Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tr/crypt.zpack.gen Trojanermeldung bei Antivir

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.04.2012, 19:24   #16
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Das File ist zu groß, deshalb poste ich es auf zweimal...

Erster Teil:

Code:
ATTFilter
 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
19:21:05.0996 5344	============================================================
19:21:05.0996 5344	Current date / time: 2012/04/21 19:21:05.0996
19:21:05.0996 5344	SystemInfo:
19:21:05.0996 5344	
19:21:05.0996 5344	OS Version: 6.0.6002 ServicePack: 2.0
19:21:05.0996 5344	Product type: Workstation
19:21:05.0996 5344	ComputerName: *******-PC
19:21:05.0996 5344	UserName: *******
19:21:05.0996 5344	Windows directory: C:\Windows
19:21:05.0996 5344	System windows directory: C:\Windows
19:21:05.0996 5344	Processor architecture: Intel x86
19:21:05.0996 5344	Number of processors: 2
19:21:05.0996 5344	Page size: 0x1000
19:21:05.0996 5344	Boot type: Normal boot
19:21:05.0996 5344	============================================================
19:21:06.0417 5344	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:21:06.0417 5344	\Device\Harddisk0\DR0:
19:21:06.0417 5344	MBR partitions:
19:21:06.0417 5344	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x12800000
19:21:06.0417 5344	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B00800, BlocksNum 0x1292D800
19:21:06.0448 5344	C: <-> \Device\Harddisk0\DR0\Partition0
19:21:06.0495 5344	E: <-> \Device\Harddisk0\DR0\Partition1
19:21:06.0495 5344	Initialize success
19:21:06.0495 5344	============================================================
19:21:18.0304 5728	============================================================
19:21:18.0304 5728	Scan started
19:21:18.0304 5728	Mode: Manual; 
19:21:18.0304 5728	============================================================
19:21:19.0552 5728	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:21:19.0552 5728	ACPI - ok
19:21:19.0693 5728	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:19.0708 5728	AdobeFlashPlayerUpdateSvc - ok
19:21:19.0849 5728	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:21:19.0849 5728	adp94xx - ok
19:21:19.0911 5728	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:21:19.0911 5728	adpahci - ok
19:21:20.0036 5728	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:21:20.0036 5728	adpu160m - ok
19:21:20.0129 5728	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:21:20.0129 5728	adpu320 - ok
19:21:20.0223 5728	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:21:20.0223 5728	AeLookupSvc - ok
19:21:20.0332 5728	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:21:20.0348 5728	AFD - ok
19:21:20.0519 5728	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
19:21:20.0519 5728	AgereModemAudio - ok
19:21:20.0956 5728	AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
19:21:21.0112 5728	AgereSoftModem - ok
19:21:21.0674 5728	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:21:21.0674 5728	agp440 - ok
19:21:21.0705 5728	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:21:21.0705 5728	aic78xx - ok
19:21:21.0892 5728	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:21:21.0892 5728	ALG - ok
19:21:21.0955 5728	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:21:21.0955 5728	aliide - ok
19:21:22.0079 5728	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:21:22.0079 5728	amdagp - ok
19:21:22.0111 5728	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:21:22.0126 5728	amdide - ok
19:21:22.0204 5728	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:21:22.0204 5728	AmdK7 - ok
19:21:22.0376 5728	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:21:22.0376 5728	AmdK8 - ok
19:21:22.0501 5728	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:21:22.0501 5728	AntiVirSchedulerService - ok
19:21:22.0547 5728	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:21:22.0547 5728	AntiVirService - ok
19:21:22.0750 5728	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:21:22.0766 5728	Appinfo - ok
19:21:22.0875 5728	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:21:22.0875 5728	Apple Mobile Device - ok
19:21:23.0031 5728	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:21:23.0047 5728	arc - ok
19:21:23.0171 5728	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:21:23.0171 5728	arcsas - ok
19:21:23.0390 5728	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:23.0390 5728	AsyncMac - ok
19:21:23.0499 5728	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:21:23.0499 5728	atapi - ok
19:21:23.0593 5728	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:21:23.0593 5728	AudioEndpointBuilder - ok
19:21:23.0655 5728	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:21:23.0655 5728	Audiosrv - ok
19:21:23.0873 5728	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:21:23.0889 5728	avgntflt - ok
19:21:24.0014 5728	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
19:21:24.0029 5728	avipbb - ok
19:21:24.0295 5728	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:21:24.0295 5728	avkmgr - ok
