| |
| |||||||
Log-Analyse und Auswertung: svhost.exe in /Roaming/Microsoft kommt immer wiederWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2013, 13:27
| #31 |
| /// TB-Ausbilder  |  svhost.exe in /Roaming/Microsoft kommt immer wieder So ein paar Sachen werden wir noch entfernen. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) IObit Software deinstallieren
Schritt 2: Neustart Schritt 3: Combofix-Skript
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.07.2013, 13:27
| #32 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Und ich möchte keine angehängten Logfiles mehr!
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.07.2013, 16:35
| #33 |
 | svhost.exe in /Roaming/Microsoft kommt immer wieder Combofix hängt schon wieder. Diesmal nach Stufe 4. Nochmal neu starten? 30 min sind schon wieder vorbei.
__________________ |
|
07.07.2013, 16:36
| #34 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder NOchmal im abgesicherten Modus und wenn das alles nix tut ... dann mach den Eimer neu. Irgendwann ist auch mal der Punkt erreicht an dem man die Zeit besser verwenden kann schätze ich 
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.07.2013, 17:01
| #35 |
| | svhost.exe in /Roaming/Microsoft kommt immer wiederCode:
ATTFilter ComboFix 13-07-07.01 - Leo 07.07.2013 17:13:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 2:00]
ausgeführt von:: c:\users\Leo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Leo\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\uxpatch.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Game Booster 3\Boost.log
c:\program files (x86)\IObit\Game Booster 3\GameBooster.log
c:\program files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll
c:\program files (x86)\IObit\Game Booster 3\LatestGames\LatestGames.ini
c:\program files (x86)\IObit\Game Booster 3\LatestNews\LatestNews.ini
c:\program files (x86)\IObit\Game Booster 3\unins000.exe
c:\program files (x86)\IObit\Game Booster 3\Update\Update.Ini
c:\program files (x86)\IObit\Game Booster 3\UpdateCheck.exe
c:\program files (x86)\SoftwareUpdater
c:\program files (x86)\SoftwareUpdater\config
c:\program files (x86)\SoftwareUpdater\Maintenance.exe
c:\program files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
c:\program files (x86)\SoftwareUpdater\SoftwareUpdater.dll
c:\program files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe
c:\program files (x86)\SoftwareUpdater\SystemStore.exe
c:\users\Leo\AppData\Roaming\Microsoft\svhost.exe
.
Infizierte Kopie von c:\windows\System32\mspaint.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-mspaint_31bf3856ad364e35_6.1.7600.16385_none_ea12784c0842bfc1\mspaint.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UXPATCH
-------\Legacy_WINRING0_1_2_0
-------\Service_SystemStoreService
-------\Service_uxpatch
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-07 bis 2013-07-07 ))))))))))))))))))))))))))))))
.
.
2013-07-07 15:48 . 2013-07-07 15:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-07-07 15:48 . 2013-07-07 15:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-07 15:48 . 2013-07-07 15:48 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-07-07 15:48 . 2013-07-07 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 15:48 . 2013-07-07 15:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-07 12:10 . 2013-07-07 12:10 -------- d-----w- c:\programdata\Picroma
2013-07-04 17:36 . 2013-07-04 17:36 -------- d-----w- c:\program files (x86)\Secure Banking
2013-07-04 17:06 . 2013-07-04 17:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 17:06 . 2013-07-04 17:06 -------- d-----w- c:\program files (x86)\Java
2013-07-04 17:01 . 2013-07-04 17:01 -------- d-----w- c:\windows\ERUNT
2013-07-03 22:52 . 2013-07-03 23:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-02 18:24 . 2013-07-02 18:24 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-07-01 00:16 . 2013-04-23 15:03 435712 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\svhost.exe
2013-06-28 11:07 . 2012-01-18 12:15 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-06-28 09:23 . 2013-06-28 09:23 177680 ----a-w- c:\windows\system32\mfevtps.exe.c48c.deleteme
2013-06-28 09:23 . 2013-06-28 09:23 -------- d-----w- C:\Stinger_Quarantine
2013-06-28 09:20 . 2013-06-28 11:10 -------- d-----w- c:\program files\stinger
2013-06-27 20:15 . 2013-07-05 21:58 -------- d-----w- c:\users\Leo\AppData\Roaming\Media Player Classic
2013-06-27 10:07 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-06-27 10:07 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-06-27 10:07 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-06-27 10:07 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-06-27 10:07 . 2004-05-18 18:16 39936 ----a-w- c:\windows\SysWow64\huffyuv.dll
2013-06-27 10:07 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-06-27 10:07 . 2013-05-31 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-06-26 09:16 . 2013-04-23 15:03 87054 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\libpdcurses.dll
2013-06-26 09:16 . 2013-04-23 15:03 45056 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\pthreadGC2.dll
2013-06-26 09:16 . 2013-04-23 15:03 323584 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\ssleay32.dll
2013-06-26 09:16 . 2013-04-23 15:03 309248 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\libcurl-4.dll
2013-06-26 09:16 . 2013-04-23 15:03 224256 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\libidn-11.dll
2013-06-26 09:16 . 2013-04-23 15:03 1479680 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\libeay32.dll
2013-06-26 09:16 . 2013-04-23 15:03 122368 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\zlib1.dll
2013-06-26 09:16 . 2013-04-23 15:03 104960 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\libusb-1.0.dll
2013-06-26 09:16 . 2013-07-07 15:05 587776 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\IE10\7z.exe
2013-06-24 21:39 . 2013-05-07 17:26 1751552 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
2013-06-24 21:39 . 2013-06-24 21:39 -------- d-----w- c:\users\Leo\AppData\Roaming\EvolutionClips
2013-06-24 16:31 . 2013-06-24 16:31 -------- d-----w- c:\users\Leo\AppData\Local\ESN
2013-06-24 16:01 . 2013-06-28 13:37 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-24 02:32 . 2013-06-24 02:32 -------- d-----w- c:\program files\x264vfw64
2013-06-24 02:25 . 2013-06-24 02:33 -------- d-----w- c:\program files (x86)\x264vfw
2013-06-23 15:23 . 2013-06-24 11:01 -------- d-----w- c:\users\Leo\AppData\Roaming\Audacity
2013-06-23 13:22 . 2013-06-23 13:22 -------- d-----w- c:\program files (x86)\Audacity
2013-06-23 13:19 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-06-23 13:19 . 2013-06-27 10:07 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-06-14 14:23 . 2013-06-14 14:23 -------- d-----w- c:\users\Leo\AppData\Roaming\FlashFXP
2013-06-14 14:23 . 2013-06-14 14:23 -------- d-----w- c:\programdata\regid.2000-02.com.flashfxp
2013-06-14 14:23 . 2013-06-14 14:23 -------- d-----w- c:\programdata\FlashFXP
2013-06-14 14:23 . 2013-06-14 14:23 -------- d-----w- c:\program files (x86)\FlashFXP 4
2013-06-14 14:23 . 2013-06-14 14:23 -------- dc-h--w- c:\programdata\{21F111D4-06E9-47C8-955F-5B9171A7DF34}
2013-06-13 18:10 . 2013-06-13 22:21 -------- d-----w- c:\users\Leo\AppData\Local\Daedalic Entertainment
