| |
| |||||||
Log-Analyse und Auswertung: Bundestrojaner VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2013, 20:26
| #1 |
 |  Bundestrojaner Virus Sehr geehrtes Team, meine Freundin hat mir heute ihren Laptop vorbeigebracht mit dem Bundestrojaner, den sie sich eingefangen hat. Bin dann auf eurer Forum gestoßen und möchte das Ganze mal professionell angehen mit eurer Hilfe. Hab mir die Regeln zum Erstellen des Threads durchgelesen und den defogger und OTL laufen lassen. gmer hab ich nicht mehr geschaffen. Ich habe den PC im Abgesicherten Modus gestartet. Bei einem Rechtsklick hat sich oft der Prozess "explorer.exe" aufgehängt, welchen ich dann über den TaskManager neugestartet habe. Windows 7 Professional 64-bit Service Pack 1 Im Anhang befinden sich die jeweiligen Logfiles. Vielen Dank schon im Voraus. Liebe Grüße, pflanz. |
|
11.07.2013, 20:38
| #2 |
| /// Malware-holic   | Bundestrojaner Virus Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.07.04 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\stamps
[2013.07.03 20:24:16 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Users\***
[2013.06.28 22:28:05 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Users\***\5473723.dll
[2013.07.09 22:36:50 | 000,001,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.07.09 22:36:47 | 000,000,162 | ---- | M] () -- C:\ProgramData\wavav0bdtzbtb43b.reg
[2013.07.09 22:36:47 | 000,000,067 | ---- | M] () -- C:\ProgramData\wavav0bdtzbtb43b.bat
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
12.07.2013, 15:03
| #3 |
| | Bundestrojaner Virus Hallo, danke für die schnelle Antwort!
__________________Ich habe leider, ich Depp, bei der ersten OTL fix Ausführung vergessen die Sternchen zu entfernen. Somit habe ich dies nun einmal ausgeführt mit den Sternchen und beim zweiten Mal habe ich die Sternchen durch den richtigen Namen ersetzt. Im Ordner befindet sich nun ein: MovedFiles (dies war der erste Versuch mit ***) MovedFiles_versuch2 (dies war der Versuch mit dem richtigen Benutzernamen). Im Ordner MovedFiles_versuch2 befindet sich ein Virus, ist das normal? Ich hab ihn mal drinnen gelassen, hoffe der hat sich beim Zippen auf meinem normalen Rechner nicht verbreitet oder so. Der Upload auf den Uploadchannel wurde erfolgreich durchgeführt. Ist soweit alles "richtig" durchgeführt worden? Bis auf die doppelte Ausführung des OTL fixes. Vielen Dank! Liebe Grüße, pflanz. |
|
12.07.2013, 16:12
| #4 |
| /// Malware-holic | Bundestrojaner Virus Hi danke der Start in den normalen Modus klappt? dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 16:32
| #5 |
| | Bundestrojaner Virus Hallo, danke für die schnelle Antwort. Start in den normalen Modus klappt. War das normal, dass sich in dem OTL-Log Ordner der Virus befindet? Hier der Log des TDSSKiller: Code:
ATTFilter 17:33:35.0547 3816 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:33:35.0563 3816 ============================================================
17:33:35.0563 3816 Current date / time: 2013/07/12 17:33:35.0563
17:33:35.0563 3816 SystemInfo:
17:33:35.0563 3816
17:33:35.0563 3816 OS Version: 6.1.7601 ServicePack: 1.0
17:33:35.0563 3816 Product type: Workstation
17:33:35.0563 3816 ComputerName: *****-PC
17:33:35.0563 3816 UserName: *****
17:33:35.0563 3816 Windows directory: C:\Windows
17:33:35.0563 3816 System windows directory: C:\Windows
17:33:35.0563 3816 Running under WOW64
17:33:35.0563 3816 Processor architecture: Intel x64
17:33:35.0563 3816 Number of processors: 2
17:33:35.0563 3816 Page size: 0x1000
17:33:35.0563 3816 Boot type: Normal boot
17:33:35.0563 3816 ============================================================
17:33:37.0341 3816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:33:37.0357 3816 ============================================================
17:33:37.0357 3816 \Device\Harddisk0\DR0:
17:33:37.0357 3816 MBR partitions:
17:33:37.0357 3816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:33:37.0357 3816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:33:37.0357 3816 ============================================================
17:33:37.0388 3816 C: <-> \Device\Harddisk0\DR0\Partition2
17:33:37.0388 3816 ============================================================
17:33:37.0388 3816 Initialize success
17:33:37.0388 3816 ============================================================
17:33:57.0389 4368 ============================================================
17:33:57.0389 4368 Scan started
17:33:57.0389 4368 Mode: Manual; SigCheck; TDLFS;
17:33:57.0389 4368 ============================================================
17:33:58.0778 4368 ================ Scan system memory ========================
17:33:58.0778 4368 System memory - ok
17:33:58.0778 4368 ================ Scan services =============================
17:33:58.0965 4368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:33:59.0043 4368 1394ohci - ok
17:33:59.0074 4368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:33:59.0090 4368 ACPI - ok
17:33:59.0121 4368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:33:59.0152 4368 AcpiPmi - ok
17:33:59.0230 4368 [ 5C612044C7C9786D49C6BEC1BED33232 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:33:59.0277 4368 AcrSch2Svc - ok
17:33:59.0324 4368 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:59.0339 4368 AdobeARMservice - ok
17:33:59.0433 4368 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:59.0480 4368 AdobeFlashPlayerUpdateSvc - ok
17:33:59.0511 4368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:33:59.0542 4368 adp94xx - ok
17:33:59.0589 4368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:33:59.0605 4368 adpahci - ok
17:33:59.0620 4368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:33:59.0636 4368 adpu320 - ok
17:33:59.0667 4368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:33:59.0807 4368 AeLookupSvc - ok
17:33:59.0854 4368 [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
17:33:59.0870 4368 afcdp - ok
17:34:00.0151 4368 [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:34:00.0213 4368 afcdpsrv - ok
17:34:00.0260 4368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:34:00.0307 4368 AFD - ok
17:34:00.0338 4368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:34:00.0353 4368 agp440 - ok
17:34:00.0385 4368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:34:00.0416 4368 ALG - ok
17:34:00.0447 4368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:34:00.0463 4368 aliide - ok
17:34:00.0463 4368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:34:00.0478 4368 amdide - ok
17:34:00.0509 4368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:34:00.0541 4368 AmdK8 - ok
17:34:00.0556 4368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:34:00.0587 4368 AmdPPM - ok
17:34:00.0619 4368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:34:00.0634 4368 amdsata - ok
17:34:00.0665 4368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:34:00.0681 4368 amdsbs - ok
17:34:00.0697 4368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:34:00.0712 4368 amdxata - ok
17:34:00.0821 4368 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:34:00.0837 4368 AntiVirSchedulerService - ok
17:34:00.0868 4368 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:34:00.0884 4368 AntiVirService - ok
17:34:00.0931 4368 [ 7CE7D6019D0D73F9203BA4FF4BA35B6A ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
17:34:00.0946 4368 AnyDVD - ok
17:34:00.0977 4368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:34:01.0024 4368 AppID - ok
17:34:01.0055 4368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:34:01.0102 4368 AppIDSvc - ok
17:34:01.0133 4368 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
17:34:01.0165 4368 Appinfo - ok
17:34:01.0211 4368 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:34:01.0243 4368 Apple Mobile Device - ok
17:34:01.0305 4368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:34:01.0336 4368 AppMgmt - ok
17:34:01.0352 4368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:34:01.0367 4368 arc - ok
17:34:01.0383 4368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:34:01.0399 4368 arcsas - ok
17:34:01.0430 4368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:01.0477 4368 AsyncMac - ok
17:34:01.0492 4368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:34:01.0508 4368 atapi - ok
17:34:01.0539 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:34:01.0601 4368 AudioEndpointBuilder - ok
17:34:01.0634 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:34:01.0680 4368 AudioSrv - ok
