| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Interpol Trojaner - Sperschirm//FRST.Log schon angehängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.08.2013, 16:43
| #1 |
| |  Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Guten Tag, ich habe das Problem das ich seit gestern einen Interpol Trojaner eingefangen habe. Ich habe bereits ein FRST Scan duchgeführt und diesen auch angehängt. allerdings hat der Scan nur über den abgesicherten Modus funktioniert. Ich konnte über die Systemwiederherstellung nicht auf meinen USB Stick zugreifen. Macht dies einen gravierenden Unterschied? Kann es sein das dies der Übeltäter ist? Code:
ATTFilter ShortcutTarget: srenywvbgpqptdglxfe.lnk -> C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg ()
Viele Grüße FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by User (administrator) on 09-08-2013 17:37:09
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\userinit.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.5\ICQ.exe [124480 2011-08-01] (ICQ, LLC.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk
ShortcutTarget: MySig.lnk -> C:\Program Files (x86)\MySig.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srenywvbgpqptdglxfe.lnk
ShortcutTarget: srenywvbgpqptdglxfe.lnk -> C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3a61a3f7000000000000701a04407626
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - DefaultScope {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - DefaultScope {8D1DAE29-1D72-4A00-9DCF-CA352A457B5D} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=3a61a3f7000000000000701a04407626&q={searchTerms}&r=77
SearchScopes: HKCU - {06DFFB3D-6221-4383-940E-1857E790E60C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {8D1DAE29-1D72-4A00-9DCF-CA352A457B5D} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=3a61a3f7000000000000701a04407626&q={searchTerms}&r=77
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {E310FE3E-9079-407F-86B2-E6A5D0718325} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\user.js
FF NetworkProxy: "type", 0
FF Homepage: hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3a61a3f7000000000000701a04407626
FF SelectedSearchEngine: blekko
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\searchplugins\spamfreesearch.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: ciuvo-extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5cio9dcl.default\Extensions\ciuvo-extension@icq.de.xpi
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-12] (Adobe Systems)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-11] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-06-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-07] (DT Soft Ltd)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-06-06] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MEMSWEEP2; C:\Windows\system32\4431.tmp [6144 2010-05-26] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\4431.tmp [6144 2010-05-26] (Sophos Plc)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 17:37 - 2013-08-09 17:37 - 00000000 ____D C:\FRST
2013-08-08 22:13 - 2013-08-08 22:13 - 00000165 _____ C:\ProgramData\srenywvbgpqptdglxfe.reg
2013-08-08 22:13 - 2013-08-08 22:13 - 00000070 _____ C:\ProgramData\srenywvbgpqptdglxfe.bat
2013-07-26 02:01 - 2013-07-26 02:01 - 00000000 ____D C:\Users\User\Documents\NCSOFT
2013-07-25 08:47 - 2013-07-25 08:47 - 00001066 _____ C:\Users\User\Desktop\Wildstar.exe - Verknüpfung.lnk
2013-07-24 18:16 - 2013-07-24 18:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-07-18 18:48 - 2013-07-25 21:40 - 00000000 ____D C:\Users\User\AppData\Roaming\ICQ
==================== One Month Modified Files and Folders =======
2013-08-10 03:16 - 2013-08-10 03:16 - 00000000 ____D C:\ProgramData\Recovery
2013-08-09 17:37 - 2013-08-09 17:37 - 00000000 ____D C:\FRST
2013-08-09 17:37 - 2012-04-29 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\NetSpeedMonitor
2013-08-09 17:36 - 2012-11-13 21:10 - 00000000 _____ C:\Windows\system32\Ikeext.etl
2013-08-09 17:31 - 2009-09-22 17:27 - 00880272 _____ C:\Windows\PFRO.log
2013-08-09 17:30 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 17:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 17:30 - 2009-07-14 06:51 - 02322340 _____ C:\Windows\setupact.log
2013-08-09 17:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-08 22:25 - 2013-01-07 18:51 - 00000000 ___RD C:\Users\User\Dropbox
2013-08-08 22:25 - 2013-01-07 18:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-08-08 22:25 - 2011-05-09 15:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-08 22:22 - 2009-10-16 11:58 - 01718123 _____ C:\Windows\WindowsUpdate.log
2013-08-08 22:22 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 22:22 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 22:13 - 2013-08-08 22:13 - 00000165 _____ C:\ProgramData\srenywvbgpqptdglxfe.reg
2013-08-08 22:13 - 2013-08-08 22:13 - 00000070 _____ C:\ProgramData\srenywvbgpqptdglxfe.bat
2013-08-08 22:13 - 2009-11-04 13:29 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-08 22:00 - 2012-08-08 10:21 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000UA.job
2013-08-08 22:00 - 2010-09-05 13:53 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2013-08-08 22:00 - 2010-09-05 13:53 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-08 22:00 - 2010-05-18 19:54 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2013-08-08 20:00 - 2012-08-08 10:21 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000Core.job
2013-08-04 21:35 - 2010-08-23 21:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-07-30 19:02 - 2012-08-08 10:22 - 00002361 _____ C:\Users\User\Desktop\Google Chrome.lnk
2013-07-30 18:21 - 2009-09-23 03:14 - 00762144 _____ C:\Windows\system32\perfh007.dat
2013-07-30 18:21 - 2009-09-23 03:14 - 00172530 _____ C:\Windows\system32\perfc007.dat
2013-07-30 18:21 - 2009-07-14 07:13 - 01796610 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-26 02:01 - 2013-07-26 02:01 - 00000000 ____D C:\Users\User\Documents\NCSOFT
2013-07-25 21:40 - 2013-07-18 18:48 - 00000000 ____D C:\Users\User\AppData\Roaming\ICQ
2013-07-25 08:47 - 2013-07-25 08:47 - 00001066 _____ C:\Users\User\Desktop\Wildstar.exe - Verknüpfung.lnk
2013-07-24 20:02 - 2013-04-22 19:20 - 00014059 _____ C:\Windows\system32\lvcoinst.log
2013-07-24 18:16 - 2013-07-24 18:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-07-24 15:39 - 2010-05-18 19:05 - 00000000 ____D C:\Spiele
2013-07-24 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-23 08:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 18:58 - 2010-07-10 11:21 - 00002082 ____H C:\Users\User\Documents\Default.rdp
2013-07-18 18:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-12 19:55 - 2012-08-08 10:21 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000UA
2013-07-12 19:55 - 2012-08-08 10:21 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000Core
2013-07-10 19:07 - 2010-08-23 21:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-10 19:07 - 2010-08-23 21:40 - 00000000 ____D C:\ProgramData\Skype
Files to move or delete:
====================
C:\ProgramData\srenywvbgpqptdglxfe.bat
C:\ProgramData\srenywvbgpqptdglxfe.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 16:19
==================== End Of Log ============================
|
|
09.08.2013, 18:05
| #2 |
| /// Malware-holic   | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Hi,
__________________1. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\srenywvbgpqptdglxfe.bat
C:\ProgramData\srenywvbgpqptdglxfe.reg
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srenywvbgpqptdglxfe.lnk
ShortcutTarget: srenywvbgpqptdglxfe.lnk -> C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg ()
C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. falls du wieder normal starten kannst: 2. Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel
__________________ |
|
09.08.2013, 18:32
| #3 |
| | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Quaratine hochgeladen. Aber wo ist de rOrdner hin? Ich hab zumidnest den Link eingegeben.
__________________Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2013 02
Ran by User at 2013-08-09 19:29:39 Run:1
Running from J:\
Boot Mode: Safe Mode (with Networking)
==============================================
C:\ProgramData\srenywvbgpqptdglxfe.bat => Moved successfully.
C:\ProgramData\srenywvbgpqptdglxfe.reg => Moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srenywvbgpqptdglxfe.lnk => Moved successfully.
C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg => Moved successfully.
"C:\Users\User\AppData\Local\Temp\efxlgdtpqpgbvwyners.bfg" => File/Directory not found.