2013-06-12 20:41 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 20:41 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 20:41 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 20:41 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 20:41 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 20:41 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 20:41 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 20:41 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 20:41 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 20:41 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 20:41 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 20:41 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 20:40 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 20:40 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 20:40 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 20:40 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 20:40 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 20:40 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 20:40 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 17:06 . 2012-08-01 03:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-04 17:06 . 2012-02-21 19:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-28 13:37 . 2011-11-14 23:32 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-28 13:37 . 2011-11-14 23:33 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-24 22:12 . 2011-11-14 23:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-13 01:03 . 2011-11-14 02:19 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 13:15 . 2012-04-01 13:32 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 13:15 . 2011-11-14 17:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-23 14:07 . 2013-05-23 14:07 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-05-23 14:07 . 2013-05-23 14:07 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-05-23 14:07 . 2013-05-23 14:07 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-05-23 14:07 . 2013-05-23 14:07 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-05-02 15:29 . 2011-11-14 18:18 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 00:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 00:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 00:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 00:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 00:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 00:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:19 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:18 . 2013-04-11 01:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-10 06:01 . 2013-05-15 00:18 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 00:18 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 00:18 3153920 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 17:30 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"VSA"="c:\users\Leo\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe" [2013-05-07 1751552]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2013-06-30 507904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RAT 9 Charge Indicator.lnk - c:\windows\Installer\{72A099DE-9782-4679-85AD-0731EF87EA53}\_5B5E5C8CB886861B14F432.exe [2012-5-10 75993]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Leo\AppData\Local\Temp\00537AC.tmp;c:\users\Leo\AppData\Local\Temp\00537AC.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe;c:\program files (x86)\Cherry\CDI\cdi.exe [x]
R4 DTProTS;DTProTS 2.02;c:\program files (x86)\DTProTS\DTProTS.exe;c:\program files (x86)\DTProTS\DTProTS.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CFA.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:15]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 19:45]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 19:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Leo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\dreqoy82.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B60213ed7-a40c-46be-8925-2a1a31b06034%7D&mid=fc76d5004d2e47d1aed7d16c646dabf4-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=10.0.0.7&lang=de&pr=pr&d=2012-02-19%2017%3A06%3A35&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-07-04 19:32; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\dreqoy82.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va005]
"ImagePath"="\??\c:\users\Leo\AppData\Local\Temp\00537AC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-07 17:55:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-07 15:55
ComboFix2.txt 2013-07-07 11:59
.
Vor Suchlauf: 24 Verzeichnis(se), 18.903.183.360 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 18.529.783.808 Bytes frei
.
- - End Of File - - D00F4333FA5BD941187F4FCF67663BAF
A36C5E4F47E84449FF07ED3517B43A31
|
|
07.07.2013, 18:25
| #36 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder So jetzt werde ich mal ein paar Kollegen befragen, evtl haben die noch ne Idee. Ich nicht mehr
__________________ --> svhost.exe in /Roaming/Microsoft kommt immer wieder |
|
07.07.2013, 18:54
| #37 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Okay. Wir schauen jetzt nochmal mit einem ganz anderen Tool: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.07.2013, 19:08
| #38 |
| | svhost.exe in /Roaming/Microsoft kommt immer wiederCode:
ATTFilter 20:04:02.0023 0492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:04:02.0216 0492 ============================================================
20:04:02.0216 0492 Current date / time: 2013/07/07 20:04:02.0216
20:04:02.0216 0492 SystemInfo:
20:04:02.0216 0492
20:04:02.0216 0492 OS Version: 6.1.7601 ServicePack: 1.0
20:04:02.0216 0492 Product type: Workstation
20:04:02.0216 0492 ComputerName: LEO-PC
20:04:02.0216 0492 UserName: Leo
20:04:02.0216 0492 Windows directory: C:\Windows
20:04:02.0216 0492 System windows directory: C:\Windows
20:04:02.0216 0492 Running under WOW64
20:04:02.0216 0492 Processor architecture: Intel x64
20:04:02.0216 0492 Number of processors: 4
20:04:02.0216 0492 Page size: 0x1000
20:04:02.0216 0492 Boot type: Normal boot
20:04:02.0216 0492 ============================================================
20:04:03.0272 0492 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:04:03.0276 0492 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:04:03.0693 0492 ============================================================
20:04:03.0693 0492 \Device\Harddisk0\DR0:
20:04:03.0693 0492 MBR partitions:
20:04:03.0693 0492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
20:04:03.0693 0492 \Device\Harddisk1\DR1:
20:04:03.0693 0492 MBR partitions:
20:04:03.0693 0492 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA8686482
20:04:03.0715 0492 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xA8686CC1, BlocksNum 0x63FFA80
20:04:03.0715 0492 ============================================================
20:04:03.0727 0492 C: <-> \Device\Harddisk0\DR0\Partition1
20:04:03.0775 0492 E: <-> \Device\Harddisk1\DR1\Partition1
20:04:03.0796 0492 F: <-> \Device\Harddisk1\DR1\Partition2
20:04:03.0797 0492 ============================================================
20:04:03.0797 0492 Initialize success
20:04:03.0797 0492 ============================================================
20:04:57.0460 1736 ============================================================
20:04:57.0460 1736 Scan started
20:04:57.0460 1736 Mode: Manual; SigCheck; TDLFS;
20:04:57.0460 1736 ============================================================
20:04:58.0139 1736 ================ Scan system memory ========================
20:04:58.0139 1736 System memory - ok
20:04:58.0139 1736 ================ Scan services =============================
20:04:58.0263 1736 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:04:58.0352 1736 1394ohci - ok
20:04:58.0400 1736 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:58.0419 1736 ACPI - ok
20:04:58.0433 1736 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:58.0494 1736 AcpiPmi - ok
20:04:58.0588 1736 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:58.0600 1736 AdobeARMservice - ok
20:04:58.0718 1736 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:04:58.0735 1736 AdobeFlashPlayerUpdateSvc - ok
20:04:58.0761 1736 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:58.0785 1736 adp94xx - ok
20:04:58.0814 1736 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:04:58.0833 1736 adpahci - ok
20:04:58.0848 1736 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:04:58.0863 1736 adpu320 - ok
20:04:58.0894 1736 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:59.0016 1736 AeLookupSvc - ok
20:04:59.0052 1736 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:04:59.0098 1736 AFD - ok
20:04:59.0120 1736 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:59.0132 1736 agp440 - ok
20:04:59.0171 1736 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:04:59.0198 1736 ALG - ok
20:04:59.0212 1736 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:04:59.0222 1736 aliide - ok
20:04:59.0245 1736 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:04:59.0257 1736 amdide - ok
20:04:59.0278 1736 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:04:59.0319 1736 AmdK8 - ok
20:04:59.0333 1736 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:04:59.0369 1736 AmdPPM - ok
20:04:59.0395 1736 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:04:59.0409 1736 amdsata - ok
20:04:59.0428 1736 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:59.0444 1736 amdsbs - ok