17:34:01.0743 4368 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:34:01.0758 4368 avgntflt - ok
17:34:01.0774 4368 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:34:01.0790 4368 avipbb - ok
17:34:01.0805 4368 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:34:01.0821 4368 avkmgr - ok
17:34:01.0852 4368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:34:01.0883 4368 AxInstSV - ok
17:34:01.0930 4368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:34:01.0961 4368 b06bdrv - ok
17:34:02.0008 4368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:34:02.0039 4368 b57nd60a - ok
17:34:02.0086 4368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:34:02.0117 4368 BDESVC - ok
17:34:02.0133 4368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:34:02.0180 4368 Beep - ok
17:34:02.0226 4368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:34:02.0273 4368 BFE - ok
17:34:02.0320 4368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:34:02.0382 4368 BITS - ok
17:34:02.0414 4368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:34:02.0445 4368 blbdrive - ok
17:34:02.0492 4368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:34:02.0538 4368 Bonjour Service - ok
17:34:02.0554 4368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:34:02.0585 4368 bowser - ok
17:34:02.0601 4368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:34:02.0632 4368 BrFiltLo - ok
17:34:02.0648 4368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:34:02.0663 4368 BrFiltUp - ok
17:34:02.0694 4368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:34:02.0726 4368 Browser - ok
17:34:02.0757 4368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:34:02.0804 4368 Brserid - ok
17:34:02.0819 4368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:34:02.0850 4368 BrSerWdm - ok
17:34:02.0866 4368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:34:02.0882 4368 BrUsbMdm - ok
17:34:02.0897 4368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:34:02.0928 4368 BrUsbSer - ok
17:34:02.0960 4368 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:34:03.0022 4368 BthEnum - ok
17:34:03.0038 4368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:34:03.0069 4368 BTHMODEM - ok
17:34:03.0100 4368 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:34:03.0131 4368 BthPan - ok
17:34:03.0178 4368 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:34:03.0209 4368 BTHPORT - ok
17:34:03.0240 4368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:34:03.0287 4368 bthserv - ok
17:34:03.0303 4368 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:34:03.0334 4368 BTHUSB - ok
17:34:03.0334 4368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:34:03.0381 4368 cdfs - ok
17:34:03.0428 4368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:34:03.0459 4368 cdrom - ok
17:34:03.0490 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:34:03.0537 4368 CertPropSvc - ok
17:34:03.0552 4368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:34:03.0584 4368 circlass - ok
17:34:03.0584 4368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:34:03.0615 4368 CLFS - ok
17:34:03.0662 4368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:34:03.0677 4368 clr_optimization_v2.0.50727_32 - ok
17:34:03.0708 4368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:34:03.0724 4368 clr_optimization_v2.0.50727_64 - ok
17:34:03.0786 4368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:34:03.0802 4368 clr_optimization_v4.0.30319_32 - ok
17:34:03.0833 4368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:34:03.0833 4368 clr_optimization_v4.0.30319_64 - ok
17:34:03.0864 4368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:03.0896 4368 CmBatt - ok
17:34:03.0896 4368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:34:03.0911 4368 cmdide - ok
17:34:03.0958 4368 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:34:03.0989 4368 CNG - ok
17:34:04.0020 4368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:34:04.0036 4368 Compbatt - ok
17:34:04.0067 4368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:34:04.0098 4368 CompositeBus - ok
17:34:04.0114 4368 COMSysApp - ok
17:34:04.0130 4368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:34:04.0145 4368 crcdisk - ok
17:34:04.0192 4368 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:34:04.0239 4368 CryptSvc - ok
17:34:04.0286 4368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:34:04.0332 4368 CSC - ok
17:34:04.0364 4368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:34:04.0410 4368 CscService - ok
17:34:04.0442 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:34:04.0520 4368 DcomLaunch - ok
17:34:04.0551 4368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:34:04.0613 4368 defragsvc - ok
17:34:04.0644 4368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:34:04.0691 4368 DfsC - ok
17:34:04.0722 4368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:34:04.0769 4368 Dhcp - ok
17:34:04.0785 4368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:34:04.0832 4368 discache - ok
17:34:04.0863 4368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:34:04.0878 4368 Disk - ok
17:34:04.0925 4368 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:34:04.0988 4368 dmvsc - ok
17:34:05.0003 4368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:34:05.0034 4368 Dnscache - ok
17:34:05.0050 4368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:34:05.0097 4368 dot3svc - ok
17:34:05.0112 4368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:34:05.0159 4368 DPS - ok
17:34:05.0175 4368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:34:05.0222 4368 drmkaud - ok
17:34:05.0284 4368 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:34:05.0315 4368 DXGKrnl - ok
17:34:05.0331 4368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:34:05.0393 4368 EapHost - ok
17:34:05.0736 4368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:34:05.0799 4368 ebdrv - ok
17:34:05.0814 4368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:34:05.0846 4368 EFS - ok
17:34:05.0877 4368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:34:05.0924 4368 ehRecvr - ok
17:34:05.0939 4368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:34:05.0970 4368 ehSched - ok
17:34:05.0986 4368 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
17:34:06.0017 4368 ElbyCDFL - ok
17:34:06.0048 4368 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:34:06.0064 4368 ElbyCDIO - ok
17:34:06.0095 4368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:34:06.0111 4368 elxstor - ok
17:34:06.0126 4368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:34:06.0142 4368 ErrDev - ok
17:34:06.0204 4368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:34:06.0267 4368 EventSystem - ok
17:34:06.0267 4368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:34:06.0314 4368 exfat - ok
17:34:06.0360 4368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:34:06.0423 4368 fastfat - ok
17:34:06.0454 4368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:34:06.0485 4368 Fax - ok
17:34:06.0501 4368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:34:06.0516 4368 fdc - ok
17:34:06.0548 4368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:34:06.0594 4368 fdPHost - ok
17:34:06.0610 4368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:34:06.0657 4368 FDResPub - ok
17:34:06.0672 4368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:34:06.0688 4368 FileInfo - ok
17:34:06.0704 4368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:34:06.0750 4368 Filetrace - ok
17:34:06.0766 4368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:34:06.0782 4368 flpydisk - ok
17:34:06.0813 4368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:34:06.0828 4368 FltMgr - ok
17:34:06.0875 4368 [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
17:34:06.0891 4368 fltsrv - ok
17:34:06.0953 4368 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:34:07.0000 4368 FontCache - ok
17:34:07.0047 4368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:34:07.0078 4368 FontCache3.0.0.0 - ok
17:34:07.0109 4368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:34:07.0156 4368 FsDepends - ok
17:34:07.0172 4368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:34:07.0187 4368 Fs_Rec - ok
17:34:07.0234 4368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:34:07.0250 4368 fvevol - ok
17:34:07.0312 4368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:34:07.0328 4368 gagp30kx - ok
17:34:07.0374 4368 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:34:07.0406 4368 GEARAspiWDM - ok
