| |
| |||||||
Log-Analyse und Auswertung: Hohe GPU Auslastung durch "miner.exe"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2013, 14:55
| #1 |
 |  Hohe GPU Auslastung durch "miner.exe" Hallo, erst einmal ein Hallo an alle, finde es klasse, dass es dieses Forum gibt! Nun zu meinem Problem: Vor kurzem hatte ich eine hohe GPU-Auslastung (Lüfter wurde richtig laut) festgestellt, sobald mein PC im idle war, auch während Filme geschaut habe. Durch den Process Explorer von sysinternals.com habe ich dann herausgefunden, dass dies durch die miner.exe ausgelöst wurde. Google hat mir dann zu "miner.exe" diesen Thread ausgespuckt: http://www.trojaner-board.de/135967-...r-gen-etc.html Daraufhin habe ich dann in meinen Programmen nach "Lyrics Fan" und "Search Protect by conduit" gesucht, aber nichts gefunden. Habe dann AdwCleaner heruntergeladen und eine Löschung durchgeführt. Logdatei: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 07/07/2013 um 14:38:27 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - HANNES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16618
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [962 octets] - [07/07/2013 14:37:59]
AdwCleaner[S1].txt - [896 octets] - [07/07/2013 14:38:27]
########## EOF - C:\AdwCleaner[S1].txt - [955 octets] ##########
Ich hoffe, dass ihr mir helfen könnt. Grüße und vielen Dank, Hannes |
|
07.07.2013, 15:01
| #2 |
| /// Malware-holic   | Hohe GPU Auslastung durch "miner.exe" Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
07.07.2013, 15:23
| #3 |
| | Hohe GPU Auslastung durch "miner.exe" Vielen Dank für die schnelle Antwort.
__________________Log des Scans: Code:
ATTFilter 16:20:08.0179 5504 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:20:10.0191 5504 ============================================================
16:20:10.0191 5504 Current date / time: 2013/07/07 16:20:10.0191
16:20:10.0191 5504 SystemInfo:
16:20:10.0191 5504
16:20:10.0191 5504 OS Version: 6.1.7601 ServicePack: 1.0
16:20:10.0191 5504 Product type: Workstation
16:20:10.0193 5504 ComputerName: HANNES-PC
16:20:10.0193 5504 UserName: Hannes
16:20:10.0193 5504 Windows directory: C:\Windows
16:20:10.0194 5504 System windows directory: C:\Windows
16:20:10.0194 5504 Running under WOW64
16:20:10.0194 5504 Processor architecture: Intel x64
16:20:10.0194 5504 Number of processors: 2
16:20:10.0194 5504 Page size: 0x1000
16:20:10.0194 5504 Boot type: Normal boot
16:20:10.0194 5504 ============================================================
16:20:17.0255 5504 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:23.0880 5504 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:29.0568 5504 Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:29.0568 5504 Drive \Device\Harddisk3\DR3 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:29.0573 5504 ============================================================
16:20:29.0573 5504 \Device\Harddisk0\DR0:
16:20:29.0573 5504 MBR partitions:
16:20:29.0573 5504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:20:29.0573 5504 \Device\Harddisk1\DR1:
16:20:29.0590 5504 MBR partitions:
16:20:29.0590 5504 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
16:20:29.0590 5504 \Device\Harddisk2\DR2:
16:20:29.0590 5504 MBR partitions:
16:20:29.0590 5504 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
16:20:29.0590 5504 \Device\Harddisk3\DR3:
16:20:29.0591 5504 MBR partitions:
16:20:29.0591 5504 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
16:20:29.0591 5504 ============================================================
16:20:29.0592 5504 C: <-> \Device\Harddisk3\DR3\Partition1
16:20:29.0608 5504 H: <-> \Device\Harddisk2\DR2\Partition1
16:20:29.0635 5504 D: <-> \Device\Harddisk0\DR0\Partition1
16:20:29.0645 5504 E: <-> \Device\Harddisk1\DR1\Partition1
16:20:29.0645 5504 ============================================================
16:20:29.0645 5504 Initialize success
16:20:29.0645 5504 ============================================================
16:21:16.0116 3740 ============================================================
16:21:16.0116 3740 Scan started
16:21:16.0116 3740 Mode: Manual; SigCheck; TDLFS;
16:21:16.0116 3740 ============================================================
16:21:16.0817 3740 ================ Scan system memory ========================
16:21:16.0817 3740 System memory - ok
16:21:16.0817 3740 ================ Scan services =============================
16:21:16.0856 3740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:21:16.0915 3740 1394ohci - ok
16:21:16.0920 3740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:21:16.0950 3740 ACPI - ok
16:21:16.0952 3740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:21:16.0983 3740 AcpiPmi - ok
16:21:16.0989 3740 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:21:17.0020 3740 AdobeARMservice - ok
16:21:17.0028 3740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:21:17.0057 3740 adp94xx - ok
16:21:17.0063 3740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:21:17.0086 3740 adpahci - ok
16:21:17.0092 3740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:21:17.0114 3740 adpu320 - ok
16:21:17.0118 3740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:21:17.0182 3740 AeLookupSvc - ok
16:21:17.0190 3740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:21:17.0221 3740 AFD - ok
16:21:17.0225 3740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:21:17.0245 3740 agp440 - ok
16:21:17.0247 3740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:21:17.0282 3740 ALG - ok
16:21:17.0286 3740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:21:17.0307 3740 aliide - ok
16:21:17.0311 3740 [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:21:17.0346 3740 AMD External Events Utility - ok
16:21:17.0350 3740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:21:17.0372 3740 amdide - ok
16:21:17.0376 3740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:21:17.0395 3740 AmdK8 - ok
16:21:17.0508 3740 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:21:17.0670 3740 amdkmdag - ok
16:21:17.0682 3740 [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:21:17.0702 3740 amdkmdap - ok
16:21:17.0708 3740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:21:17.0725 3740 AmdPPM - ok
16:21:17.0729 3740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:21:17.0750 3740 amdsata - ok
16:21:17.0754 3740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:21:17.0776 3740 amdsbs - ok
16:21:17.0780 3740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:21:17.0799 3740 amdxata - ok
16:21:17.0803 3740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:21:17.0874 3740 AppID - ok
16:21:17.0875 3740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:21:17.0911 3740 AppIDSvc - ok
16:21:17.0915 3740 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:21:17.0934 3740 Appinfo - ok
16:21:17.0938 3740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:21:17.0959 3740 arc - ok
16:21:17.0963 3740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:21:17.0983 3740 arcsas - ok
16:21:17.0985 3740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:18.0020 3740 AsyncMac - ok
16:21:18.0024 3740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:21:18.0041 3740 atapi - ok
16:21:18.0047 3740 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:21:18.0065 3740 AtiHDAudioService - ok
16:21:18.0180 3740 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:21:18.0290 3740 atikmdag - ok
16:21:18.0301 3740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:21:18.0358 3740 AudioEndpointBuilder - ok
16:21:18.0366 3740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:21:18.0418 3740 AudioSrv - ok
16:21:18.0422 3740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:21:18.0452 3740 AxInstSV - ok
16:21:18.0459 3740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:21:18.0483 3740 b06bdrv - ok
16:21:18.0489 3740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:21:18.0512 3740 b57nd60a - ok
16:21:18.0516 3740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:21:18.0536 3740 BDESVC - ok
16:21:18.0540 3740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:21:18.0573 3740 Beep - ok
16:21:18.0582 3740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:21:18.0625 3740 BFE - ok
16:21:18.0635 3740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:21:18.0702 3740 BITS - ok
16:21:18.0709 3740 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
