| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan:Win32/Reveton.N gefunden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2012, 19:16
| #1 |
| |  Trojan:Win32/Reveton.N gefunden. Hallo, Microsoft Security Essentials hat Trojan:Win32/Reveton.N gefunden in der Datei: Code:
ATTFilter file:C:\Users\Hugo Bosnickel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-1d348372
Würde mich freuen, wenn mir jemand erklären könnte wie ich nun am Besten vorgehe. Anbei noch der Inhalt der OTL.txt Vielen Dank! Code:
ATTFilter OTL logfile created on: 21.12.2012 19:05:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugo Bosnickel\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,92 Gb Available Physical Memory | 87,21% Memory free 31,92 Gb Paging File | 29,93 Gb Available in Paging File | 93,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,02 Gb Total Space | 6,48 Gb Free Space | 5,45% Space Free | Partition Type: NTFS Drive D: | 931,39 Gb Total Space | 512,83 Gb Free Space | 55,06% Space Free | Partition Type: NTFS Computer Name: MEINER | User Name: Hugo Bosnickel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Hugo Bosnickel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe () PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6C 88 50 F4 DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 20:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Extensions [2012.10.26 20:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Firefox\Profiles\22u5pwby.default\extensions [2012.12.06 23:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 23:11:12 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Spotify] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.18.3.5 212.18.0.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57C75925-EC9F-482D-BE35-6B01F6CB7193}: DhcpNameServer = 212.18.3.5 212.18.0.5 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.12.19 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient [2012.12.19 19:45:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\PMB Files [2012.12.19 19:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.12.19 19:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.12.19 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.swt [2012.12.17 19:18:06 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll [2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX [2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Play withSIX [2012.12.16 16:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks [2012.12.16 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks [2012.12.06 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 20:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.04 20:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.04 20:32:20 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.12.02 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCanvas [2012.12.02 03:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Baldur's Gate - Enhanced Edition [2012.12.02 01:09:15 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\BeamDog [2012.12.02 01:09:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.12.02 01:09:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baldur's Gate Enhanced Edition [2012.12.02 00:59:55 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.12.02 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox [2012.12.01 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.tokentool [2012.12.01 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2012.12.01 18:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Paint.NET [2012.12.01 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.maptool [2012.12.01 15:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\MapTools [2012.11.30 22:39:11 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Hero Lab [2012.11.30 22:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab [2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab [2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab [2012.11.25 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Ubisoft Game Launcher [2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft [2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.11.25 20:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\SCE [2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Crash [2012.11.22 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Sony Online Entertainment [2012.10.28 20:27:48 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe [2012.08.30 14:47:32 | 002,369,720 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe [2012.08.30 14:47:32 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat [2012.08.30 14:46:06 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll [2012.08.30 14:20:14 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll [2012.08.30 14:20:14 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 18:17:14 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.21 18:17:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.21 18:17:14 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.21 18:17:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 18:17:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.21 18:11:55 | 000,001,020 | ---- | M] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.21 18:10:17 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.21 18:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 18:10:14 | 4265,168,894 | -HS- | M] () -- C:\hiberfil.sys [2012.12.20 22:25:27 | 000,000,000 | ---- | M] () -- C:\Users\Hugo Bosnickel\defogger_reenable [2012.12.20 21:58:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.20 21:55:15 | 000,185,720 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.02 01:09:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.12.02 01:09:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.20 22:25:27 | 000,000,000 | ---- | C] () -- C:\Users\Hugo Bosnickel\defogger_reenable [2012.12.20 21:55:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.02 01:00:00 | 000,001,020 | ---- | C] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.01 18:48:16 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2012.11.17 19:07:42 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.17 19:07:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.11.17 19:07:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.27 18:36:12 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.27 01:17:48 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.10.27 01:06:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.08.30 14:09:28 | 000,001,892 | ---- | C] () -- C:\Program Files\README.HTM [2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.21 18:11:58 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox [2012.10.30 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Fatshark [2012.12.19 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient [2012.12.16 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX [2012.12.21 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify [2012.11.20 19:36:01 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\SumatraPDF [2012.12.16 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\TS3Client [2012.11.25 20:56:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > |
|
21.12.2012, 19:19
| #2 |
| /// Malware-holic   | Trojan:Win32/Reveton.N gefunden. hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.17 19:18:06 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.20 21:58:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
21.12.2012, 19:27
| #3 |
| | Trojan:Win32/Reveton.N gefunden. Anbei das gewünschte OTL Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Hugo Bosnickel
->Flash cache emptied: 13944 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hugo Bosnickel
->Temp folder emptied: 568037553 bytes
->Temporary Internet Files folder emptied: 215442181 bytes
->Java cache emptied: 411682 bytes
->FireFox cache emptied: 72921534 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167403481 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36095868 bytes
RecycleBin emptied: 60552 bytes
Total Files Cleaned = 1.011,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_192254
Files\Folders moved on Reboot...