17:34:07.0484 4368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:34:07.0530 4368 gpsvc - ok
17:34:07.0577 4368 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:34:07.0608 4368 gupdate - ok
17:34:07.0608 4368 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:34:07.0624 4368 gupdatem - ok
17:34:07.0671 4368 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:34:07.0702 4368 gusvc - ok
17:34:07.0749 4368 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:34:07.0764 4368 hamachi - ok
17:34:07.0905 4368 [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:34:07.0952 4368 Hamachi2Svc - ok
17:34:07.0998 4368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:34:08.0045 4368 hcw85cir - ok
17:34:08.0076 4368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:34:08.0108 4368 HdAudAddService - ok
17:34:08.0123 4368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:34:08.0154 4368 HDAudBus - ok
17:34:08.0170 4368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:34:08.0186 4368 HidBatt - ok
17:34:08.0201 4368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:34:08.0264 4368 HidBth - ok
17:34:08.0279 4368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:34:08.0295 4368 HidIr - ok
17:34:08.0326 4368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:34:08.0373 4368 hidserv - ok
17:34:08.0404 4368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:34:08.0420 4368 HidUsb - ok
17:34:08.0451 4368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:34:08.0498 4368 hkmsvc - ok
17:34:08.0513 4368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:34:08.0544 4368 HomeGroupListener - ok
17:34:08.0576 4368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:34:08.0607 4368 HomeGroupProvider - ok
17:34:08.0638 4368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:34:08.0654 4368 HpSAMD - ok
17:34:08.0700 4368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:34:08.0747 4368 HTTP - ok
17:34:08.0778 4368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:34:08.0794 4368 hwpolicy - ok
17:34:08.0794 4368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:34:08.0825 4368 i8042prt - ok
17:34:08.0856 4368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:34:08.0872 4368 iaStorV - ok
17:34:08.0966 4368 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:34:08.0981 4368 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:34:08.0981 4368 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:34:09.0044 4368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:34:09.0075 4368 idsvc - ok
17:34:09.0122 4368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:34:09.0137 4368 iirsp - ok
17:34:09.0200 4368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:34:09.0246 4368 IKEEXT - ok
17:34:09.0309 4368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:34:09.0324 4368 intelide - ok
17:34:09.0356 4368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:34:09.0371 4368 intelppm - ok
17:34:09.0402 4368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:34:09.0449 4368 IPBusEnum - ok
17:34:09.0480 4368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:09.0512 4368 IpFilterDriver - ok
17:34:09.0574 4368 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:34:09.0605 4368 iphlpsvc - ok
17:34:09.0621 4368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:34:09.0652 4368 IPMIDRV - ok
17:34:09.0668 4368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:34:09.0730 4368 IPNAT - ok
17:34:09.0761 4368 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:34:09.0777 4368 iPod Service - ok
17:34:09.0808 4368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:34:09.0870 4368 IRENUM - ok
17:34:09.0870 4368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:34:09.0886 4368 isapnp - ok
17:34:09.0917 4368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:34:09.0933 4368 iScsiPrt - ok
17:34:09.0964 4368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:34:09.0980 4368 kbdclass - ok
17:34:09.0995 4368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:34:10.0026 4368 kbdhid - ok
17:34:10.0026 4368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:34:10.0042 4368 KeyIso - ok
17:34:10.0089 4368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:34:10.0120 4368 KSecDD - ok
17:34:10.0182 4368 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:34:10.0214 4368 KSecPkg - ok
17:34:10.0245 4368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:34:10.0307 4368 ksthunk - ok
17:34:10.0323 4368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:34:10.0385 4368 KtmRm - ok
17:34:10.0401 4368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:34:10.0448 4368 LanmanServer - ok
17:34:10.0494 4368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:34:10.0526 4368 LanmanWorkstation - ok
17:34:10.0557 4368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:34:10.0635 4368 lltdio - ok
17:34:10.0666 4368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:34:10.0713 4368 lltdsvc - ok
17:34:10.0728 4368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:34:10.0775 4368 lmhosts - ok
17:34:10.0822 4368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:34:10.0838 4368 LSI_FC - ok
17:34:10.0853 4368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:34:10.0869 4368 LSI_SAS - ok
17:34:10.0884 4368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:34:10.0900 4368 LSI_SAS2 - ok
17:34:10.0916 4368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:34:10.0931 4368 LSI_SCSI - ok
17:34:10.0962 4368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:34:11.0009 4368 luafv - ok
17:34:11.0025 4368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:34:11.0056 4368 Mcx2Svc - ok
17:34:11.0072 4368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:34:11.0087 4368 megasas - ok
17:34:11.0103 4368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:34:11.0118 4368 MegaSR - ok
17:34:11.0165 4368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:34:11.0212 4368 MMCSS - ok
17:34:11.0243 4368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:34:11.0290 4368 Modem - ok
17:34:11.0306 4368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:34:11.0337 4368 monitor - ok
17:34:11.0368 4368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:34:11.0384 4368 mouclass - ok
17:34:11.0415 4368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:34:11.0508 4368 mouhid - ok
17:34:11.0524 4368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:34:11.0540 4368 mountmgr - ok
17:34:11.0571 4368 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:34:11.0602 4368 MpFilter - ok
17:34:11.0618 4368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:34:11.0633 4368 mpio - ok
17:34:11.0649 4368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:34:11.0680 4368 mpsdrv - ok
17:34:11.0727 4368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:34:11.0774 4368 MpsSvc - ok
17:34:11.0789 4368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:34:11.0820 4368 MRxDAV - ok
17:34:11.0836 4368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:11.0867 4368 mrxsmb - ok
17:34:11.0883 4368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:11.0898 4368 mrxsmb10 - ok
17:34:11.0945 4368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:11.0961 4368 mrxsmb20 - ok
17:34:11.0992 4368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:34:12.0039 4368 msahci - ok
17:34:12.0054 4368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:34:12.0070 4368 msdsm - ok
17:34:12.0086 4368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:34:12.0101 4368 MSDTC - ok
17:34:12.0132 4368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:34:12.0179 4368 Msfs - ok
17:34:12.0210 4368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:34:12.0257 4368 mshidkmdf - ok
17:34:12.0257 4368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:34:12.0273 4368 msisadrv - ok
17:34:12.0320 4368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:34:12.0398 4368 MSiSCSI - ok
17:34:12.0398 4368 msiserver - ok
17:34:12.0444 4368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:34:12.0491 4368 MSKSSRV - ok
17:34:12.0554 4368 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:34:12.0600 4368 MsMpSvc - ok
17:34:12.0632 4368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:12.0678 4368 MSPCLOCK - ok
17:34:12.0694 4368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:34:12.0741 4368 MSPQM - ok
17:34:12.0788 4368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:34:12.0819 4368 MsRPC - ok