16:21:18.0747 3740 Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - warning
16:21:18.0747 3740 Blackberry Device Manager - detected UnsignedFile.Multi.Generic (1)
16:21:18.0750 3740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:21:18.0768 3740 blbdrive - ok
16:21:18.0772 3740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:21:18.0793 3740 bowser - ok
16:21:18.0795 3740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:21:18.0821 3740 BrFiltLo - ok
16:21:18.0825 3740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:21:18.0844 3740 BrFiltUp - ok
16:21:18.0848 3740 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:21:18.0868 3740 Browser - ok
16:21:18.0872 3740 [ 91EB9C1FC4A4221CA3CCBD864F815C30 ] BrPar C:\Windows\System32\drivers\BrPar64a.sys
16:21:18.0889 3740 BrPar - ok
16:21:18.0895 3740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:21:18.0918 3740 Brserid - ok
16:21:18.0922 3740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:21:18.0944 3740 BrSerWdm - ok
16:21:18.0948 3740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:21:18.0967 3740 BrUsbMdm - ok
16:21:18.0971 3740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:21:18.0991 3740 BrUsbSer - ok
16:21:18.0995 3740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:21:19.0034 3740 BTHMODEM - ok
16:21:19.0039 3740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:21:19.0084 3740 bthserv - ok
16:21:19.0088 3740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:21:19.0125 3740 cdfs - ok
16:21:19.0129 3740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:21:19.0153 3740 cdrom - ok
16:21:19.0157 3740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:21:19.0194 3740 CertPropSvc - ok
16:21:19.0198 3740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:21:19.0219 3740 circlass - ok
16:21:19.0225 3740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:21:19.0250 3740 CLFS - ok
16:21:19.0258 3740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:21:19.0313 3740 clr_optimization_v2.0.50727_32 - ok
16:21:19.0319 3740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:21:19.0346 3740 clr_optimization_v2.0.50727_64 - ok
16:21:19.0348 3740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:21:19.0366 3740 CmBatt - ok
16:21:19.0371 3740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:21:19.0393 3740 cmdide - ok
16:21:19.0418 3740 [ 23CEA2A1C0B0B46B1279353341754677 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
16:21:19.0467 3740 cmudaxp - ok
16:21:19.0477 3740 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:21:19.0506 3740 CNG - ok
16:21:19.0510 3740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:21:19.0530 3740 Compbatt - ok
16:21:19.0532 3740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:21:19.0553 3740 CompositeBus - ok
16:21:19.0557 3740 COMSysApp - ok
16:21:19.0561 3740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:21:19.0578 3740 crcdisk - ok
16:21:19.0584 3740 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:21:19.0606 3740 CryptSvc - ok
16:21:19.0614 3740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:21:19.0657 3740 DcomLaunch - ok
16:21:19.0662 3740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:21:19.0702 3740 defragsvc - ok
16:21:19.0705 3740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:21:19.0741 3740 DfsC - ok
16:21:19.0746 3740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:21:19.0764 3740 Dhcp - ok
16:21:19.0768 3740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:21:19.0803 3740 discache - ok
16:21:19.0807 3740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:21:19.0827 3740 Disk - ok
16:21:19.0830 3740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:21:19.0854 3740 Dnscache - ok
16:21:19.0858 3740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:21:19.0895 3740 dot3svc - ok
16:21:19.0901 3740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:21:19.0936 3740 DPS - ok
16:21:19.0940 3740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:21:19.0959 3740 drmkaud - ok
16:21:19.0971 3740 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:21:20.0010 3740 DXGKrnl - ok
16:21:20.0014 3740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:21:20.0051 3740 EapHost - ok
16:21:20.0084 3740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:21:20.0141 3740 ebdrv - ok
16:21:20.0145 3740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:21:20.0164 3740 EFS - ok
16:21:20.0174 3740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:21:20.0205 3740 ehRecvr - ok
16:21:20.0209 3740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:21:20.0231 3740 ehSched - ok
16:21:20.0241 3740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:21:20.0270 3740 elxstor - ok
16:21:20.0272 3740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:21:20.0291 3740 ErrDev - ok
16:21:20.0299 3740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:21:20.0334 3740 EventSystem - ok
16:21:20.0340 3740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:21:20.0377 3740 exfat - ok
16:21:20.0381 3740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:21:20.0418 3740 fastfat - ok
16:21:20.0428 3740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:21:20.0457 3740 Fax - ok
16:21:20.0461 3740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:21:20.0479 3740 fdc - ok
16:21:20.0483 3740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:21:20.0516 3740 fdPHost - ok
16:21:20.0520 3740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:21:20.0553 3740 FDResPub - ok
16:21:20.0557 3740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:21:20.0576 3740 FileInfo - ok
16:21:20.0580 3740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:21:20.0616 3740 Filetrace - ok
16:21:20.0617 3740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:20.0637 3740 flpydisk - ok
16:21:20.0643 3740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:21:20.0668 3740 FltMgr - ok
16:21:20.0682 3740 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:21:20.0715 3740 FontCache - ok
16:21:20.0719 3740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:21:20.0760 3740 FontCache3.0.0.0 - ok
16:21:20.0764 3740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:21:20.0782 3740 FsDepends - ok
16:21:20.0785 3740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:21:20.0805 3740 Fs_Rec - ok
16:21:20.0809 3740 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:21:20.0832 3740 fvevol - ok
16:21:20.0836 3740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:21:20.0856 3740 gagp30kx - ok
16:21:20.0866 3740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:21:20.0910 3740 gpsvc - ok
16:21:20.0914 3740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:21:20.0932 3740 hcw85cir - ok
16:21:20.0940 3740 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:21:20.0967 3740 HdAudAddService - ok
16:21:20.0971 3740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:21:20.0992 3740 HDAudBus - ok
16:21:20.0996 3740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:21:21.0014 3740 HidBatt - ok
16:21:21.0018 3740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:21:21.0039 3740 HidBth - ok
16:21:21.0045 3740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:21:21.0065 3740 HidIr - ok
16:21:21.0069 3740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:21:21.0102 3740 hidserv - ok
16:21:21.0106 3740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:21:21.0123 3740 HidUsb - ok
16:21:21.0127 3740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:21:21.0186 3740 hkmsvc - ok
16:21:21.0192 3740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:21:21.0233 3740 HomeGroupListener - ok
16:21:21.0239 3740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:21:21.0252 3740 HomeGroupProvider - ok
16:21:21.0256 3740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:21:21.0278 3740 HpSAMD - ok
16:21:21.0287 3740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:21:21.0338 3740 HTTP - ok
16:21:21.0342 3740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:21:21.0362 3740 hwpolicy - ok
16:21:21.0365 3740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:21:21.0385 3740 i8042prt - ok
16:21:21.0393 3740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:21:21.0422 3740 iaStorV - ok
16:21:21.0432 3740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:21:21.0520 3740 idsvc - ok
16:21:21.0524 3740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:21:21.0541 3740 iirsp - ok