C:\Users\Hugo Bosnickel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
21.12.2012, 19:35
| #4 |
| /// Malware-holic | Trojan:Win32/Reveton.N gefunden. Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 19:46
| #5 |
| | Trojan:Win32/Reveton.N gefunden. Anbei das tdss Log: Code:
ATTFilter 19:43:53.0223 1128 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:43:53.0223 1128 UEFI system
19:43:53.0317 1128 ============================================================
19:43:53.0317 1128 Current date / time: 2012/12/21 19:43:53.0317
19:43:53.0317 1128 SystemInfo:
19:43:53.0317 1128
19:43:53.0317 1128 OS Version: 6.1.7601 ServicePack: 1.0
19:43:53.0317 1128 Product type: Workstation
19:43:53.0317 1128 ComputerName: MEINER
19:43:53.0317 1128 UserName: Hugo Bosnickel
19:43:53.0317 1128 Windows directory: C:\Windows
19:43:53.0317 1128 System windows directory: C:\Windows
19:43:53.0317 1128 Running under WOW64
19:43:53.0317 1128 Processor architecture: Intel x64
19:43:53.0317 1128 Number of processors: 8
19:43:53.0317 1128 Page size: 0x1000
19:43:53.0317 1128 Boot type: Normal boot
19:43:53.0317 1128 ============================================================
19:43:53.0629 1128 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:53.0629 1128 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:53.0645 1128 ============================================================
19:43:53.0645 1128 \Device\Harddisk0\DR0:
19:43:53.0645 1128 GPT partitions:
19:43:53.0645 1128 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1518E4B3-987F-459F-801E-21E550688448}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:43:53.0645 1128 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {64D80C01-6A75-497F-9DB9-F589B709B0ED}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:43:53.0645 1128 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E5CFBEDD-CEDE-49EF-9F69-7F2F71FF943C}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xEE09800
19:43:53.0645 1128 MBR partitions:
19:43:53.0645 1128 \Device\Harddisk1\DR1:
19:43:53.0645 1128 GPT partitions:
19:43:53.0645 1128 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EA5DF022-E966-4D2D-8D4C-5F4C9518FFCE}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:43:53.0645 1128 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {88B6DD48-8A7E-430A-B720-94C00D64A7AF}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
19:43:53.0645 1128 MBR partitions:
19:43:53.0645 1128 ============================================================
19:43:53.0645 1128 C: <-> \Device\Harddisk0\DR0\Partition3
19:43:53.0660 1128 D: <-> \Device\Harddisk1\DR1\Partition2
19:43:53.0660 1128 ============================================================
19:43:53.0660 1128 Initialize success
19:43:53.0660 1128 ============================================================
19:44:00.0244 5032 ============================================================
19:44:00.0244 5032 Scan started
19:44:00.0244 5032 Mode: Manual; SigCheck; TDLFS;
19:44:00.0244 5032 ============================================================
19:44:00.0275 5032 ================ Scan system memory ========================
19:44:00.0275 5032 System memory - ok
19:44:00.0275 5032 ================ Scan services =============================
19:44:00.0290 5032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:44:00.0322 5032 1394ohci - ok
19:44:00.0337 5032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:44:00.0337 5032 ACPI - ok
19:44:00.0337 5032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:44:00.0353 5032 AcpiPmi - ok
19:44:00.0368 5032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:44:00.0384 5032 adp94xx - ok
19:44:00.0384 5032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:44:00.0384 5032 adpahci - ok
19:44:00.0400 5032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:44:00.0400 5032 adpu320 - ok
19:44:00.0400 5032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:00.0446 5032 AeLookupSvc - ok
19:44:00.0446 5032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:44:00.0462 5032 AFD - ok
19:44:00.0462 5032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:00.0478 5032 agp440 - ok
19:44:00.0478 5032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:44:00.0493 5032 ALG - ok
19:44:00.0493 5032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:00.0493 5032 aliide - ok
19:44:00.0493 5032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:00.0509 5032 amdide - ok
19:44:00.0509 5032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:44:00.0509 5032 AmdK8 - ok
19:44:00.0509 5032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:44:00.0524 5032 AmdPPM - ok
19:44:00.0524 5032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:44:00.0540 5032 amdsata - ok
19:44:00.0540 5032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:44:00.0540 5032 amdsbs - ok
19:44:00.0540 5032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:44:00.0556 5032 amdxata - ok
19:44:00.0556 5032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:44:00.0571 5032 AppID - ok
19:44:00.0571 5032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:44:00.0602 5032 AppIDSvc - ok
19:44:00.0602 5032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:00.0618 5032 Appinfo - ok
19:44:00.0618 5032 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
19:44:00.0634 5032 AppleCharger - ok
19:44:00.0634 5032 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:44:00.0665 5032 AppleChargerSrv - ok
19:44:00.0665 5032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:44:00.0680 5032 arc - ok
19:44:00.0680 5032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:44:00.0696 5032 arcsas - ok
19:44:00.0696 5032 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:00.0712 5032 aspnet_state - ok
19:44:00.0712 5032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:00.0727 5032 AsyncMac - ok
19:44:00.0743 5032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:00.0743 5032 atapi - ok
19:44:00.0743 5032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:00.0774 5032 AudioEndpointBuilder - ok
19:44:00.0774 5032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:44:00.0805 5032 AudioSrv - ok
19:44:00.0805 5032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:44:00.0821 5032 AxInstSV - ok
19:44:00.0836 5032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:44:00.0836 5032 b06bdrv - ok
19:44:00.0852 5032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:00.0852 5032 b57nd60a - ok
19:44:00.0852 5032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:44:00.0868 5032 BDESVC - ok
19:44:00.0868 5032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:00.0883 5032 Beep - ok
19:44:00.0899 5032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:44:00.0914 5032 BFE - ok
19:44:00.0930 5032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:44:00.0961 5032 BITS - ok
19:44:00.0961 5032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:00.0961 5032 blbdrive - ok
19:44:00.0977 5032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:00.0977 5032 bowser - ok
19:44:00.0977 5032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:44:00.0992 5032 BrFiltLo - ok
19:44:00.0992 5032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:44:00.0992 5032 BrFiltUp - ok
19:44:01.0008 5032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:44:01.0008 5032 Browser - ok
19:44:01.0008 5032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:44:01.0024 5032 Brserid - ok
19:44:01.0024 5032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:01.0039 5032 BrSerWdm - ok
19:44:01.0039 5032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:01.0055 5032 BrUsbMdm - ok
19:44:01.0055 5032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:01.0055 5032 BrUsbSer - ok
19:44:01.0055 5032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:44:01.0070 5032 BTHMODEM - ok
19:44:01.0070 5032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:44:01.0086 5032 bthserv - ok
19:44:01.0102 5032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:01.0117 5032 cdfs - ok
19:44:01.0117 5032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:01.0133 5032 cdrom - ok
19:44:01.0133 5032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:01.0148 5032 CertPropSvc - ok
19:44:01.0148 5032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:44:01.0164 5032 circlass - ok
19:44:01.0164 5032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:44:01.0180 5032 CLFS - ok
19:44:01.0180 5032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:01.0180 5032 clr_optimization_v2.0.50727_32 - ok
19:44:01.0195 5032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:01.0195 5032 clr_optimization_v2.0.50727_64 - ok