17:34:12.0834 4368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:34:12.0850 4368 mssmbios - ok
17:34:12.0897 4368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:34:12.0944 4368 MSTEE - ok
17:34:12.0959 4368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:34:12.0975 4368 MTConfig - ok
17:34:12.0990 4368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:34:13.0006 4368 Mup - ok
17:34:13.0162 4368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:34:13.0209 4368 napagent - ok
17:34:13.0271 4368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:34:13.0318 4368 NativeWifiP - ok
17:34:13.0412 4368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:34:13.0458 4368 NDIS - ok
17:34:13.0490 4368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:13.0536 4368 NdisCap - ok
17:34:13.0552 4368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:13.0599 4368 NdisTapi - ok
17:34:13.0646 4368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:13.0692 4368 Ndisuio - ok
17:34:13.0739 4368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:13.0786 4368 NdisWan - ok
17:34:13.0802 4368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:34:13.0848 4368 NDProxy - ok
17:34:13.0864 4368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:34:13.0926 4368 NetBIOS - ok
17:34:13.0926 4368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:34:13.0973 4368 NetBT - ok
17:34:13.0989 4368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:34:14.0004 4368 Netlogon - ok
17:34:14.0051 4368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:34:14.0098 4368 Netman - ok
17:34:14.0114 4368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:34:14.0176 4368 netprofm - ok
17:34:14.0192 4368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:34:14.0207 4368 NetTcpPortSharing - ok
17:34:14.0316 4368 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:34:14.0410 4368 netw5v64 - ok
17:34:14.0441 4368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:34:14.0457 4368 nfrd960 - ok
17:34:14.0488 4368 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:34:14.0504 4368 NisDrv - ok
17:34:14.0582 4368 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:34:14.0628 4368 NisSrv - ok
17:34:14.0660 4368 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:34:14.0675 4368 NlaSvc - ok
17:34:14.0706 4368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:34:14.0753 4368 Npfs - ok
17:34:14.0769 4368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:34:14.0800 4368 nsi - ok
17:34:14.0816 4368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:34:14.0862 4368 nsiproxy - ok
17:34:14.0909 4368 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:34:14.0956 4368 Ntfs - ok
17:34:14.0987 4368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:34:15.0065 4368 Null - ok
17:34:15.0128 4368 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:34:15.0159 4368 NVHDA - ok
17:34:15.0783 4368 [ FF02BAE39D23BB74959F6F49BBD589D3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:34:15.0970 4368 nvlddmkm - ok
17:34:16.0017 4368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:34:16.0032 4368 nvraid - ok
17:34:16.0048 4368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:34:16.0064 4368 nvstor - ok
17:34:16.0110 4368 [ 7C1AD7110624B1B546CDC752486AE9FA ] nvsvc C:\Windows\system32\nvvsvc.exe
17:34:16.0126 4368 nvsvc - ok
17:34:16.0157 4368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:34:16.0173 4368 nv_agp - ok
17:34:16.0204 4368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:34:16.0235 4368 ohci1394 - ok
17:34:16.0282 4368 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:16.0298 4368 ose - ok
17:34:16.0750 4368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:34:16.0828 4368 osppsvc - ok
17:34:16.0859 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:34:16.0906 4368 p2pimsvc - ok
17:34:16.0922 4368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:34:16.0937 4368 p2psvc - ok
17:34:16.0968 4368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:34:16.0984 4368 Parport - ok
17:34:17.0015 4368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:34:17.0031 4368 partmgr - ok
17:34:17.0046 4368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:34:17.0078 4368 PcaSvc - ok
17:34:17.0093 4368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:34:17.0109 4368 pci - ok
17:34:17.0124 4368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:34:17.0140 4368 pciide - ok
17:34:17.0187 4368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:34:17.0202 4368 pcmcia - ok
17:34:17.0218 4368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:34:17.0234 4368 pcw - ok
17:34:17.0265 4368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:34:17.0343 4368 PEAUTH - ok
17:34:17.0468 4368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:34:17.0561 4368 PeerDistSvc - ok
17:34:17.0702 4368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:34:17.0733 4368 PerfHost - ok
17:34:17.0858 4368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:34:17.0936 4368 pla - ok
17:34:17.0967 4368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:34:18.0014 4368 PlugPlay - ok
17:34:18.0029 4368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:34:18.0045 4368 PNRPAutoReg - ok
17:34:18.0060 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:34:18.0092 4368 PNRPsvc - ok
17:34:18.0154 4368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:34:18.0216 4368 PolicyAgent - ok
17:34:18.0248 4368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:34:18.0294 4368 Power - ok
17:34:18.0326 4368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:34:18.0372 4368 PptpMiniport - ok
17:34:18.0388 4368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:34:18.0404 4368 Processor - ok
17:34:18.0435 4368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:34:18.0482 4368 ProfSvc - ok
17:34:18.0497 4368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:18.0513 4368 ProtectedStorage - ok
17:34:18.0528 4368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:34:18.0575 4368 Psched - ok
17:34:18.0653 4368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:34:18.0700 4368 ql2300 - ok
17:34:18.0716 4368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:34:18.0731 4368 ql40xx - ok
17:34:18.0809 4368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:34:18.0856 4368 QWAVE - ok
17:34:18.0887 4368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:34:18.0918 4368 QWAVEdrv - ok
17:34:18.0934 4368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:34:18.0981 4368 RasAcd - ok
17:34:18.0996 4368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:19.0043 4368 RasAgileVpn - ok
17:34:19.0059 4368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:34:19.0121 4368 RasAuto - ok
17:34:19.0152 4368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:19.0184 4368 Rasl2tp - ok
17:34:19.0199 4368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:34:19.0246 4368 RasMan - ok
17:34:19.0277 4368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:19.0324 4368 RasPppoe - ok
17:34:19.0340 4368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:34:19.0386 4368 RasSstp - ok
17:34:19.0418 4368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:34:19.0480 4368 rdbss - ok
17:34:19.0511 4368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:19.0527 4368 rdpbus - ok
17:34:19.0542 4368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:19.0589 4368 RDPCDD - ok
17:34:19.0620 4368 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:34:19.0652 4368 RDPDR - ok
17:34:19.0667 4368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:34:19.0714 4368 RDPENCDD - ok
17:34:19.0745 4368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:34:19.0776 4368 RDPREFMP - ok
17:34:19.0823 4368 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:34:19.0854 4368 RdpVideoMiniport - ok
17:34:19.0886 4368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:34:19.0917 4368 RDPWD - ok
17:34:19.0948 4368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:34:19.0964 4368 rdyboost - ok
17:34:19.0979 4368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:34:20.0026 4368 RemoteAccess - ok
17:34:20.0042 4368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:34:20.0088 4368 RemoteRegistry - ok
17:34:20.0120 4368 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:20.0151 4368 RFCOMM - ok
17:34:20.0166 4368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:34:20.0213 4368 RpcEptMapper - ok
17:34:20.0229 4368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:34:20.0260 4368 RpcLocator - ok