20:04:59.0454 1736 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:04:59.0466 1736 amdxata - ok
20:04:59.0490 1736 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:04:59.0671 1736 AppID - ok
20:04:59.0694 1736 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:04:59.0759 1736 AppIDSvc - ok
20:04:59.0791 1736 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:04:59.0837 1736 Appinfo - ok
20:04:59.0864 1736 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:04:59.0898 1736 AppMgmt - ok
20:04:59.0912 1736 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:04:59.0925 1736 arc - ok
20:04:59.0943 1736 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:04:59.0957 1736 arcsas - ok
20:05:00.0053 1736 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:05:00.0065 1736 aspnet_state - ok
20:05:00.0088 1736 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:00.0140 1736 AsyncMac - ok
20:05:00.0167 1736 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:05:00.0178 1736 atapi - ok
20:05:00.0210 1736 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:05:00.0301 1736 atksgt - ok
20:05:00.0387 1736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:05:00.0439 1736 AudioEndpointBuilder - ok
20:05:00.0453 1736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:05:00.0490 1736 AudioSrv - ok
20:05:00.0532 1736 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
20:05:00.0542 1736 Avgfwfd - ok
20:05:00.0649 1736 [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
20:05:00.0693 1736 avgfws - ok
20:05:00.0850 1736 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:05:00.0926 1736 AVGIDSAgent - ok
20:05:00.0981 1736 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:05:00.0993 1736 AVGIDSDriver - ok
20:05:01.0015 1736 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:05:01.0023 1736 AVGIDSFilter - ok
20:05:01.0038 1736 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:05:01.0048 1736 AVGIDSHA - ok
20:05:01.0097 1736 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:05:01.0114 1736 Avgldx64 - ok
20:05:01.0149 1736 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:05:01.0159 1736 Avgmfx64 - ok
20:05:01.0205 1736 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:05:01.0214 1736 Avgrkx64 - ok
20:05:01.0259 1736 [ A441A655D6D9DDDDBA11994530F84981 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:05:01.0277 1736 Avgtdia - ok
20:05:01.0326 1736 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:05:01.0336 1736 avgwd - ok
20:05:01.0345 1736 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:05:01.0417 1736 AxInstSV - ok
20:05:01.0456 1736 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:05:01.0505 1736 b06bdrv - ok
20:05:01.0531 1736 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:05:01.0562 1736 b57nd60a - ok
20:05:01.0592 1736 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:05:01.0636 1736 BDESVC - ok
20:05:01.0652 1736 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:05:01.0705 1736 Beep - ok
20:05:01.0759 1736 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:05:01.0805 1736 BFE - ok
20:05:01.0851 1736 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:05:01.0922 1736 BITS - ok
20:05:01.0951 1736 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:05:01.0978 1736 blbdrive - ok
20:05:02.0014 1736 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:05:02.0037 1736 bowser - ok
20:05:02.0053 1736 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:05:02.0129 1736 BrFiltLo - ok
20:05:02.0153 1736 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:05:02.0167 1736 BrFiltUp - ok
20:05:02.0222 1736 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:05:02.0268 1736 BridgeMP - ok
20:05:02.0303 1736 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:05:02.0342 1736 Browser - ok
20:05:02.0365 1736 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:05:02.0416 1736 Brserid - ok
20:05:02.0429 1736 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:02.0454 1736 BrSerWdm - ok
20:05:02.0471 1736 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:02.0505 1736 BrUsbMdm - ok
20:05:02.0518 1736 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:02.0544 1736 BrUsbSer - ok
20:05:02.0639 1736 [ 173BBAE8027339608CBD5C5369BCDDDD ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
20:05:02.0660 1736 BstHdAndroidSvc - ok
20:05:02.0726 1736 [ 6EE2AB13C21AFE72E8622304CFAF97B5 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
20:05:02.0737 1736 BstHdDrv - ok
20:05:02.0790 1736 [ D9BD54860A00FE88B660D26E66EB075A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
20:05:02.0808 1736 BstHdLogRotatorSvc - ok
20:05:02.0823 1736 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:05:02.0849 1736 BTHMODEM - ok
20:05:02.0884 1736 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:05:02.0933 1736 bthserv - ok
20:05:03.0084 1736 catchme - ok
20:05:03.0106 1736 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:05:03.0150 1736 cdfs - ok
20:05:03.0176 1736 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:05:03.0208 1736 cdrom - ok
20:05:03.0237 1736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:05:03.0282 1736 CertPropSvc - ok
20:05:03.0364 1736 [ 1CE3F63D0C5867D16B01435F8CDAEF8B ] Cherry Device Interface C:\Program Files (x86)\Cherry\CDI\cdi.exe
20:05:03.0389 1736 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
20:05:03.0389 1736 Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
20:05:03.0418 1736 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:05:03.0448 1736 circlass - ok
20:05:03.0482 1736 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:05:03.0499 1736 CLFS - ok
20:05:03.0540 1736 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:03.0551 1736 clr_optimization_v2.0.50727_32 - ok
20:05:03.0589 1736 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:05:03.0600 1736 clr_optimization_v2.0.50727_64 - ok
20:05:03.0635 1736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:03.0646 1736 clr_optimization_v4.0.30319_32 - ok
20:05:03.0664 1736 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:05:03.0676 1736 clr_optimization_v4.0.30319_64 - ok
20:05:03.0704 1736 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:03.0731 1736 CmBatt - ok
20:05:03.0747 1736 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:05:03.0759 1736 cmdide - ok
20:05:03.0795 1736 [ B892A4B13279852E34892443EDBA33B2 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
20:05:03.0829 1736 cmuda3 ( UnsignedFile.Multi.Generic ) - warning
20:05:03.0830 1736 cmuda3 - detected UnsignedFile.Multi.Generic (1)
20:05:03.0864 1736 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:05:03.0901 1736 CNG - ok
20:05:03.0925 1736 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:05:03.0935 1736 Compbatt - ok
20:05:03.0952 1736 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:05:03.0980 1736 CompositeBus - ok
20:05:03.0985 1736 COMSysApp - ok
20:05:03.0999 1736 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:05:04.0010 1736 crcdisk - ok
20:05:04.0054 1736 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:05:04.0090 1736 CryptSvc - ok
20:05:04.0128 1736 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:05:04.0190 1736 CSC - ok
20:05:04.0225 1736 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:05:04.0273 1736 CscService - ok
20:05:04.0314 1736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:05:04.0370 1736 DcomLaunch - ok
20:05:04.0410 1736 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:05:04.0464 1736 defragsvc - ok
20:05:04.0487 1736 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:05:04.0534 1736 DfsC - ok
20:05:04.0591 1736 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:05:04.0639 1736 Dhcp - ok
20:05:04.0654 1736 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:05:04.0703 1736 discache - ok
20:05:04.0723 1736 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:05:04.0736 1736 Disk - ok
20:05:04.0779 1736 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:05:04.0819 1736 Dnscache - ok
20:05:04.0847 1736 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:05:04.0891 1736 dot3svc - ok
20:05:04.0920 1736 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:05:04.0967 1736 DPS - ok
20:05:05.0010 1736 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:05:05.0036 1736 drmkaud - ok
20:05:05.0073 1736 [ 5E68B29B22CC14CAF15C889006EF7951 ] DTProTS C:\Program Files (x86)\DTProTS\DTProTS.exe