==== End of Fixlog ====
|
|
09.08.2013, 18:56
| #4 |
| /// Malware-holic | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Hi, der ordner ist nur für diejenigen Sichtbar die für diesen Bereich ein Passwort haben, wir wollen ja keine Schadsoftware verbreiten :-) Ist aber angekommen, dafür danke. Es sind 2 Logs zu erstellen, möglichst gleichzeitig posten. 1. Scan mit Combofix
2. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.08.2013, 09:57
| #5 |
| | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt TSD: Code:
ATTFilter 10:32:45.0642 5892 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:32:46.0067 5892 ============================================================
10:32:46.0067 5892 Current date / time: 2013/08/10 10:32:46.0067
10:32:46.0067 5892 SystemInfo:
10:32:46.0067 5892
10:32:46.0067 5892 OS Version: 6.1.7601 ServicePack: 1.0
10:32:46.0067 5892 Product type: Workstation
10:32:46.0067 5892 ComputerName: OLISPC
10:32:46.0067 5892 UserName: User
10:32:46.0067 5892 Windows directory: C:\Windows
10:32:46.0067 5892 System windows directory: C:\Windows
10:32:46.0067 5892 Running under WOW64
10:32:46.0067 5892 Processor architecture: Intel x64
10:32:46.0067 5892 Number of processors: 4
10:32:46.0067 5892 Page size: 0x1000
10:32:46.0067 5892 Boot type: Normal boot
10:32:46.0067 5892 ============================================================
10:32:50.0380 5892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:50.0399 5892 Drive \Device\Harddisk5\DR5 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:32:50.0402 5892 ============================================================
10:32:50.0402 5892 \Device\Harddisk0\DR0:
10:32:50.0402 5892 MBR partitions:
10:32:50.0402 5892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:32:50.0403 5892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73259800
10:32:50.0403 5892 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7328C000, BlocksNum 0x147A000
10:32:50.0403 5892 \Device\Harddisk5\DR5:
10:32:50.0403 5892 MBR partitions:
10:32:50.0403 5892 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x777A41
10:32:50.0403 5892 ============================================================
10:32:50.0647 5892 C: <-> \Device\Harddisk0\DR0\Partition2
10:32:51.0403 5892 D: <-> \Device\Harddisk0\DR0\Partition3
10:32:51.0403 5892 ============================================================
10:32:51.0403 5892 Initialize success
10:32:51.0403 5892 ============================================================
10:33:05.0677 4288 ============================================================
10:33:05.0677 4288 Scan started
10:33:05.0677 4288 Mode: Manual; SigCheck; TDLFS;
10:33:05.0677 4288 ============================================================
10:33:10.0001 4288 ================ Scan system memory ========================
10:33:10.0001 4288 System memory - ok
10:33:10.0001 4288 ================ Scan services =============================
10:33:11.0093 4288 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:33:11.0327 4288 1394ohci - ok
10:33:11.0408 4288 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:33:11.0421 4288 ACPI - ok
10:33:11.0544 4288 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:33:13.0670 4288 AcpiPmi - ok
10:33:13.0910 4288 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:33:13.0923 4288 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
10:33:13.0923 4288 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
10:33:14.0126 4288 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:33:14.0146 4288 AdobeARMservice - ok
10:33:14.0310 4288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:33:14.0345 4288 adp94xx - ok
10:33:14.0522 4288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:33:14.0649 4288 adpahci - ok
10:33:14.0774 4288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:33:14.0792 4288 adpu320 - ok
10:33:14.0838 4288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:33:14.0887 4288 AeLookupSvc - ok
10:33:14.0950 4288 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:33:15.0297 4288 AFD - ok
10:33:15.0787 4288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:33:15.0821 4288 agp440 - ok
10:33:15.0894 4288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:33:16.0408 4288 ALG - ok
10:33:16.0613 4288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:33:16.0628 4288 aliide - ok
10:33:16.0698 4288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:33:16.0707 4288 amdide - ok
10:33:16.0784 4288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:33:16.0820 4288 AmdK8 - ok
10:33:16.0870 4288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:33:17.0304 4288 AmdPPM - ok
10:33:17.0357 4288 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:33:17.0367 4288 amdsata - ok
10:33:17.0515 4288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:33:17.0526 4288 amdsbs - ok
10:33:17.0672 4288 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:33:17.0681 4288 amdxata - ok
10:33:18.0139 4288 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:33:24.0467 4288 AppID - ok
10:33:24.0515 4288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:33:24.0594 4288 AppIDSvc - ok
10:33:24.0695 4288 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:33:24.0743 4288 Appinfo - ok
10:33:24.0914 4288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:33:24.0924 4288 arc - ok
10:33:24.0999 4288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:33:25.0008 4288 arcsas - ok
10:33:25.0347 4288 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:33:25.0355 4288 aspnet_state - ok
10:33:25.0456 4288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:33:25.0533 4288 AsyncMac - ok
10:33:25.0633 4288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:33:25.0642 4288 atapi - ok
10:33:25.0792 4288 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
10:33:25.0811 4288 atksgt - ok
10:33:26.0046 4288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:33:26.0129 4288 AudioEndpointBuilder - ok
10:33:26.0137 4288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:33:26.0166 4288 AudioSrv - ok
10:33:26.0310 4288 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:33:26.0416 4288 AxInstSV - ok
10:33:26.0590 4288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:33:26.0716 4288 b06bdrv - ok
10:33:26.0900 4288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:33:27.0028 4288 b57nd60a - ok
10:33:27.0562 4288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:33:27.0609 4288 BDESVC - ok
10:33:27.0725 4288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:33:27.0802 4288 Beep - ok
10:33:28.0133 4288 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:33:28.0315 4288 BFE - ok
10:33:28.0495 4288 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:33:28.0637 4288 BITS - ok
10:33:28.0671 4288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:33:28.0703 4288 blbdrive - ok
10:33:28.0821 4288 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:33:28.0883 4288 bowser - ok
10:33:28.0946 4288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:33:29.0473 4288 BrFiltLo - ok
10:33:29.0520 4288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:33:29.0552 4288 BrFiltUp - ok
10:33:29.0754 4288 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:33:29.0780 4288 BridgeMP - ok
10:33:29.0880 4288 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
10:33:29.0957 4288 Browser - ok
10:33:30.0109 4288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:33:30.0283 4288 Brserid - ok
10:33:30.0335 4288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:33:30.0380 4288 BrSerWdm - ok
10:33:30.0440 4288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:33:30.0476 4288 BrUsbMdm - ok
10:33:30.0538 4288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:33:30.0576 4288 BrUsbSer - ok
10:33:30.0651 4288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:33:30.0681 4288 BTHMODEM - ok
10:33:30.0775 4288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:33:30.0816 4288 bthserv - ok
10:33:30.0908 4288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:33:30.0953 4288 cdfs - ok
10:33:31.0065 4288 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:33:31.0095 4288 cdrom - ok
10:33:31.0208 4288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:33:31.0253 4288 CertPropSvc - ok
10:33:31.0341 4288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:33:31.0352 4288 circlass - ok
10:33:31.0411 4288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:33:31.0425 4288 CLFS - ok
10:33:31.0593 4288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:31.0601 4288 clr_optimization_v2.0.50727_32 - ok
10:33:31.0935 4288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:33:31.0944 4288 clr_optimization_v2.0.50727_64 - ok
10:33:32.0692 4288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:32.0713 4288 clr_optimization_v4.0.30319_32 - ok
10:33:32.0792 4288 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:33:32.0813 4288 clr_optimization_v4.0.30319_64 - ok
10:33:32.0872 4288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:32.0901 4288 CmBatt - ok
10:33:32.0928 4288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:33:32.0937 4288 cmdide - ok
10:33:33.0125 4288 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
10:33:33.0184 4288 CNG - ok
10:33:33.0259 4288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:33:33.0268 4288 Compbatt - ok
10:33:33.0371 4288 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:33:33.0401 4288 CompositeBus - ok
10:33:33.0422 4288 COMSysApp - ok
10:33:33.0511 4288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:33:33.0519 4288 crcdisk - ok
10:33:33.0618 4288 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:33:33.0673 4288 CryptSvc - ok
10:33:33.0831 4288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:33:33.0893 4288 DcomLaunch - ok
10:33:34.0092 4288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:33:34.0145 4288 defragsvc - ok
10:33:34.0210 4288 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:33:34.0259 4288 DfsC - ok
10:33:34.0394 4288 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:33:34.0443 4288 Dhcp - ok
10:33:34.0521 4288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:33:34.0562 4288 discache - ok
10:33:34.0735 4288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:33:34.0744 4288 Disk - ok
10:33:34.0902 4288 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:33:35.0055 4288 Dnscache - ok
10:33:35.0407 4288 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:33:35.0492 4288 dot3svc - ok
10:33:35.0572 4288 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:33:35.0631 4288 DPS - ok
10:33:35.0796 4288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:33:35.0830 4288 drmkaud - ok
10:33:35.0953 4288 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:33:35.0963 4288 dtsoftbus01 - ok
10:33:36.0166 4288 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:33:36.0184 4288 DXGKrnl - ok
10:33:36.0301 4288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:33:36.0366 4288 EapHost - ok
10:33:37.0434 4288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:33:37.0549 4288 ebdrv - ok
10:33:37.0692 4288 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:33:37.0822 4288 EFS - ok
10:33:38.0277 4288 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:33:38.0501 4288 ehRecvr - ok
10:33:38.0548 4288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:33:38.0714 4288 ehSched - ok