19:44:01.0211 5032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:01.0211 5032 clr_optimization_v4.0.30319_32 - ok
19:44:01.0211 5032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:01.0226 5032 clr_optimization_v4.0.30319_64 - ok
19:44:01.0226 5032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:44:01.0242 5032 CmBatt - ok
19:44:01.0242 5032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:01.0242 5032 cmdide - ok
19:44:01.0258 5032 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:44:01.0258 5032 CNG - ok
19:44:01.0273 5032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:44:01.0273 5032 Compbatt - ok
19:44:01.0273 5032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:01.0289 5032 CompositeBus - ok
19:44:01.0289 5032 COMSysApp - ok
19:44:01.0289 5032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:44:01.0289 5032 crcdisk - ok
19:44:01.0304 5032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:01.0304 5032 CryptSvc - ok
19:44:01.0320 5032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:01.0336 5032 DcomLaunch - ok
19:44:01.0336 5032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:44:01.0367 5032 defragsvc - ok
19:44:01.0367 5032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:01.0382 5032 DfsC - ok
19:44:01.0398 5032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:44:01.0398 5032 Dhcp - ok
19:44:01.0414 5032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:44:01.0429 5032 discache - ok
19:44:01.0429 5032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:44:01.0429 5032 Disk - ok
19:44:01.0445 5032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:01.0445 5032 Dnscache - ok
19:44:01.0460 5032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:01.0476 5032 dot3svc - ok
19:44:01.0476 5032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:44:01.0507 5032 DPS - ok
19:44:01.0507 5032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:01.0507 5032 drmkaud - ok
19:44:01.0523 5032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:01.0538 5032 DXGKrnl - ok
19:44:01.0538 5032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:01.0554 5032 EapHost - ok
19:44:01.0585 5032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:44:01.0616 5032 ebdrv - ok
19:44:01.0616 5032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:44:01.0632 5032 EFS - ok
19:44:01.0632 5032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:01.0648 5032 ehRecvr - ok
19:44:01.0648 5032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:44:01.0663 5032 ehSched - ok
19:44:01.0663 5032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:44:01.0679 5032 elxstor - ok
19:44:01.0679 5032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:44:01.0694 5032 ErrDev - ok
19:44:01.0694 5032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:44:01.0726 5032 EventSystem - ok
19:44:01.0726 5032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:01.0741 5032 exfat - ok
19:44:01.0757 5032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:01.0772 5032 fastfat - ok
19:44:01.0772 5032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:44:01.0788 5032 Fax - ok
19:44:01.0788 5032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:44:01.0804 5032 fdc - ok
19:44:01.0804 5032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:01.0819 5032 fdPHost - ok
19:44:01.0819 5032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:01.0850 5032 FDResPub - ok
19:44:01.0850 5032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:01.0850 5032 FileInfo - ok
19:44:01.0866 5032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:01.0882 5032 Filetrace - ok
19:44:01.0882 5032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:44:01.0882 5032 flpydisk - ok
19:44:01.0897 5032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:01.0897 5032 FltMgr - ok
19:44:01.0913 5032 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:44:01.0928 5032 FontCache - ok
19:44:01.0928 5032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:01.0928 5032 FontCache3.0.0.0 - ok
19:44:01.0944 5032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:44:01.0944 5032 FsDepends - ok
19:44:01.0944 5032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:01.0960 5032 Fs_Rec - ok
19:44:01.0960 5032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:44:01.0960 5032 fvevol - ok
19:44:01.0975 5032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:44:01.0975 5032 gagp30kx - ok
19:44:01.0975 5032 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
19:44:01.0991 5032 gdrv - ok
19:44:01.0991 5032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:02.0022 5032 gpsvc - ok
19:44:02.0022 5032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:44:02.0038 5032 hcw85cir - ok
19:44:02.0038 5032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:02.0053 5032 HdAudAddService - ok
19:44:02.0053 5032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:02.0069 5032 HDAudBus - ok
19:44:02.0069 5032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:44:02.0069 5032 HidBatt - ok
19:44:02.0069 5032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:44:02.0084 5032 HidBth - ok
19:44:02.0084 5032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:44:02.0100 5032 HidIr - ok
19:44:02.0100 5032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:44:02.0116 5032 hidserv - ok
19:44:02.0116 5032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:44:02.0131 5032 HidUsb - ok
19:44:02.0131 5032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:02.0162 5032 hkmsvc - ok
19:44:02.0162 5032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:02.0178 5032 HomeGroupListener - ok
19:44:02.0178 5032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:02.0178 5032 HomeGroupProvider - ok
19:44:02.0194 5032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:44:02.0194 5032 HpSAMD - ok
19:44:02.0209 5032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:02.0225 5032 HTTP - ok
19:44:02.0225 5032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:44:02.0240 5032 hwpolicy - ok
19:44:02.0240 5032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:44:02.0240 5032 i8042prt - ok
19:44:02.0256 5032 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:44:02.0256 5032 iaStor - ok
19:44:02.0272 5032 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:44:02.0272 5032 IAStorDataMgrSvc - ok
19:44:02.0272 5032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:44:02.0287 5032 iaStorV - ok
19:44:02.0287 5032 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:44:02.0318 5032 ICCS ( UnsignedFile.Multi.Generic ) - warning
19:44:02.0318 5032 ICCS - detected UnsignedFile.Multi.Generic (1)
19:44:02.0318 5032 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:44:02.0318 5032 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:44:02.0318 5032 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:44:02.0334 5032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:02.0350 5032 idsvc - ok
19:44:02.0350 5032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:44:02.0350 5032 iirsp - ok
19:44:02.0365 5032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:02.0396 5032 IKEEXT - ok
19:44:02.0396 5032 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:44:02.0412 5032 Intel(R) Capability Licensing Service Interface - ok
19:44:02.0412 5032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:02.0428 5032 intelide - ok
19:44:02.0428 5032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:02.0428 5032 intelppm - ok
19:44:02.0428 5032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:02.0459 5032 IPBusEnum - ok
19:44:02.0459 5032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:02.0474 5032 IpFilterDriver - ok
19:44:02.0490 5032 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:44:02.0490 5032 iphlpsvc - ok
19:44:02.0490 5032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:44:02.0506 5032 IPMIDRV - ok
19:44:02.0506 5032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:44:02.0521 5032 IPNAT - ok
19:44:02.0537 5032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:44:02.0537 5032 IRENUM - ok
19:44:02.0537 5032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:44:02.0552 5032 isapnp - ok
19:44:02.0552 5032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:44:02.0568 5032 iScsiPrt - ok
19:44:02.0568 5032 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:44:02.0568 5032 iusb3hcs - ok
19:44:02.0568 5032 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
19:44:02.0584 5032 iusb3hub - ok
19:44:02.0584 5032 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:44:02.0599 5032 iusb3xhc - ok