17:34:20.0276 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:34:20.0322 4368 RpcSs - ok
17:34:20.0354 4368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:34:20.0385 4368 rspndr - ok
17:34:20.0400 4368 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:34:20.0432 4368 s3cap - ok
17:34:20.0432 4368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:34:20.0447 4368 SamSs - ok
17:34:20.0463 4368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:34:20.0478 4368 sbp2port - ok
17:34:20.0494 4368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:34:20.0541 4368 SCardSvr - ok
17:34:20.0556 4368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:34:20.0603 4368 scfilter - ok
17:34:20.0712 4368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:34:20.0775 4368 Schedule - ok
17:34:20.0790 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:34:20.0837 4368 SCPolicySvc - ok
17:34:20.0853 4368 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:34:20.0868 4368 sdbus - ok
17:34:20.0900 4368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:34:20.0931 4368 SDRSVC - ok
17:34:20.0962 4368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:34:21.0040 4368 secdrv - ok
17:34:21.0056 4368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:34:21.0118 4368 seclogon - ok
17:34:21.0118 4368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:34:21.0180 4368 SENS - ok
17:34:21.0180 4368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:34:21.0212 4368 SensrSvc - ok
17:34:21.0227 4368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:34:21.0258 4368 Serenum - ok
17:34:21.0274 4368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:34:21.0305 4368 Serial - ok
17:34:21.0321 4368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:34:21.0352 4368 sermouse - ok
17:34:21.0399 4368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:34:21.0461 4368 SessionEnv - ok
17:34:21.0477 4368 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
17:34:21.0492 4368 SFEP - ok
17:34:21.0524 4368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:34:21.0539 4368 sffdisk - ok
17:34:21.0570 4368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:34:21.0586 4368 sffp_mmc - ok
17:34:21.0586 4368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:34:21.0617 4368 sffp_sd - ok
17:34:21.0633 4368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:34:21.0664 4368 sfloppy - ok
17:34:21.0695 4368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:34:21.0742 4368 SharedAccess - ok
17:34:21.0820 4368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:21.0882 4368 ShellHWDetection - ok
17:34:21.0929 4368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:34:21.0945 4368 SiSRaid2 - ok
17:34:21.0960 4368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:34:21.0976 4368 SiSRaid4 - ok
17:34:21.0992 4368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:34:22.0038 4368 Smb - ok
17:34:22.0085 4368 [ FDB6E127DF739D4911319F0C8D339CAF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
17:34:22.0101 4368 snapman - ok
17:34:22.0116 4368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:34:22.0132 4368 SNMPTRAP - ok
17:34:22.0148 4368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:34:22.0163 4368 spldr - ok
17:34:22.0194 4368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:34:22.0226 4368 Spooler - ok
17:34:22.0304 4368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:34:22.0382 4368 sppsvc - ok
17:34:22.0397 4368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:34:22.0444 4368 sppuinotify - ok
17:34:22.0460 4368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:34:22.0491 4368 srv - ok
17:34:22.0506 4368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:34:22.0538 4368 srv2 - ok
17:34:22.0553 4368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:34:22.0584 4368 srvnet - ok
17:34:22.0600 4368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:34:22.0647 4368 SSDPSRV - ok
17:34:22.0662 4368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:34:22.0709 4368 SstpSvc - ok
17:34:22.0740 4368 Steam Client Service - ok
17:34:22.0756 4368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:34:22.0772 4368 stexstor - ok
17:34:22.0787 4368 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:34:22.0818 4368 StillCam - ok
17:34:22.0850 4368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:34:22.0881 4368 stisvc - ok
17:34:22.0912 4368 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:34:22.0928 4368 storflt - ok
17:34:22.0943 4368 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:34:22.0974 4368 StorSvc - ok
17:34:23.0006 4368 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:34:23.0021 4368 storvsc - ok
17:34:23.0037 4368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:34:23.0052 4368 swenum - ok
17:34:23.0068 4368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:34:23.0130 4368 swprv - ok
17:34:23.0286 4368 [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
17:34:23.0396 4368 syncagentsrv - ok
17:34:23.0442 4368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:34:23.0505 4368 SysMain - ok
17:34:23.0520 4368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:23.0536 4368 TabletInputService - ok
17:34:23.0552 4368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:34:23.0598 4368 TapiSrv - ok
17:34:23.0630 4368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:34:23.0661 4368 TBS - ok
17:34:23.0723 4368 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:34:23.0786 4368 Tcpip - ok
17:34:23.0817 4368 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:34:23.0864 4368 TCPIP6 - ok
17:34:23.0895 4368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:34:23.0910 4368 tcpipreg - ok
17:34:23.0942 4368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:34:23.0973 4368 TDPIPE - ok
17:34:24.0004 4368 [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
17:34:24.0035 4368 tdrpman - ok
17:34:24.0066 4368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:34:24.0082 4368 TDTCP - ok
17:34:24.0113 4368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:34:24.0160 4368 tdx - ok
17:34:24.0176 4368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:34:24.0191 4368 TermDD - ok
17:34:24.0222 4368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:34:24.0269 4368 TermService - ok
17:34:24.0269 4368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:34:24.0300 4368 Themes - ok
17:34:24.0300 4368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:34:24.0347 4368 THREADORDER - ok
17:34:24.0378 4368 [ 31C9790525705B292F3B30F6676873CD ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
17:34:24.0410 4368 tib_mounter - ok
17:34:24.0425 4368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:34:24.0488 4368 TrkWks - ok
17:34:24.0519 4368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:24.0566 4368 TrustedInstaller - ok
17:34:24.0597 4368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:24.0628 4368 tssecsrv - ok
17:34:24.0659 4368 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:34:24.0722 4368 TsUsbFlt - ok
17:34:24.0753 4368 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:34:24.0768 4368 TsUsbGD - ok
17:34:24.0800 4368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:34:24.0862 4368 tunnel - ok
17:34:24.0878 4368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:34:24.0893 4368 uagp35 - ok
17:34:24.0924 4368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:34:24.0956 4368 udfs - ok
17:34:25.0002 4368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:34:25.0018 4368 UI0Detect - ok
17:34:25.0049 4368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:34:25.0065 4368 uliagpkx - ok
17:34:25.0096 4368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:34:25.0143 4368 umbus - ok
17:34:25.0158 4368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:34:25.0174 4368 UmPass - ok
17:34:25.0190 4368 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:34:25.0221 4368 UmRdpService - ok
17:34:25.0252 4368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:34:25.0299 4368 upnphost - ok
17:34:25.0330 4368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:25.0361 4368 usbccgp - ok
17:34:25.0392 4368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:34:25.0424 4368 usbcir - ok
17:34:25.0439 4368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:34:25.0486 4368 usbehci - ok
17:34:25.0533 4368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:34:25.0548 4368 usbhub - ok
17:34:25.0564 4368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:34:25.0595 4368 usbohci - ok
