Mode: Manual; SigCheck; TDLFS;
15:44:48.0193 3300 ============================================================
15:44:48.0521 3300 ================ Scan system memory ========================
15:44:48.0521 3300 System memory - ok
15:44:48.0521 3300 ================ Scan services =============================
15:44:48.0724 3300 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:44:48.0817 3300 1394ohci - ok
15:44:48.0864 3300 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:44:48.0895 3300 ACPI - ok
15:44:48.0926 3300 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:44:48.0973 3300 AcpiPmi - ok
15:44:49.0160 3300 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:44:49.0192 3300 AdobeARMservice - ok
15:44:49.0332 3300 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:49.0363 3300 AdobeFlashPlayerUpdateSvc - ok
15:44:49.0410 3300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:44:49.0457 3300 adp94xx - ok
15:44:49.0504 3300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:44:49.0535 3300 adpahci - ok
15:44:49.0566 3300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:44:49.0582 3300 adpu320 - ok
15:44:49.0613 3300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:44:49.0644 3300 AeLookupSvc - ok
15:44:49.0691 3300 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:44:49.0722 3300 AFD - ok
15:44:49.0753 3300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:44:49.0769 3300 agp440 - ok
15:44:49.0800 3300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:44:49.0847 3300 ALG - ok
15:44:49.0909 3300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:44:49.0925 3300 aliide - ok
15:44:49.0956 3300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:44:49.0972 3300 amdide - ok
15:44:49.0987 3300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:44:50.0018 3300 AmdK8 - ok
15:44:50.0050 3300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:44:50.0096 3300 AmdPPM - ok
15:44:50.0143 3300 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:44:50.0174 3300 amdsata - ok
15:44:50.0206 3300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:44:50.0221 3300 amdsbs - ok
15:44:50.0237 3300 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:44:50.0252 3300 amdxata - ok
15:44:50.0268 3300 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:44:50.0330 3300 AppID - ok
15:44:50.0346 3300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:44:50.0440 3300 AppIDSvc - ok
15:44:50.0486 3300 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:44:50.0533 3300 Appinfo - ok
15:44:50.0580 3300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:44:50.0596 3300 arc - ok
15:44:50.0611 3300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:44:50.0627 3300 arcsas - ok
15:44:50.0658 3300 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:44:50.0689 3300 aswFsBlk - ok
15:44:50.0736 3300 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:44:50.0798 3300 aswMonFlt - ok
15:44:50.0798 3300 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:44:50.0830 3300 aswRdr - ok
15:44:50.0876 3300 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:44:50.0939 3300 aswRvrt - ok
15:44:50.0970 3300 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:44:51.0032 3300 aswSnx - ok
15:44:51.0064 3300 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:44:51.0110 3300 aswSP - ok
15:44:51.0126 3300 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:44:51.0157 3300 aswTdi - ok
15:44:51.0204 3300 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:44:51.0251 3300 aswVmm - ok
15:44:51.0282 3300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:51.0360 3300 AsyncMac - ok
15:44:51.0407 3300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:44:51.0422 3300 atapi - ok
15:44:51.0485 3300 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:44:51.0532 3300 atksgt - ok
15:44:51.0578 3300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:51.0641 3300 AudioEndpointBuilder - ok
15:44:51.0641 3300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:44:51.0672 3300 AudioSrv - ok
15:44:51.0766 3300 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:44:51.0828 3300 avast! Antivirus - ok
15:44:51.0859 3300 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:44:51.0906 3300 AxInstSV - ok
15:44:51.0953 3300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:44:52.0015 3300 b06bdrv - ok
15:44:52.0062 3300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:44:52.0109 3300 b57nd60a - ok
15:44:52.0187 3300 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:44:52.0265 3300 BCM43XX - ok
15:44:52.0296 3300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:44:52.0312 3300 BDESVC - ok
15:44:52.0327 3300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:44:52.0374 3300 Beep - ok
15:44:52.0437 3300 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:44:52.0499 3300 BFE - ok
15:44:52.0546 3300 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:44:52.0593 3300 BITS - ok
15:44:52.0639 3300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:44:52.0671 3300 blbdrive - ok
15:44:52.0717 3300 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:44:52.0749 3300 bowser - ok
15:44:52.0780 3300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:44:52.0827 3300 BrFiltLo - ok
15:44:52.0842 3300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:44:52.0873 3300 BrFiltUp - ok
15:44:52.0936 3300 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:44:52.0983 3300 Browser - ok
15:44:53.0014 3300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:44:53.0061 3300 Brserid - ok
15:44:53.0076 3300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:53.0107 3300 BrSerWdm - ok
15:44:53.0123 3300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:53.0170 3300 BrUsbMdm - ok
15:44:53.0201 3300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:53.0232 3300 BrUsbSer - ok
15:44:53.0248 3300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:44:53.0279 3300 BTHMODEM - ok
15:44:53.0326 3300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:44:53.0373 3300 bthserv - ok
15:44:53.0404 3300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:44:53.0435 3300 cdfs - ok
15:44:53.0482 3300 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:44:53.0529 3300 cdrom - ok
15:44:53.0560 3300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:44:53.0607 3300 CertPropSvc - ok
15:44:53.0638 3300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:44:53.0653 3300 circlass - ok
15:44:53.0685 3300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:44:53.0685 3300 CLFS - ok
15:44:53.0778 3300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:53.0809 3300 clr_optimization_v2.0.50727_32 - ok
15:44:53.0856 3300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:53.0872 3300 clr_optimization_v2.0.50727_64 - ok
15:44:53.0950 3300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:53.0981 3300 clr_optimization_v4.0.30319_32 - ok
15:44:54.0012 3300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:54.0028 3300 clr_optimization_v4.0.30319_64 - ok
15:44:54.0059 3300 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
15:44:54.0090 3300 clwvd - ok
15:44:54.0106 3300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:44:54.0137 3300 CmBatt - ok
15:44:54.0153 3300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:44:54.0153 3300 cmdide - ok
15:44:54.0215 3300 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:44:54.0246 3300 CNG - ok
15:44:54.0293 3300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:44:54.0324 3300 Compbatt - ok
15:44:54.0371 3300 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:44:54.0418 3300 CompositeBus - ok
15:44:54.0433 3300 COMSysApp - ok
15:44:54.0465 3300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:44:54.0480 3300 crcdisk - ok