20:05:05.0106 1736 DTProTS ( UnsignedFile.Multi.Generic ) - warning
20:05:05.0106 1736 DTProTS - detected UnsignedFile.Multi.Generic (1)
20:05:05.0166 1736 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:05:05.0200 1736 DXGKrnl - ok
20:05:05.0233 1736 EagleX64 - ok
20:05:05.0271 1736 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:05:05.0316 1736 EapHost - ok
20:05:05.0460 1736 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:05:05.0583 1736 ebdrv - ok
20:05:05.0613 1736 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:05:05.0661 1736 EFS - ok
20:05:05.0720 1736 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:05:05.0778 1736 ehRecvr - ok
20:05:05.0807 1736 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:05:05.0849 1736 ehSched - ok
20:05:05.0884 1736 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:05:05.0909 1736 elxstor - ok
20:05:05.0927 1736 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:05:05.0956 1736 ErrDev - ok
20:05:06.0002 1736 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:05:06.0049 1736 EventSystem - ok
20:05:06.0077 1736 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:05:06.0113 1736 exfat - ok
20:05:06.0145 1736 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:05:06.0196 1736 fastfat - ok
20:05:06.0237 1736 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:05:06.0295 1736 Fax - ok
20:05:06.0312 1736 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:05:06.0324 1736 fdc - ok
20:05:06.0344 1736 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:05:06.0392 1736 fdPHost - ok
20:05:06.0412 1736 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:05:06.0457 1736 FDResPub - ok
20:05:06.0480 1736 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:05:06.0493 1736 FileInfo - ok
20:05:06.0505 1736 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:05:06.0551 1736 Filetrace - ok
20:05:06.0581 1736 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:06.0594 1736 flpydisk - ok
20:05:06.0631 1736 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:05:06.0645 1736 FltMgr - ok
20:05:06.0717 1736 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:05:06.0765 1736 FontCache - ok
20:05:06.0804 1736 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:05:06.0813 1736 FontCache3.0.0.0 - ok
20:05:06.0839 1736 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:05:06.0850 1736 FsDepends - ok
20:05:06.0869 1736 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:05:06.0880 1736 Fs_Rec - ok
20:05:06.0917 1736 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:05:06.0936 1736 fvevol - ok
20:05:06.0959 1736 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:05:06.0971 1736 gagp30kx - ok
20:05:07.0010 1736 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:05:07.0062 1736 gpsvc - ok
20:05:07.0138 1736 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:07.0150 1736 gupdate - ok
20:05:07.0177 1736 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:07.0187 1736 gupdatem - ok
20:05:07.0221 1736 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:05:07.0231 1736 hamachi - ok
20:05:07.0349 1736 [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:05:07.0391 1736 Hamachi2Svc - ok
20:05:07.0411 1736 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:05:07.0433 1736 hcw85cir - ok
20:05:07.0468 1736 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:05:07.0501 1736 HdAudAddService - ok
20:05:07.0521 1736 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:05:07.0549 1736 HDAudBus - ok
20:05:07.0582 1736 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:05:07.0593 1736 HidBatt - ok
20:05:07.0610 1736 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:05:07.0637 1736 HidBth - ok
20:05:07.0653 1736 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:05:07.0679 1736 HidIr - ok
20:05:07.0701 1736 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:05:07.0751 1736 hidserv - ok
20:05:07.0776 1736 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:05:07.0791 1736 HidUsb - ok
20:05:08.0299 1736 [ 1256F6834307B38594CEB034BAF52568 ] HiPatchService E:\Spiele\Tribes\HiPatchService.exe
20:05:08.0316 1736 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
20:05:08.0316 1736 HiPatchService - detected UnsignedFile.Multi.Generic (1)
20:05:08.0343 1736 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:05:08.0395 1736 hkmsvc - ok
20:05:08.0425 1736 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:05:08.0468 1736 HomeGroupListener - ok
20:05:08.0490 1736 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:05:08.0518 1736 HomeGroupProvider - ok
20:05:08.0546 1736 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:05:08.0559 1736 HpSAMD - ok
20:05:08.0575 1736 hshld - ok
20:05:08.0632 1736 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
20:05:08.0642 1736 HssDRV6 - ok
20:05:08.0678 1736 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:05:08.0730 1736 HTTP - ok
20:05:08.0749 1736 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:05:08.0760 1736 hwpolicy - ok
20:05:08.0785 1736 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:05:08.0798 1736 i8042prt - ok
20:05:08.0818 1736 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:05:08.0840 1736 iaStorV - ok
20:05:08.0900 1736 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:05:08.0929 1736 idsvc - ok
20:05:08.0955 1736 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:05:08.0967 1736 iirsp - ok
20:05:08.0999 1736 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:05:09.0058 1736 IKEEXT - ok
20:05:09.0156 1736 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:05:09.0258 1736 IntcAzAudAddService - ok
20:05:09.0288 1736 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:05:09.0300 1736 intelide - ok
20:05:09.0331 1736 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:05:09.0354 1736 intelppm - ok
20:05:09.0386 1736 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:05:09.0435 1736 IPBusEnum - ok
20:05:09.0455 1736 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:09.0504 1736 IpFilterDriver - ok
20:05:09.0577 1736 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:05:09.0663 1736 iphlpsvc - ok
20:05:09.0690 1736 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:05:09.0714 1736 IPMIDRV - ok
20:05:09.0748 1736 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:05:09.0795 1736 IPNAT - ok
20:05:09.0814 1736 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:05:09.0868 1736 IRENUM - ok
20:05:09.0887 1736 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:05:09.0899 1736 isapnp - ok
20:05:09.0929 1736 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:05:09.0947 1736 iScsiPrt - ok
20:05:09.0963 1736 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:05:09.0975 1736 kbdclass - ok
20:05:09.0986 1736 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:05:10.0011 1736 kbdhid - ok
20:05:10.0032 1736 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:05:10.0044 1736 KeyIso - ok
20:05:10.0066 1736 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:05:10.0080 1736 KSecDD - ok
20:05:10.0106 1736 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:05:10.0121 1736 KSecPkg - ok
20:05:10.0140 1736 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:05:10.0186 1736 ksthunk - ok
20:05:10.0219 1736 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:05:10.0272 1736 KtmRm - ok
20:05:10.0325 1736 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:05:10.0377 1736 LanmanServer - ok
20:05:10.0403 1736 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:05:10.0455 1736 LanmanWorkstation - ok
20:05:10.0513 1736 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:05:10.0525 1736 lirsgt - ok
20:05:10.0582 1736 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:05:10.0685 1736 lltdio - ok
20:05:10.0728 1736 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:05:10.0784 1736 lltdsvc - ok
20:05:10.0803 1736 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:05:10.0837 1736 lmhosts - ok
20:05:10.0858 1736 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:10.0872 1736 LSI_FC - ok
20:05:10.0899 1736 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:10.0913 1736 LSI_SAS - ok
20:05:10.0928 1736 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:10.0941 1736 LSI_SAS2 - ok
20:05:10.0957 1736 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:10.0970 1736 LSI_SCSI - ok
20:05:10.0985 1736 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:05:11.0035 1736 luafv - ok