17:34:25.0611 4368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:34:25.0642 4368 usbprint - ok
17:34:25.0673 4368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:25.0704 4368 USBSTOR - ok
17:34:25.0704 4368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:25.0736 4368 usbuhci - ok
17:34:25.0767 4368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:34:25.0798 4368 usbvideo - ok
17:34:25.0798 4368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:34:25.0907 4368 UxSms - ok
17:34:25.0923 4368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:34:25.0938 4368 VaultSvc - ok
17:34:25.0985 4368 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
17:34:26.0016 4368 VClone - ok
17:34:26.0063 4368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:34:26.0079 4368 vdrvroot - ok
17:34:26.0110 4368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:34:26.0172 4368 vds - ok
17:34:26.0188 4368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:26.0204 4368 vga - ok
17:34:26.0219 4368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:34:26.0266 4368 VgaSave - ok
17:34:26.0282 4368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:34:26.0297 4368 vhdmp - ok
17:34:26.0313 4368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:34:26.0313 4368 viaide - ok
17:34:26.0344 4368 [ 927CBC96C4635F235301411E530FB56E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
17:34:26.0360 4368 vididr - ok
17:34:26.0391 4368 [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
17:34:26.0406 4368 vidsflt - ok
17:34:26.0438 4368 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:34:26.0469 4368 vmbus - ok
17:34:26.0484 4368 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:34:26.0516 4368 VMBusHID - ok
17:34:26.0547 4368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:34:26.0562 4368 volmgr - ok
17:34:26.0625 4368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:34:26.0687 4368 volmgrx - ok
17:34:26.0687 4368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:34:26.0718 4368 volsnap - ok
17:34:26.0734 4368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:34:26.0750 4368 vsmraid - ok
17:34:26.0796 4368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:34:26.0859 4368 VSS - ok
17:34:26.0890 4368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:34:26.0921 4368 vwifibus - ok
17:34:26.0937 4368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:34:26.0984 4368 W32Time - ok
17:34:26.0999 4368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:34:27.0015 4368 WacomPen - ok
17:34:27.0046 4368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:34:27.0093 4368 WANARP - ok
17:34:27.0108 4368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:34:27.0140 4368 Wanarpv6 - ok
17:34:27.0186 4368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:27.0218 4368 WatAdminSvc - ok
17:34:27.0264 4368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:34:27.0327 4368 wbengine - ok
17:34:27.0342 4368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:34:27.0358 4368 WbioSrvc - ok
17:34:27.0374 4368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:34:27.0420 4368 wcncsvc - ok
17:34:27.0436 4368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:27.0467 4368 WcsPlugInService - ok
17:34:27.0483 4368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:34:27.0498 4368 Wd - ok
17:34:27.0530 4368 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:34:27.0561 4368 Wdf01000 - ok
17:34:27.0623 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:34:27.0732 4368 WdiServiceHost - ok
17:34:27.0732 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:34:27.0748 4368 WdiSystemHost - ok
17:34:27.0857 4368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:34:27.0904 4368 WebClient - ok
17:34:27.0920 4368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:34:27.0966 4368 Wecsvc - ok
17:34:27.0998 4368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:34:28.0029 4368 wercplsupport - ok
17:34:28.0060 4368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:34:28.0091 4368 WerSvc - ok
17:34:28.0138 4368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:28.0185 4368 WfpLwf - ok
17:34:28.0200 4368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:34:28.0200 4368 WIMMount - ok
17:34:28.0216 4368 WinDefend - ok
17:34:28.0232 4368 WinHttpAutoProxySvc - ok
17:34:28.0263 4368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:34:28.0310 4368 Winmgmt - ok
17:34:28.0575 4368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:34:28.0653 4368 WinRM - ok
17:34:28.0700 4368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:28.0762 4368 WinUsb - ok
17:34:28.0793 4368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:34:28.0824 4368 Wlansvc - ok
17:34:28.0856 4368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:34:28.0871 4368 WmiAcpi - ok
17:34:28.0918 4368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:34:28.0934 4368 wmiApSrv - ok
17:34:28.0965 4368 WMPNetworkSvc - ok
17:34:28.0980 4368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:34:28.0996 4368 WPCSvc - ok
17:34:29.0012 4368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:34:29.0043 4368 WPDBusEnum - ok
17:34:29.0074 4368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:34:29.0105 4368 ws2ifsl - ok
17:34:29.0136 4368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:34:29.0168 4368 wscsvc - ok
17:34:29.0199 4368 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:34:29.0230 4368 WSDPrintDevice - ok
17:34:29.0246 4368 WSearch - ok
17:34:29.0417 4368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:34:29.0464 4368 wuauserv - ok
17:34:29.0495 4368 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:34:29.0526 4368 WudfPf - ok
17:34:29.0573 4368 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:29.0589 4368 WUDFRd - ok
17:34:29.0620 4368 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:34:29.0651 4368 wudfsvc - ok
17:34:29.0698 4368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:34:29.0729 4368 WwanSvc - ok
17:34:29.0760 4368 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:34:29.0792 4368 yukonw7 - ok
17:34:29.0807 4368 ================ Scan global ===============================
17:34:29.0823 4368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:34:29.0870 4368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:34:29.0901 4368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:34:29.0916 4368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:34:29.0963 4368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:34:29.0963 4368 [Global] - ok
17:34:29.0963 4368 ================ Scan MBR ==================================
17:34:29.0994 4368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:34:31.0055 4368 \Device\Harddisk0\DR0 - ok
17:34:31.0055 4368 ================ Scan VBR ==================================
17:34:31.0086 4368 [ E76BF7BACFCCB52F0242F28880B8CFA7 ] \Device\Harddisk0\DR0\Partition1
17:34:31.0086 4368 \Device\Harddisk0\DR0\Partition1 - ok
17:34:31.0102 4368 [ A5EB662F4120ECBB07B24E5AEB6C3987 ] \Device\Harddisk0\DR0\Partition2
17:34:31.0102 4368 \Device\Harddisk0\DR0\Partition2 - ok
17:34:31.0102 4368 ============================================================
17:34:31.0102 4368 Scan finished
17:34:31.0102 4368 ============================================================
17:34:31.0133 4264 Detected object count: 1
17:34:31.0133 4264 Actual detected object count: 1
17:34:39.0885 4264 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:39.0885 4264 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:34:42.0786 3464 Deinitialize success
Danke dir! Liebe Grüße, pflanz. Geändert von pflanz (12.07.2013 um 16:36 Uhr) Grund: Benutzer entfernt |
|
12.07.2013, 17:12
| #6 |
| /// Malware-holic | Bundestrojaner Virus Ja, das is normal, da quarantäne Ordner. Scan mit Combofix
__________________ --> Bundestrojaner Virus |
|
12.07.2013, 18:03
| #7 |
| | Bundestrojaner Virus Alles klar, danke. Den Avira Antivirus kann man irgendwie nicht komplett deaktiveren. Habe ihn jetzt deinstalliert, da ich, wenn das System wieder rein ist, sowieso den Avast! installiere. Hier das Logfile von combofix Combofix Logfile: Code:
ATTFilter ComboFix 13-07-12.01 - ***** 12.07.2013 18:40:54.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4063.2420 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Public\sdelevURL.tmp
c:\users\*****\4204380.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-12 bis 2013-07-12 ))))))))))))))))))))))))))))))
.