10:33:38.0963 4288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:33:38.0978 4288 elxstor - ok
10:33:39.0038 4288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:33:39.0061 4288 ErrDev - ok
10:33:39.0179 4288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:33:39.0237 4288 EventSystem - ok
10:33:39.0350 4288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:33:39.0392 4288 exfat - ok
10:33:39.0451 4288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:33:39.0540 4288 fastfat - ok
10:33:39.0803 4288 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:33:39.0864 4288 Fax - ok
10:33:39.0890 4288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:33:39.0898 4288 fdc - ok
10:33:39.0944 4288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:33:40.0042 4288 fdPHost - ok
10:33:40.0091 4288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:33:40.0117 4288 FDResPub - ok
10:33:40.0159 4288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:33:40.0167 4288 FileInfo - ok
10:33:40.0194 4288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:33:40.0233 4288 Filetrace - ok
10:33:40.0350 4288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:40.0432 4288 flpydisk - ok
10:33:40.0571 4288 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:33:40.0583 4288 FltMgr - ok
10:33:40.0662 4288 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:33:40.0774 4288 FontCache - ok
10:33:41.0041 4288 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:33:41.0048 4288 FontCache3.0.0.0 - ok
10:33:41.0078 4288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:33:41.0087 4288 FsDepends - ok
10:33:41.0155 4288 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:33:41.0163 4288 Fs_Rec - ok
10:33:41.0231 4288 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:33:41.0244 4288 fvevol - ok
10:33:41.0302 4288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:33:41.0312 4288 gagp30kx - ok
10:33:41.0830 4288 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:33:41.0885 4288 gpsvc - ok
10:33:41.0957 4288 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:33:41.0964 4288 hamachi - ok
10:33:41.0983 4288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:33:42.0030 4288 hcw85cir - ok
10:33:42.0084 4288 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:33:42.0115 4288 HDAudBus - ok
10:33:42.0159 4288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:33:42.0191 4288 HidBatt - ok
10:33:42.0229 4288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:33:42.0263 4288 HidBth - ok
10:33:42.0292 4288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:33:42.0321 4288 HidIr - ok
10:33:42.0362 4288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:33:42.0415 4288 hidserv - ok
10:33:42.0489 4288 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:33:42.0498 4288 HidUsb - ok
10:33:42.0548 4288 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:33:42.0613 4288 hkmsvc - ok
10:33:42.0660 4288 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:33:42.0694 4288 HomeGroupListener - ok
10:33:42.0750 4288 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:33:42.0781 4288 HomeGroupProvider - ok
10:33:42.0851 4288 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:33:42.0860 4288 HpSAMD - ok
10:33:42.0963 4288 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:33:43.0020 4288 HTTP - ok
10:33:43.0069 4288 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:33:43.0077 4288 hwpolicy - ok
10:33:43.0151 4288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:33:43.0161 4288 i8042prt - ok
10:33:43.0297 4288 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:33:43.0307 4288 IAANTMON - ok
10:33:43.0332 4288 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:33:43.0342 4288 iaStor - ok
10:33:43.0482 4288 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:33:43.0496 4288 iaStorV - ok
10:33:43.0652 4288 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:33:43.0671 4288 idsvc - ok
10:33:43.0692 4288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:33:43.0702 4288 iirsp - ok
10:33:43.0741 4288 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:33:43.0788 4288 IKEEXT - ok
10:33:44.0218 4288 [ 31C32BC56D85D109EBB0C526BE5CACA7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:33:44.0244 4288 IntcAzAudAddService - ok
10:33:44.0256 4288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:33:44.0265 4288 intelide - ok
10:33:44.0326 4288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:33:44.0375 4288 intelppm - ok
10:33:44.0468 4288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:33:44.0514 4288 IPBusEnum - ok
10:33:44.0563 4288 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:44.0613 4288 IpFilterDriver - ok
10:33:44.0774 4288 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:33:44.0870 4288 iphlpsvc - ok
10:33:44.0914 4288 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:33:44.0953 4288 IPMIDRV - ok
10:33:44.0978 4288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:33:45.0018 4288 IPNAT - ok
10:33:45.0085 4288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:33:45.0119 4288 IRENUM - ok
10:33:45.0173 4288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:33:45.0182 4288 isapnp - ok
10:33:45.0288 4288 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:33:45.0316 4288 iScsiPrt - ok
10:33:45.0586 4288 [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
10:33:45.0594 4288 ISODrive - ok
10:33:45.0677 4288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:33:45.0686 4288 kbdclass - ok
10:33:45.0750 4288 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:33:45.0783 4288 kbdhid - ok
10:33:45.0836 4288 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:33:45.0844 4288 KeyIso - ok
10:33:45.0883 4288 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:33:45.0892 4288 KSecDD - ok
10:33:45.0964 4288 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:33:45.0974 4288 KSecPkg - ok
10:33:46.0048 4288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:33:46.0108 4288 ksthunk - ok
10:33:46.0160 4288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:33:46.0207 4288 KtmRm - ok
10:33:46.0310 4288 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:33:46.0365 4288 LanmanServer - ok
10:33:46.0447 4288 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:33:46.0504 4288 LanmanWorkstation - ok
10:33:46.0654 4288 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:33:46.0692 4288 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:33:46.0692 4288 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:33:46.0842 4288 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
10:33:46.0849 4288 lirsgt - ok
10:33:46.0916 4288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:33:46.0973 4288 lltdio - ok
10:33:47.0059 4288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:33:47.0101 4288 lltdsvc - ok
10:33:47.0160 4288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:33:47.0212 4288 lmhosts - ok
10:33:47.0269 4288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:33:47.0279 4288 LSI_FC - ok
10:33:47.0359 4288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:33:47.0371 4288 LSI_SAS - ok
10:33:47.0401 4288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:33:47.0411 4288 LSI_SAS2 - ok
10:33:47.0491 4288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:33:47.0501 4288 LSI_SCSI - ok
10:33:47.0558 4288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:33:47.0610 4288 luafv - ok
10:33:47.0730 4288 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
10:33:47.0736 4288 lvpepf64 - ok
10:33:47.0827 4288 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:33:47.0833 4288 LVPr2M64 - ok
10:33:47.0921 4288 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:33:47.0929 4288 LVPr2Mon - ok
10:33:49.0118 4288 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:33:49.0125 4288 LVPrcS64 - ok
10:33:49.0386 4288 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:33:49.0395 4288 LVRS64 - ok
10:33:49.0506 4288 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
10:33:49.0512 4288 LVUSBS64 - ok
10:33:50.0622 4288 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:33:50.0698 4288 Mcx2Svc - ok
10:33:50.0784 4288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:33:50.0793 4288 megasas - ok
10:33:50.0926 4288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:33:50.0963 4288 MegaSR - ok
10:33:51.0158 4288 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\4431.tmp
10:33:51.0161 4288 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
10:33:51.0161 4288 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
10:33:51.0325 4288 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:33:51.0333 4288 Microsoft Office Groove Audit Service - ok
10:33:51.0387 4288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:33:51.0430 4288 MMCSS - ok
10:33:51.0468 4288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:33:51.0517 4288 Modem - ok
10:33:51.0574 4288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:33:51.0606 4288 monitor - ok
10:33:51.0665 4288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:33:51.0673 4288 mouclass - ok
10:33:51.0719 4288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:33:51.0756 4288 mouhid - ok
10:33:51.0823 4288 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:33:51.0832 4288 mountmgr - ok
10:33:51.0880 4288 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:33:51.0891 4288 mpio - ok
10:33:51.0967 4288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:33:52.0029 4288 mpsdrv - ok
10:33:52.0230 4288 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:33:52.0302 4288 MpsSvc - ok
10:33:52.0385 4288 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:33:52.0437 4288 MRxDAV - ok
10:33:52.0519 4288 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:52.0593 4288 mrxsmb - ok
10:33:52.0703 4288 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:52.0735 4288 mrxsmb10 - ok
10:33:52.0771 4288 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:52.0788 4288 mrxsmb20 - ok
10:33:52.0842 4288 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:33:52.0858 4288 msahci - ok
10:33:52.0917 4288 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:33:52.0935 4288 msdsm - ok
10:33:53.0046 4288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:33:53.0087 4288 MSDTC - ok
10:33:53.0159 4288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:33:53.0231 4288 Msfs - ok
10:33:53.0304 4288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:33:53.0343 4288 mshidkmdf - ok
10:33:53.0390 4288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:33:53.0398 4288 msisadrv - ok
10:33:53.0520 4288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:33:53.0579 4288 MSiSCSI - ok
10:33:53.0583 4288 msiserver - ok
10:33:53.0662 4288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:33:53.0723 4288 MSKSSRV - ok
10:33:53.0829 4288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:33:53.0892 4288 MSPCLOCK - ok
10:33:53.0933 4288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:33:53.0991 4288 MSPQM - ok
10:33:54.0081 4288 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:33:54.0103 4288 MsRPC - ok
10:33:54.0204 4288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:33:54.0221 4288 mssmbios - ok
10:33:54.0469 4288 MSSQL$SQLEXPRESS - ok
10:33:54.0714 4288 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:33:54.0731 4288 MSSQLServerADHelper100 - ok
10:33:54.0813 4288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:33:54.0883 4288 MSTEE - ok