15:44:54.0511 3300 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:44:54.0543 3300 CryptSvc - ok
15:44:54.0636 3300 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:44:54.0667 3300 cvhsvc - ok
15:44:54.0714 3300 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
15:44:54.0777 3300 CVirtA - ok
15:44:54.0870 3300 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:44:54.0917 3300 CVPND - ok
15:44:54.0995 3300 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:44:55.0042 3300 CVPNDRVA - ok
15:44:55.0089 3300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:44:55.0167 3300 DcomLaunch - ok
15:44:55.0198 3300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:44:55.0245 3300 defragsvc - ok
15:44:55.0276 3300 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:44:55.0369 3300 DfsC - ok
15:44:55.0401 3300 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:44:55.0447 3300 Dhcp - ok
15:44:55.0479 3300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:44:55.0525 3300 discache - ok
15:44:55.0572 3300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:44:55.0572 3300 Disk - ok
15:44:55.0635 3300 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
15:44:55.0650 3300 DNE - ok
15:44:55.0697 3300 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:44:55.0728 3300 Dnscache - ok
15:44:55.0775 3300 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:44:55.0822 3300 dot3svc - ok
15:44:55.0853 3300 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:44:55.0884 3300 DPS - ok
15:44:55.0931 3300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:44:55.0978 3300 drmkaud - ok
15:44:56.0025 3300 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:44:56.0056 3300 dtsoftbus01 - ok
15:44:56.0118 3300 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:44:56.0165 3300 DXGKrnl - ok
15:44:56.0181 3300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:44:56.0212 3300 EapHost - ok
15:44:56.0305 3300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:44:56.0352 3300 ebdrv - ok
15:44:56.0383 3300 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:44:56.0446 3300 EFS - ok
15:44:56.0508 3300 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:44:56.0555 3300 ehRecvr - ok
15:44:56.0571 3300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:44:56.0602 3300 ehSched - ok
15:44:56.0633 3300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:44:56.0664 3300 elxstor - ok
15:44:56.0680 3300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:44:56.0711 3300 ErrDev - ok
15:44:56.0742 3300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:44:56.0789 3300 EventSystem - ok
15:44:56.0820 3300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:44:56.0851 3300 exfat - ok
15:44:56.0867 3300 ezSharedSvc - ok
15:44:56.0883 3300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:44:56.0914 3300 fastfat - ok
15:44:56.0961 3300 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:44:56.0992 3300 Fax - ok
15:44:57.0023 3300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:44:57.0054 3300 fdc - ok
15:44:57.0085 3300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:44:57.0117 3300 fdPHost - ok
15:44:57.0117 3300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:44:57.0163 3300 FDResPub - ok
15:44:57.0179 3300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:44:57.0195 3300 FileInfo - ok
15:44:57.0210 3300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:44:57.0257 3300 Filetrace - ok
15:44:57.0288 3300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:44:57.0288 3300 flpydisk - ok
15:44:57.0304 3300 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:44:57.0319 3300 FltMgr - ok
15:44:57.0397 3300 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:44:57.0460 3300 FontCache - ok
15:44:57.0507 3300 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:57.0522 3300 FontCache3.0.0.0 - ok
15:44:57.0600 3300 [ 26065327BB2AA358140381FC76520908 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:44:57.0631 3300 FPLService - ok
15:44:57.0631 3300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:44:57.0647 3300 FsDepends - ok
15:44:57.0663 3300 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:44:57.0663 3300 Fs_Rec - ok
15:44:57.0709 3300 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:44:57.0725 3300 fvevol - ok
15:44:57.0741 3300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:44:57.0756 3300 gagp30kx - ok
15:44:57.0787 3300 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:44:57.0819 3300 gpsvc - ok
15:44:57.0881 3300 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:57.0912 3300 gupdate - ok
15:44:57.0928 3300 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:57.0943 3300 gupdatem - ok
15:44:57.0975 3300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:44:58.0021 3300 hcw85cir - ok
15:44:58.0053 3300 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:58.0099 3300 HdAudAddService - ok
15:44:58.0131 3300 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:58.0162 3300 HDAudBus - ok
15:44:58.0177 3300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:44:58.0209 3300 HidBatt - ok
15:44:58.0240 3300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:44:58.0302 3300 HidBth - ok
15:44:58.0333 3300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:44:58.0365 3300 HidIr - ok
15:44:58.0396 3300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:44:58.0458 3300 hidserv - ok
15:44:58.0489 3300 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:44:58.0505 3300 HidUsb - ok
15:44:58.0521 3300 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:44:58.0567 3300 hkmsvc - ok
15:44:58.0599 3300 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:44:58.0661 3300 HomeGroupListener - ok
15:44:58.0692 3300 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:44:58.0723 3300 HomeGroupProvider - ok
15:44:58.0786 3300 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:44:58.0801 3300 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:44:58.0801 3300 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:44:58.0864 3300 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:44:58.0911 3300 HPClientSvc - ok
15:44:58.0957 3300 [ 9BFDA0BC109EB6D16F2CB862BB85E28C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:44:58.0989 3300 HPDrvMntSvc.exe - ok
15:44:59.0051 3300 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:44:59.0098 3300 hpqwmiex - ok
15:44:59.0145 3300 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:44:59.0160 3300 HpSAMD - ok
15:44:59.0223 3300 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:44:59.0238 3300 HPWMISVC - ok
15:44:59.0269 3300 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:44:59.0332 3300 HTTP - ok
15:44:59.0347 3300 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:44:59.0379 3300 hwpolicy - ok
15:44:59.0410 3300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:59.0425 3300 i8042prt - ok
15:44:59.0472 3300 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:44:59.0503 3300 iaStor - ok
15:44:59.0566 3300 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:44:59.0613 3300 IAStorDataMgrSvc - ok
15:44:59.0659 3300 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:44:59.0675 3300 iaStorV - ok
15:44:59.0800 3300 [ D22D82D74FD1B6C77E7556DBDC3EA9D2 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:44:59.0862 3300 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
15:44:59.0862 3300 IconMan_R - detected UnsignedFile.Multi.Generic (1)
15:44:59.0909 3300 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:59.0956 3300 idsvc - ok
15:45:00.0268 3300 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:45:00.0595 3300 igfx - ok
15:45:00.0627 3300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:45:00.0642 3300 iirsp - ok