19:44:02.0599 5032 jfihxccc - ok
19:44:02.0599 5032 [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:44:02.0615 5032 jhi_service - ok
19:44:02.0615 5032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:02.0615 5032 kbdclass - ok
19:44:02.0615 5032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:02.0630 5032 kbdhid - ok
19:44:02.0646 5032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:44:02.0646 5032 KeyIso - ok
19:44:02.0646 5032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:44:02.0662 5032 KSecDD - ok
19:44:02.0662 5032 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:44:02.0662 5032 KSecPkg - ok
19:44:02.0662 5032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:44:02.0693 5032 ksthunk - ok
19:44:02.0693 5032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:44:02.0708 5032 KtmRm - ok
19:44:02.0724 5032 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:44:02.0724 5032 L1C - ok
19:44:02.0724 5032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:44:02.0755 5032 LanmanServer - ok
19:44:02.0755 5032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:02.0771 5032 LanmanWorkstation - ok
19:44:02.0771 5032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:44:02.0802 5032 lltdio - ok
19:44:02.0802 5032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:44:02.0833 5032 lltdsvc - ok
19:44:02.0833 5032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:44:02.0849 5032 lmhosts - ok
19:44:02.0849 5032 [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:44:02.0864 5032 LMS - ok
19:44:02.0864 5032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:44:02.0880 5032 LSI_FC - ok
19:44:02.0880 5032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:44:02.0880 5032 LSI_SAS - ok
19:44:02.0880 5032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:44:02.0896 5032 LSI_SAS2 - ok
19:44:02.0896 5032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:44:02.0896 5032 LSI_SCSI - ok
19:44:02.0911 5032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:44:02.0927 5032 luafv - ok
19:44:02.0927 5032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:44:02.0942 5032 Mcx2Svc - ok
19:44:02.0942 5032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:44:02.0942 5032 megasas - ok
19:44:02.0942 5032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:44:02.0958 5032 MegaSR - ok
19:44:02.0958 5032 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:44:02.0958 5032 MEIx64 - ok
19:44:02.0974 5032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:44:02.0989 5032 MMCSS - ok
19:44:02.0989 5032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:44:03.0005 5032 Modem - ok
19:44:03.0005 5032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:44:03.0020 5032 monitor - ok
19:44:03.0020 5032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:44:03.0036 5032 mouclass - ok
19:44:03.0036 5032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:44:03.0036 5032 mouhid - ok
19:44:03.0036 5032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:44:03.0052 5032 mountmgr - ok
19:44:03.0052 5032 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:03.0052 5032 MozillaMaintenance - ok
19:44:03.0067 5032 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:44:03.0067 5032 MpFilter - ok
19:44:03.0067 5032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:44:03.0083 5032 mpio - ok
19:44:03.0083 5032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:44:03.0098 5032 mpsdrv - ok
19:44:03.0114 5032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:44:03.0145 5032 MpsSvc - ok
19:44:03.0145 5032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:44:03.0161 5032 MRxDAV - ok
19:44:03.0161 5032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:03.0161 5032 mrxsmb - ok
19:44:03.0176 5032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:03.0176 5032 mrxsmb10 - ok
19:44:03.0176 5032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:03.0192 5032 mrxsmb20 - ok
19:44:03.0192 5032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:44:03.0192 5032 msahci - ok
19:44:03.0192 5032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:44:03.0208 5032 msdsm - ok
19:44:03.0208 5032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:44:03.0223 5032 MSDTC - ok
19:44:03.0223 5032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:44:03.0239 5032 Msfs - ok
19:44:03.0239 5032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:44:03.0270 5032 mshidkmdf - ok
19:44:03.0270 5032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:44:03.0270 5032 msisadrv - ok
19:44:03.0270 5032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:44:03.0301 5032 MSiSCSI - ok
19:44:03.0301 5032 msiserver - ok
19:44:03.0301 5032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:44:03.0332 5032 MSKSSRV - ok
19:44:03.0332 5032 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:44:03.0332 5032 MsMpSvc - ok
19:44:03.0332 5032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:03.0348 5032 MSPCLOCK - ok
19:44:03.0364 5032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:44:03.0379 5032 MSPQM - ok
19:44:03.0379 5032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:44:03.0395 5032 MsRPC - ok
19:44:03.0395 5032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:03.0395 5032 mssmbios - ok
19:44:03.0410 5032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:44:03.0426 5032 MSTEE - ok
19:44:03.0426 5032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:44:03.0442 5032 MTConfig - ok
19:44:03.0442 5032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:44:03.0442 5032 Mup - ok
19:44:03.0442 5032 [ 97CCA67FCDABB8441149F04B34ABF510 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
19:44:03.0457 5032 mvs91xx - ok
19:44:03.0457 5032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:44:03.0488 5032 napagent - ok
19:44:03.0488 5032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:44:03.0504 5032 NativeWifiP - ok
19:44:03.0520 5032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:44:03.0535 5032 NDIS - ok
19:44:03.0535 5032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:03.0551 5032 NdisCap - ok
19:44:03.0551 5032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:03.0582 5032 NdisTapi - ok
19:44:03.0582 5032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:03.0598 5032 Ndisuio - ok
19:44:03.0598 5032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:03.0629 5032 NdisWan - ok
19:44:03.0629 5032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:44:03.0644 5032 NDProxy - ok
19:44:03.0644 5032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:44:03.0660 5032 NetBIOS - ok
19:44:03.0676 5032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:44:03.0691 5032 NetBT - ok
19:44:03.0691 5032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:44:03.0707 5032 Netlogon - ok
19:44:03.0707 5032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:44:03.0722 5032 Netman - ok
19:44:03.0738 5032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0738 5032 NetMsmqActivator - ok
19:44:03.0738 5032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0754 5032 NetPipeActivator - ok
19:44:03.0754 5032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:44:03.0785 5032 netprofm - ok
19:44:03.0785 5032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0785 5032 NetTcpActivator - ok
19:44:03.0785 5032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0800 5032 NetTcpPortSharing - ok
19:44:03.0800 5032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:44:03.0800 5032 nfrd960 - ok
19:44:03.0800 5032 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:44:03.0816 5032 NisDrv - ok
19:44:03.0816 5032 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:44:03.0832 5032 NisSrv - ok
19:44:03.0832 5032 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:44:03.0847 5032 NlaSvc - ok
19:44:03.0847 5032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:44:03.0863 5032 Npfs - ok
19:44:03.0863 5032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:44:03.0878 5032 nsi - ok
19:44:03.0894 5032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:44:03.0910 5032 nsiproxy - ok
19:44:03.0925 5032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:44:03.0941 5032 Ntfs - ok
19:44:03.0956 5032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:44:03.0972 5032 Null - ok
19:44:03.0972 5032 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:44:03.0988 5032 NVHDA - ok
19:44:04.0050 5032 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:04.0159 5032 nvlddmkm - ok
19:44:04.0159 5032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:44:04.0175 5032 nvraid - ok