19:21:24.0763 5728	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:21:24.0794 5728	Beep - ok
19:21:24.0872 5728	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:21:24.0872 5728	BFE - ok
19:21:25.0043 5728	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:21:25.0043 5728	BITS - ok
19:21:25.0168 5728	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:21:25.0168 5728	blbdrive - ok
19:21:25.0246 5728	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:21:25.0246 5728	Bonjour Service - ok
19:21:25.0324 5728	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:21:25.0324 5728	bowser - ok
19:21:25.0402 5728	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:21:25.0402 5728	BrFiltLo - ok
19:21:25.0449 5728	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:21:25.0465 5728	BrFiltUp - ok
19:21:25.0543 5728	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:21:25.0543 5728	Browser - ok
19:21:25.0621 5728	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:21:25.0621 5728	Brserid - ok
19:21:25.0652 5728	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:21:25.0652 5728	BrSerWdm - ok
19:21:25.0730 5728	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:21:25.0730 5728	BrUsbMdm - ok
19:21:25.0808 5728	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:21:25.0808 5728	BrUsbSer - ok
19:21:25.0870 5728	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
19:21:25.0870 5728	BthEnum - ok
19:21:25.0948 5728	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:21:25.0948 5728	BTHMODEM - ok
19:21:26.0057 5728	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:21:26.0073 5728	BthPan - ok
19:21:26.0120 5728	BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
19:21:26.0120 5728	BTHPORT - ok
19:21:26.0229 5728	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:21:26.0229 5728	BthServ - ok
19:21:26.0323 5728	BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
19:21:26.0338 5728	BTHUSB - ok
19:21:26.0541 5728	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:21:26.0557 5728	cdfs - ok
19:21:26.0697 5728	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:21:26.0697 5728	cdrom - ok
19:21:26.0791 5728	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:21:26.0791 5728	CertPropSvc - ok
19:21:26.0931 5728	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:21:26.0931 5728	circlass - ok
19:21:27.0009 5728	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:21:27.0025 5728	CLFS - ok
19:21:27.0118 5728	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:27.0118 5728	clr_optimization_v2.0.50727_32 - ok
19:21:27.0196 5728	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:27.0212 5728	clr_optimization_v4.0.30319_32 - ok
19:21:27.0368 5728	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:27.0368 5728	CmBatt - ok
19:21:27.0415 5728	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:21:27.0415 5728	cmdide - ok
19:21:27.0586 5728	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:21:27.0586 5728	Compbatt - ok
19:21:27.0649 5728	COMSysApp - ok
19:21:27.0711 5728	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:21:27.0711 5728	crcdisk - ok
19:21:27.0789 5728	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:21:27.0789 5728	Crusoe - ok
19:21:27.0883 5728	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:21:27.0883 5728	CryptSvc - ok
19:21:28.0023 5728	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:21:28.0039 5728	DcomLaunch - ok
19:21:28.0491 5728	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:21:28.0491 5728	DfsC - ok
19:21:28.0585 5728	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:21:28.0647 5728	DFSR - ok
19:21:28.0756 5728	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:21:28.0756 5728	Dhcp - ok
19:21:28.0865 5728	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:21:28.0865 5728	disk - ok
19:21:28.0975 5728	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:21:28.0975 5728	Dnscache - ok
19:21:29.0037 5728	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:21:29.0037 5728	dot3svc - ok
19:21:29.0131 5728	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:21:29.0131 5728	DPS - ok
19:21:29.0287 5728	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:21:29.0287 5728	drmkaud - ok
19:21:29.0427 5728	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:29.0458 5728	DXGKrnl - ok
19:21:29.0552 5728	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:21:29.0552 5728	E1G60 - ok
19:21:29.0661 5728	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:21:29.0661 5728	EapHost - ok
19:21:29.0848 5728	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:21:29.0848 5728	Ecache - ok
19:21:29.0942 5728	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:21:29.0942 5728	ehRecvr - ok
19:21:29.0973 5728	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:21:29.0989 5728	ehSched - ok
19:21:30.0004 5728	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:21:30.0004 5728	ehstart - ok
19:21:30.0113 5728	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:21:30.0145 5728	elxstor - ok
19:21:30.0223 5728	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:21:30.0238 5728	EMDMgmt - ok