15:45:00.0705 3300 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:45:00.0783 3300 IKEEXT - ok
15:45:00.0829 3300 [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
15:45:00.0861 3300 InputFilter_Hid_FlexDef2b - ok
15:45:00.0892 3300 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:45:00.0939 3300 IntcDAud - ok
15:45:00.0970 3300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:45:01.0001 3300 intelide - ok
15:45:01.0017 3300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:45:01.0048 3300 intelppm - ok
15:45:01.0095 3300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:45:01.0157 3300 IPBusEnum - ok
15:45:01.0173 3300 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:45:01.0204 3300 IpFilterDriver - ok
15:45:01.0251 3300 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:45:01.0282 3300 iphlpsvc - ok
15:45:01.0297 3300 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:45:01.0329 3300 IPMIDRV - ok
15:45:01.0360 3300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:45:01.0422 3300 IPNAT - ok
15:45:01.0438 3300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:45:01.0453 3300 IRENUM - ok
15:45:01.0469 3300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:45:01.0485 3300 isapnp - ok
15:45:01.0516 3300 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:45:01.0516 3300 iScsiPrt - ok
15:45:01.0563 3300 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:45:01.0609 3300 jhi_service - ok
15:45:01.0641 3300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:45:01.0641 3300 kbdclass - ok
15:45:01.0672 3300 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:45:01.0719 3300 kbdhid - ok
15:45:01.0750 3300 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:45:01.0765 3300 KeyIso - ok
15:45:01.0781 3300 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:45:01.0797 3300 KSecDD - ok
15:45:01.0812 3300 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:45:01.0828 3300 KSecPkg - ok
15:45:01.0859 3300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:45:01.0953 3300 ksthunk - ok
15:45:01.0984 3300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:45:02.0046 3300 KtmRm - ok
15:45:02.0077 3300 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:45:02.0124 3300 LanmanServer - ok
15:45:02.0155 3300 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:45:02.0187 3300 LanmanWorkstation - ok
15:45:02.0218 3300 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:45:02.0249 3300 lirsgt - ok
15:45:02.0265 3300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:45:02.0343 3300 lltdio - ok
15:45:02.0374 3300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:45:02.0421 3300 lltdsvc - ok
15:45:02.0421 3300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:45:02.0467 3300 lmhosts - ok
15:45:02.0499 3300 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:45:02.0530 3300 LMS - ok
15:45:02.0577 3300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:45:02.0608 3300 LSI_FC - ok
15:45:02.0623 3300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:45:02.0639 3300 LSI_SAS - ok
15:45:02.0655 3300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:45:02.0670 3300 LSI_SAS2 - ok
15:45:02.0686 3300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:45:02.0701 3300 LSI_SCSI - ok
15:45:02.0733 3300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:45:02.0764 3300 luafv - ok
15:45:02.0811 3300 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:45:02.0842 3300 Mcx2Svc - ok
15:45:02.0857 3300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:45:02.0873 3300 megasas - ok
15:45:02.0904 3300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:45:02.0904 3300 MegaSR - ok
15:45:02.0935 3300 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:45:02.0967 3300 MEIx64 - ok
15:45:02.0982 3300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:45:03.0029 3300 MMCSS - ok
15:45:03.0045 3300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:45:03.0091 3300 Modem - ok
15:45:03.0091 3300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:45:03.0123 3300 monitor - ok
15:45:03.0154 3300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:45:03.0154 3300 mouclass - ok
15:45:03.0185 3300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:45:03.0201 3300 mouhid - ok
15:45:03.0216 3300 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:45:03.0232 3300 mountmgr - ok
15:45:03.0247 3300 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:45:03.0263 3300 mpio - ok
15:45:03.0310 3300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:45:03.0341 3300 mpsdrv - ok
15:45:03.0372 3300 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:45:03.0419 3300 MpsSvc - ok
15:45:03.0435 3300 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:45:03.0466 3300 MRxDAV - ok
15:45:03.0497 3300 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:45:03.0528 3300 mrxsmb - ok
15:45:03.0559 3300 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:45:03.0575 3300 mrxsmb10 - ok
15:45:03.0591 3300 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:45:03.0606 3300 mrxsmb20 - ok
15:45:03.0622 3300 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:45:03.0637 3300 msahci - ok
15:45:03.0653 3300 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:45:03.0669 3300 msdsm - ok
15:45:03.0684 3300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:45:03.0700 3300 MSDTC - ok
15:45:03.0731 3300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:45:03.0793 3300 Msfs - ok
15:45:03.0809 3300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:45:03.0856 3300 mshidkmdf - ok
15:45:03.0887 3300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:45:03.0887 3300 msisadrv - ok
15:45:03.0918 3300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:45:03.0965 3300 MSiSCSI - ok
15:45:03.0981 3300 msiserver - ok
15:45:03.0996 3300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:45:04.0074 3300 MSKSSRV - ok
15:45:04.0090 3300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:45:04.0168 3300 MSPCLOCK - ok
15:45:04.0168 3300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:45:04.0215 3300 MSPQM - ok
15:45:04.0230 3300 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:45:04.0246 3300 MsRPC - ok
15:45:04.0277 3300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:45:04.0293 3300 mssmbios - ok
15:45:04.0324 3300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:45:04.0402 3300 MSTEE - ok
15:45:04.0417 3300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:45:04.0417 3300 MTConfig - ok
15:45:04.0433 3300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:45:04.0449 3300 Mup - ok
15:45:04.0464 3300 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:45:04.0511 3300 napagent - ok
15:45:04.0542 3300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:45:04.0620 3300 NativeWifiP - ok
15:45:04.0667 3300 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:45:04.0698 3300 NDIS - ok
15:45:04.0729 3300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:45:04.0792 3300 NdisCap - ok
15:45:04.0807 3300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:45:04.0854 3300 NdisTapi - ok
15:45:04.0854 3300 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:45:04.0901 3300 Ndisuio - ok
15:45:04.0932 3300 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:45:05.0010 3300 NdisWan - ok
15:45:05.0026 3300 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:45:05.0057 3300 NDProxy - ok
15:45:05.0104 3300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:45:05.0182 3300 NetBIOS - ok
15:45:05.0197 3300 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:45:05.0229 3300 NetBT - ok
15:45:05.0260 3300 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:45:05.0275 3300 Netlogon - ok