20:05:11.0062 1736 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:05:11.0092 1736 Mcx2Svc - ok
20:05:11.0120 1736 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:05:11.0132 1736 megasas - ok
20:05:11.0148 1736 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:11.0167 1736 MegaSR - ok
20:05:11.0195 1736 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:05:11.0228 1736 MMCSS - ok
20:05:11.0251 1736 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:05:11.0300 1736 Modem - ok
20:05:11.0315 1736 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:05:11.0340 1736 monitor - ok
20:05:11.0365 1736 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:05:11.0377 1736 mouclass - ok
20:05:11.0412 1736 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:05:11.0437 1736 mouhid - ok
20:05:11.0461 1736 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:05:11.0475 1736 mountmgr - ok
20:05:11.0587 1736 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:05:11.0599 1736 MozillaMaintenance - ok
20:05:11.0618 1736 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:05:11.0634 1736 mpio - ok
20:05:11.0659 1736 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:05:11.0706 1736 mpsdrv - ok
20:05:11.0755 1736 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:05:11.0809 1736 MpsSvc - ok
20:05:11.0839 1736 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:05:11.0874 1736 MRxDAV - ok
20:05:11.0904 1736 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:05:11.0947 1736 mrxsmb - ok
20:05:11.0962 1736 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:05:11.0991 1736 mrxsmb10 - ok
20:05:12.0016 1736 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:05:12.0043 1736 mrxsmb20 - ok
20:05:12.0067 1736 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:05:12.0079 1736 msahci - ok
20:05:12.0097 1736 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:05:12.0112 1736 msdsm - ok
20:05:12.0133 1736 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:05:12.0162 1736 MSDTC - ok
20:05:12.0196 1736 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:05:12.0228 1736 Msfs - ok
20:05:12.0239 1736 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:05:12.0282 1736 mshidkmdf - ok
20:05:12.0312 1736 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:05:12.0324 1736 msisadrv - ok
20:05:12.0350 1736 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:05:12.0394 1736 MSiSCSI - ok
20:05:12.0398 1736 msiserver - ok
20:05:12.0426 1736 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:05:12.0474 1736 MSKSSRV - ok
20:05:12.0488 1736 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:05:12.0520 1736 MSPCLOCK - ok
20:05:12.0536 1736 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:05:12.0584 1736 MSPQM - ok
20:05:12.0627 1736 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:05:12.0647 1736 MsRPC - ok
20:05:12.0672 1736 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:05:12.0682 1736 mssmbios - ok
20:05:12.0704 1736 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:05:12.0754 1736 MSTEE - ok
20:05:12.0770 1736 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:05:12.0796 1736 MTConfig - ok
20:05:12.0819 1736 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:05:12.0832 1736 Mup - ok
20:05:12.0866 1736 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:05:12.0918 1736 napagent - ok
20:05:12.0962 1736 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:05:13.0001 1736 NativeWifiP - ok
20:05:13.0042 1736 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:05:13.0075 1736 NDIS - ok
20:05:13.0099 1736 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:05:13.0148 1736 NdisCap - ok
20:05:13.0167 1736 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:05:13.0209 1736 NdisTapi - ok
20:05:13.0251 1736 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:05:13.0296 1736 Ndisuio - ok
20:05:13.0321 1736 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:05:13.0370 1736 NdisWan - ok
20:05:13.0387 1736 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:05:13.0433 1736 NDProxy - ok
20:05:13.0459 1736 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:05:13.0502 1736 NetBIOS - ok
20:05:13.0532 1736 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:05:13.0582 1736 NetBT - ok
20:05:13.0601 1736 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:05:13.0612 1736 Netlogon - ok
20:05:13.0639 1736 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:05:13.0687 1736 Netman - ok
20:05:13.0726 1736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:13.0738 1736 NetMsmqActivator - ok
20:05:13.0743 1736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:13.0753 1736 NetPipeActivator - ok
20:05:13.0783 1736 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:05:13.0834 1736 netprofm - ok
20:05:13.0868 1736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:13.0879 1736 NetTcpActivator - ok
20:05:13.0884 1736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:13.0895 1736 NetTcpPortSharing - ok
20:05:13.0911 1736 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:05:13.0923 1736 nfrd960 - ok
20:05:13.0943 1736 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:05:13.0967 1736 NlaSvc - ok
20:05:13.0982 1736 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:05:14.0015 1736 Npfs - ok
20:05:14.0031 1736 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:05:14.0081 1736 nsi - ok
20:05:14.0108 1736 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:05:14.0151 1736 nsiproxy - ok
20:05:14.0213 1736 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:05:14.0280 1736 Ntfs - ok
20:05:14.0301 1736 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:05:14.0346 1736 Null - ok
20:05:14.0373 1736 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:05:14.0386 1736 NVHDA - ok
20:05:14.0679 1736 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:05:15.0031 1736 nvlddmkm - ok
20:05:15.0051 1736 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
20:05:15.0060 1736 nvoclk64 - ok
20:05:15.0089 1736 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:05:15.0103 1736 nvraid - ok
20:05:15.0112 1736 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:05:15.0127 1736 nvstor - ok
20:05:15.0174 1736 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:05:15.0195 1736 nvsvc - ok
20:05:15.0264 1736 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:05:15.0305 1736 nvUpdatusService - ok
20:05:15.0333 1736 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:05:15.0346 1736 nv_agp - ok
20:05:15.0362 1736 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:05:15.0376 1736 ohci1394 - ok
20:05:15.0444 1736 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:05:15.0456 1736 ose - ok
20:05:15.0480 1736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:05:15.0529 1736 p2pimsvc - ok
20:05:15.0558 1736 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:05:15.0579 1736 p2psvc - ok
20:05:15.0608 1736 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:05:15.0622 1736 Parport - ok
20:05:15.0644 1736 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:05:15.0658 1736 partmgr - ok
20:05:15.0678 1736 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:05:15.0714 1736 PcaSvc - ok
20:05:15.0776 1736 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:05:15.0792 1736 pci - ok
20:05:15.0811 1736 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:05:15.0823 1736 pciide - ok
20:05:15.0848 1736 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:15.0865 1736 pcmcia - ok
20:05:15.0889 1736 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:05:15.0901 1736 pcw - ok
20:05:15.0929 1736 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:05:15.0967 1736 PEAUTH - ok
20:05:16.0021 1736 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:05:16.0086 1736 PeerDistSvc - ok
20:05:16.0149 1736 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:05:16.0174 1736 PerfHost - ok
20:05:16.0239 1736 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:05:16.0314 1736 pla - ok
20:05:16.0346 1736 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:05:16.0390 1736 PlugPlay - ok
20:05:16.0427 1736 PnkBstrA - ok
20:05:16.0450 1736 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:05:16.0463 1736 PNRPAutoReg - ok
20:05:16.0479 1736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:05:16.0495 1736 PNRPsvc - ok