19:44:04.0175 5032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:44:04.0175 5032 nvstor - ok
19:44:04.0190 5032 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
19:44:04.0206 5032 nvsvc - ok
19:44:04.0222 5032 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:04.0237 5032 nvUpdatusService - ok
19:44:04.0237 5032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:44:04.0253 5032 nv_agp - ok
19:44:04.0253 5032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:44:04.0253 5032 ohci1394 - ok
19:44:04.0268 5032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:44:04.0268 5032 p2pimsvc - ok
19:44:04.0284 5032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:44:04.0284 5032 p2psvc - ok
19:44:04.0300 5032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:44:04.0300 5032 Parport - ok
19:44:04.0300 5032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:44:04.0315 5032 partmgr - ok
19:44:04.0315 5032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:44:04.0331 5032 PcaSvc - ok
19:44:04.0331 5032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:44:04.0331 5032 pci - ok
19:44:04.0331 5032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:44:04.0346 5032 pciide - ok
19:44:04.0346 5032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:44:04.0362 5032 pcmcia - ok
19:44:04.0362 5032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:44:04.0362 5032 pcw - ok
19:44:04.0378 5032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:44:04.0393 5032 PEAUTH - ok
19:44:04.0409 5032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:44:04.0409 5032 PerfHost - ok
19:44:04.0424 5032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:44:04.0456 5032 pla - ok
19:44:04.0471 5032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:44:04.0487 5032 PlugPlay - ok
19:44:04.0487 5032 PnkBstrA - ok
19:44:04.0487 5032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:44:04.0487 5032 PNRPAutoReg - ok
19:44:04.0502 5032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:44:04.0502 5032 PNRPsvc - ok
19:44:04.0502 5032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:44:04.0534 5032 PolicyAgent - ok
19:44:04.0534 5032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:44:04.0565 5032 Power - ok
19:44:04.0565 5032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:44:04.0580 5032 PptpMiniport - ok
19:44:04.0580 5032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:44:04.0596 5032 Processor - ok
19:44:04.0596 5032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:44:04.0612 5032 ProfSvc - ok
19:44:04.0612 5032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:04.0612 5032 ProtectedStorage - ok
19:44:04.0612 5032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:44:04.0643 5032 Psched - ok
19:44:04.0658 5032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:44:04.0674 5032 ql2300 - ok
19:44:04.0674 5032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:44:04.0690 5032 ql40xx - ok
19:44:04.0690 5032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:44:04.0705 5032 QWAVE - ok
19:44:04.0705 5032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:44:04.0705 5032 QWAVEdrv - ok
19:44:04.0705 5032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:44:04.0736 5032 RasAcd - ok
19:44:04.0736 5032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:04.0752 5032 RasAgileVpn - ok
19:44:04.0752 5032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:44:04.0783 5032 RasAuto - ok
19:44:04.0783 5032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:04.0799 5032 Rasl2tp - ok
19:44:04.0814 5032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:44:04.0830 5032 RasMan - ok
19:44:04.0830 5032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:04.0861 5032 RasPppoe - ok
19:44:04.0861 5032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:44:04.0877 5032 RasSstp - ok
19:44:04.0892 5032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:44:04.0908 5032 rdbss - ok
19:44:04.0908 5032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:44:04.0924 5032 rdpbus - ok
19:44:04.0924 5032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:04.0939 5032 RDPCDD - ok
19:44:04.0939 5032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:44:04.0970 5032 RDPENCDD - ok
19:44:04.0970 5032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:44:04.0986 5032 RDPREFMP - ok
19:44:04.0986 5032 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:44:05.0002 5032 RdpVideoMiniport - ok
19:44:05.0002 5032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:44:05.0017 5032 RDPWD - ok
19:44:05.0017 5032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:44:05.0017 5032 rdyboost - ok
19:44:05.0017 5032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:44:05.0048 5032 RemoteAccess - ok
19:44:05.0048 5032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:44:05.0064 5032 RemoteRegistry - ok
19:44:05.0080 5032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:44:05.0095 5032 RpcEptMapper - ok
19:44:05.0095 5032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:44:05.0111 5032 RpcLocator - ok
19:44:05.0111 5032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:44:05.0126 5032 RpcSs - ok
19:44:05.0126 5032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:44:05.0158 5032 rspndr - ok
19:44:05.0158 5032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:44:05.0158 5032 SamSs - ok
19:44:05.0158 5032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:44:05.0173 5032 sbp2port - ok
19:44:05.0173 5032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:44:05.0204 5032 SCardSvr - ok
19:44:05.0204 5032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:44:05.0220 5032 scfilter - ok
19:44:05.0236 5032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:44:05.0267 5032 Schedule - ok
19:44:05.0267 5032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:44:05.0282 5032 SCPolicySvc - ok
19:44:05.0282 5032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:44:05.0298 5032 SDRSVC - ok
19:44:05.0298 5032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:44:05.0314 5032 secdrv - ok
19:44:05.0329 5032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:44:05.0345 5032 seclogon - ok
19:44:05.0345 5032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:44:05.0360 5032 SENS - ok
19:44:05.0376 5032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:44:05.0376 5032 SensrSvc - ok
19:44:05.0376 5032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:44:05.0392 5032 Serenum - ok
19:44:05.0392 5032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:44:05.0392 5032 Serial - ok
19:44:05.0407 5032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:44:05.0407 5032 sermouse - ok
19:44:05.0407 5032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:44:05.0438 5032 SessionEnv - ok
19:44:05.0438 5032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:44:05.0438 5032 sffdisk - ok
19:44:05.0454 5032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:44:05.0454 5032 sffp_mmc - ok
19:44:05.0454 5032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:44:05.0470 5032 sffp_sd - ok
19:44:05.0470 5032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:44:05.0470 5032 sfloppy - ok
19:44:05.0485 5032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:44:05.0501 5032 SharedAccess - ok
19:44:05.0501 5032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:05.0532 5032 ShellHWDetection - ok
19:44:05.0532 5032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:44:05.0532 5032 SiSRaid2 - ok
19:44:05.0548 5032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:44:05.0548 5032 SiSRaid4 - ok
19:44:05.0548 5032 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:05.0563 5032 SkypeUpdate - ok
19:44:05.0563 5032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:44:05.0579 5032 Smb - ok
19:44:05.0579 5032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:44:05.0594 5032 SNMPTRAP - ok
19:44:05.0594 5032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:05.0594 5032 spldr - ok
19:44:05.0610 5032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:05.0626 5032 Spooler - ok
19:44:05.0641 5032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:44:05.0688 5032 sppsvc - ok
19:44:05.0704 5032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:44:05.0719 5032 sppuinotify - ok
19:44:05.0719 5032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:05.0735 5032 srv - ok
19:44:05.0735 5032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:05.0750 5032 srv2 - ok
19:44:05.0750 5032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:05.0766 5032 srvnet - ok
19:44:05.0766 5032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:05.0782 5032 SSDPSRV - ok