16:21:21.0551 3740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:21:21.0598 3740 IKEEXT - ok
16:21:21.0602 3740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:21:21.0623 3740 intelide - ok
16:21:21.0625 3740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:21:21.0645 3740 intelppm - ok
16:21:21.0649 3740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:21:21.0686 3740 IPBusEnum - ok
16:21:21.0690 3740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:21.0725 3740 IpFilterDriver - ok
16:21:21.0733 3740 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:21:21.0758 3740 iphlpsvc - ok
16:21:21.0762 3740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:21:21.0781 3740 IPMIDRV - ok
16:21:21.0785 3740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:21:21.0822 3740 IPNAT - ok
16:21:21.0826 3740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:21:21.0852 3740 IRENUM - ok
16:21:21.0856 3740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:21:21.0883 3740 isapnp - ok
16:21:21.0889 3740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:21:21.0914 3740 iScsiPrt - ok
16:21:21.0918 3740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:21:21.0938 3740 kbdclass - ok
16:21:21.0942 3740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:21:21.0959 3740 kbdhid - ok
16:21:21.0963 3740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:21:21.0981 3740 KeyIso - ok
16:21:21.0985 3740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:21:22.0006 3740 KSecDD - ok
16:21:22.0010 3740 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:21:22.0031 3740 KSecPkg - ok
16:21:22.0035 3740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:21:22.0071 3740 ksthunk - ok
16:21:22.0076 3740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:21:22.0115 3740 KtmRm - ok
16:21:22.0121 3740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:21:22.0160 3740 LanmanServer - ok
16:21:22.0164 3740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:21:22.0199 3740 LanmanWorkstation - ok
16:21:22.0205 3740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:21:22.0240 3740 lltdio - ok
16:21:22.0246 3740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:21:22.0305 3740 lltdsvc - ok
16:21:22.0309 3740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:21:22.0344 3740 lmhosts - ok
16:21:22.0348 3740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:21:22.0369 3740 LSI_FC - ok
16:21:22.0373 3740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:21:22.0393 3740 LSI_SAS - ok
16:21:22.0397 3740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:21:22.0416 3740 LSI_SAS2 - ok
16:21:22.0420 3740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:21:22.0440 3740 LSI_SCSI - ok
16:21:22.0444 3740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:21:22.0481 3740 luafv - ok
16:21:22.0485 3740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:21:22.0526 3740 Mcx2Svc - ok
16:21:22.0529 3740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:21:22.0547 3740 megasas - ok
16:21:22.0553 3740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:21:22.0578 3740 MegaSR - ok
16:21:22.0582 3740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:21:22.0619 3740 MMCSS - ok
16:21:22.0623 3740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:21:22.0658 3740 Modem - ok
16:21:22.0660 3740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:21:22.0682 3740 monitor - ok
16:21:22.0686 3740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:21:22.0705 3740 mouclass - ok
16:21:22.0707 3740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:21:22.0727 3740 mouhid - ok
16:21:22.0731 3740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:21:22.0750 3740 mountmgr - ok
16:21:22.0754 3740 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:21:22.0778 3740 MozillaMaintenance - ok
16:21:22.0781 3740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:21:22.0805 3740 mpio - ok
16:21:22.0809 3740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:21:22.0844 3740 mpsdrv - ok
16:21:22.0854 3740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:21:22.0899 3740 MpsSvc - ok
16:21:22.0903 3740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:21:22.0928 3740 MRxDAV - ok
16:21:22.0932 3740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:22.0953 3740 mrxsmb - ok
16:21:22.0959 3740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:22.0985 3740 mrxsmb10 - ok
16:21:22.0988 3740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:23.0008 3740 mrxsmb20 - ok
16:21:23.0012 3740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:21:23.0031 3740 msahci - ok
16:21:23.0035 3740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:21:23.0057 3740 msdsm - ok
16:21:23.0061 3740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:21:23.0092 3740 MSDTC - ok
16:21:23.0096 3740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:21:23.0129 3740 Msfs - ok
16:21:23.0133 3740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:21:23.0170 3740 mshidkmdf - ok
16:21:23.0174 3740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:21:23.0192 3740 msisadrv - ok
16:21:23.0195 3740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:21:23.0266 3740 MSiSCSI - ok
16:21:23.0270 3740 msiserver - ok
16:21:23.0274 3740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:21:23.0307 3740 MSKSSRV - ok
16:21:23.0309 3740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:23.0344 3740 MSPCLOCK - ok
16:21:23.0346 3740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:21:23.0381 3740 MSPQM - ok
16:21:23.0387 3740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:21:23.0412 3740 MsRPC - ok
16:21:23.0416 3740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:21:23.0436 3740 mssmbios - ok
16:21:23.0440 3740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:21:23.0473 3740 MSTEE - ok
16:21:23.0477 3740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:21:23.0496 3740 MTConfig - ok
16:21:23.0498 3740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:21:23.0518 3740 Mup - ok
16:21:23.0526 3740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:21:23.0567 3740 napagent - ok
16:21:23.0572 3740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:21:23.0598 3740 NativeWifiP - ok
16:21:23.0609 3740 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:21:23.0656 3740 NDIS - ok
16:21:23.0660 3740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:21:23.0695 3740 NdisCap - ok
16:21:23.0699 3740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:23.0733 3740 NdisTapi - ok
16:21:23.0736 3740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:23.0772 3740 Ndisuio - ok
16:21:23.0777 3740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:23.0815 3740 NdisWan - ok
16:21:23.0818 3740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:21:23.0854 3740 NDProxy - ok
16:21:23.0858 3740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:21:23.0891 3740 NetBIOS - ok
16:21:23.0897 3740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:21:23.0936 3740 NetBT - ok
16:21:23.0940 3740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:21:23.0957 3740 Netlogon - ok
16:21:23.0963 3740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:21:24.0002 3740 Netman - ok
16:21:24.0010 3740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:21:24.0047 3740 netprofm - ok
16:21:24.0051 3740 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:24.0129 3740 NetTcpPortSharing - ok
16:21:24.0133 3740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:21:24.0150 3740 nfrd960 - ok
16:21:24.0156 3740 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:21:24.0182 3740 NlaSvc - ok
16:21:24.0186 3740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:21:24.0221 3740 Npfs - ok
16:21:24.0223 3740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:21:24.0258 3740 nsi - ok
16:21:24.0262 3740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:21:24.0295 3740 nsiproxy - ok
16:21:24.0313 3740 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:21:24.0365 3740 Ntfs - ok
16:21:24.0369 3740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:21:24.0406 3740 Null - ok
16:21:24.0410 3740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:21:24.0432 3740 nvraid - ok
16:21:24.0436 3740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:21:24.0457 3740 nvstor - ok
16:21:24.0461 3740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:21:24.0502 3740 nv_agp - ok