20:05:16.0539 1736 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:05:16.0593 1736 PolicyAgent - ok
20:05:16.0618 1736 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:05:16.0674 1736 Power - ok
20:05:16.0721 1736 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:05:16.0769 1736 PptpMiniport - ok
20:05:16.0799 1736 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:05:16.0822 1736 Processor - ok
20:05:16.0843 1736 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:05:16.0884 1736 ProfSvc - ok
20:05:16.0904 1736 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:05:16.0916 1736 ProtectedStorage - ok
20:05:16.0962 1736 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:05:17.0011 1736 Psched - ok
20:05:17.0058 1736 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:05:17.0108 1736 ql2300 - ok
20:05:17.0140 1736 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:05:17.0155 1736 ql40xx - ok
20:05:17.0179 1736 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:05:17.0217 1736 QWAVE - ok
20:05:17.0247 1736 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:05:17.0275 1736 QWAVEdrv - ok
20:05:17.0289 1736 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:05:17.0334 1736 RasAcd - ok
20:05:17.0360 1736 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:05:17.0394 1736 RasAgileVpn - ok
20:05:17.0444 1736 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:05:17.0495 1736 RasAuto - ok
20:05:17.0518 1736 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:05:17.0565 1736 Rasl2tp - ok
20:05:17.0626 1736 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:05:17.0682 1736 RasMan - ok
20:05:17.0713 1736 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:05:17.0763 1736 RasPppoe - ok
20:05:17.0779 1736 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:05:17.0835 1736 RasSstp - ok
20:05:17.0884 1736 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:05:17.0940 1736 rdbss - ok
20:05:17.0967 1736 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:05:17.0992 1736 rdpbus - ok
20:05:18.0010 1736 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:05:18.0055 1736 RDPCDD - ok
20:05:18.0106 1736 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:05:18.0121 1736 RDPDR - ok
20:05:18.0143 1736 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:05:18.0188 1736 RDPENCDD - ok
20:05:18.0223 1736 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:05:18.0265 1736 RDPREFMP - ok
20:05:18.0295 1736 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:05:18.0339 1736 RdpVideoMiniport - ok
20:05:18.0362 1736 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:05:18.0400 1736 RDPWD - ok
20:05:18.0427 1736 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:05:18.0444 1736 rdyboost - ok
20:05:18.0487 1736 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:05:18.0541 1736 RemoteAccess - ok
20:05:18.0578 1736 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:05:18.0628 1736 RemoteRegistry - ok
20:05:18.0678 1736 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:05:18.0728 1736 RpcEptMapper - ok
20:05:18.0755 1736 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:05:18.0786 1736 RpcLocator - ok
20:05:18.0825 1736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:05:18.0863 1736 RpcSs - ok
20:05:18.0907 1736 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:05:18.0954 1736 rspndr - ok
20:05:18.0983 1736 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:05:19.0029 1736 RTL8167 - ok
20:05:19.0047 1736 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:05:19.0084 1736 s3cap - ok
20:05:19.0136 1736 [ ACBB94340905D4596C2B10B622160D02 ] SaiK0CFA C:\Windows\system32\DRIVERS\SaiK0CFA.sys
20:05:19.0150 1736 SaiK0CFA - ok
20:05:19.0165 1736 [ E124BCFB55ADCD4AA273E73C3D666F9F ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
20:05:19.0175 1736 SaiMini - ok
20:05:19.0183 1736 [ 94AB59E2D3F301DC2B6EA97A027CEBFA ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
20:05:19.0193 1736 SaiNtBus - ok
20:05:19.0243 1736 [ C4541B918865B015E4B04416E456AAB7 ] SaiU0CFA C:\Windows\system32\DRIVERS\SaiU0CFA.sys
20:05:19.0254 1736 SaiU0CFA - ok
20:05:19.0267 1736 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:05:19.0279 1736 SamSs - ok
20:05:19.0339 1736 SANDRA - ok
20:05:19.0387 1736 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:05:19.0402 1736 sbp2port - ok
20:05:19.0459 1736 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:05:19.0484 1736 SBSDWSCService - ok
20:05:19.0524 1736 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:05:19.0579 1736 SCardSvr - ok
20:05:19.0602 1736 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:05:19.0649 1736 scfilter - ok
20:05:19.0707 1736 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:05:19.0762 1736 Schedule - ok
20:05:19.0986 1736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:05:20.0017 1736 SCPolicySvc - ok
20:05:20.0040 1736 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:05:20.0089 1736 SDRSVC - ok
20:05:20.0114 1736 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:05:20.0158 1736 secdrv - ok
20:05:20.0182 1736 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:05:20.0233 1736 seclogon - ok
20:05:20.0255 1736 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:05:20.0301 1736 SENS - ok
20:05:20.0335 1736 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:05:20.0629 1736 SensrSvc - ok
20:05:20.0683 1736 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:05:20.0709 1736 Serenum - ok
20:05:20.0739 1736 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:05:20.0766 1736 Serial - ok
20:05:20.0788 1736 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:05:20.0809 1736 sermouse - ok
20:05:20.0848 1736 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:05:20.0899 1736 SessionEnv - ok
20:05:20.0938 1736 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:05:20.0965 1736 sffdisk - ok
20:05:20.0980 1736 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:05:21.0006 1736 sffp_mmc - ok
20:05:21.0021 1736 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:05:21.0049 1736 sffp_sd - ok
20:05:21.0068 1736 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:05:21.0080 1736 sfloppy - ok
20:05:21.0136 1736 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:05:21.0189 1736 SharedAccess - ok
20:05:21.0234 1736 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:05:21.0286 1736 ShellHWDetection - ok
20:05:21.0304 1736 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:05:21.0317 1736 SiSRaid2 - ok
20:05:21.0340 1736 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:05:21.0352 1736 SiSRaid4 - ok
20:05:21.0365 1736 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:05:21.0411 1736 Smb - ok
20:05:21.0440 1736 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:05:21.0468 1736 SNMPTRAP - ok
20:05:21.0486 1736 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
20:05:21.0498 1736 speedfan - ok
20:05:21.0520 1736 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:05:21.0534 1736 spldr - ok
20:05:21.0571 1736 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:05:21.0594 1736 Spooler - ok
20:05:21.0716 1736 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:05:21.0878 1736 sppsvc - ok
20:05:21.0903 1736 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:05:21.0949 1736 sppuinotify - ok
20:05:21.0998 1736 [ A6CFF1AF7664627A296B6A0A96CF876E ] sptd C:\Windows\System32\Drivers\sptd.sys
20:05:21.0999 1736 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: A6CFF1AF7664627A296B6A0A96CF876E
20:05:22.0018 1736 sptd ( LockedFile.Multi.Generic ) - warning
20:05:22.0018 1736 sptd - detected LockedFile.Multi.Generic (1)
20:05:22.0064 1736 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:05:22.0110 1736 srv - ok
20:05:22.0140 1736 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:05:22.0175 1736 srv2 - ok
20:05:22.0194 1736 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:05:22.0225 1736 srvnet - ok
20:05:22.0342 1736 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:05:22.0447 1736 SSDPSRV - ok
20:05:22.0491 1736 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:05:22.0526 1736 SstpSvc - ok
20:05:22.0536 1736 Steam Client Service - ok
20:05:22.0618 1736 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:05:22.0632 1736 Stereo Service - ok
20:05:22.0652 1736 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:05:22.0664 1736 stexstor - ok