19:44:05.0797 5032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:05.0813 5032 SstpSvc - ok
19:44:05.0813 5032 Steam Client Service - ok
19:44:05.0828 5032 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:44:05.0828 5032 Stereo Service - ok
19:44:05.0828 5032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:44:05.0844 5032 stexstor - ok
19:44:05.0844 5032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:05.0860 5032 stisvc - ok
19:44:05.0860 5032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:44:05.0860 5032 swenum - ok
19:44:05.0875 5032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:44:05.0891 5032 swprv - ok
19:44:05.0906 5032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:44:05.0938 5032 SysMain - ok
19:44:05.0938 5032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:05.0953 5032 TabletInputService - ok
19:44:05.0953 5032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:05.0984 5032 TapiSrv - ok
19:44:05.0984 5032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:44:06.0000 5032 TBS - ok
19:44:06.0016 5032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:06.0047 5032 Tcpip - ok
19:44:06.0062 5032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:06.0078 5032 TCPIP6 - ok
19:44:06.0078 5032 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:06.0094 5032 tcpipreg - ok
19:44:06.0094 5032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:44:06.0094 5032 TDPIPE - ok
19:44:06.0109 5032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:44:06.0109 5032 TDTCP - ok
19:44:06.0109 5032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:44:06.0125 5032 tdx - ok
19:44:06.0140 5032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:44:06.0140 5032 TermDD - ok
19:44:06.0156 5032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:44:06.0172 5032 TermService - ok
19:44:06.0172 5032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:44:06.0187 5032 Themes - ok
19:44:06.0187 5032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:44:06.0218 5032 THREADORDER - ok
19:44:06.0218 5032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:44:06.0234 5032 TrkWks - ok
19:44:06.0234 5032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:06.0265 5032 TrustedInstaller - ok
19:44:06.0265 5032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:06.0281 5032 tssecsrv - ok
19:44:06.0281 5032 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:44:06.0296 5032 TsUsbFlt - ok
19:44:06.0296 5032 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:44:06.0296 5032 TsUsbGD - ok
19:44:06.0312 5032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:44:06.0328 5032 tunnel - ok
19:44:06.0328 5032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:44:06.0343 5032 uagp35 - ok
19:44:06.0343 5032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:44:06.0359 5032 udfs - ok
19:44:06.0374 5032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:44:06.0374 5032 UI0Detect - ok
19:44:06.0374 5032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:44:06.0390 5032 uliagpkx - ok
19:44:06.0390 5032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:44:06.0390 5032 umbus - ok
19:44:06.0390 5032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:44:06.0406 5032 UmPass - ok
19:44:06.0406 5032 [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:44:06.0421 5032 UNS - ok
19:44:06.0421 5032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:44:06.0452 5032 upnphost - ok
19:44:06.0452 5032 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:06.0468 5032 usbccgp - ok
19:44:06.0468 5032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:44:06.0468 5032 usbcir - ok
19:44:06.0484 5032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:44:06.0484 5032 usbehci - ok
19:44:06.0484 5032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:44:06.0499 5032 usbhub - ok
19:44:06.0499 5032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:44:06.0499 5032 usbohci - ok
19:44:06.0515 5032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:44:06.0515 5032 usbprint - ok
19:44:06.0515 5032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:06.0530 5032 USBSTOR - ok
19:44:06.0530 5032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:44:06.0530 5032 usbuhci - ok
19:44:06.0546 5032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:44:06.0562 5032 UxSms - ok
19:44:06.0562 5032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:44:06.0577 5032 VaultSvc - ok
19:44:06.0577 5032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:44:06.0577 5032 vdrvroot - ok
19:44:06.0593 5032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:44:06.0608 5032 vds - ok
19:44:06.0608 5032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:06.0624 5032 vga - ok
19:44:06.0624 5032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:44:06.0640 5032 VgaSave - ok
19:44:06.0655 5032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:44:06.0655 5032 vhdmp - ok
19:44:06.0671 5032 [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:44:06.0702 5032 VIAHdAudAddService - ok
19:44:06.0702 5032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:44:06.0702 5032 viaide - ok
19:44:06.0702 5032 [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:44:06.0718 5032 VIAKaraokeService - ok
19:44:06.0718 5032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:44:06.0718 5032 volmgr - ok
19:44:06.0733 5032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:44:06.0733 5032 volmgrx - ok
19:44:06.0733 5032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:44:06.0749 5032 volsnap - ok
19:44:06.0749 5032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:44:06.0764 5032 vsmraid - ok
19:44:06.0780 5032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:44:06.0811 5032 VSS - ok
19:44:06.0811 5032 [ 316A1762BD41C3DB06EB484527838E2D ] VUSB3HUB C:\Windows\system32\DRIVERS\ViaHub3.sys
19:44:06.0811 5032 VUSB3HUB - ok
19:44:06.0827 5032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:44:06.0827 5032 vwifibus - ok
19:44:06.0827 5032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:44:06.0858 5032 W32Time - ok
19:44:06.0858 5032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:44:06.0874 5032 WacomPen - ok
19:44:06.0874 5032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:44:06.0889 5032 WANARP - ok
19:44:06.0889 5032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:44:06.0905 5032 Wanarpv6 - ok
19:44:06.0920 5032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:44:06.0952 5032 wbengine - ok
19:44:06.0952 5032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:44:06.0967 5032 WbioSrvc - ok
19:44:06.0967 5032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:44:06.0983 5032 wcncsvc - ok
19:44:06.0983 5032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:06.0983 5032 WcsPlugInService - ok
19:44:06.0998 5032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:44:06.0998 5032 Wd - ok
19:44:06.0998 5032 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:44:07.0014 5032 Wdf01000 - ok
19:44:07.0030 5032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:44:07.0045 5032 WdiServiceHost - ok
19:44:07.0045 5032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:44:07.0061 5032 WdiSystemHost - ok
19:44:07.0061 5032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:44:07.0076 5032 WebClient - ok
19:44:07.0076 5032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:44:07.0108 5032 Wecsvc - ok
19:44:07.0108 5032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:44:07.0123 5032 wercplsupport - ok
19:44:07.0123 5032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:44:07.0154 5032 WerSvc - ok
19:44:07.0154 5032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:07.0170 5032 WfpLwf - ok
19:44:07.0170 5032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:44:07.0186 5032 WIMMount - ok
19:44:07.0186 5032 WinDefend - ok
19:44:07.0186 5032 WinHttpAutoProxySvc - ok
19:44:07.0201 5032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:44:07.0217 5032 Winmgmt - ok
19:44:07.0232 5032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:44:07.0264 5032 WinRM - ok
19:44:07.0279 5032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:44:07.0295 5032 Wlansvc - ok
19:44:07.0310 5032 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:44:07.0342 5032 wlidsvc - ok
19:44:07.0342 5032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:44:07.0357 5032 WmiAcpi - ok
19:44:07.0357 5032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:07.0373 5032 wmiApSrv - ok
19:44:07.0373 5032 WMPNetworkSvc - ok