16:21:24.0506 3740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:21:24.0525 3740 ohci1394 - ok
16:21:24.0529 3740 [ 2D88DB1B1B91711E3AE0368933CECD9C ] OpenVPNService C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe
16:21:24.0551 3740 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
16:21:24.0551 3740 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
16:21:24.0559 3740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:21:24.0582 3740 p2pimsvc - ok
16:21:24.0590 3740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:21:24.0613 3740 p2psvc - ok
16:21:24.0617 3740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:21:24.0635 3740 Parport - ok
16:21:24.0639 3740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:21:24.0660 3740 partmgr - ok
16:21:24.0664 3740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:21:24.0688 3740 PcaSvc - ok
16:21:24.0693 3740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:21:24.0715 3740 pci - ok
16:21:24.0719 3740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:21:24.0740 3740 pciide - ok
16:21:24.0744 3740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:21:24.0768 3740 pcmcia - ok
16:21:24.0770 3740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:21:24.0789 3740 pcw - ok
16:21:24.0797 3740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:21:24.0842 3740 PEAUTH - ok
16:21:24.0869 3740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:21:24.0891 3740 PerfHost - ok
16:21:24.0910 3740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:21:24.0961 3740 pla - ok
16:21:24.0969 3740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:21:24.0992 3740 PlugPlay - ok
16:21:24.0996 3740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:21:25.0014 3740 PNRPAutoReg - ok
16:21:25.0020 3740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:21:25.0045 3740 PNRPsvc - ok
16:21:25.0053 3740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:21:25.0092 3740 PolicyAgent - ok
16:21:25.0098 3740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:21:25.0135 3740 Power - ok
16:21:25.0139 3740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:21:25.0176 3740 PptpMiniport - ok
16:21:25.0178 3740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:21:25.0197 3740 Processor - ok
16:21:25.0203 3740 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:21:25.0223 3740 ProfSvc - ok
16:21:25.0227 3740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:21:25.0244 3740 ProtectedStorage - ok
16:21:25.0248 3740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:21:25.0285 3740 Psched - ok
16:21:25.0301 3740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:21:25.0350 3740 ql2300 - ok
16:21:25.0354 3740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:21:25.0375 3740 ql40xx - ok
16:21:25.0379 3740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:21:25.0406 3740 QWAVE - ok
16:21:25.0408 3740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:21:25.0432 3740 QWAVEdrv - ok
16:21:25.0434 3740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:21:25.0469 3740 RasAcd - ok
16:21:25.0473 3740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:21:25.0508 3740 RasAgileVpn - ok
16:21:25.0512 3740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:21:25.0588 3740 RasAuto - ok
16:21:25.0592 3740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:25.0629 3740 Rasl2tp - ok
16:21:25.0635 3740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:21:25.0674 3740 RasMan - ok
16:21:25.0678 3740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:25.0713 3740 RasPppoe - ok
16:21:25.0717 3740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:21:25.0754 3740 RasSstp - ok
16:21:25.0760 3740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:21:25.0801 3740 rdbss - ok
16:21:25.0805 3740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:21:25.0824 3740 rdpbus - ok
16:21:25.0826 3740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:25.0863 3740 RDPCDD - ok
16:21:25.0869 3740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:21:25.0904 3740 RDPENCDD - ok
16:21:25.0910 3740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:21:25.0947 3740 RDPREFMP - ok
16:21:25.0951 3740 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:21:25.0969 3740 RdpVideoMiniport - ok
16:21:25.0975 3740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:21:25.0996 3740 RDPWD - ok
16:21:26.0002 3740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:21:26.0025 3740 rdyboost - ok
16:21:26.0031 3740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:21:26.0061 3740 RemoteAccess - ok
16:21:26.0064 3740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:21:26.0103 3740 RemoteRegistry - ok
16:21:26.0107 3740 [ 6D850FAD4CC9498D1F382B77BA4035CC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:21:26.0125 3740 RimUsb - ok
16:21:26.0129 3740 [ 344604E6913BD6E4EAEC34AF2E0943D7 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:21:26.0146 3740 RimVSerPort - ok
16:21:26.0150 3740 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
16:21:26.0172 3740 RivaTuner64 - ok
16:21:26.0176 3740 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:21:26.0211 3740 ROOTMODEM - ok
16:21:26.0215 3740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:21:26.0250 3740 RpcEptMapper - ok
16:21:26.0254 3740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:21:26.0271 3740 RpcLocator - ok
16:21:26.0279 3740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:21:26.0318 3740 RpcSs - ok
16:21:26.0322 3740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:21:26.0357 3740 rspndr - ok
16:21:26.0365 3740 [ BD9BA262CF26EFE9A9867EBE32D12164 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:21:26.0396 3740 RTL8167 - ok
16:21:26.0400 3740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:21:26.0420 3740 SamSs - ok
16:21:26.0430 3740 [ 07310DF9FD1A62790B5A011048D8E121 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:21:26.0457 3740 SAVAdminService - ok
16:21:26.0463 3740 [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
16:21:26.0482 3740 SAVOnAccess - ok
16:21:26.0486 3740 [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
16:21:26.0512 3740 SAVService - ok
16:21:26.0516 3740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:21:26.0537 3740 sbp2port - ok
16:21:26.0541 3740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:21:26.0578 3740 SCardSvr - ok
16:21:26.0582 3740 [ 32F71EF259F04BDDFC9D6DC764739AE7 ] scfdriver C:\Windows\system32\Drivers\scfdriver.sys
16:21:26.0601 3740 scfdriver - ok
16:21:26.0603 3740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:21:26.0639 3740 scfilter - ok
16:21:26.0643 3740 [ 679880178643E926A294C2DDA30A4AAB ] scfndis C:\Windows\system32\DRIVERS\scfndis.sys
16:21:26.0658 3740 scfndis - ok
16:21:26.0670 3740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:21:26.0719 3740 Schedule - ok
16:21:26.0723 3740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:21:26.0756 3740 SCPolicySvc - ok
16:21:26.0760 3740 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
16:21:26.0775 3740 sdcfilter - ok
16:21:26.0781 3740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:21:26.0801 3740 SDRSVC - ok
16:21:26.0805 3740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:21:26.0840 3740 secdrv - ok
16:21:26.0842 3740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:21:26.0877 3740 seclogon - ok
16:21:26.0881 3740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:21:26.0910 3740 SENS - ok
16:21:26.0912 3740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:21:26.0932 3740 SensrSvc - ok
16:21:26.0935 3740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:21:26.0953 3740 Serenum - ok
16:21:26.0957 3740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:21:26.0976 3740 Serial - ok
16:21:26.0978 3740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:21:26.0998 3740 sermouse - ok
16:21:27.0006 3740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:21:27.0041 3740 SessionEnv - ok
16:21:27.0045 3740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:21:27.0062 3740 sffdisk - ok
16:21:27.0066 3740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:21:27.0084 3740 sffp_mmc - ok
16:21:27.0088 3740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:21:27.0107 3740 sffp_sd - ok
16:21:27.0111 3740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:21:27.0129 3740 sfloppy - ok