.
2013-07-12 16:49 . 2013-07-12 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-12 16:37 . 2012-11-28 12:12 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94166908-FA3B-163A-774A-6237A67D3769}\GapaEngine.dll
2013-07-12 13:44 . 2013-07-12 13:57 -------- d-----w- C:\_OTL
2013-07-09 20:36 . 2013-07-12 16:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\offreg.dll
2013-07-03 11:02 . 2013-07-03 11:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-06-29 07:55 . 2013-06-29 07:55 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-29 07:55 . 2013-06-29 07:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-29 07:55 . 2013-06-29 07:55 188840 ----a-w- c:\windows\system32\java.exe
2013-06-29 07:55 . 2013-06-29 07:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-27 15:35 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\mpengine.dll
2013-06-25 19:03 . 2013-06-25 19:03 -------- d-----w- c:\users\*****\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2013-06-16 20:25 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-16 20:25 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-16 20:25 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-16 20:25 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-16 20:25 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-16 20:25 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-16 20:25 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-16 20:25 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-16 20:24 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 07:55 . 2012-11-06 13:57 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 07:55 . 2012-11-06 13:57 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 20:09 . 2012-10-26 01:01 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 14:54 . 2012-11-06 09:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:54 . 2012-11-06 09:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 16:10 . 2013-05-29 16:10 8562 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-05-25 21:41 . 2013-05-25 21:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-25 21:41 . 2013-05-25 21:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-25 21:41 . 2013-05-25 21:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-25 21:41 . 2013-05-25 21:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-25 21:41 . 2013-05-25 21:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-25 21:41 . 2013-05-25 21:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-25 21:41 . 2013-05-25 21:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-25 21:41 . 2013-05-25 21:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-25 21:41 . 2013-05-25 21:41 441856 ----a-w- c:\windows\system32\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-25 21:41 . 2013-05-25 21:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-25 21:41 . 2013-05-25 21:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-25 21:41 . 2013-05-25 21:41 235008 ----a-w- c:\windows\system32\url.dll
2013-05-25 21:41 . 2013-05-25 21:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-25 21:41 . 2013-05-25 21:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-25 21:41 . 2013-05-25 21:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-25 21:41 . 2013-05-25 21:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-25 21:41 . 2013-05-25 21:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-25 21:41 . 2013-05-25 21:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-25 21:41 . 2013-05-25 21:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-25 21:40 . 2013-05-25 21:40 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-25 21:40 . 2013-05-25 21:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-31 5598840]
"Driver Mender"="c:\program files (x86)\Driver Mender\Driver Mender\DriverMender.exe" [2013-01-24 3602800]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-08 1672616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 12:59 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 14:54]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"XeroxScanUtility"="c:\program files\Xerox\Scan_Utility\xrxzipui.exe" [2010-02-10 2371072]
"XeroxEndeavorBackgroundTask"="c:\windows\system32\xgchabgnd.exe" [2009-11-02 102912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 16335392]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2777182332-3687985682-1980628378-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,32,cb,58,20,a4,c6,e5,43,80,d9,4a,b7,f1,cb,6c,49,64,9b,3f,1c,
09,3d,8c,85,14,d6,e2,31,06,d0,88,14,d5,c0,f6,06,62,fa,6a,f8,58,13,21,2a,fb,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-12 19:00:51
ComboFix-quarantined-files.txt 2013-07-12 17:00
.
Vor Suchlauf: 15 Verzeichnis(se), 247.305.342.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 246.553.821.184 Bytes frei
.
- - End Of File - - E7AE3C42371417A33F04F933082D6EDD
A36C5E4F47E84449FF07ED3517B43A31
pflanz. Geändert von pflanz (12.07.2013 um 18:33 Uhr) |
|
15.07.2013, 20:07
| #8 |
| /// TB-Ausbilder | Bundestrojaner Virus Hi, markus ist derzeit nicht da und ich werde dir weiter helfen. Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Quick-Scan mit Malwarebytes Downloade Dir bitte Schritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.07.2013, 07:07
| #9 |
| | Bundestrojaner Virus Hallo, danke für die Unterstützung. So jetzt hab ich mich beeilt :-D Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.15.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 ***** :: *****-PC [Administrator] 15.07.2013 23:04:46 mbam-log-2013-07-15 (23-04-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218337 Laufzeit: 3 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 9 Java version out of Date! Adobe Reader XI Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Möchte nun avast! installieren, außer du hast eine andere Empfehlung für ein kostenloses Antiviren-Programm. Ihr macht wirklich eine klasse Arbeit, mein Kompliment :-) Wenn nicht mehr all zu viel fehlt, wäre es super wenn ich den PC heute oder morgen abschließen könnte. Liebe Grüße, pflanz. |
|
16.07.2013, 10:03
| #10 |
| /// TB-Ausbilder | Bundestrojaner Virus Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: Falls du mich jetzt fragen willst, was mit den noch gefundenen Bedrohungen von Eset ist ... lies bitte jetzt nochmal meinen Hinweis zu delfix einige wenige Zeilen weiter oben.Schritt 3: ESET deinstallieren (Optional)
Schritt 4: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.07.2013, 19:53
| #11 |
| | Bundestrojaner Virus Hallo, danke für die ausführliche Antwort. Habe alles soweit ausgeführt und hat gut geklappt, jedoch sind folgende Probleme aufgetreten: Die Eingabe von combofix /Uninstall hatte nicht funktioniert, deshalb habe ich die Combofix.exe in uninstall.exe umbenannt. Die Folge war jedoch, dass Combofix nochmals durchgelaufen ist und extrem lange gedauert hat. Habe es aber fertig laufen lassen. Hier das Logfile das dabei entstanden ist: Code:
ATTFilter ComboFix 13-07-12.01 - ***** 16.07.2013 18:42:23.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4063.2642 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\uninstall.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-16 bis 2013-07-16 ))))))))))))))))))))))))))))))
.
.