19:44:07.0373 5032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:07.0373 5032 WPCSvc - ok
19:44:07.0388 5032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:07.0388 5032 WPDBusEnum - ok
19:44:07.0404 5032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:07.0420 5032 ws2ifsl - ok
19:44:07.0420 5032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:44:07.0435 5032 wscsvc - ok
19:44:07.0435 5032 WSearch - ok
19:44:07.0451 5032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:44:07.0482 5032 wuauserv - ok
19:44:07.0482 5032 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:44:07.0498 5032 WudfPf - ok
19:44:07.0498 5032 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:07.0513 5032 WUDFRd - ok
19:44:07.0513 5032 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:07.0513 5032 wudfsvc - ok
19:44:07.0529 5032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:44:07.0529 5032 WwanSvc - ok
19:44:07.0544 5032 [ FFDB0ED9D1D453F7F19DE55FE0706195 ] xhcdrv C:\Windows\system32\DRIVERS\xhcdrv.sys
19:44:07.0544 5032 xhcdrv - ok
19:44:07.0544 5032 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:44:07.0560 5032 xusb21 - ok
19:44:07.0560 5032 ================ Scan global ===============================
19:44:07.0560 5032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:07.0560 5032 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:44:07.0560 5032 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:44:07.0576 5032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:07.0576 5032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:07.0576 5032 [Global] - ok
19:44:07.0576 5032 ================ Scan MBR ==================================
19:44:07.0576 5032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:07.0591 5032 \Device\Harddisk0\DR0 - ok
19:44:07.0607 5032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:44:07.0669 5032 \Device\Harddisk1\DR1 - ok
19:44:07.0669 5032 ================ Scan VBR ==================================
19:44:07.0669 5032 [ FAF9E5601B0064ED9BA3D7E64F380BD0 ] \Device\Harddisk0\DR0\Partition1
19:44:07.0669 5032 \Device\Harddisk0\DR0\Partition1 - ok
19:44:07.0669 5032 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:44:07.0669 5032 \Device\Harddisk0\DR0\Partition2 - ok
19:44:07.0685 5032 [ E4CA2EBE930A95D085E1D01094F7B8F7 ] \Device\Harddisk0\DR0\Partition3
19:44:07.0685 5032 \Device\Harddisk0\DR0\Partition3 - ok
19:44:07.0685 5032 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:44:07.0685 5032 \Device\Harddisk1\DR1\Partition1 - ok
19:44:07.0685 5032 [ D04E8386BC6E14B4D9C4527F777544D9 ] \Device\Harddisk1\DR1\Partition2
19:44:07.0685 5032 \Device\Harddisk1\DR1\Partition2 - ok
19:44:07.0685 5032 ============================================================
19:44:07.0685 5032 Scan finished
19:44:07.0685 5032 ============================================================
19:44:07.0685 1568 Detected object count: 2
19:44:07.0685 1568 Actual detected object count: 2
19:44:14.0424 1568 ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:14.0424 1568 ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:14.0424 1568 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:14.0424 1568 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.12.2012, 19:49
| #6 | |
| /// Malware-holic | Trojan:Win32/Reveton.N gefunden. Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojan:Win32/Reveton.N gefunden. |
|
21.12.2012, 20:25
| #7 |
| | Trojan:Win32/Reveton.N gefunden. Anbei das Combifix-Log: Code:
ATTFilter ComboFix 12-12-20.02 - Hugo Bosnickel 21.12.2012 20:18:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16346.14646 [GMT 1:00]
ausgeführt von:: c:\users\Hugo Bosnickel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 19:19 . 2012-12-21 19:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-21 19:19 . 2012-12-21 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 18:22 . 2012-12-21 18:22 -------- d-----w- C:\_OTL
2012-12-20 21:36 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 21:36 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 21:36 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 21:36 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 19:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8798909-21EB-416D-8AF8-04F73F1FF3EA}\mpengine.dll
2012-12-19 21:44 . 2012-12-19 21:44 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Roaming\LolClient
2012-12-19 20:42 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-12-19 20:42 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-12-19 20:42 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-12-19 19:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-19 18:45 . 2012-12-21 19:19 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\PMB Files
2012-12-19 18:45 . 2012-12-19 21:50 -------- d-----w- c:\programdata\PMB Files
2012-12-19 18:45 . 2012-12-19 18:45 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-19 18:45 . 2012-12-19 18:45 -------- d-----w- c:\users\Hugo Bosnickel\.swt
2012-12-16 15:48 . 2012-12-16 15:51 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\Play withSIX
2012-12-16 15:48 . 2012-12-16 15:48 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Roaming\Play withSIX
2012-12-16 15:48 . 2012-12-16 15:48 -------- d-----w- c:\program files (x86)\SIX Networks
2012-12-12 23:12 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-04 19:34 . 2012-12-04 19:34 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-02 14:54 . 2012-12-02 14:54 -------- d-----w- c:\program files (x86)\PDFCanvas
2012-12-02 00:09 . 2012-12-02 00:09 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\BeamDog
2012-12-02 00:09 . 2012-12-02 00:09 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-02 00:09 . 2012-12-02 00:09 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-02 00:09 . 2012-12-02 00:09 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-02 00:09 . 2012-12-02 00:09 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-02 00:09 . 2012-12-02 00:09 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-01 23:59 . 2012-12-21 18:24 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox
2012-12-01 18:08 . 2012-12-01 18:08 -------- d-----w- c:\users\Hugo Bosnickel\.tokentool
2012-12-01 17:48 . 2012-12-01 17:48 -------- d-----w- c:\program files\Paint.NET
2012-12-01 17:47 . 2012-12-01 17:48 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\Paint.NET
2012-12-01 14:06 . 2012-12-01 14:06 -------- d-----w- c:\users\Hugo Bosnickel\.maptool
2012-12-01 14:05 . 2012-12-01 14:05 -------- d-----w- c:\program files\MapTools
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-11-30 21:39 . 2012-12-21 18:07 -------- d-----w- c:\programdata\Hero Lab
2012-11-30 21:39 . 2012-11-30 21:39 -------- d-----w- c:\program files (x86)\Hero Lab
2012-11-28 19:30 . 2012-11-28 19:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423D9E70-795E-4514-9207-A7FD5B7C012A}\gapaengine.dll
2012-11-28 19:30 . 2012-10-28 19:38 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-25 19:58 . 2012-11-25 19:59 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\Ubisoft Game Launcher
2012-11-25 19:56 . 2012-11-25 19:56 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Roaming\Ubisoft
2012-11-25 19:56 . 2012-11-25 19:56 -------- d-----w- c:\programdata\Ubisoft
2012-11-25 19:55 . 2012-11-25 19:55 -------- d-----w- c:\program files (x86)\Ubisoft
2012-11-22 20:49 . 2012-11-22 20:49 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\SCE
2012-11-22 20:49 . 2012-11-22 20:49 -------- d-----w- C:\Crash
2012-11-22 20:49 . 2012-11-22 20:49 -------- d-----w- c:\users\Hugo Bosnickel\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 00:09 . 2012-10-28 19:34 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-03 15:47 . 2012-10-27 00:28 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-10-27 00:28 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-27 00:28 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-10-27 00:28 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-10-27 00:28 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-10-27 00:28 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-27 00:28 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-27 00:28 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-01 05:49 . 2012-10-27 00:29 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-10-27 00:29 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-10-27 00:29 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-10-27 00:29 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-10-27 00:29 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-10-27 00:29 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-10-27 00:29 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-19 11:14 . 2012-11-17 18:14 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-19 11:14 . 2012-11-17 18:07 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-18 17:33 . 2012-11-17 18:07 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-17 18:14 . 2012-11-17 18:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-17 17:59 . 2012-11-17 18:07 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-11-12 17:43 . 2012-10-28 19:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 17:43 . 2012-10-28 19:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-11 14:14 . 2012-11-11 14:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 14:14 . 2012-11-11 14:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-11 14:14 . 2012-11-11 14:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 22:28 . 2012-10-27 00:17 25640 ----a-w- c:\windows\gdrv.sys