16:21:27.0135 3740 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:21:27.0453 3740 SharedAccess - ok
16:21:27.0459 3740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:21:27.0492 3740 ShellHWDetection - ok
16:21:27.0496 3740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:21:27.0514 3740 SiSRaid2 - ok
16:21:27.0517 3740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:21:27.0537 3740 SiSRaid4 - ok
16:21:27.0541 3740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:21:27.0578 3740 Smb - ok
16:21:27.0582 3740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:21:27.0601 3740 SNMPTRAP - ok
16:21:27.0609 3740 [ 89F663C9ACA369C0E327C00D2C220AA9 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:21:27.0635 3740 Sophos AutoUpdate Service - ok
16:21:27.0640 3740 [ A0CA043F435BC603BCFD543D9B9A755C ] Sophos Client Firewall C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
16:21:27.0678 3740 Sophos Client Firewall - ok
16:21:27.0681 3740 [ FBCB7769AD007618049FBCA8F96CDB51 ] Sophos Client Firewall Manager C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
16:21:27.0701 3740 Sophos Client Firewall Manager - ok
16:21:27.0709 3740 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
16:21:27.0771 3740 Sophos Web Control Service - ok
16:21:27.0775 3740 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
16:21:27.0793 3740 SophosBootDriver - ok
16:21:27.0795 3740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:21:27.0814 3740 spldr - ok
16:21:27.0822 3740 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:21:27.0849 3740 Spooler - ok
16:21:27.0883 3740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:21:28.0066 3740 sppsvc - ok
16:21:28.0070 3740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:21:28.0105 3740 sppuinotify - ok
16:21:28.0113 3740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:21:28.0142 3740 srv - ok
16:21:28.0148 3740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:21:28.0176 3740 srv2 - ok
16:21:28.0181 3740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:21:28.0203 3740 srvnet - ok
16:21:28.0209 3740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:21:28.0246 3740 SSDPSRV - ok
16:21:28.0250 3740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:21:28.0287 3740 SstpSvc - ok
16:21:28.0291 3740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:21:28.0312 3740 stexstor - ok
16:21:28.0320 3740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:21:28.0349 3740 stisvc - ok
16:21:28.0353 3740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:21:28.0371 3740 swenum - ok
16:21:28.0379 3740 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:21:28.0408 3740 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:21:28.0408 3740 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:21:28.0435 3740 [ FF4057FF51ED100C0003B2FE128C2194 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:21:28.0717 3740 swi_service - ok
16:21:28.0738 3740 [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
16:21:28.0797 3740 swi_update_64 - ok
16:21:28.0804 3740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:21:28.0845 3740 swprv - ok
16:21:28.0865 3740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:21:28.0933 3740 SysMain - ok
16:21:28.0939 3740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:21:28.0961 3740 TabletInputService - ok
16:21:28.0965 3740 [ 024ADC7F69D1776D72CC5D031B41CE4F ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:21:28.0980 3740 tap0901 - ok
16:21:28.0986 3740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:21:29.0025 3740 TapiSrv - ok
16:21:29.0029 3740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:21:29.0066 3740 TBS - ok
16:21:29.0086 3740 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:21:29.0142 3740 Tcpip - ok
16:21:29.0162 3740 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:21:29.0209 3740 TCPIP6 - ok
16:21:29.0215 3740 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:21:29.0232 3740 tcpipreg - ok
16:21:29.0238 3740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:21:29.0258 3740 TDPIPE - ok
16:21:29.0260 3740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:21:29.0277 3740 TDTCP - ok
16:21:29.0281 3740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:21:29.0316 3740 tdx - ok
16:21:29.0361 3740 [ 57DDE1395F86EE048AB25717EEB8CAEB ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
16:21:29.0980 3740 TeamViewer8 - ok
16:21:29.0984 3740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:21:30.0004 3740 TermDD - ok
16:21:30.0013 3740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:21:30.0066 3740 TermService - ok
16:21:30.0070 3740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:21:30.0091 3740 Themes - ok
16:21:30.0095 3740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:21:30.0131 3740 THREADORDER - ok
16:21:30.0134 3740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:21:30.0172 3740 TrkWks - ok
16:21:30.0175 3740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:21:30.0211 3740 TrustedInstaller - ok
16:21:30.0216 3740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:30.0250 3740 tssecsrv - ok
16:21:30.0254 3740 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:21:30.0273 3740 TsUsbFlt - ok
16:21:30.0279 3740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:21:30.0314 3740 tunnel - ok
16:21:30.0318 3740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:21:30.0338 3740 uagp35 - ok
16:21:30.0343 3740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:21:30.0384 3740 udfs - ok
16:21:30.0390 3740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:21:30.0410 3740 UI0Detect - ok
16:21:30.0414 3740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:21:30.0433 3740 uliagpkx - ok
16:21:30.0435 3740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:21:30.0457 3740 umbus - ok
16:21:30.0459 3740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:21:30.0476 3740 UmPass - ok
16:21:30.0484 3740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:21:30.0566 3740 upnphost - ok
16:21:30.0570 3740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:30.0591 3740 usbccgp - ok
16:21:30.0595 3740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:21:30.0619 3740 usbcir - ok
16:21:30.0623 3740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:21:30.0640 3740 usbehci - ok
16:21:30.0646 3740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:21:30.0672 3740 usbhub - ok
16:21:30.0673 3740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:21:30.0691 3740 usbohci - ok
16:21:30.0695 3740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:21:30.0716 3740 usbprint - ok
16:21:30.0718 3740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:30.0740 3740 USBSTOR - ok
16:21:30.0742 3740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:30.0759 3740 usbuhci - ok
16:21:30.0763 3740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:21:30.0798 3740 UxSms - ok
16:21:30.0802 3740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:21:30.0820 3740 VaultSvc - ok
16:21:30.0824 3740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:21:30.0841 3740 vdrvroot - ok
16:21:30.0849 3740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:21:30.0892 3740 vds - ok
16:21:30.0896 3740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:30.0916 3740 vga - ok
16:21:30.0918 3740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:21:30.0953 3740 VgaSave - ok
16:21:30.0957 3740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:21:30.0982 3740 vhdmp - ok
16:21:30.0986 3740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:21:31.0007 3740 viaide - ok
16:21:31.0009 3740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:21:31.0031 3740 volmgr - ok
16:21:31.0041 3740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:21:31.0066 3740 volmgrx - ok
16:21:31.0072 3740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:21:31.0099 3740 volsnap - ok
16:21:31.0103 3740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:21:31.0125 3740 vsmraid - ok
16:21:31.0140 3740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:21:31.0197 3740 VSS - ok
16:21:31.0201 3740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:21:31.0222 3740 vwifibus - ok
16:21:31.0228 3740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:21:31.0267 3740 W32Time - ok
16:21:31.0273 3740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:21:31.0291 3740 WacomPen - ok
16:21:31.0295 3740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:21:31.0330 3740 WANARP - ok