10:33:54.0926 4288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:33:54.0952 4288 MTConfig - ok
10:33:55.0006 4288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:33:55.0019 4288 Mup - ok
10:33:55.0159 4288 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:33:55.0353 4288 napagent - ok
10:33:55.0553 4288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:33:55.0600 4288 NativeWifiP - ok
10:33:55.0833 4288 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:33:55.0897 4288 NDIS - ok
10:33:55.0984 4288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:33:56.0050 4288 NdisCap - ok
10:33:56.0318 4288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:33:56.0376 4288 NdisTapi - ok
10:33:56.0438 4288 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:33:56.0502 4288 Ndisuio - ok
10:33:56.0580 4288 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:33:56.0636 4288 NdisWan - ok
10:33:56.0688 4288 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:33:56.0748 4288 NDProxy - ok
10:33:56.0807 4288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:33:56.0876 4288 NetBIOS - ok
10:33:56.0972 4288 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:33:57.0032 4288 NetBT - ok
10:33:57.0103 4288 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:33:57.0117 4288 Netlogon - ok
10:33:57.0294 4288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:33:57.0370 4288 Netman - ok
10:33:57.0433 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:33:57.0442 4288 NetMsmqActivator - ok
10:33:57.0475 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:33:57.0484 4288 NetPipeActivator - ok
10:33:57.0641 4288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:33:57.0728 4288 netprofm - ok
10:33:57.0993 4288 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
10:33:58.0454 4288 netr28x - ok
10:33:58.0488 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:33:58.0503 4288 NetTcpActivator - ok
10:33:58.0508 4288 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:33:58.0522 4288 NetTcpPortSharing - ok
10:33:58.0614 4288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:33:58.0632 4288 nfrd960 - ok
10:33:58.0782 4288 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:33:58.0837 4288 NlaSvc - ok
10:33:58.0877 4288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:33:58.0911 4288 Npfs - ok
10:33:58.0964 4288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:33:59.0017 4288 nsi - ok
10:33:59.0034 4288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:33:59.0100 4288 nsiproxy - ok
10:33:59.0459 4288 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:33:59.0532 4288 Ntfs - ok
10:33:59.0554 4288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:33:59.0587 4288 Null - ok
10:34:01.0644 4288 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:34:01.0773 4288 nvlddmkm - ok
10:34:01.0891 4288 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:34:01.0907 4288 nvraid - ok
10:34:02.0050 4288 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:34:02.0078 4288 nvstor - ok
10:34:02.0489 4288 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:34:02.0541 4288 nvsvc - ok
10:34:02.0727 4288 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:34:02.0749 4288 nvUpdatusService - ok
10:34:02.0800 4288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:34:02.0810 4288 nv_agp - ok
10:34:03.0033 4288 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:34:03.0046 4288 odserv - ok
10:34:03.0092 4288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:34:03.0102 4288 ohci1394 - ok
10:34:03.0194 4288 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:34:03.0203 4288 ose - ok
10:34:03.0359 4288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:34:03.0429 4288 p2pimsvc - ok
10:34:03.0480 4288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:34:03.0511 4288 p2psvc - ok
10:34:03.0535 4288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:34:03.0545 4288 Parport - ok
10:34:03.0575 4288 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:34:03.0584 4288 partmgr - ok
10:34:03.0666 4288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:34:03.0709 4288 PcaSvc - ok
10:34:04.0585 4288 [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
10:34:07.0680 4288 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
10:34:07.0784 4288 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:34:07.0795 4288 pci - ok
10:34:07.0849 4288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:34:07.0877 4288 pciide - ok
10:34:07.0960 4288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:34:07.0971 4288 pcmcia - ok
10:34:08.0023 4288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:34:08.0031 4288 pcw - ok
10:34:08.0621 4288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:34:08.0705 4288 PEAUTH - ok
Code:
ATTFilter ComboFix 13-08-09.02 - User 10.08.2013 10:34:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6135.4144 [GMT 2:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\User\AppData\Local\assembly\tmp
c:\users\User\AppData\Roaming\Help\coredb\storage
c:\users\User\AppData\Roaming\mIRC\logs\status.log
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-10 bis 2013-08-10 ))))))))))))))))))))))))))))))
.
.
2013-08-10 08:45 . 2013-08-10 08:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-10 08:45 . 2013-08-10 08:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-10 08:45 . 2013-08-10 08:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-08-10 01:16 . 2013-08-10 01:16 -------- d-----w- c:\programdata\Recovery
2013-08-09 15:37 . 2013-08-09 15:37 -------- d-----w- C:\FRST
2013-07-24 16:16 . 2013-07-24 16:16 -------- d-----w- c:\users\User\AppData\Roaming\NCSOFT
2013-07-18 16:48 . 2013-07-25 19:40 -------- d-----w- c:\users\User\AppData\Roaming\ICQ
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 17:17 . 2013-06-24 17:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 17:17 . 2012-09-16 09:49 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-24 17:17 . 2011-11-28 14:53 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4431.tmp;c:\windows\SYSNATIVE\4431.tmp [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52247827
*Deregistered* - 52247827
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 08:21]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4130136908-467914500-1083429523-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 08:21]
.
2013-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3a61a3f7000000000000701a04407626
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk - c:\program files (x86)\MySig.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4431.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4130136908-467914500-1083429523-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41535443-3F11-3B8B-9ADC-649EEE6376C3}*]
"haobnkekilghalfl"=hex:6b,61,69,70,6c,62,63,65,67,63,68,6b,65,64,63,6a,6e,68,
66,6c,66,6d,00,00
"gafbpekckepmln"=hex:61,63,65,6d,64,70,61,65,61,61,68,6d,61,69,66,61,6c,6d,61,
62,61,68,64,6b,67,66,64,6b,6f,64,62,61,6b,62,62,62,70,6e,6e,6a,61,6f,61,6f,\
"iaechidgdnmgomagal"=hex:6b,61,69,70,6c,62,63,65,67,63,68,6b,65,64,63,6a,6e,68,
66,6c,66,6d,00,00
.
[HKEY_USERS\S-1-5-21-4130136908-467914500-1083429523-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,b9,dd,b6,74,31,28,6d,5a,4c,d2,16,fa,51,4f,14,84,97,92,a1,3d,
66,d4,00,3b,df,d7,19,02,ac,b9,4f,b2,2d,ba,a9,a5,e3,ee,71,34,54,80,a1,1d,6b,\
"rkeysecu"=hex:a0,85,f8,ad,0f,57,68,e9,f6,11,2e,fe,c7,ac,6b,54
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-10 10:56:53
ComboFix-quarantined-files.txt 2013-08-10 08:56
.
Vor Suchlauf: 14 Verzeichnis(se), 653.820.555.264 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 654.172.733.440 Bytes frei
.
- - End Of File - - EA1A0EDD3318C4E6B0404D16B4AC19A4
C04E33E69EB86700BF694E83B8B0B6E6
|
|
12.08.2013, 15:58
| #6 |
| /// Malware-holic | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Und warum bekomm ich kein komplettes tdss Killer Log? :-(
__________________ --> Interpol Trojaner - Sperschirm//FRST.Log schon angehängt |
|
12.08.2013, 17:12
| #7 |
| | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Tut mir leid MArcus.... Das ist alles was in dieser Log Datei steht.??? |
|
12.08.2013, 17:16
| #8 |
| /// Malware-holic | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Scanne noch mal nach anleitung und poste es bitte noch mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.08.2013, 17:39
| #9 |
| | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Ok das sieht besser aus  Code:
ATTFilter 18:19:52.0268 4036 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:19:52.0584 4036 ============================================================
18:19:52.0584 4036 Current date / time: 2013/08/12 18:19:52.0584
18:19:52.0584 4036 SystemInfo:
18:19:52.0584 4036
18:19:52.0584 4036 OS Version: 6.1.7601 ServicePack: 1.0
18:19:52.0584 4036 Product type: Workstation
18:19:52.0584 4036 ComputerName: OLISPC
18:19:52.0584 4036 UserName: User
18:19:52.0584 4036 Windows directory: C:\Windows
18:19:52.0584 4036 System windows directory: C:\Windows
18:19:52.0584 4036 Running under WOW64
18:19:52.0584 4036 Processor architecture: Intel x64
18:19:52.0584 4036 Number of processors: 4
18:19:52.0584 4036 Page size: 0x1000
18:19:52.0584 4036 Boot type: Normal boot
18:19:52.0584 4036 ============================================================
18:19:53.0125 4036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:19:53.0141 4036 ============================================================
18:19:53.0141 4036 \Device\Harddisk0\DR0:
18:19:53.0141 4036 MBR partitions:
18:19:53.0141 4036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:19:53.0141 4036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73259800
18:19:53.0141 4036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7328C000, BlocksNum 0x147A000
18:19:53.0141 4036 ============================================================
18:19:53.0170 4036 C: <-> \Device\Harddisk0\DR0\Partition2
18:19:53.0214 4036 D: <-> \Device\Harddisk0\DR0\Partition3
18:19:53.0214 4036 ============================================================
18:19:53.0214 4036 Initialize success
18:19:53.0214 4036 ============================================================
18:20:35.0470 1044 ============================================================
18:20:35.0470 1044 Scan started
18:20:35.0470 1044 Mode: Manual; SigCheck; TDLFS;
18:20:35.0470 1044 ============================================================
18:20:35.0811 1044 ================ Scan system memory ========================
18:20:35.0811 1044 System memory - ok
18:20:35.0812 1044 ================ Scan services =============================
18:20:36.0005 1044 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:20:36.0149 1044 1394ohci - ok
18:20:36.0208 1044 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:20:36.0226 1044 ACPI - ok
18:20:36.0277 1044 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:20:36.0356 1044 AcpiPmi - ok
18:20:36.0477 1044 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:20:36.0523 1044 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:20:36.0523 1044 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:20:36.0670 1044 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:20:36.0701 1044 AdobeARMservice - ok
18:20:36.0763 1044 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:20:36.0789 1044 adp94xx - ok