15:45:05.0307 3300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:45:05.0369 3300 Netman - ok
15:45:05.0400 3300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:45:05.0447 3300 netprofm - ok
15:45:05.0541 3300 [ 31609B481CC202BFB441E37FEBCDEA05 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:45:05.0587 3300 netr28x - ok
15:45:05.0603 3300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:45:05.0619 3300 NetTcpPortSharing - ok
15:45:05.0634 3300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:45:05.0650 3300 nfrd960 - ok
15:45:05.0697 3300 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:45:05.0743 3300 NlaSvc - ok
15:45:05.0775 3300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:45:05.0837 3300 Npfs - ok
15:45:05.0853 3300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:45:05.0884 3300 nsi - ok
15:45:05.0899 3300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:45:05.0931 3300 nsiproxy - ok
15:45:06.0009 3300 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:45:06.0055 3300 Ntfs - ok
15:45:06.0071 3300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:45:06.0102 3300 Null - ok
15:45:06.0133 3300 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
15:45:06.0165 3300 NVENETFD - ok
15:45:06.0196 3300 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:45:06.0243 3300 nvraid - ok
15:45:06.0258 3300 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:45:06.0274 3300 nvstor - ok
15:45:06.0305 3300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:45:06.0321 3300 nv_agp - ok
15:45:06.0352 3300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:45:06.0383 3300 ohci1394 - ok
15:45:06.0414 3300 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:45:06.0430 3300 ose - ok
15:45:06.0633 3300 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:45:06.0773 3300 osppsvc - ok
15:45:06.0804 3300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:45:06.0835 3300 p2pimsvc - ok
15:45:06.0851 3300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:45:06.0867 3300 p2psvc - ok
15:45:06.0882 3300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:45:06.0913 3300 Parport - ok
15:45:06.0945 3300 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:45:06.0945 3300 partmgr - ok
15:45:06.0976 3300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:45:07.0007 3300 PcaSvc - ok
15:45:07.0023 3300 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:45:07.0038 3300 pci - ok
15:45:07.0054 3300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:45:07.0054 3300 pciide - ok
15:45:07.0085 3300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:45:07.0101 3300 pcmcia - ok
15:45:07.0101 3300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:45:07.0116 3300 pcw - ok
15:45:07.0132 3300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:45:07.0179 3300 PEAUTH - ok
15:45:07.0257 3300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:45:07.0303 3300 PerfHost - ok
15:45:07.0366 3300 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:45:07.0444 3300 pla - ok
15:45:07.0491 3300 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:45:07.0537 3300 PlugPlay - ok
15:45:07.0553 3300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:45:07.0584 3300 PNRPAutoReg - ok
15:45:07.0600 3300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:45:07.0615 3300 PNRPsvc - ok
15:45:07.0647 3300 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:45:07.0693 3300 PolicyAgent - ok
15:45:07.0709 3300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:45:07.0756 3300 Power - ok
15:45:07.0787 3300 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:45:07.0818 3300 PptpMiniport - ok
15:45:07.0849 3300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:45:07.0896 3300 Processor - ok
15:45:07.0912 3300 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:45:07.0943 3300 ProfSvc - ok
15:45:07.0943 3300 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:45:07.0959 3300 ProtectedStorage - ok
15:45:07.0990 3300 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:45:08.0037 3300 Psched - ok
15:45:08.0083 3300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:45:08.0115 3300 ql2300 - ok
15:45:08.0146 3300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:45:08.0146 3300 ql40xx - ok
15:45:08.0177 3300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:45:08.0193 3300 QWAVE - ok
15:45:08.0193 3300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:45:08.0224 3300 QWAVEdrv - ok
15:45:08.0239 3300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:45:08.0271 3300 RasAcd - ok
15:45:08.0302 3300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:45:08.0364 3300 RasAgileVpn - ok
15:45:08.0395 3300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:45:08.0458 3300 RasAuto - ok
15:45:08.0473 3300 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:45:08.0505 3300 Rasl2tp - ok
15:45:08.0551 3300 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:45:08.0614 3300 RasMan - ok
15:45:08.0629 3300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:45:08.0676 3300 RasPppoe - ok
15:45:08.0692 3300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:45:08.0723 3300 RasSstp - ok
15:45:08.0754 3300 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:45:08.0785 3300 rdbss - ok
15:45:08.0801 3300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:45:08.0817 3300 rdpbus - ok
15:45:08.0832 3300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:45:08.0863 3300 RDPCDD - ok
15:45:08.0879 3300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:45:08.0926 3300 RDPENCDD - ok
15:45:08.0957 3300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:45:08.0973 3300 RDPREFMP - ok
15:45:08.0988 3300 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:45:09.0004 3300 RDPWD - ok
15:45:09.0035 3300 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:45:09.0051 3300 rdyboost - ok
15:45:09.0066 3300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:45:09.0113 3300 RemoteAccess - ok
15:45:09.0144 3300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:45:09.0191 3300 RemoteRegistry - ok
15:45:09.0191 3300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:45:09.0238 3300 RpcEptMapper - ok
15:45:09.0269 3300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:45:09.0285 3300 RpcLocator - ok
15:45:09.0347 3300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:45:09.0409 3300 RpcSs - ok
15:45:09.0441 3300 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
15:45:09.0472 3300 RSPCIESTOR - ok
15:45:09.0519 3300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:45:09.0581 3300 rspndr - ok
15:45:09.0643 3300 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:45:09.0706 3300 RTL8167 - ok
15:45:09.0721 3300 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:45:09.0737 3300 SamSs - ok
15:45:09.0784 3300 SANDRA - ok
15:45:09.0799 3300 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:45:09.0815 3300 sbp2port - ok
15:45:09.0846 3300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:45:09.0924 3300 SCardSvr - ok
15:45:09.0940 3300 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:45:09.0987 3300 scfilter - ok
15:45:10.0018 3300 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:45:10.0065 3300 Schedule - ok
15:45:10.0096 3300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:45:10.0127 3300 SCPolicySvc - ok
15:45:10.0158 3300 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:45:10.0189 3300 sdbus - ok
15:45:10.0221 3300 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:45:10.0252 3300 SDRSVC - ok
15:45:10.0283 3300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:45:10.0330 3300 secdrv - ok
15:45:10.0345 3300 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:45:10.0377 3300 seclogon - ok