16:21:31.0334 3740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:21:31.0367 3740 Wanarpv6 - ok
16:21:31.0382 3740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:21:31.0421 3740 wbengine - ok
16:21:31.0427 3740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:21:31.0451 3740 WbioSrvc - ok
16:21:31.0459 3740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:21:31.0486 3740 wcncsvc - ok
16:21:31.0490 3740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:21:31.0509 3740 WcsPlugInService - ok
16:21:31.0511 3740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:21:31.0531 3740 Wd - ok
16:21:31.0541 3740 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:21:31.0582 3740 Wdf01000 - ok
16:21:31.0586 3740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:21:31.0621 3740 WdiServiceHost - ok
16:21:31.0625 3740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:21:31.0648 3740 WdiSystemHost - ok
16:21:31.0652 3740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:21:31.0679 3740 WebClient - ok
16:21:31.0683 3740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:21:31.0722 3740 Wecsvc - ok
16:21:31.0726 3740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:21:31.0773 3740 wercplsupport - ok
16:21:31.0777 3740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:21:31.0812 3740 WerSvc - ok
16:21:31.0816 3740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:21:31.0849 3740 WfpLwf - ok
16:21:31.0853 3740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:21:31.0871 3740 WIMMount - ok
16:21:31.0873 3740 WinDefend - ok
16:21:31.0877 3740 WinHttpAutoProxySvc - ok
16:21:31.0886 3740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:21:31.0923 3740 Winmgmt - ok
16:21:31.0945 3740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:21:32.0003 3740 WinRM - ok
16:21:32.0011 3740 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:21:32.0031 3740 WinUsb - ok
16:21:32.0043 3740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:21:32.0078 3740 Wlansvc - ok
16:21:32.0082 3740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:21:32.0099 3740 WmiAcpi - ok
16:21:32.0105 3740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:21:32.0127 3740 wmiApSrv - ok
16:21:32.0128 3740 WMPNetworkSvc - ok
16:21:32.0132 3740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:21:32.0150 3740 WPCSvc - ok
16:21:32.0154 3740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:21:32.0179 3740 WPDBusEnum - ok
16:21:32.0183 3740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:21:32.0218 3740 ws2ifsl - ok
16:21:32.0222 3740 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:21:32.0246 3740 wscsvc - ok
16:21:32.0250 3740 WSearch - ok
16:21:32.0275 3740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:21:32.0343 3740 wuauserv - ok
16:21:32.0347 3740 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:21:32.0367 3740 WudfPf - ok
16:21:32.0371 3740 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:32.0394 3740 WUDFRd - ok
16:21:32.0398 3740 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:21:32.0418 3740 wudfsvc - ok
16:21:32.0421 3740 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:21:32.0445 3740 WwanSvc - ok
16:21:32.0449 3740 ================ Scan global ===============================
16:21:32.0451 3740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:21:32.0457 3740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:21:32.0462 3740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:21:32.0468 3740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:21:32.0472 3740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:21:32.0478 3740 [Global] - ok
16:21:32.0478 3740 ================ Scan MBR ==================================
16:21:32.0496 3740 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
16:21:32.0755 3740 \Device\Harddisk0\DR0 - ok
16:21:33.0220 3740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:21:33.0447 3740 \Device\Harddisk1\DR1 - ok
16:21:33.0451 3740 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
16:21:33.0667 3740 \Device\Harddisk2\DR2 - ok
16:21:33.0671 3740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
16:21:33.0685 3740 \Device\Harddisk3\DR3 - ok
16:21:33.0685 3740 ================ Scan VBR ==================================
16:21:33.0687 3740 [ A73DB5B04DEB62A3399C91CB5ADC6DE7 ] \Device\Harddisk0\DR0\Partition1
16:21:33.0689 3740 \Device\Harddisk0\DR0\Partition1 - ok
16:21:33.0691 3740 [ 8F1B0F959C5343CC320E691E28D7D05A ] \Device\Harddisk1\DR1\Partition1
16:21:33.0691 3740 \Device\Harddisk1\DR1\Partition1 - ok
16:21:33.0693 3740 [ C187C4EF2301AC22757336A69B392D34 ] \Device\Harddisk2\DR2\Partition1
16:21:33.0695 3740 \Device\Harddisk2\DR2\Partition1 - ok
16:21:33.0697 3740 [ B7BFEF43332D1A115C4B8AFDC5BE35AE ] \Device\Harddisk3\DR3\Partition1
16:21:33.0697 3740 \Device\Harddisk3\DR3\Partition1 - ok
16:21:33.0697 3740 ============================================================
16:21:33.0697 3740 Scan finished
16:21:33.0697 3740 ============================================================
16:21:33.0703 0224 Detected object count: 3
16:21:33.0703 0224 Actual detected object count: 3
|
|
08.07.2013, 13:21
| #4 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 13:52
| #5 |
| | Hohe GPU Auslastung durch "miner.exe" Erledigt! Code:
ATTFilter ComboFix 13-07-08.02 - Hannes 08.07.2013 14:42:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.663 [GMT 2:00]
ausgeführt von:: c:\users\Hannes\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
FW: Sophos Client Firewall *Enabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hannes\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 12:46 . 2013-07-08 12:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-06 19:34 . 2013-07-06 19:34 -------- d-----w- c:\program files\7-Zip
2013-07-05 16:01 . 2013-07-05 18:49 -------- d-----w- c:\users\Hannes\AppData\Roaming\Notepad++
2013-07-05 16:01 . 2013-07-05 16:01 -------- d-----w- c:\program files (x86)\Notepad++
2013-07-04 16:38 . 2013-07-04 16:38 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-06-30 10:27 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{798DF888-8589-4E7F-BEC9-A39A9A2A1F32}\mpengine.dll
2013-06-30 10:27 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-30 10:27 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-27 10:30 . 2013-06-28 14:01 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-26 17:28 . 2013-06-26 17:28 -------- d-----w- c:\programdata\ATI
2013-06-26 17:28 . 2013-06-26 17:28 -------- d-----w- c:\program files (x86)\AMD AVT
2013-06-26 17:28 . 2013-06-26 17:28 -------- d-----w- c:\program files (x86)\AMD APP
2013-06-26 17:28 . 2013-06-26 17:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-06-26 17:28 . 2013-06-26 17:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-06-26 17:25 . 2013-06-26 17:25 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-06-26 17:24 . 2013-06-26 17:27 -------- d-----w- c:\program files\ATI Technologies
2013-06-26 17:18 . 2013-06-26 17:18 -------- d-----w- C:\AMD
2013-06-25 11:57 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-06-25 11:57 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-25 11:57 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-25 11:57 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-06-25 11:57 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-06-25 11:51 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-25 11:49 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-06-25 11:47 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-06-25 11:43 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-25 11:43 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-21 12:02 . 2013-06-21 12:02 -------- d-----w- c:\windows\system32\SPReview
2013-06-21 12:02 . 2013-06-21 12:02 -------- d-----w- c:\windows\system32\EventProviders
2013-06-21 11:59 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-21 11:59 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-06-21 11:57 . 2010-11-20 13:27 312832 ----a-w- c:\windows\system32\Wldap32.dll
2013-06-21 11:56 . 2010-11-20 13:27 303104 ----a-w- c:\program files\DVD Maker\WMM2CLIP.dll