2013-07-16 17:11 . 2013-07-16 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 16:46 . 2013-07-16 16:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\offreg.dll
2013-07-16 16:36 . 2012-11-28 12:12 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE86B51B-7CB5-D194-B14D-7DD03410C108}\GapaEngine.dll
2013-07-15 21:11 . 2013-07-15 21:11 -------- d-----w- c:\program files (x86)\ESET
2013-07-15 21:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-15 21:09 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-15 21:09 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-15 21:09 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-15 21:09 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-15 21:09 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-15 21:09 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-15 21:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-15 21:09 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-15 21:09 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-15 21:08 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-15 21:08 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-15 21:08 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-15 21:08 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-15 21:08 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-15 21:08 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-15 21:08 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-15 21:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-15 21:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-15 21:02 . 2013-07-15 21:02 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\programdata\Malwarebytes
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-15 21:01 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-15 21:01 . 2013-07-15 21:01 -------- d-----w- c:\users\*****\AppData\Local\Programs
2013-07-12 13:44 . 2013-07-12 13:57 -------- d-----w- C:\_OTL
2013-07-03 11:02 . 2013-07-03 11:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-06-29 07:55 . 2013-06-29 07:55 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-29 07:55 . 2013-06-29 07:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-29 07:55 . 2013-06-29 07:55 188840 ----a-w- c:\windows\system32\java.exe
2013-06-29 07:55 . 2013-06-29 07:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-27 15:35 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5802261-1B88-4CC4-AB41-38E4B2A4EABE}\mpengine.dll
2013-06-25 19:03 . 2013-06-25 19:03 -------- d-----w- c:\users\*****\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 01:14 . 2012-10-26 01:01 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-29 07:55 . 2012-11-06 13:57 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 07:55 . 2012-11-06 13:57 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 14:54 . 2012-11-06 09:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:54 . 2012-11-06 09:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 16:10 . 2013-05-29 16:10 8562 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-05-25 21:41 . 2013-05-25 21:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-25 21:41 . 2013-05-25 21:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-25 21:41 . 2013-05-25 21:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-25 21:41 . 2013-05-25 21:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-25 21:41 . 2013-05-25 21:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-25 21:41 . 2013-05-25 21:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-25 21:41 . 2013-05-25 21:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-25 21:41 . 2013-05-25 21:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-25 21:41 . 2013-05-25 21:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-25 21:41 . 2013-05-25 21:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-25 21:41 . 2013-05-25 21:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-25 21:41 . 2013-05-25 21:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-25 21:41 . 2013-05-25 21:41 441856 ----a-w- c:\windows\system32\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-25 21:41 . 2013-05-25 21:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-25 21:41 . 2013-05-25 21:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-25 21:41 . 2013-05-25 21:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-25 21:41 . 2013-05-25 21:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-25 21:41 . 2013-05-25 21:41 235008 ----a-w- c:\windows\system32\url.dll
2013-05-25 21:41 . 2013-05-25 21:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-25 21:41 . 2013-05-25 21:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-25 21:41 . 2013-05-25 21:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-25 21:41 . 2013-05-25 21:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-25 21:41 . 2013-05-25 21:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-25 21:41 . 2013-05-25 21:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-25 21:41 . 2013-05-25 21:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-25 21:41 . 2013-05-25 21:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-25 21:41 . 2013-05-25 21:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-25 21:41 . 2013-05-25 21:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-25 21:41 . 2013-05-25 21:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-25 21:41 . 2013-05-25 21:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-25 21:41 . 2013-05-25 21:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-25 21:41 . 2013-05-25 21:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-25 21:41 . 2013-05-25 21:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-25 21:41 . 2013-05-25 21:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-25 21:40 . 2013-05-25 21:40 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-25 21:40 . 2013-05-25 21:40 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-25 21:40 . 2013-05-25 21:40 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 21:40 . 2013-05-25 21:40 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-25 21:40 . 2013-05-25 21:40 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-25 21:40 . 2013-05-25 21:40 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-25 21:40 . 2013-05-25 21:40 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-25 21:40 . 2013-05-25 21:40 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-25 21:40 . 2013-05-25 21:40 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-25 21:40 . 2013-05-25 21:40 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-25 21:40 . 2013-05-25 21:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-25 21:40 . 2013-05-25 21:40 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-05-25 21:40 . 2013-05-25 21:40 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-05-25 21:40 . 2013-05-25 21:40 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-31 5598840]
"Driver Mender"="c:\program files (x86)\Driver Mender\Driver Mender\DriverMender.exe" [2013-01-24 3602800]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-15 1807272]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 21:09 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 14:54]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"XeroxScanUtility"="c:\program files\Xerox\Scan_Utility\xrxzipui.exe" [2010-02-10 2371072]
"XeroxEndeavorBackgroundTask"="c:\windows\system32\xgchabgnd.exe" [2009-11-02 102912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 16335392]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2777182332-3687985682-1980628378-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,32,cb,58,20,a4,c6,e5,43,80,d9,4a,b7,f1,cb,6c,49,64,9b,3f,1c,
09,3d,8c,85,14,d6,e2,31,06,d0,88,14,d5,c0,f6,06,62,fa,6a,f8,58,13,21,2a,fb,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-16 19:22:56
ComboFix-quarantined-files.txt 2013-07-16 17:22
ComboFix2.txt 2013-07-12 17:01
.
Vor Suchlauf: 19 Verzeichnis(se), 240.016.699.392 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 239.765.798.912 Bytes frei
.
- - End Of File - - FB47B6586ACDE466D591840BC6F52EBD
A36C5E4F47E84449FF07ED3517B43A31
browserlauncherror: 3 Habe während der Installation alle Programme geschlossen gehabt. Nun läuft alles gut soweit, allerdings stimmt bei manchen Symbolen das Symbol nicht. Z.b. *.pptx und *.docx:  Vielleicht weißt du noch etwas. Vielen Dank! Liebe Grüße, Stefan Binna. |
|
17.07.2013, 20:01
| #12 | |
| /// TB-Ausbilder | Bundestrojaner VirusZitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
18.07.2013, 08:17
| #13 | |
| | Bundestrojaner VirusZitat:
|
|
18.07.2013, 18:24
| #14 |
| /// TB-Ausbilder | Bundestrojaner Virus Naja benenne es richtig um und starte es Wenn es vorher combofix hiess dann in uninstall. Wenn es vorher combofix.exe hiess dann uninstall.exe.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
18.07.2013, 22:29
| #15 | |
| | Bundestrojaner VirusZitat:
Habe, abgesehen von der kurzen Comfix-Aussetz-Phase, auch alles richtig in der Reihe ausgeführt. Aber was sagst du zu dem BrowserLaunchError: 3 bzw. zu den Symbolen? Das war meine eigentliche Frage hierbei Danke. Gruß, pflanz. |
|
| Themen zu Bundestrojaner Virus |
| abgesicherten, anhang, befinden, bundestrojaner, eingefangen, erstellen, explorer.exe, forum, freundin, gen, gmer, heute, laptop, laufen, modus, nicht mehr, professional, professionell, prozess, rechtsklick, regeln, service, taskmanager, threads, virus |
Textbox. 
Linear-Darstellung