15:45:10.0408 3300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:45:10.0439 3300 SENS - ok
15:45:10.0470 3300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:45:10.0501 3300 SensrSvc - ok
15:45:10.0533 3300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:45:10.0564 3300 Serenum - ok
15:45:10.0595 3300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:45:10.0626 3300 Serial - ok
15:45:10.0657 3300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:45:10.0673 3300 sermouse - ok
15:45:10.0704 3300 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:45:10.0735 3300 SessionEnv - ok
15:45:10.0751 3300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:45:10.0767 3300 sffdisk - ok
15:45:10.0798 3300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:45:10.0813 3300 sffp_mmc - ok
15:45:10.0829 3300 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:45:10.0860 3300 sffp_sd - ok
15:45:10.0876 3300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:45:10.0891 3300 sfloppy - ok
15:45:10.0938 3300 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:45:10.0954 3300 Sftfs - ok
15:45:11.0001 3300 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:45:11.0032 3300 sftlist - ok
15:45:11.0047 3300 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:45:11.0063 3300 Sftplay - ok
15:45:11.0079 3300 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:45:11.0094 3300 Sftredir - ok
15:45:11.0110 3300 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:45:11.0110 3300 Sftvol - ok
15:45:11.0125 3300 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:45:11.0141 3300 sftvsa - ok
15:45:11.0188 3300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:45:11.0250 3300 SharedAccess - ok
15:45:11.0281 3300 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:45:11.0328 3300 ShellHWDetection - ok
15:45:11.0359 3300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:45:11.0391 3300 SiSRaid2 - ok
15:45:11.0422 3300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:45:11.0453 3300 SiSRaid4 - ok
15:45:11.0484 3300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:45:11.0531 3300 Smb - ok
15:45:11.0578 3300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:45:11.0593 3300 SNMPTRAP - ok
15:45:11.0625 3300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:45:11.0625 3300 spldr - ok
15:45:11.0671 3300 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:45:11.0703 3300 Spooler - ok
15:45:11.0812 3300 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:45:11.0890 3300 sppsvc - ok
15:45:11.0921 3300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:45:11.0983 3300 sppuinotify - ok
15:45:12.0015 3300 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:45:12.0046 3300 srv - ok
15:45:12.0061 3300 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:45:12.0093 3300 srv2 - ok
15:45:12.0139 3300 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:45:12.0155 3300 SrvHsfHDA - ok
15:45:12.0186 3300 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:45:12.0233 3300 SrvHsfV92 - ok
15:45:12.0249 3300 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:45:12.0280 3300 SrvHsfWinac - ok
15:45:12.0295 3300 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:45:12.0311 3300 srvnet - ok
15:45:12.0342 3300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:45:12.0373 3300 SSDPSRV - ok
15:45:12.0405 3300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:45:12.0420 3300 SstpSvc - ok
15:45:12.0483 3300 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:45:12.0529 3300 STacSV - ok
15:45:12.0545 3300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:45:12.0576 3300 stexstor - ok
15:45:12.0607 3300 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:45:12.0654 3300 STHDA - ok
15:45:12.0685 3300 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:45:12.0732 3300 stisvc - ok
15:45:12.0748 3300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:45:12.0763 3300 swenum - ok
15:45:12.0795 3300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:45:12.0873 3300 swprv - ok
15:45:12.0935 3300 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:45:12.0997 3300 SynTP - ok
15:45:13.0060 3300 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:45:13.0122 3300 SysMain - ok
15:45:13.0138 3300 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:45:13.0169 3300 TabletInputService - ok
15:45:13.0200 3300 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:45:13.0263 3300 TapiSrv - ok
15:45:13.0278 3300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:45:13.0309 3300 TBS - ok
15:45:13.0387 3300 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:45:13.0450 3300 Tcpip - ok
15:45:13.0465 3300 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:45:13.0497 3300 TCPIP6 - ok
15:45:13.0528 3300 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:45:13.0543 3300 tcpipreg - ok
15:45:13.0575 3300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:45:13.0621 3300 TDPIPE - ok
15:45:13.0653 3300 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:45:13.0684 3300 TDTCP - ok
15:45:13.0699 3300 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:45:13.0746 3300 tdx - ok
15:45:13.0746 3300 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:45:13.0762 3300 TermDD - ok
15:45:13.0809 3300 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:45:13.0855 3300 TermService - ok
15:45:13.0871 3300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:45:13.0887 3300 Themes - ok
15:45:13.0902 3300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:45:13.0933 3300 THREADORDER - ok
15:45:13.0949 3300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:45:13.0996 3300 TrkWks - ok
15:45:14.0043 3300 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:45:14.0105 3300 TrustedInstaller - ok
15:45:14.0136 3300 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:45:14.0167 3300 tssecsrv - ok
15:45:14.0199 3300 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:45:14.0214 3300 TsUsbFlt - ok
15:45:14.0214 3300 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:45:14.0245 3300 TsUsbGD - ok
15:45:14.0277 3300 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:45:14.0308 3300 tunnel - ok
15:45:14.0339 3300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:45:14.0355 3300 uagp35 - ok
15:45:14.0370 3300 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:45:14.0417 3300 udfs - ok
15:45:14.0448 3300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:45:14.0464 3300 UI0Detect - ok
15:45:14.0495 3300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:45:14.0526 3300 uliagpkx - ok
15:45:14.0557 3300 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:45:14.0589 3300 umbus - ok
15:45:14.0620 3300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:45:14.0667 3300 UmPass - ok
15:45:14.0776 3300 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:45:14.0838 3300 UNS - ok
15:45:14.0869 3300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:45:14.0947 3300 upnphost - ok
15:45:14.0979 3300 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:45:14.0979 3300 usbccgp - ok
15:45:15.0010 3300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:45:15.0025 3300 usbcir - ok
15:45:15.0041 3300 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:45:15.0057 3300 usbehci - ok
15:45:15.0088 3300 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:45:15.0119 3300 usbhub - ok
15:45:15.0135 3300 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:45:15.0150 3300 usbohci - ok
15:45:15.0197 3300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:45:15.0244 3300 usbprint - ok
15:45:15.0291 3300 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:45:15.0322 3300 USBSTOR - ok