20:05:22.0725 1736 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:05:22.0748 1736 stisvc - ok
20:05:22.0763 1736 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:05:22.0776 1736 storflt - ok
20:05:22.0803 1736 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:05:22.0816 1736 storvsc - ok
20:05:22.0832 1736 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:05:22.0843 1736 swenum - ok
20:05:22.0888 1736 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:05:22.0948 1736 swprv - ok
20:05:22.0967 1736 Synth3dVsc - ok
20:05:23.0037 1736 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:05:23.0131 1736 SysMain - ok
20:05:23.0160 1736 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:05:23.0191 1736 TabletInputService - ok
20:05:23.0237 1736 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
20:05:23.0271 1736 tap0901t ( UnsignedFile.Multi.Generic ) - warning
20:05:23.0271 1736 tap0901t - detected UnsignedFile.Multi.Generic (1)
20:05:23.0318 1736 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
20:05:23.0328 1736 taphss - ok
20:05:23.0358 1736 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:05:23.0410 1736 TapiSrv - ok
20:05:23.0447 1736 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:05:23.0498 1736 TBS - ok
20:05:23.0564 1736 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:05:23.0641 1736 Tcpip - ok
20:05:23.0689 1736 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:05:23.0727 1736 TCPIP6 - ok
20:05:23.0777 1736 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:05:23.0801 1736 tcpipreg - ok
20:05:23.0844 1736 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:05:23.0881 1736 TDPIPE - ok
20:05:23.0902 1736 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:05:23.0928 1736 TDTCP - ok
20:05:23.0955 1736 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:05:23.0988 1736 tdx - ok
20:05:24.0142 1736 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:05:24.0243 1736 TeamViewer7 - ok
20:05:24.0265 1736 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:05:24.0277 1736 TermDD - ok
20:05:24.0346 1736 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:05:24.0407 1736 TermService - ok
20:05:24.0445 1736 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:05:24.0472 1736 Themes - ok
20:05:24.0499 1736 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:05:24.0535 1736 THREADORDER - ok
20:05:24.0551 1736 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:05:24.0598 1736 TrkWks - ok
20:05:24.0643 1736 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:05:24.0689 1736 TrustedInstaller - ok
20:05:24.0727 1736 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:05:24.0760 1736 tssecsrv - ok
20:05:24.0778 1736 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:05:24.0818 1736 TsUsbFlt - ok
20:05:24.0822 1736 tsusbhub - ok
20:05:24.0850 1736 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:05:24.0884 1736 tunnel - ok
20:05:24.0990 1736 [ 2FD0FE0A0C721C8E47C5A3AE16E519B1 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
20:05:25.0014 1736 TunngleService - ok
20:05:25.0043 1736 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:05:25.0057 1736 uagp35 - ok
20:05:25.0084 1736 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:05:25.0133 1736 udfs - ok
20:05:25.0166 1736 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:05:25.0180 1736 UI0Detect - ok
20:05:25.0192 1736 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:05:25.0206 1736 uliagpkx - ok
20:05:25.0237 1736 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:05:25.0266 1736 umbus - ok
20:05:25.0286 1736 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:05:25.0298 1736 UmPass - ok
20:05:25.0328 1736 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:05:25.0344 1736 UmRdpService - ok
20:05:25.0370 1736 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
20:05:25.0381 1736 UnsignedThemes - ok
20:05:25.0400 1736 UpdateCenterService - ok
20:05:25.0430 1736 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:05:25.0488 1736 upnphost - ok
20:05:25.0509 1736 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:05:25.0545 1736 usbccgp - ok
20:05:25.0565 1736 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:05:25.0582 1736 usbcir - ok
20:05:25.0601 1736 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:05:25.0627 1736 usbehci - ok
20:05:25.0650 1736 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:05:25.0678 1736 usbhub - ok
20:05:25.0706 1736 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:05:25.0725 1736 usbohci - ok
20:05:25.0748 1736 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:05:25.0776 1736 usbprint - ok
20:05:25.0804 1736 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:05:25.0842 1736 USBSTOR - ok
20:05:25.0854 1736 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:05:25.0879 1736 usbuhci - ok
20:05:25.0883 1736 UserAccess7 - ok
20:05:25.0909 1736 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:05:25.0958 1736 UxSms - ok
20:05:25.0982 1736 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:05:25.0994 1736 VaultSvc - ok
20:05:26.0000 1736 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:05:26.0011 1736 vdrvroot - ok
20:05:26.0044 1736 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:05:26.0096 1736 vds - ok
20:05:26.0124 1736 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:05:26.0139 1736 vga - ok
20:05:26.0153 1736 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:05:26.0200 1736 VgaSave - ok
20:05:26.0204 1736 VGPU - ok
20:05:26.0233 1736 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:05:26.0250 1736 vhdmp - ok
20:05:26.0274 1736 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:05:26.0286 1736 viaide - ok
20:05:26.0306 1736 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:05:26.0323 1736 vmbus - ok
20:05:26.0346 1736 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:05:26.0358 1736 VMBusHID - ok
20:05:26.0379 1736 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:05:26.0391 1736 volmgr - ok
20:05:26.0425 1736 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:05:26.0443 1736 volmgrx - ok
20:05:26.0463 1736 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:05:26.0482 1736 volsnap - ok
20:05:26.0509 1736 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
20:05:26.0524 1736 vpcbus - ok
20:05:26.0584 1736 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:05:26.0630 1736 vpcnfltr - ok
20:05:26.0657 1736 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
20:05:26.0681 1736 vpcusb - ok
20:05:26.0756 1736 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
20:05:26.0775 1736 vpcvmm - ok
20:05:26.0805 1736 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:05:26.0820 1736 vsmraid - ok
20:05:26.0886 1736 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:05:26.0977 1736 VSS - ok
20:05:27.0120 1736 [ 3080F1F093869A19FB3D1F0226C73809 ] vToolbarUpdater10.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
20:05:27.0151 1736 vToolbarUpdater10.2.0 - ok
20:05:27.0163 1736 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:05:27.0179 1736 vwifibus - ok
20:05:27.0213 1736 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:05:27.0256 1736 W32Time - ok
20:05:27.0288 1736 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:05:27.0317 1736 WacomPen - ok
20:05:27.0347 1736 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:05:27.0393 1736 WANARP - ok
20:05:27.0397 1736 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:05:27.0431 1736 Wanarpv6 - ok
20:05:27.0515 1736 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:05:27.0557 1736 WatAdminSvc - ok
20:05:27.0610 1736 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:05:27.0675 1736 wbengine - ok
20:05:27.0701 1736 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:05:27.0721 1736 WbioSrvc - ok
20:05:27.0755 1736 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:05:27.0781 1736 wcncsvc - ok
20:05:27.0804 1736 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:05:27.0845 1736 WcsPlugInService - ok
20:05:27.0875 1736 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
20:05:27.0899 1736 WCUService_STC_IE - ok
20:05:27.0927 1736 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:05:27.0940 1736 Wd - ok
20:05:27.0983 1736 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:05:28.0008 1736 Wdf01000 - ok
20:05:28.0020 1736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:05:28.0092 1736 WdiServiceHost - ok