2012-10-28 20:15 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-10-28 20:15 . 2009-08-18 10:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-28 19:27 . 2012-10-28 19:27 36069 ----a-w- c:\program files\uninstall.exe
2012-10-27 00:17 . 2012-10-27 00:17 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-10-26 19:46 . 2012-10-26 19:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-26 19:46 . 2012-10-26 19:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-26 19:46 . 2012-10-26 19:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-26 19:46 . 2012-10-26 19:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-26 19:46 . 2012-10-26 19:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-26 19:46 . 2012-10-26 19:46 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-26 19:46 . 2012-10-26 19:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-26 19:46 . 2012-10-26 19:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-26 19:46 . 2012-10-26 19:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-26 19:46 . 2012-10-26 19:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-26 19:46 . 2012-10-26 19:46 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-26 19:46 . 2012-10-26 19:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-26 19:46 . 2012-10-26 19:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-26 19:46 . 2012-10-26 19:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-26 19:46 . 2012-10-26 19:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-26 19:46 . 2012-10-26 19:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-26 19:46 . 2012-10-26 19:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-26 19:46 . 2012-10-26 19:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-26 19:46 . 2012-10-26 19:46 448512 ----a-w- c:\windows\system32\html.iec
2012-10-26 19:46 . 2012-10-26 19:46 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-26 19:46 . 2012-10-26 19:46 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-26 19:46 . 2012-10-26 19:46 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-26 19:46 . 2012-10-26 19:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-26 19:46 . 2012-10-26 19:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-26 19:46 . 2012-10-26 19:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-26 19:46 . 2012-10-26 19:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-26 19:46 . 2012-10-26 19:46 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-26 19:46 . 2012-10-26 19:46 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-26 19:46 . 2012-10-26 19:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-26 19:46 . 2012-10-26 19:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-26 19:46 . 2012-10-26 19:46 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-26 19:46 . 2012-10-26 19:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-26 19:46 . 2012-10-26 19:46 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-26 19:46 . 2012-10-26 19:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-26 19:46 . 2012-10-26 19:46 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-26 19:46 . 2012-10-26 19:46 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-26 19:46 . 2012-10-26 19:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-26 19:46 . 2012-10-26 19:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-26 19:46 . 2012-10-26 19:46 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-26 19:46 . 2012-10-26 19:46 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-26 19:46 . 2012-10-26 19:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-26 19:46 . 2012-10-26 19:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-26 19:46 . 2012-10-26 19:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-26 19:46 . 2012-10-26 19:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-26 19:46 . 2012-10-26 19:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-26 19:46 . 2012-10-26 19:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-26 19:46 . 2012-10-26 19:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-26 19:46 . 2012-10-26 19:46 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-26 19:46 . 2012-10-26 19:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-17 00:31 . 2012-10-27 00:23 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0205B11-B257-4EC6-A8B0-3A1395E8C0BD}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 19:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 19:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 19:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 15:35 . 2012-10-12 15:35 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-10-12 15:35 . 2012-10-12 15:35 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-09 18:17 . 2012-11-15 05:51 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 05:51 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 05:51 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 05:51 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 23:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 05:51 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 05:51 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 05:51 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 05:51 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 05:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 05:51 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 05:51 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 05:51 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 05:51 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Spotify Web Helper"="c:\users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Spotify"="c:\users\Hugo Bosnickel\AppData\Roaming\Spotify\spotify.exe" [2012-10-26 7880664]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-19 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28539728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 jfihxccc;jfihxccc;c:\windows\system32\drivers\jfihxccc.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-01-20 254464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32111855
*Deregistered* - 32111855
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 212.18.3.5 212.18.0.5
FF - ProfilePath - c:\users\Hugo Bosnickel\AppData\Roaming\Mozilla\Firefox\Profiles\22u5pwby.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Guild Wars 2 - c:\program files (x86)\Guild Wars 2\Gw2.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-21 20:21:14
ComboFix-quarantined-files.txt 2012-12-21 19:21
.
Vor Suchlauf: 7.947.366.400 Bytes frei
Nach Suchlauf: 9.012.748.288 Bytes frei
.
- - End Of File - - 325C89D2C32A1AF1F8E0E78034858FC7
|
|
27.12.2012, 16:02
| #8 |
| /// Malware-holic | Trojan:Win32/Reveton.N gefunden. Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 22:18
| #9 |
| | Trojan:Win32/Reveton.N gefunden. Hallo, anbei das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hugo Bosnickel :: MEINER [Administrator] 28.12.2012 21:22:12 mbam-log-2012-12-28 (21-22-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 360569 Laufzeit: 7 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\12212012_192254\C_Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
02.01.2013, 21:35
| #10 |
| /// Malware-holic | Trojan:Win32/Reveton.N gefunden. lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan:Win32/Reveton.N gefunden. |
| autorun, bho, explorer, explorer.exe, firefox, format, logfile, monitor.exe, neue, nvidia, nvidia update, pando media booster, plug-in, programme, registry, scan, security, service.exe, software, spotify web helper, system32, trojan, trojan:win32/reveton.n, update, usb, usb 3.0, userinit, vdeck.exe, win32/reveton., win32/reveton.n, windows, winlogon |
Linear-Darstellung