18:20:36.0844 1044 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:20:36.0874 1044 adpahci - ok
18:20:36.0907 1044 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:20:36.0932 1044 adpu320 - ok
18:20:36.0960 1044 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:20:37.0092 1044 AeLookupSvc - ok
18:20:37.0150 1044 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:20:37.0210 1044 AFD - ok
18:20:37.0253 1044 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:20:37.0272 1044 agp440 - ok
18:20:37.0282 1044 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:20:37.0332 1044 ALG - ok
18:20:37.0379 1044 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:20:37.0396 1044 aliide - ok
18:20:37.0413 1044 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:20:37.0430 1044 amdide - ok
18:20:37.0473 1044 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:20:37.0499 1044 AmdK8 - ok
18:20:37.0514 1044 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:20:37.0549 1044 AmdPPM - ok
18:20:37.0591 1044 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:20:37.0606 1044 amdsata - ok
18:20:37.0636 1044 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:20:37.0655 1044 amdsbs - ok
18:20:37.0682 1044 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:20:37.0697 1044 amdxata - ok
18:20:37.0768 1044 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:20:37.0782 1044 AntiVirSchedulerService - ok
18:20:37.0807 1044 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:20:37.0823 1044 AntiVirService - ok
18:20:37.0868 1044 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:20:37.0895 1044 AntiVirWebService - ok
18:20:37.0928 1044 [ D41231AECFEE88973D56AEC2EE5B962D ] APNMCP C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
18:20:37.0948 1044 APNMCP - ok
18:20:38.0005 1044 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:20:38.0151 1044 AppID - ok
18:20:38.0181 1044 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:20:38.0261 1044 AppIDSvc - ok
18:20:38.0306 1044 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:20:38.0366 1044 Appinfo - ok
18:20:38.0436 1044 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:20:38.0460 1044 arc - ok
18:20:38.0476 1044 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:20:38.0491 1044 arcsas - ok
18:20:38.0602 1044 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:20:38.0685 1044 aspnet_state - ok
18:20:38.0733 1044 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:38.0812 1044 AsyncMac - ok
18:20:38.0866 1044 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:20:38.0885 1044 atapi - ok
18:20:38.0959 1044 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:20:39.0001 1044 atksgt - ok
18:20:39.0056 1044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:39.0109 1044 AudioEndpointBuilder - ok
18:20:39.0117 1044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:20:39.0147 1044 AudioSrv - ok
18:20:39.0200 1044 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:20:39.0220 1044 avgntflt - ok
18:20:39.0271 1044 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:20:39.0292 1044 avipbb - ok
18:20:39.0327 1044 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:20:39.0344 1044 avkmgr - ok
18:20:39.0386 1044 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:20:39.0462 1044 AxInstSV - ok
18:20:39.0501 1044 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:20:39.0568 1044 b06bdrv - ok
18:20:39.0601 1044 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:20:39.0659 1044 b57nd60a - ok
18:20:39.0695 1044 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:20:39.0749 1044 BDESVC - ok
18:20:39.0757 1044 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:39.0831 1044 Beep - ok
18:20:39.0900 1044 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:20:39.0984 1044 BFE - ok
18:20:40.0054 1044 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:20:40.0159 1044 BITS - ok
18:20:40.0192 1044 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:20:40.0226 1044 blbdrive - ok
18:20:40.0265 1044 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:40.0324 1044 bowser - ok
18:20:40.0345 1044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:20:40.0420 1044 BrFiltLo - ok
18:20:40.0442 1044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:20:40.0474 1044 BrFiltUp - ok
18:20:40.0531 1044 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:20:40.0581 1044 BridgeMP - ok
18:20:40.0647 1044 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
18:20:40.0723 1044 Browser - ok
18:20:40.0764 1044 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:20:40.0848 1044 Brserid - ok
18:20:40.0868 1044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:40.0924 1044 BrSerWdm - ok
18:20:40.0950 1044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:40.0997 1044 BrUsbMdm - ok
18:20:41.0015 1044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:41.0051 1044 BrUsbSer - ok
18:20:41.0084 1044 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:20:41.0116 1044 BTHMODEM - ok
18:20:41.0164 1044 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:20:41.0255 1044 bthserv - ok
18:20:41.0321 1044 catchme - ok
18:20:41.0353 1044 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:41.0423 1044 cdfs - ok
18:20:41.0498 1044 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:20:41.0543 1044 cdrom - ok
18:20:41.0589 1044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:41.0654 1044 CertPropSvc - ok
18:20:41.0685 1044 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:20:41.0704 1044 circlass - ok
18:20:41.0733 1044 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:20:41.0750 1044 CLFS - ok
18:20:41.0826 1044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:41.0857 1044 clr_optimization_v2.0.50727_32 - ok
18:20:41.0891 1044 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:41.0918 1044 clr_optimization_v2.0.50727_64 - ok
18:20:42.0000 1044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:42.0088 1044 clr_optimization_v4.0.30319_32 - ok
18:20:42.0110 1044 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:42.0128 1044 clr_optimization_v4.0.30319_64 - ok
18:20:42.0161 1044 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:42.0184 1044 CmBatt - ok
18:20:42.0217 1044 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:20:42.0233 1044 cmdide - ok
18:20:42.0270 1044 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
18:20:42.0307 1044 CNG - ok
18:20:42.0326 1044 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:20:42.0339 1044 Compbatt - ok
18:20:42.0382 1044 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:20:42.0423 1044 CompositeBus - ok
18:20:42.0444 1044 COMSysApp - ok
18:20:42.0466 1044 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:20:42.0481 1044 crcdisk - ok
18:20:42.0517 1044 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:42.0610 1044 CryptSvc - ok
18:20:42.0654 1044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:42.0715 1044 DcomLaunch - ok
18:20:42.0754 1044 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:20:42.0823 1044 defragsvc - ok
18:20:42.0865 1044 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:42.0910 1044 DfsC - ok
18:20:42.0950 1044 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:20:43.0009 1044 Dhcp - ok
18:20:43.0043 1044 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:20:43.0101 1044 discache - ok
18:20:43.0146 1044 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:20:43.0162 1044 Disk - ok
18:20:43.0202 1044 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:43.0256 1044 Dnscache - ok
18:20:43.0294 1044 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:43.0356 1044 dot3svc - ok
18:20:43.0394 1044 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:20:43.0440 1044 DPS - ok
18:20:43.0461 1044 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:43.0498 1044 drmkaud - ok
18:20:43.0560 1044 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:20:43.0576 1044 dtsoftbus01 - ok
18:20:43.0622 1044 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:43.0660 1044 DXGKrnl - ok
18:20:43.0678 1044 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:43.0729 1044 EapHost - ok
18:20:43.0813 1044 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:20:43.0948 1044 ebdrv - ok
18:20:43.0980 1044 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:20:44.0024 1044 EFS - ok
18:20:44.0076 1044 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:44.0129 1044 ehRecvr - ok
18:20:44.0158 1044 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:20:44.0206 1044 ehSched - ok
18:20:44.0251 1044 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:20:44.0282 1044 elxstor - ok
18:20:44.0325 1044 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:20:44.0357 1044 ErrDev - ok
18:20:44.0390 1044 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:20:44.0469 1044 EventSystem - ok
18:20:44.0516 1044 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:44.0562 1044 exfat - ok
18:20:44.0593 1044 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:44.0632 1044 fastfat - ok
18:20:44.0691 1044 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:20:44.0720 1044 Fax - ok
18:20:44.0733 1044 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:20:44.0749 1044 fdc - ok
18:20:44.0777 1044 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:44.0822 1044 fdPHost - ok
18:20:44.0834 1044 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:44.0878 1044 FDResPub - ok
18:20:44.0902 1044 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:44.0920 1044 FileInfo - ok
18:20:44.0926 1044 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:44.0985 1044 Filetrace - ok
18:20:45.0016 1044 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:45.0044 1044 flpydisk - ok
18:20:45.0079 1044 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:45.0103 1044 FltMgr - ok
18:20:45.0163 1044 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:20:45.0253 1044 FontCache - ok
18:20:45.0307 1044 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:45.0324 1044 FontCache3.0.0.0 - ok
18:20:45.0343 1044 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:20:45.0363 1044 FsDepends - ok
18:20:45.0399 1044 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:45.0412 1044 Fs_Rec - ok
18:20:45.0452 1044 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:20:45.0477 1044 fvevol - ok
18:20:45.0501 1044 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:20:45.0516 1044 gagp30kx - ok
18:20:45.0566 1044 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:45.0699 1044 gpsvc - ok
18:20:45.0755 1044 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:20:45.0771 1044 hamachi - ok
18:20:45.0782 1044 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:20:45.0820 1044 hcw85cir - ok
18:20:45.0850 1044 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:20:45.0886 1044 HDAudBus - ok
18:20:45.0914 1044 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:20:45.0972 1044 HidBatt - ok
18:20:45.0994 1044 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:20:46.0032 1044 HidBth - ok
18:20:46.0069 1044 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:20:46.0102 1044 HidIr - ok
18:20:46.0128 1044 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:20:46.0188 1044 hidserv - ok
18:20:46.0221 1044 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:20:46.0234 1044 HidUsb - ok
18:20:46.0258 1044 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:46.0313 1044 hkmsvc - ok