15:45:15.0337 3300 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:45:15.0369 3300 usbuhci - ok
15:45:15.0431 3300 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:45:15.0462 3300 usbvideo - ok
15:45:15.0493 3300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:45:15.0556 3300 UxSms - ok
15:45:15.0556 3300 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:45:15.0571 3300 VaultSvc - ok
15:45:15.0587 3300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:45:15.0587 3300 vdrvroot - ok
15:45:15.0603 3300 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:45:15.0665 3300 vds - ok
15:45:15.0681 3300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:45:15.0696 3300 vga - ok
15:45:15.0712 3300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:45:15.0743 3300 VgaSave - ok
15:45:15.0774 3300 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:45:15.0774 3300 vhdmp - ok
15:45:15.0805 3300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:45:15.0805 3300 viaide - ok
15:45:15.0821 3300 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:45:15.0837 3300 volmgr - ok
15:45:15.0868 3300 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:45:15.0883 3300 volmgrx - ok
15:45:15.0915 3300 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:45:15.0915 3300 volsnap - ok
15:45:15.0961 3300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:45:15.0993 3300 vsmraid - ok
15:45:16.0039 3300 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:45:16.0086 3300 VSS - ok
15:45:16.0102 3300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:45:16.0133 3300 vwifibus - ok
15:45:16.0149 3300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:45:16.0180 3300 vwififlt - ok
15:45:16.0211 3300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:45:16.0242 3300 W32Time - ok
15:45:16.0273 3300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:45:16.0305 3300 WacomPen - ok
15:45:16.0351 3300 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:45:16.0414 3300 WANARP - ok
15:45:16.0429 3300 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:45:16.0445 3300 Wanarpv6 - ok
15:45:16.0507 3300 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:45:16.0554 3300 wbengine - ok
15:45:16.0570 3300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:45:16.0585 3300 WbioSrvc - ok
15:45:16.0601 3300 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:45:16.0632 3300 wcncsvc - ok
15:45:16.0663 3300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:45:16.0695 3300 WcsPlugInService - ok
15:45:16.0726 3300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:45:16.0726 3300 Wd - ok
15:45:16.0773 3300 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:45:16.0819 3300 Wdf01000 - ok
15:45:16.0835 3300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:45:16.0851 3300 WdiServiceHost - ok
15:45:16.0851 3300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:45:16.0866 3300 WdiSystemHost - ok
15:45:16.0882 3300 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:45:16.0929 3300 WebClient - ok
15:45:16.0944 3300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:45:16.0975 3300 Wecsvc - ok
15:45:16.0991 3300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:45:17.0022 3300 wercplsupport - ok
15:45:17.0069 3300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:45:17.0147 3300 WerSvc - ok
15:45:17.0178 3300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:45:17.0209 3300 WfpLwf - ok
15:45:17.0225 3300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:45:17.0241 3300 WIMMount - ok
15:45:17.0256 3300 WinDefend - ok
15:45:17.0256 3300 WinHttpAutoProxySvc - ok
15:45:17.0303 3300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:45:17.0365 3300 Winmgmt - ok
15:45:17.0412 3300 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:45:17.0459 3300 WinRM - ok
15:45:17.0506 3300 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:45:17.0553 3300 WinUsb - ok
15:45:17.0584 3300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:45:17.0646 3300 Wlansvc - ok
15:45:17.0677 3300 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:45:17.0709 3300 wlcrasvc - ok
15:45:17.0849 3300 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:45:17.0896 3300 wlidsvc - ok
15:45:17.0911 3300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:45:17.0943 3300 WmiAcpi - ok
15:45:17.0958 3300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:45:17.0989 3300 wmiApSrv - ok
15:45:18.0021 3300 WMPNetworkSvc - ok
15:45:18.0067 3300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:45:18.0099 3300 WPCSvc - ok
15:45:18.0114 3300 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:45:18.0145 3300 WPDBusEnum - ok
15:45:18.0161 3300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:45:18.0208 3300 ws2ifsl - ok
15:45:18.0223 3300 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:45:18.0255 3300 wscsvc - ok
15:45:18.0255 3300 WSearch - ok
15:45:18.0348 3300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:45:18.0411 3300 wuauserv - ok
15:45:18.0442 3300 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:45:18.0473 3300 WudfPf - ok
15:45:18.0520 3300 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:45:18.0535 3300 WUDFRd - ok
15:45:18.0582 3300 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:45:18.0613 3300 wudfsvc - ok
15:45:18.0660 3300 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:45:18.0707 3300 WwanSvc - ok
15:45:18.0738 3300 ================ Scan global ===============================
15:45:18.0754 3300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:45:18.0801 3300 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:45:18.0816 3300 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:45:18.0847 3300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:45:18.0879 3300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:45:18.0894 3300 [Global] - ok
15:45:18.0894 3300 ================ Scan MBR ==================================
15:45:18.0910 3300 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:45:19.0908 3300 \Device\Harddisk0\DR0 - ok
15:45:19.0924 3300 ================ Scan VBR ==================================
15:45:19.0924 3300 [ FE8D7CD1773879F58EAF5CD1C2248377 ] \Device\Harddisk0\DR0\Partition1
15:45:19.0924 3300 \Device\Harddisk0\DR0\Partition1 - ok
15:45:19.0939 3300 [ 3B93813E9569C23DA4798372E62B00D0 ] \Device\Harddisk0\DR0\Partition2
15:45:19.0955 3300 \Device\Harddisk0\DR0\Partition2 - ok
15:45:19.0971 3300 [ 4D23F66DA956677187097451EBC284B4 ] \Device\Harddisk0\DR0\Partition3
15:45:19.0971 3300 \Device\Harddisk0\DR0\Partition3 - ok
15:45:20.0002 3300 [ 58396C2D79FCCB9BBDB54037C2AF1154 ] \Device\Harddisk0\DR0\Partition4
15:45:20.0002 3300 \Device\Harddisk0\DR0\Partition4 - ok
15:45:20.0002 3300 ============================================================
15:45:20.0002 3300 Scan finished
15:45:20.0002 3300 ============================================================
15:45:20.0017 6076 Detected object count: 2
15:45:20.0017 6076 Actual detected object count: 2
15:46:03.0991 6076 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:46:03.0991 6076 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:46:03.0994 6076 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
15:46:03.0994 6076 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.06.2013, 14:49
| #6 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start Hi, Scan mit Combofix
__________________ --> "nero.bat"-Fenster bei jedem Start |
|
03.06.2013, 15:06
| #7 |
| | "nero.bat"-Fenster bei jedem Start So, Combofix ist fertig, hier die Logfile: Code:
ATTFilter ComboFix 13-06-03.03 - Alex 03.06.2013 15:54:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4386 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-03 bis 2013-06-03 ))))))))))))))))))))))))))))))
.