20:05:28.0112 1736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:05:28.0132 1736 WdiSystemHost - ok
20:05:28.0184 1736 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:05:28.0220 1736 WebClient - ok
20:05:28.0253 1736 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:05:28.0303 1736 Wecsvc - ok
20:05:28.0327 1736 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:05:28.0375 1736 wercplsupport - ok
20:05:28.0402 1736 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:05:28.0454 1736 WerSvc - ok
20:05:28.0481 1736 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:05:28.0513 1736 WfpLwf - ok
20:05:28.0527 1736 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:05:28.0539 1736 WIMMount - ok
20:05:28.0564 1736 WinDefend - ok
20:05:28.0590 1736 WinHttpAutoProxySvc - ok
20:05:28.0646 1736 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:05:28.0693 1736 Winmgmt - ok
20:05:28.0757 1736 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:05:28.0846 1736 WinRM - ok
20:05:28.0891 1736 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:05:28.0938 1736 Wlansvc - ok
20:05:29.0070 1736 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:05:29.0160 1736 wlidsvc - ok
20:05:29.0184 1736 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:05:29.0207 1736 WmiAcpi - ok
20:05:29.0247 1736 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:05:29.0275 1736 wmiApSrv - ok
20:05:29.0299 1736 WMPNetworkSvc - ok
20:05:29.0320 1736 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:05:29.0341 1736 WPCSvc - ok
20:05:29.0366 1736 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:05:29.0384 1736 WPDBusEnum - ok
20:05:29.0400 1736 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:05:29.0434 1736 ws2ifsl - ok
20:05:29.0479 1736 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:05:29.0525 1736 wscsvc - ok
20:05:29.0530 1736 WSearch - ok
20:05:29.0634 1736 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:05:29.0724 1736 wuauserv - ok
20:05:29.0750 1736 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:05:29.0790 1736 WudfPf - ok
20:05:29.0807 1736 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:29.0824 1736 WUDFRd - ok
20:05:29.0842 1736 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:05:29.0868 1736 wudfsvc - ok
20:05:29.0901 1736 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:05:29.0944 1736 WwanSvc - ok
20:05:30.0002 1736 X6va005 - ok
20:05:30.0031 1736 xsherlock - ok
20:05:30.0079 1736 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
20:05:30.0092 1736 xusb21 - ok
20:05:30.0136 1736 ================ Scan global ===============================
20:05:30.0179 1736 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:05:30.0208 1736 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:05:30.0218 1736 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:05:30.0248 1736 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:05:30.0263 1736 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:05:30.0266 1736 [Global] - ok
20:05:30.0267 1736 ================ Scan MBR ==================================
20:05:30.0280 1736 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:05:30.0649 1736 \Device\Harddisk0\DR0 - ok
20:05:30.0653 1736 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:05:31.0153 1736 \Device\Harddisk1\DR1 - ok
20:05:31.0153 1736 ================ Scan VBR ==================================
20:05:31.0163 1736 [ 850E697EC9FA9CF0DBE2F303E7195370 ] \Device\Harddisk0\DR0\Partition1
20:05:31.0164 1736 \Device\Harddisk0\DR0\Partition1 - ok
20:05:31.0168 1736 [ 011A8D43E8F21291B499405E52E7DB5A ] \Device\Harddisk1\DR1\Partition1
20:05:31.0171 1736 \Device\Harddisk1\DR1\Partition1 - ok
20:05:31.0175 1736 [ 41FAFCB6D6A50F65ED6BD10D90DCE47B ] \Device\Harddisk1\DR1\Partition2
20:05:31.0177 1736 \Device\Harddisk1\DR1\Partition2 - ok
20:05:31.0177 1736 ============================================================
20:05:31.0177 1736 Scan finished
20:05:31.0177 1736 ============================================================
20:05:31.0191 1352 Detected object count: 6
20:05:31.0191 1352 Actual detected object count: 6
20:06:13.0741 1352 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:13.0741 1352 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:13.0742 1352 cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:13.0743 1352 cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:13.0745 1352 DTProTS ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:13.0745 1352 DTProTS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:13.0747 1352 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:13.0747 1352 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:13.0748 1352 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:06:13.0749 1352 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:06:13.0750 1352 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:13.0750 1352 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:42.0455 0660 Deinitialize success
|
|
07.07.2013, 19:10
| #39 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Das ist echt verrückt. Nächster Versuch in dem wir einfach mal den Ordner killen: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.07.2013, 08:03
| #40 |
| | svhost.exe in /Roaming/Microsoft kommt immer wieder leute ich glaub ich geb auf... comboxif mag mich einfach nich... hatte nach dem neustart von meinem pc durch combofix nen bluescreen und jetzt startet combofix mit jedem neustart und öffnet immer wieder das fenster von combofix und schließt es sofort wieder und das in millisekundentakt... leistung vom pc is dauerhaft auf maximum und ich kann halt nix mehr machen am pc. gut das combofix nur für einen benutzerprofiel startet so kann ich mein anderes noch nutzen.ob ich das von diesem benutzer aus fixen kann weiß ich nich. evtl könnt ihr mir noch helfen oder kennt das bei combofix... echt zum verrücktwerden das ganze hier  |
|
08.07.2013, 12:43
| #41 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Und das ist jedesmal ein Benutzer mit Adminrechten? Normalerweise ist Combofix nicht so zickig...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.07.2013, 15:53
| #42 |
| | svhost.exe in /Roaming/Microsoft kommt immer wieder ich geh mal davon aus das das kommt weil der pc abgestürzt is.. das hat der auch mal öffters wenn der im leerlauf is. aber deswegen bin ich ja nich hier. gibts ne möglichkeit euch das zu zeigen? is schwer zu erklären wenn man das nich sieht... hab auf die adminrechte nich geachtet wenn ich ehrlich bin aber ich kann ja nochmal das andere konto anschmeißen wenn das hilft |
|
08.07.2013, 15:56
| #43 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Ja normalerweise ist das so. Aber jetzt sei mal ehrlich, wäre es nicht sinnvoller hier einen Schnitt zu machen und den Eimer einfach ordentlich neu aufzusetzen?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.07.2013, 16:07
| #44 |
| | svhost.exe in /Roaming/Microsoft kommt immer wieder Ja na klar is das einfacher. Aber alles wieder neu machen und so -.- die maschiene läuft jetzt seid 2 jahren ohne irgentwelche probleme (bis auf die sache mit den Bluescreens im leerlauf) und die is ja eigentlich auch sauber.Wenn ihr sagt das nix zu finden is dann bedanke ich mich bei euch und versuch nochmal selber mein glück. und wenn alles nix hilft kann ich mir doch auch nen neuen Benutzer machen und den alten löschen weil die svhost.exe ja im Benutzerordner is. Ich weiß so einfach wirds nich sein aber versuchen kann mans ja. |
|
08.07.2013, 16:09
| #45 |
| /// TB-Ausbilder | svhost.exe in /Roaming/Microsoft kommt immer wieder Wie eingangs geschrieben ist es so, dass nach einem Malwarebefall so eine Maschiene nie wieder 100% sauber wird und ich befürchte so einen Fall haben wir bei dir ganz deutlich. Natürlich scheut man sich vor der ganzen Arbeit mit einer Neuinstallation, aber ich habe auch nicht wirklich weiter Lust diese kleine Nadel zu finden (sofern sie denn existiert). Von meiner Seite möchte ich dir dringend eine Neuinstallation ans Herz legen alleine schon wegen deiner eigenen Sicherheit.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu svhost.exe in /Roaming/Microsoft kommt immer wieder |
| .exe, antivierenprogramm, ausprobiert, entfern, fehlermeldung, gen, hoffe, immer wieder, jedesmal, kommt immer wieder, lösen, meldungen, neu, problem, programm, schonmal, schädling, screenshots, starte, svhost, svhost.exe |
Linear-Darstellung