18:20:46.0359 1044 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:46.0408 1044 HomeGroupListener - ok
18:20:46.0449 1044 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:46.0483 1044 HomeGroupProvider - ok
18:20:46.0516 1044 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:20:46.0536 1044 HpSAMD - ok
18:20:46.0597 1044 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:46.0662 1044 HTTP - ok
18:20:46.0701 1044 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:20:46.0714 1044 hwpolicy - ok
18:20:46.0750 1044 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:20:46.0772 1044 i8042prt - ok
18:20:46.0830 1044 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:20:46.0861 1044 IAANTMON - ok
18:20:46.0876 1044 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:20:46.0893 1044 iaStor - ok
18:20:46.0938 1044 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:20:46.0969 1044 iaStorV - ok
18:20:47.0008 1044 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:47.0092 1044 idsvc - ok
18:20:47.0136 1044 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:20:47.0156 1044 iirsp - ok
18:20:47.0209 1044 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:47.0323 1044 IKEEXT - ok
18:20:47.0372 1044 [ 31C32BC56D85D109EBB0C526BE5CACA7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:20:47.0405 1044 IntcAzAudAddService - ok
18:20:47.0421 1044 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:20:47.0433 1044 intelide - ok
18:20:47.0469 1044 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:47.0499 1044 intelppm - ok
18:20:47.0545 1044 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:47.0609 1044 IPBusEnum - ok
18:20:47.0651 1044 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:47.0720 1044 IpFilterDriver - ok
18:20:47.0797 1044 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:20:47.0872 1044 iphlpsvc - ok
18:20:47.0902 1044 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:20:47.0929 1044 IPMIDRV - ok
18:20:47.0955 1044 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:20:48.0010 1044 IPNAT - ok
18:20:48.0029 1044 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:20:48.0078 1044 IRENUM - ok
18:20:48.0116 1044 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:20:48.0134 1044 isapnp - ok
18:20:48.0176 1044 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:20:48.0204 1044 iScsiPrt - ok
18:20:48.0263 1044 [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
18:20:48.0283 1044 ISODrive - ok
18:20:48.0309 1044 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:20:48.0328 1044 kbdclass - ok
18:20:48.0372 1044 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:20:48.0409 1044 kbdhid - ok
18:20:48.0435 1044 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:20:48.0452 1044 KeyIso - ok
18:20:48.0471 1044 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:48.0493 1044 KSecDD - ok
18:20:48.0519 1044 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:20:48.0537 1044 KSecPkg - ok
18:20:48.0558 1044 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:20:48.0615 1044 ksthunk - ok
18:20:48.0648 1044 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:48.0695 1044 KtmRm - ok
18:20:48.0743 1044 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:20:48.0791 1044 LanmanServer - ok
18:20:48.0824 1044 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:48.0880 1044 LanmanWorkstation - ok
18:20:48.0942 1044 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:20:48.0969 1044 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:20:48.0969 1044 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:20:49.0008 1044 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:20:49.0025 1044 lirsgt - ok
18:20:49.0041 1044 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:49.0096 1044 lltdio - ok
18:20:49.0126 1044 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:49.0205 1044 lltdsvc - ok
18:20:49.0237 1044 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:49.0295 1044 lmhosts - ok
18:20:49.0335 1044 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:20:49.0354 1044 LSI_FC - ok
18:20:49.0359 1044 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:20:49.0378 1044 LSI_SAS - ok
18:20:49.0389 1044 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:20:49.0407 1044 LSI_SAS2 - ok
18:20:49.0424 1044 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:20:49.0443 1044 LSI_SCSI - ok
18:20:49.0468 1044 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:20:49.0527 1044 luafv - ok
18:20:49.0573 1044 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
18:20:49.0589 1044 lvpepf64 - ok
18:20:49.0615 1044 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:20:49.0630 1044 LVPr2M64 - ok
18:20:49.0663 1044 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:20:49.0675 1044 LVPr2Mon - ok
18:20:49.0739 1044 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:20:49.0764 1044 LVPrcS64 - ok
18:20:49.0786 1044 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:20:49.0814 1044 LVRS64 - ok
18:20:49.0827 1044 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
18:20:49.0846 1044 LVUSBS64 - ok
18:20:49.0876 1044 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:20:49.0922 1044 Mcx2Svc - ok
18:20:49.0961 1044 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:20:49.0983 1044 megasas - ok
18:20:50.0003 1044 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:20:50.0032 1044 MegaSR - ok
18:20:50.0080 1044 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\4431.tmp
18:20:50.0090 1044 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
18:20:50.0090 1044 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
18:20:50.0158 1044 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:20:50.0181 1044 Microsoft Office Groove Audit Service - ok
18:20:50.0208 1044 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:20:50.0273 1044 MMCSS - ok
18:20:50.0300 1044 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:20:50.0353 1044 Modem - ok
18:20:50.0395 1044 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:20:50.0431 1044 monitor - ok
18:20:50.0475 1044 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:20:50.0496 1044 mouclass - ok
18:20:50.0518 1044 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:20:50.0548 1044 mouhid - ok
18:20:50.0600 1044 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:20:50.0621 1044 mountmgr - ok
18:20:50.0669 1044 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:20:50.0694 1044 mpio - ok
18:20:50.0698 1044 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:20:50.0744 1044 mpsdrv - ok
18:20:50.0795 1044 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:20:50.0865 1044 MpsSvc - ok
18:20:50.0896 1044 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:20:50.0930 1044 MRxDAV - ok
18:20:50.0962 1044 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:51.0011 1044 mrxsmb - ok
18:20:51.0046 1044 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:51.0088 1044 mrxsmb10 - ok
18:20:51.0114 1044 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:51.0136 1044 mrxsmb20 - ok
18:20:51.0185 1044 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:20:51.0204 1044 msahci - ok
18:20:51.0237 1044 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:20:51.0261 1044 msdsm - ok
18:20:51.0288 1044 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:20:51.0327 1044 MSDTC - ok
18:20:51.0368 1044 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:20:51.0424 1044 Msfs - ok
18:20:51.0439 1044 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:20:51.0485 1044 mshidkmdf - ok
18:20:51.0533 1044 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:20:51.0545 1044 msisadrv - ok
18:20:51.0563 1044 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:20:51.0614 1044 MSiSCSI - ok
18:20:51.0617 1044 msiserver - ok
18:20:51.0644 1044 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:20:51.0685 1044 MSKSSRV - ok
18:20:51.0714 1044 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:51.0744 1044 MSPCLOCK - ok
18:20:51.0753 1044 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:20:51.0800 1044 MSPQM - ok
18:20:51.0834 1044 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:20:51.0853 1044 MsRPC - ok
18:20:51.0891 1044 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:20:51.0902 1044 mssmbios - ok
18:20:51.0987 1044 MSSQL$SQLEXPRESS - ok
18:20:52.0045 1044 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:20:52.0068 1044 MSSQLServerADHelper100 - ok
18:20:52.0073 1044 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:20:52.0134 1044 MSTEE - ok
18:20:52.0157 1044 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:20:52.0192 1044 MTConfig - ok
18:20:52.0216 1044 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:20:52.0232 1044 Mup - ok
18:20:52.0279 1044 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:20:52.0343 1044 napagent - ok
18:20:52.0374 1044 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:20:52.0420 1044 NativeWifiP - ok
18:20:52.0452 1044 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:20:52.0482 1044 NDIS - ok
18:20:52.0504 1044 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:52.0533 1044 NdisCap - ok
18:20:52.0561 1044 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:52.0603 1044 NdisTapi - ok
18:20:52.0637 1044 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:52.0687 1044 Ndisuio - ok
18:20:52.0723 1044 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:52.0806 1044 NdisWan - ok
18:20:52.0853 1044 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:20:52.0918 1044 NDProxy - ok
18:20:52.0939 1044 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:20:52.0992 1044 NetBIOS - ok
18:20:53.0025 1044 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:20:53.0081 1044 NetBT - ok
18:20:53.0101 1044 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:20:53.0111 1044 Netlogon - ok
18:20:53.0136 1044 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:20:53.0175 1044 Netman - ok
18:20:53.0220 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:53.0269 1044 NetMsmqActivator - ok
18:20:53.0274 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:53.0287 1044 NetPipeActivator - ok
18:20:53.0316 1044 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:20:53.0358 1044 netprofm - ok
18:20:53.0378 1044 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
18:20:53.0415 1044 netr28x - ok
18:20:53.0418 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:53.0426 1044 NetTcpActivator - ok
18:20:53.0429 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:20:53.0437 1044 NetTcpPortSharing - ok
18:20:53.0479 1044 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:20:53.0492 1044 nfrd960 - ok
18:20:53.0524 1044 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:20:53.0564 1044 NlaSvc - ok
18:20:53.0575 1044 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:20:53.0610 1044 Npfs - ok
18:20:53.0618 1044 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:20:53.0677 1044 nsi - ok
18:20:53.0699 1044 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:20:53.0751 1044 nsiproxy - ok
18:20:53.0818 1044 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:20:53.0903 1044 Ntfs - ok
18:20:53.0908 1044 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:20:53.0936 1044 Null - ok
18:20:54.0152 1044 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:20:54.0290 1044 nvlddmkm - ok
18:20:54.0345 1044 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:20:54.0367 1044 nvraid - ok