.
2013-06-03 13:58 . 2013-06-03 13:58 -------- d-----w- c:\users\Mcx1-ALEX-HP\AppData\Local\temp
2013-06-03 13:58 . 2013-06-03 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-03 13:24 . 2013-06-03 13:29 -------- d-----w- C:\_OTL
2013-06-03 12:59 . 2013-06-03 12:59 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-02 18:46 . 2013-06-03 10:48 -------- d-----w- c:\program files (x86)\Google
2013-06-02 18:45 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-02 18:45 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-02 18:45 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-02 18:45 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-02 18:45 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-02 18:45 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-02 18:45 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-02 18:45 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-02 18:45 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-02 18:45 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-02 18:44 . 2013-06-02 18:44 -------- d-----w- c:\program files\AVAST Software
2013-06-02 18:39 . 2013-06-02 18:44 -------- d-----w- c:\programdata\AVAST Software
2013-06-02 14:26 . 2013-06-02 14:26 -------- d-----w- c:\programdata\Intenium
2013-06-02 14:04 . 2013-06-02 14:05 -------- d-----w- c:\program files (x86)\Bluefish Games
2013-06-02 10:09 . 2013-06-02 10:09 -------- d-----w- c:\windows\SysWow64\Data
2013-06-02 10:09 . 2013-06-02 10:09 -------- d-----w- c:\windows\SysWow64\Plugins
2013-06-02 10:09 . 2013-06-02 10:09 -------- d-----w- c:\windows\SysWow64\ocr
2013-05-31 13:39 . 2013-06-02 10:17 -------- d-----w- c:\programdata\Wild Tangent
2013-05-31 12:13 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE81CDE9-6E8E-40A1-9804-889E63738E29}\mpengine.dll
2013-05-27 13:10 . 2013-05-27 13:10 -------- d-----w- c:\users\Alex\AppData\Roaming\InstallShield
2013-05-27 13:04 . 2013-05-27 13:03 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-05-27 13:04 . 2013-05-27 13:03 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-05-16 23:28 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 23:28 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 23:28 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 05:16 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 16:36 . 2011-05-10 17:57 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-05-27 16:36 . 2011-05-10 17:57 375808 ----a-w- c:\windows\system32\igfxpph.dll
2013-05-27 16:36 . 2011-05-10 17:57 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2013-05-27 16:36 . 2011-05-10 17:57 14592512 ----a-w- c:\windows\system32\igd10umd64.dll
2013-05-27 16:36 . 2011-05-10 17:57 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2013-05-27 16:36 . 2011-05-10 17:56 110080 ----a-w- c:\windows\system32\hccutils.dll
2013-05-27 13:03 . 2011-11-07 17:26 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-05-16 23:32 . 2012-05-13 07:10 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:25 . 2012-04-28 00:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:25 . 2011-07-15 18:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 06:50 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 17:55 . 2013-04-21 17:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-13 05:49 . 2013-05-16 05:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 05:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 05:16 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 05:16 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 05:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:16 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:13 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-19 05:33 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04 . 2013-04-10 06:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:33 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 17:29 . 2012-09-06 05:27 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-13 17:29 . 2012-04-28 08:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 85108633
*Deregistered* - 85108633
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 13:25]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02 18:46]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02 18:46]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2285906508-3381785093-1969036128-1001Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 08:28]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2285906508-3381785093-1969036128-1001UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 08:28]
.
2013-05-04 c:\windows\Tasks\HPCeeScheduleForALEX-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2013-05-27 c:\windows\Tasks\HPCeeScheduleForAlex.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-27 416024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.3.1 192.168.3.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{17d0ed2f-dace-4333-8477-8297b3f3fe6a} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{17D0ED2F-DACE-4333-8477-8297B3F3FE6A} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-WTA-8cdc521f-1814-4469-a0c0-0c4ee3092449 - c:\program files (x86)\HP Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-03 16:00:23
ComboFix-quarantined-files.txt 2013-06-03 14:00
.
Vor Suchlauf: 13 Verzeichnis(se), 413.947.748.352 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 413.325.012.992 Bytes frei
.