2013-06-21 11:55 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2013-06-21 11:55 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2013-06-21 11:55 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2013-06-21 11:55 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2013-06-21 11:55 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2013-06-21 11:55 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-06-21 11:55 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-06-21 11:55 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-06-21 11:55 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-06-21 11:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-06-21 11:55 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-06-21 11:55 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-06-21 11:33 . 2013-06-21 11:33 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-06-21 11:33 . 2013-06-21 11:33 -------- d-----w- c:\windows\system32\wbem\en-US
2013-06-21 10:57 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-06-21 10:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-21 10:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-21 10:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-21 10:44 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-06-21 09:59 . 2013-06-02 15:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 09:58 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-06-21 09:58 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-06-21 09:58 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-06-21 09:58 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-06-21 09:58 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-06-21 09:58 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-06-21 09:57 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-21 09:57 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-21 09:57 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-21 09:57 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-21 09:57 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-21 09:57 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-21 09:57 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-21 09:51 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-21 09:51 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-21 09:51 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-21 09:51 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-06-21 09:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-06-21 09:46 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-21 09:46 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-21 09:46 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-21 09:46 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-21 09:46 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-21 09:46 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-21 09:44 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2013-06-21 09:43 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-06-21 09:42 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-21 09:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-06-21 09:32 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-06-21 09:32 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-06-21 09:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-06-21 09:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-06-21 09:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-06-21 09:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-06-21 09:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-06-21 09:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-06-21 09:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-06-21 09:29 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-21 09:29 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-06-21 09:05 . 2013-06-21 09:05 -------- d-----w- c:\program files (x86)\Research In Motion Limited
2013-06-21 07:47 . 2013-06-21 07:47 -------- d-----w- c:\users\Hannes\AppData\Roaming\Research In Motion
2013-06-21 07:47 . 2013-06-21 07:47 -------- d-----w- c:\users\Hannes\AppData\Local\Research In Motion
2013-06-21 07:46 . 2012-12-10 13:48 44544 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2013-06-21 07:46 . 2013-06-21 07:46 -------- d-----w- c:\programdata\Research In Motion
2013-06-21 07:45 . 2013-06-21 07:46 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2013-06-21 07:45 . 2013-06-21 07:46 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2013-06-21 07:45 . 2013-06-21 07:45 -------- d-----w- c:\program files (x86)\Research In Motion
2013-06-21 07:19 . 2013-06-21 07:58 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-06-21 07:19 . 2013-06-21 07:19 -------- d-----w- c:\programdata\Caphyon
2013-06-21 07:18 . 2013-06-21 07:18 -------- d-----w- c:\users\Hannes\AppData\Roaming\JSLEnterprises.net
2013-06-20 09:40 . 2013-06-20 09:40 -------- d-----w- c:\users\Hannes\ultracopier
2013-06-20 09:28 . 2013-06-21 07:19 -------- d-----w- c:\users\Hannes\AppData\Roaming\Mp3tag
2013-06-20 09:28 . 2013-06-20 09:28 -------- d-----w- c:\program files (x86)\Mp3tag
2013-06-10 07:53 . 2013-06-14 12:35 -------- d-----w- c:\users\Hannes\AppData\Local\Spotify
2013-06-10 07:53 . 2013-06-14 12:36 -------- d-----w- c:\users\Hannes\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 11:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-06-25 11:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-14 12:55 . 2013-03-09 13:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 12:55 . 2013-03-09 13:32 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 12:35 . 2013-05-16 12:35 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-16 12:35 . 2013-05-16 12:35 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-16 12:35 . 2013-05-16 12:35 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-16 12:35 . 2013-05-16 12:35 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-16 12:35 . 2013-05-16 12:35 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-16 12:35 . 2013-05-16 12:35 188320 ----a-w- c:\windows\system32\java.exe
2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-02 00:06 . 2013-03-07 08:55 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-25 11:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-25 11:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-25 11:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-25 11:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-25 11:49 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-25 11:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Hannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-10 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-03-09 929272]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe /AUTOHIDE [2013-3-7 1507328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S1 scfdriver;SCF Kernel Driver;c:\windows\system32\Drivers\scfdriver.sys;c:\windows\SYSNATIVE\Drivers\scfdriver.sys [x]
S1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\DRIVERS\scfndis.sys;c:\windows\SYSNATIVE\DRIVERS\scfndis.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe;c:\program files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [x]
S2 Sophos Client Firewall;Sophos Client Firewall;c:\program files (x86)\Sophos\Sophos Client Firewall\SCFService.exe;c:\program files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 05211047
*Deregistered* - 05211047
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2012-09-28 8843264]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: Interfaces\{9A4ABB0B-9E7C-493B-A1D9-C045A442B3B4}: NameServer = 192.168.234.1
DPF: {5E013669-3103-47A0-90ED-F02AFE6BA38E} - hxxp://grancam44.dyndns.org:83/600series.cab
FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\
FF - ExtSQL: 2013-06-04 23:34; en-gb@flyingtophat.co.uk; c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2013-06-04 23:34; de-DE@dictionaries.addons.mozilla.org; c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\extensions\de-DE@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-06-14 14:56; fabtab@captaincaveman.nl; c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\extensions\fabtab@captaincaveman.nl.xpi
FF - ExtSQL: 2013-06-15 15:30; SciLorsGrooveUnlocker@scilor.com; c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Hannes\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Wow6432Node-HKCU-Run-ultracopier - c:\program files\Supercopier\supercopier.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-08 14:48:24
ComboFix-quarantined-files.txt 2013-07-08 12:48
.
Vor Suchlauf: 9 Verzeichnis(se), 74.537.365.504 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 74.379.223.040 Bytes frei
.