18:20:54.0416 1044 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:20:54.0442 1044 nvstor - ok
18:20:54.0479 1044 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:20:54.0509 1044 nvsvc - ok
18:20:54.0618 1044 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:20:54.0661 1044 nvUpdatusService - ok
18:20:54.0710 1044 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:20:54.0738 1044 nv_agp - ok
18:20:54.0810 1044 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:54.0851 1044 odserv - ok
18:20:54.0880 1044 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:20:54.0896 1044 ohci1394 - ok
18:20:54.0927 1044 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:54.0944 1044 ose - ok
18:20:54.0969 1044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:20:55.0007 1044 p2pimsvc - ok
18:20:55.0024 1044 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:20:55.0053 1044 p2psvc - ok
18:20:55.0067 1044 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:20:55.0085 1044 Parport - ok
18:20:55.0118 1044 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:20:55.0136 1044 partmgr - ok
18:20:55.0153 1044 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:20:55.0188 1044 PcaSvc - ok
18:20:55.0339 1044 [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
18:20:55.0566 1044 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
18:20:55.0606 1044 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:20:55.0641 1044 pci - ok
18:20:55.0681 1044 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:20:55.0704 1044 pciide - ok
18:20:55.0737 1044 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:20:55.0772 1044 pcmcia - ok
18:20:55.0787 1044 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:20:55.0803 1044 pcw - ok
18:20:55.0831 1044 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:20:55.0909 1044 PEAUTH - ok
18:20:56.0041 1044 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:20:56.0062 1044 PerfHost - ok
18:20:56.0141 1044 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
18:20:56.0262 1044 PID_PEPI - ok
18:20:56.0318 1044 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:20:56.0411 1044 pla - ok
18:20:56.0462 1044 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:20:56.0509 1044 PlugPlay - ok
18:20:56.0512 1044 PnkBstrA - ok
18:20:56.0543 1044 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:20:56.0571 1044 PNRPAutoReg - ok
18:20:56.0592 1044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:20:56.0609 1044 PNRPsvc - ok
18:20:56.0651 1044 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:20:56.0703 1044 PolicyAgent - ok
18:20:56.0728 1044 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:20:56.0757 1044 Power - ok
18:20:56.0806 1044 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:20:56.0878 1044 PptpMiniport - ok
18:20:56.0905 1044 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:20:56.0946 1044 Processor - ok
18:20:56.0981 1044 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
18:20:57.0024 1044 ProfSvc - ok
18:20:57.0046 1044 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:57.0057 1044 ProtectedStorage - ok
18:20:57.0098 1044 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:20:57.0128 1044 Psched - ok
18:20:57.0172 1044 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:20:57.0239 1044 ql2300 - ok
18:20:57.0256 1044 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:20:57.0272 1044 ql40xx - ok
18:20:57.0292 1044 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:20:57.0321 1044 QWAVE - ok
18:20:57.0340 1044 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:20:57.0372 1044 QWAVEdrv - ok
18:20:57.0382 1044 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:20:57.0432 1044 RasAcd - ok
18:20:57.0478 1044 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:57.0539 1044 RasAgileVpn - ok
18:20:57.0562 1044 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:20:57.0614 1044 RasAuto - ok
18:20:57.0657 1044 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:57.0713 1044 Rasl2tp - ok
18:20:57.0771 1044 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:20:57.0857 1044 RasMan - ok
18:20:57.0877 1044 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:57.0945 1044 RasPppoe - ok
18:20:57.0970 1044 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:20:58.0034 1044 RasSstp - ok
18:20:58.0077 1044 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:20:58.0140 1044 rdbss - ok
18:20:58.0179 1044 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:20:58.0199 1044 rdpbus - ok
18:20:58.0213 1044 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:58.0264 1044 RDPCDD - ok
18:20:58.0283 1044 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:20:58.0312 1044 RDPENCDD - ok
18:20:58.0319 1044 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:20:58.0347 1044 RDPREFMP - ok
18:20:58.0380 1044 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:20:58.0437 1044 RDPWD - ok
18:20:58.0482 1044 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:20:58.0507 1044 rdyboost - ok
18:20:58.0534 1044 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:20:58.0578 1044 RemoteAccess - ok
18:20:58.0606 1044 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:20:58.0659 1044 RemoteRegistry - ok
18:20:58.0680 1044 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:20:58.0719 1044 RpcEptMapper - ok
18:20:58.0732 1044 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:20:58.0756 1044 RpcLocator - ok
18:20:58.0797 1044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:20:58.0834 1044 RpcSs - ok
18:20:58.0871 1044 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
18:20:58.0905 1044 RsFx0103 - ok
18:20:58.0927 1044 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:20:58.0984 1044 rspndr - ok
18:20:59.0021 1044 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:20:59.0070 1044 RTL8167 - ok
18:20:59.0091 1044 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:20:59.0107 1044 SamSs - ok
18:20:59.0141 1044 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:20:59.0165 1044 sbp2port - ok
18:20:59.0189 1044 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:20:59.0241 1044 SCardSvr - ok
18:20:59.0282 1044 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:20:59.0313 1044 scfilter - ok
18:20:59.0365 1044 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:20:59.0449 1044 Schedule - ok
18:20:59.0465 1044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:20:59.0504 1044 SCPolicySvc - ok
18:20:59.0523 1044 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:20:59.0577 1044 SDRSVC - ok
18:20:59.0604 1044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:20:59.0653 1044 secdrv - ok
18:20:59.0684 1044 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:20:59.0747 1044 seclogon - ok
18:20:59.0759 1044 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:20:59.0817 1044 SENS - ok
18:20:59.0839 1044 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:20:59.0889 1044 SensrSvc - ok
18:20:59.0919 1044 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:20:59.0945 1044 Serenum - ok
18:20:59.0958 1044 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:21:00.0005 1044 Serial - ok
18:21:00.0066 1044 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:21:00.0102 1044 sermouse - ok
18:21:00.0150 1044 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:21:00.0226 1044 SessionEnv - ok
18:21:00.0258 1044 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:21:00.0307 1044 sffdisk - ok
18:21:00.0330 1044 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:21:00.0359 1044 sffp_mmc - ok
18:21:00.0367 1044 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:21:00.0401 1044 sffp_sd - ok
18:21:00.0417 1044 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:00.0433 1044 sfloppy - ok
18:21:00.0483 1044 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:21:00.0553 1044 SharedAccess - ok
18:21:00.0596 1044 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:21:00.0647 1044 ShellHWDetection - ok
18:21:00.0681 1044 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:00.0697 1044 SiSRaid2 - ok
18:21:00.0709 1044 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:00.0726 1044 SiSRaid4 - ok
18:21:00.0830 1044 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:21:00.0890 1044 SkypeUpdate - ok
18:21:00.0920 1044 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:21:00.0951 1044 Smb - ok
18:21:00.0989 1044 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:21:01.0017 1044 SNMPTRAP - ok
18:21:01.0032 1044 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:21:01.0045 1044 spldr - ok
18:21:01.0083 1044 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
18:21:01.0127 1044 Spooler - ok
18:21:01.0234 1044 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:21:01.0372 1044 sppsvc - ok
18:21:01.0387 1044 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:21:01.0433 1044 sppuinotify - ok
18:21:01.0558 1044 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:21:01.0594 1044 SQLAgent$SQLEXPRESS - ok
18:21:01.0656 1044 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:21:01.0685 1044 SQLBrowser - ok
18:21:01.0740 1044 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:21:01.0762 1044 SQLWriter - ok
18:21:01.0800 1044 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:21:01.0845 1044 srv - ok
18:21:01.0886 1044 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:21:01.0934 1044 srv2 - ok
18:21:01.0952 1044 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:21:01.0978 1044 srvnet - ok
18:21:02.0011 1044 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:21:02.0063 1044 SSDPSRV - ok
18:21:02.0071 1044 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:21:02.0102 1044 SstpSvc - ok
18:21:02.0185 1044 [ 9E1380328C39D661E085B24D6A6E044E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:21:02.0221 1044 Steam Client Service - ok
18:21:02.0342 1044 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:21:02.0382 1044 Stereo Service - ok
18:21:02.0398 1044 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:21:02.0412 1044 stexstor - ok
18:21:02.0458 1044 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:21:02.0510 1044 stisvc - ok
18:21:02.0549 1044 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:21:02.0566 1044 swenum - ok
18:21:02.0581 1044 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:21:02.0671 1044 swprv - ok
18:21:02.0736 1044 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:21:02.0824 1044 SysMain - ok
18:21:02.0856 1044 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:21:02.0878 1044 TabletInputService - ok
18:21:02.0920 1044 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:21:03.0004 1044 TapiSrv - ok
18:21:03.0020 1044 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:21:03.0062 1044 TBS - ok
18:21:03.0107 1044 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:21:03.0175 1044 Tcpip - ok
18:21:03.0205 1044 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:21:03.0233 1044 TCPIP6 - ok
18:21:03.0269 1044 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:21:03.0308 1044 tcpipreg - ok
18:21:03.0333 1044 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:21:03.0345 1044 TDPIPE - ok
18:21:03.0377 1044 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:21:03.0389 1044 TDTCP - ok
18:21:03.0427 1044 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:21:03.0472 1044 tdx - ok