- - End Of File - - C13F913A7563AF37334E89227966824B
|
|
03.06.2013, 15:10
| #8 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 15:59
| #9 |
| | "nero.bat"-Fenster bei jedem Start Das Ergebnis von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Alex :: ALEX-HP [Administrator] 03.06.2013 16:16:42 mbam-log-2013-06-03 (16-16-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376964 Laufzeit: 40 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
03.06.2013, 16:30
| #10 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 16:46
| #11 |
| | "nero.bat"-Fenster bei jedem Start Ich hoffe ich hab das jetzt richtig verstanden, hier ist meine Liste: Code:
ATTFilter 7-Zip 9.20 03.06.2013 unnötig ACD/Labs Software in C:\ACDFREE12\ ACD/Labs 06.07.2012 v12.00, FREE notwenig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 notwenig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 notwenig Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 16.05.2013 480MB 10.1.7 notwenig Adobe Shockwave Player 12.0 Adobe Systems, Inc. 14.02.2013 12.0.0.112 notwenig ANNO 1404 Ubisoft 02.03.2013 1.03.0000 unnötig avast! Free Antivirus AVAST Software 02.06.2013 8.0.1489.0 notwenig CCleaner Piriform 24.05.2013 4.02 Cisco Systems VPN Client 5.0.07.0290 29.10.2012 10,6MB notwenig CyberLink YouCam CyberLink Corp. 07.11.2011 124MB 3.5.1.4119 unbekannt DAEMON Tools Lite Disc Soft Ltd 21.04.2013 4.47.1.0333 unnötig Dropbox Dropbox, Inc. 29.05.2013 2.0.22 notwenig Evernote v. 4.2.3 Evernote Corp. 15.07.2011 139MB 4.2.3.22 unbekannt Google Chrome Google Inc. 23.05.2012 27.0.1453.94 notwenig HP Documentation Hewlett-Packard 15.07.2011 364MB 1.1.1.0 unbekannt HP Games WildTangent 15.07.2011 1.0.2.5 unnötig HP Launch Box Hewlett-Packard Company 15.07.2011 3,17MB 1.0.11 unbekannt HP On Screen Display Hewlett-Packard Company 27.05.2013 358KB 1.3.5 unbekannt HP Power Manager Hewlett-Packard Company 07.11.2011 3,61MB 1.2.3 unbekannt HP Quick Launch Hewlett-Packard Company 27.05.2013 6,10MB 2.7.2 unbekannt HP QuickWeb Hewlett-Packard Company 07.11.2011 4,48MB 3.1.0.9742 unbekannt HP Setup Hewlett-Packard Company 15.07.2011 118MB 8.7.4751.3798 unbekannt HP Setup Manager Hewlett-Packard Company 07.11.2011 8,30MB 1.1.13476.3753 unbekannt HP SimplePass PE 2011 Hewlett-Packard 07.11.2011 56,5MB 5.3.0.163 unbekannt HP Software Framework Hewlett-Packard Company 12.11.2012 8,06MB 4.6.10.1 unbekannt HP Support Assistant Hewlett-Packard Company 20.11.2012 83,5MB 7.0.39.15 unbekannt IDT Audio IDT 07.11.2011 1.0.6341.0 unbekannt Intel(R) Control Center Intel Corporation 07.11.2011 1.2.1.1007 unbekannt Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 07.11.2011 1,13MB 1.1.2.0 unbekannt Intel(R) Management Engine Components Intel Corporation 16.07.2011 7.0.0.1144 unbekannt Intel(R) Processor Graphics Intel Corporation 27.05.2013 8.15.10.2559 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 07.11.2011 10.5.0.1026 unbekannt Java 7 Update 13 (64-bit) Oracle 14.02.2013 128MB 7.0.130 notwenig Java 7 Update 21 Oracle 13.03.2013 129MB 7.0.210 notwenig Java(TM) 6 Update 22 Oracle 29.04.2012 97,0MB 6.0.220 notwenig Java(TM) 6 Update 39 Oracle 06.09.2012 95,7MB 6.0.390 notwenig Magic Desktop EasyBits Software AS 07.11.2011 107MB 3.0 unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 03.06.2013 19,2MB 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.04.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.04.2012 2,93MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 15.07.2011 6,40MB 14.0.4763.1000 unbekannt Microsoft Office Klick-und-Los 2010 Microsoft Corporation 28.04.2012 14.0.4763.1000 unbekannt Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 28.04.2012 14.0.5128.5002 notwendig Microsoft PowerPoint Viewer Microsoft Corporation 22.12.2012 155MB 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 14.03.2013 100MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 15.07.2011 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.04.2012 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 07.11.2011 620KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15.07.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 07.11.2011 784KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 29.04.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.11.2011 596KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.11.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 29.04.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.06.2012 12,2MB 10.0.40219 unbekannt Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 15.07.2012 unbekannt OpenOffice.org 3.3 OpenOffice.org 29.04.2012 414MB 3.3.9567 notwenig PDF-Viewer Tracker Software Products Ltd 30.10.2012 54,7MB 2.5.206.0 notwenig Ralink RT5390 802.11b/g/n WiFi Adapter Ralink 27.05.2013 3.2.13.0 unbekannt Realtek Ethernet Controller Driver Realtek 27.05.2013 7.48.823.2011 unbekannt Realtek PCIE Card Reader Realtek Semiconductor Corp. 07.11.2011 6.1.7600.77 unbekannt SafeView plugin (build 4.5.502) CDI Systems (1992) Ltd. 25.04.2013 417KB unbekannt Samsung Printer Live Update Samsung Electronics Co., Ltd. 05.05.2012 unbekannt Symyx Draw 4.0.100 Symyx Technologies, Inc. 15.07.2012 14,0MB 4.0.100 notwenig Synaptics TouchPad Driver Synaptics Incorporated 07.11.2011 46,4MB 15.3.11.0 unbekannt VIP Access SDK (1.0.1.2) Symantec Inc. 07.11.2011 1.0.1.2 unbekannt VLC media player 2.0.6 VideoLAN 25.04.2013 2.0.6 notwenig Windows Live Essentials Microsoft Corporation 15.07.2011 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 15.07.2011 5,57MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 15.07.2011 5,57MB 15.4.5722.2 unbekannt WinRAR 4.11 (64-Bit) win.rar GmbH 28.04.2012 4.11.0 notwenig |
|
03.06.2013, 16:50
| #12 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start 7-Zip , würd ich behalten, da man damit Dateien vernünftig packen kann. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ANNO CyberLink DAEMON Java, alle außer Java 7 Update 21 öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 17:22
| #13 |
| | "nero.bat"-Fenster bei jedem Start Hier die Logfile von adwcleaner: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 03/06/2013 um 18:17:28 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alex - ALEX-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\288tndqz.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [898 octets] - [03/06/2013 18:17:28]
########## EOF - C:\AdwCleaner[S2].txt - [957 octets] ##########
|
|
03.06.2013, 18:32
| #14 |
| /// Malware-holic | "nero.bat"-Fenster bei jedem Start starte bitte neu. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken. Auf Scan klicken. Nichts löschen, auf weiter klicken. Log speichern unter, bzw als xml exportieren, dann posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 18:56
| #15 |
| | "nero.bat"-Fenster bei jedem Start Die Logfile von HitmanPro: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : ALEX-HP
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Alex-HP\Alex
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-03 19:50:41
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 1.435.127
Files scanned . . . . : 19.284
Remnants scanned . . : 307.429 files / 1.108.414 keys
|
|
| Themen zu "nero.bat"-Fenster bei jedem Start |
| dateien, extras.txt, fenster, gmer, menge, nero.bat, pcs, problem, scans, start, titel, verweigert, zugriff, zugriff verweigert, zusatz |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