- - End Of File - - C077BCEC8A35F2C742BA8CB6A261C828
72B8CE41AF0DE751C946802B3ED844B4
|
|
08.07.2013, 14:31
| #6 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Downloade Dir bitte Malwarebytes
__________________ --> Hohe GPU Auslastung durch "miner.exe" |
|
08.07.2013, 21:32
| #7 |
| | Hohe GPU Auslastung durch "miner.exe" Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Hannes :: HANNES-PC [Administrator] 08.07.2013 20:52:34 mbam-log-2013-07-08 (20-52-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 620346 Laufzeit: 1 Stunde(n), 17 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 D:\Spiele\FUEL\1911.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Metin 2\Copy of METIN2_Germany\Metin_longuyt2.rar (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Metin 2\Metin2GT\Metin_longuyt2.rar (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Metin 2\METIN2_Germany\Metin_longuyt2.rar (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\System Volume Information\_restore{314427E1-3FCF-420B-9A37-8548FC14058A}\RP395\A0203127.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
08.07.2013, 21:34
| #8 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 10:26
| #9 |
| | Hohe GPU Auslastung durch "miner.exe"Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 06.07.2013 4,53MB 9.20.00.0 - notwendig Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 24.05.2013 3,89GB 10.1.7 - notwendig Adobe AIR Adobe Systems Incorporated 07.03.2013 3.6.0.5970 - notwendig Adobe Creative Suite 6 Master Collection Adobe Systems Incorporated 09.03.2013 2,85GB 6 - notwendig Adobe Download Assistant Adobe Systems Incorporated 07.03.2013 1.2.5 - notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 07.06.2013 6,00MB 11.7.700.202 - notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.06.2013 6,00MB 11.7.700.224 - notwendig Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 14.06.2013 134MB 11.0.03 - notwendig AIMP3 AIMP DevTeam 24.06.2013 v3.50.1277, 19.06.2013 - notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 09.07.2013 26,2MB 8.0.877.0 - notwendig BlackBerry App World Browser Plugin Research In Motion Limited 21.06.2013 811KB 4.3.2.7 - notwendig BlackBerry Desktop Software 7.1 Research in Motion Ltd. 21.06.2013 7.1.0.41 - notwendig Blackberry Device JSL 8520 Hybrid Software v8.0 JSLEnterprises.net 21.06.2013 8.0 - notwendig Brother HL-5250DN Brother 06.05.2013 1.00 - notwendig CCleaner Piriform 19.06.2013 4.03 - notwendig Dropbox Dropbox, Inc. 03.06.2013 2.0.22 - notwendig GTA San Andreas Rockstar Games 25.05.2013 1.00.00001 - notwendig Java 7 Update 21 Oracle 10.03.2013 129MB 7.0.210 - notwendig Java 7 Update 25 (64-bit) Oracle 09.07.2013 128MB 7.0.250 - notwendig Java SE Development Kit 7 Update 21 (64-bit) Oracle 16.05.2013 189MB 1.7.0.210 - notwendig League of Legends Riot Games 07.03.2013 1.3 - notwendig LOLReplay www.leaguereplays.com 03.06.2013 0.8.2 - notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 08.07.2013 19,2MB 1.75.0.1300 - notwendig/installiert weil gebeten Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.03.2013 300KB 8.0.61001 -notwendig ? Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09.03.2013 572KB 8.0.61000 -notwendig ? Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 09.03.2013 788KB 9.0.30729.4148 -notwendig ? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.06.2013 240KB 9.0.30729 -notwendig ? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.03.2013 596KB 9.0.30729.4148 -notwendig ? Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.03.2013 13,8MB 10.0.40219 -notwendig ? Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.03.2013 11,1MB 10.0.40219 -notwendig ? Mozilla Firefox 22.0 (x86 de) Mozilla 26.06.2013 45,8MB 22.0 - notwendig Mozilla Maintenance Service Mozilla 28.06.2013 333KB 17.0.7 - notwendig Mozilla Thunderbird 17.0.7 (x86 de) Mozilla 28.06.2013 41,9MB 17.0.7 - notwendig MSXML 4.0 SP3 Parser Microsoft Corporation 07.03.2013 1,47MB 4.30.2100.0 - unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 21.06.2013 1,54MB 4.30.2117.0 - unbekannt Notepad++ Notepad++ Team 05.07.2013 6.4.1 - notwendig OpenAL 07.03.2013 - unbekannt, evtl mit audio treiber ? Realtek Ethernet Controller Driver Realtek 07.03.2013 7.58.411.2012 - notwendig Samsung SSD Magician Samsung Electronics 07.03.2013 45,8MB 3.2 - notwendig SketchUp 8 Trimble Navigation Limited 22.05.2013 84,2MB 3.0.16944 Sophos Anti-Virus Sophos Limited 14.06.2013 42,6MB 10.2.8 - notwendig Sophos AutoUpdate Sophos Limited 09.03.2013 10,4MB 2.9.0.344 - notwendig Sophos Client Firewall Sophos Limited 14.06.2013 10,8MB 2.9.3 - notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 29.04.2013 3.0.10.1 -notwendig TeamViewer 8 TeamViewer 20.06.2013 8.0.19045 - notwendig UNi Xonar Audio Driver 09.03.2013 - notwendig Vovoid VSXu 0.3.1 Vovoid Media Technologies 17.05.2013 0.3.1 - notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 07.03.2013 4.20.0 - notwendig |
|
09.07.2013, 10:38
| #10 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Hi du nutzt ja eine SSD so wie es aussieht. Schau mal das du Dienste wie Defrag etc deaktiviert hast: So wirds gemacht: SSDs richtig unter Windows 7 einrichten - netzwelt.de Forum deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java 7 Update 21 Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.07.2013, 06:42
| #11 |
| | Hohe GPU Auslastung durch "miner.exe" Jaa, die SSD ist klasse, vielen Dank für den Link. Und hier noch das Log: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 10/07/2013 um 07:38:54 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - HANNES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [962 octets] - [07/07/2013 14:37:59]
AdwCleaner[R2].txt - [972 octets] - [07/07/2013 14:40:32]
AdwCleaner[R3].txt - [1031 octets] - [07/07/2013 14:41:18]
AdwCleaner[S1].txt - [1023 octets] - [07/07/2013 14:38:27]
AdwCleaner[S2].txt - [1094 octets] - [07/07/2013 14:41:45]
AdwCleaner[S3].txt - [1025 octets] - [10/07/2013 07:38:54]
########## EOF - C:\AdwCleaner[S3].txt - [1085 octets] ##########
|
|
10.07.2013, 12:37
| #12 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Hi, die Konfiguration ist wichtig, da heut zu tage SSD's nicht ganz so lange halten,wie mechanische Platten, deswegen muss man schreib und Lesezugriffe minimieren. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.07.2013, 22:32
| #13 |
| | Hohe GPU Auslastung durch "miner.exe" Und noch einmal Log: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : HANNES-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Hannes-PC\Hannes
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-10 13:41:42
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 1s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 6
Traces . . . . . . . : 30
Objects scanned . . . : 1.253.869
Files scanned . . . . : 24.393
Remnants scanned . . : 394.188 files / 835.288 keys
Malware _____________________________________________________________________
C:\Users\Hannes\Desktop\RWTH_OpenVPN_Installer_7.exe
Size . . . . . . . : 1.432.016 bytes
Age . . . . . . . : 1.2 days (2013-07-09 09:28:03)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 45610701DD478B77F01F69BC0BB77CC236CF40CCCC5337712F242D198DE393B2
> Ikarus . . . . . . : Trojan-Dropper.Win32.NSIS!IK
Fuzzy . . . . . . : 116.0
Forensic Cluster
0.0s C:\Users\Hannes\Desktop\RWTH_OpenVPN_Installer_7.exe
0.0s C:\Users\Hannes\Desktop\RWTH_OpenVPN_Installer_7.exe
Cookies _____________________________________________________________________
C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\cookies.sqlite:de.sitestat.com
C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\cookies.sqlite:doubleclick.net
C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\cookies.sqlite:www.googleadservices.com
C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\4u4wf0vr.default\cookies.sqlite:xiti.com
|
|
10.07.2013, 22:43
| #14 |
| /// Malware-holic | Hohe GPU Auslastung durch "miner.exe" Ja, sieht nach nem Fehlalarm aus. bitte ein frisches OTL Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 15:36
| #15 |
| | Hohe GPU Auslastung durch "miner.exe" So, hier das OTL-Log. |
|
| Themen zu Hohe GPU Auslastung durch "miner.exe" |
| adware.agent, appdatalow, betriebssystem, festgestellt, gelöscht, internet, internet browser, internet explorer, ordner, programme, registrierungsdatenbank, riskware.tool.ck, roaming, search protect, software, tr/hijacker.gen, trojan.downloader, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