18:21:03.0519 1044 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:21:03.0538 1044 TermDD - ok
18:21:03.0576 1044 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:21:03.0646 1044 TermService - ok
18:21:03.0686 1044 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
18:21:03.0698 1044 Themes ( UnsignedFile.Multi.Generic ) - warning
18:21:03.0698 1044 Themes - detected UnsignedFile.Multi.Generic (1)
18:21:03.0719 1044 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:21:03.0752 1044 THREADORDER - ok
18:21:03.0776 1044 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:21:03.0811 1044 TrkWks - ok
18:21:03.0874 1044 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:21:03.0929 1044 TrustedInstaller - ok
18:21:03.0959 1044 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:04.0016 1044 tssecsrv - ok
18:21:04.0088 1044 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:21:04.0136 1044 TsUsbFlt - ok
18:21:04.0193 1044 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:21:04.0254 1044 tunnel - ok
18:21:04.0277 1044 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:21:04.0301 1044 uagp35 - ok
18:21:04.0350 1044 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:21:04.0422 1044 udfs - ok
18:21:04.0437 1044 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:21:04.0457 1044 UI0Detect - ok
18:21:04.0502 1044 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:21:04.0520 1044 uliagpkx - ok
18:21:04.0567 1044 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:21:04.0588 1044 umbus - ok
18:21:04.0612 1044 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:21:04.0642 1044 UmPass - ok
18:21:04.0661 1044 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:21:04.0729 1044 upnphost - ok
18:21:04.0803 1044 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:21:04.0834 1044 usbaudio - ok
18:21:04.0871 1044 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:21:04.0900 1044 usbccgp - ok
18:21:04.0934 1044 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:21:04.0958 1044 usbcir - ok
18:21:05.0006 1044 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:21:05.0024 1044 usbehci - ok
18:21:05.0062 1044 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:21:05.0089 1044 usbhub - ok
18:21:05.0127 1044 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:21:05.0164 1044 usbohci - ok
18:21:05.0197 1044 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:21:05.0219 1044 usbprint - ok
18:21:05.0244 1044 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:21:05.0266 1044 usbscan - ok
18:21:05.0305 1044 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:21:05.0362 1044 USBSTOR - ok
18:21:05.0397 1044 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:21:05.0417 1044 usbuhci - ok
18:21:05.0440 1044 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:21:05.0507 1044 UxSms - ok
18:21:05.0524 1044 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:21:05.0534 1044 VaultSvc - ok
18:21:05.0575 1044 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:21:05.0590 1044 vdrvroot - ok
18:21:05.0627 1044 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:21:05.0715 1044 vds - ok
18:21:05.0751 1044 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:05.0775 1044 vga - ok
18:21:05.0811 1044 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:21:05.0873 1044 VgaSave - ok
18:21:05.0914 1044 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:21:05.0944 1044 vhdmp - ok
18:21:05.0983 1044 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:21:06.0004 1044 viaide - ok
18:21:06.0043 1044 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:21:06.0072 1044 volmgr - ok
18:21:06.0114 1044 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:21:06.0146 1044 volmgrx - ok
18:21:06.0179 1044 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:21:06.0208 1044 volsnap - ok
18:21:06.0240 1044 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:21:06.0264 1044 vsmraid - ok
18:21:06.0403 1044 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
18:21:06.0432 1044 VSPerfDrv100 - ok
18:21:06.0500 1044 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:21:06.0644 1044 VSS - ok
18:21:06.0670 1044 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:21:06.0702 1044 vwifibus - ok
18:21:06.0732 1044 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:21:06.0753 1044 vwififlt - ok
18:21:06.0768 1044 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:21:06.0798 1044 vwifimp - ok
18:21:06.0834 1044 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:21:06.0886 1044 W32Time - ok
18:21:06.0910 1044 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:21:06.0942 1044 WacomPen - ok
18:21:07.0000 1044 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:21:07.0043 1044 WANARP - ok
18:21:07.0060 1044 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:21:07.0095 1044 Wanarpv6 - ok
18:21:07.0139 1044 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:21:07.0225 1044 wbengine - ok
18:21:07.0249 1044 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:21:07.0279 1044 WbioSrvc - ok
18:21:07.0321 1044 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:21:07.0353 1044 wcncsvc - ok
18:21:07.0363 1044 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:21:07.0392 1044 WcsPlugInService - ok
18:21:07.0424 1044 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:21:07.0439 1044 Wd - ok
18:21:07.0476 1044 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:21:07.0510 1044 Wdf01000 - ok
18:21:07.0514 1044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:21:07.0599 1044 WdiServiceHost - ok
18:21:07.0602 1044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:21:07.0623 1044 WdiSystemHost - ok
18:21:07.0662 1044 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:21:07.0702 1044 WebClient - ok
18:21:07.0724 1044 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:21:07.0786 1044 Wecsvc - ok
18:21:07.0797 1044 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:21:07.0841 1044 wercplsupport - ok
18:21:07.0876 1044 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:21:07.0914 1044 WerSvc - ok
18:21:07.0936 1044 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:21:07.0968 1044 WfpLwf - ok
18:21:07.0986 1044 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:21:07.0999 1044 WIMMount - ok
18:21:08.0029 1044 WinDefend - ok
18:21:08.0034 1044 WinHttpAutoProxySvc - ok
18:21:08.0099 1044 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:21:08.0164 1044 Winmgmt - ok
18:21:08.0223 1044 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:21:08.0321 1044 WinRM - ok
18:21:08.0379 1044 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:21:08.0414 1044 WinUsb - ok
18:21:08.0451 1044 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:21:08.0538 1044 Wlansvc - ok
18:21:08.0686 1044 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:21:08.0781 1044 wlidsvc - ok
18:21:08.0818 1044 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:21:08.0831 1044 WmiAcpi - ok
18:21:08.0864 1044 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:21:08.0891 1044 wmiApSrv - ok
18:21:08.0926 1044 WMPNetworkSvc - ok
18:21:08.0986 1044 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
18:21:09.0027 1044 WMZuneComm - ok
18:21:09.0057 1044 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:21:09.0096 1044 WPCSvc - ok
18:21:09.0135 1044 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:21:09.0167 1044 WPDBusEnum - ok
18:21:09.0191 1044 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:21:09.0244 1044 ws2ifsl - ok
18:21:09.0278 1044 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:21:09.0325 1044 wscsvc - ok
18:21:09.0329 1044 WSearch - ok
18:21:09.0402 1044 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
18:21:09.0528 1044 wuauserv - ok
18:21:09.0576 1044 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:21:09.0632 1044 WudfPf - ok
18:21:09.0661 1044 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:09.0718 1044 WUDFRd - ok
18:21:09.0743 1044 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:21:09.0776 1044 wudfsvc - ok
18:21:09.0803 1044 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:21:09.0828 1044 WwanSvc - ok
18:21:09.0877 1044 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:21:09.0911 1044 xusb21 - ok
18:21:10.0071 1044 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
18:21:10.0364 1044 ZuneNetworkSvc - ok
18:21:10.0409 1044 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:21:10.0437 1044 ZuneWlanCfgSvc - ok
18:21:10.0452 1044 ================ Scan global ===============================
18:21:10.0474 1044 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:21:10.0516 1044 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:21:10.0530 1044 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:21:10.0550 1044 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:21:10.0579 1044 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:21:10.0591 1044 [Global] - ok
18:21:10.0591 1044 ================ Scan MBR ==================================
18:21:10.0600 1044 [ C04E33E69EB86700BF694E83B8B0B6E6 ] \Device\Harddisk0\DR0
18:21:10.0921 1044 \Device\Harddisk0\DR0 - ok
18:21:10.0922 1044 ================ Scan VBR ==================================
18:21:10.0926 1044 [ 5B5D2AF2D7E84C55CE8560C48CF5F12B ] \Device\Harddisk0\DR0\Partition1
18:21:10.0928 1044 \Device\Harddisk0\DR0\Partition1 - ok
18:21:10.0975 1044 [ DA3F112239BCDF911931C445BA3CDD20 ] \Device\Harddisk0\DR0\Partition2
18:21:10.0978 1044 \Device\Harddisk0\DR0\Partition2 - ok
18:21:11.0018 1044 [ D21B0DE9CF35D6A2FD4F5C7438F672E7 ] \Device\Harddisk0\DR0\Partition3
18:21:11.0021 1044 \Device\Harddisk0\DR0\Partition3 - ok
18:21:11.0021 1044 ============================================================
18:21:11.0021 1044 Scan finished
18:21:11.0021 1044 ============================================================
18:21:11.0038 5964 Detected object count: 4
18:21:11.0038 5964 Actual detected object count: 4
18:38:15.0744 5964 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:15.0745 5964 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:15.0746 5964 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:15.0746 5964 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:15.0748 5964 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:15.0748 5964 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:15.0749 5964 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:15.0750 5964 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.08.2013, 17:42
| #10 |
| /// Malware-holic | Interpol Trojaner - Sperschirm//FRST.Log schon angehängt Hi, sehr gut. es sind 4 Logs zu erstellen, möglichst gleichzeitig posten. 1. Downloade Dir bitte  Malwarebytes Anti-Malware
neustarten. 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 3. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
neustarten 4. Hitmanpro laden: HitmanPro - Download - Filepony Doppelklicken, Scan klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen. Hitmanpro schließen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Interpol Trojaner - Sperschirm//FRST.Log schon angehängt |
| administrator, adobe, browser, desktop, explorer, farbar, farbar recovery scan tool, google, helper, home, homepage, iexplore.exe, lws.exe, microsoft, mozilla, performance, plug-in, problem, registry, scan, server, services.exe, software, stick, svchost.exe, temp, trojaner, usb, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