19:21:30.0347 5728	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:21:30.0347 5728	ErrDev - ok
19:21:30.0410 5728	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:21:30.0410 5728	EventSystem - ok
19:21:30.0519 5728	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:21:30.0519 5728	exfat - ok
19:21:30.0613 5728	Fabs - ok
19:21:30.0722 5728	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:21:30.0722 5728	fastfat - ok
19:21:30.0800 5728	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:21:30.0800 5728	fdc - ok
19:21:30.0940 5728	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:21:30.0940 5728	fdPHost - ok
19:21:31.0018 5728	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:21:31.0018 5728	FDResPub - ok
19:21:31.0127 5728	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:21:31.0127 5728	FileInfo - ok
19:21:31.0190 5728	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:21:31.0190 5728	Filetrace - ok
19:21:31.0424 5728	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:21:31.0502 5728	FirebirdServerMAGIXInstance - ok
19:21:31.0705 5728	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:31.0705 5728	flpydisk - ok
19:21:31.0907 5728	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:21:31.0923 5728	FltMgr - ok
19:21:32.0141 5728	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:21:32.0204 5728	FontCache - ok
19:21:32.0297 5728	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:32.0313 5728	FontCache3.0.0.0 - ok
19:21:32.0391 5728	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:32.0391 5728	Fs_Rec - ok
19:21:32.0485 5728	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:21:32.0485 5728	gagp30kx - ok
19:21:32.0656 5728	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:32.0656 5728	GEARAspiWDM - ok
19:21:33.0109 5728	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:21:33.0109 5728	gpsvc - ok
19:21:33.0249 5728	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:21:33.0280 5728	HdAudAddService - ok
19:21:33.0436 5728	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:21:33.0467 5728	HDAudBus - ok
19:21:33.0561 5728	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:21:33.0561 5728	HidBth - ok
19:21:33.0608 5728	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:21:33.0608 5728	HidIr - ok
19:21:33.0686 5728	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:21:33.0686 5728	hidserv - ok
19:21:33.0717 5728	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:21:33.0717 5728	HidUsb - ok
19:21:33.0889 5728	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:21:33.0889 5728	hkmsvc - ok
19:21:33.0967 5728	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:21:33.0967 5728	HpCISSs - ok
19:21:34.0045 5728	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:21:34.0060 5728	HTTP - ok
19:21:34.0091 5728	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:21:34.0091 5728	i2omp - ok
19:21:34.0185 5728	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:34.0185 5728	i8042prt - ok
19:21:34.0263 5728	IAANTMON        (e03216d695cdc2d223afc0cab4498888) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:21:34.0263 5728	IAANTMON - ok
19:21:34.0325 5728	iaStor          (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys
19:21:34.0325 5728	iaStor - ok
19:21:34.0419 5728	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:21:34.0419 5728	iaStorV - ok
19:21:34.0497 5728	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:34.0513 5728	idsvc - ok
19:21:34.0591 5728	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:21:34.0591 5728	iirsp - ok
19:21:34.0669 5728	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:21:34.0669 5728	IKEEXT - ok
19:21:34.0793 5728	IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
19:21:34.0840 5728	IntcAzAudAddService - ok
19:21:34.0934 5728	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:21:34.0934 5728	intelide - ok
19:21:34.0965 5728	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:21:34.0965 5728	intelppm - ok
19:21:35.0043 5728	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:21:35.0043 5728	IPBusEnum - ok
19:21:35.0121 5728	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:35.0121 5728	IpFilterDriver - ok
19:21:35.0183 5728	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:21:35.0183 5728	iphlpsvc - ok
19:21:35.0246 5728	IpInIp - ok
19:21:35.0277 5728	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:21:35.0277 5728	IPMIDRV - ok
19:21:35.0355 5728	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:21:35.0355 5728	IPNAT - ok
19:21:35.0433 5728	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:21:35.0449 5728	iPod Service - ok
19:21:35.0511 5728	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:21:35.0511 5728	IRENUM - ok
19:21:35.0589 5728	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:21:35.0589 5728	isapnp - ok
19:21:35.0667 5728	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:21:35.0667 5728	iScsiPrt - ok
19:21:35.0745 5728	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:21:35.0745 5728	iteatapi - ok
19:21:35.0823 5728	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:21:35.0823 5728	iteraid - ok
19:21:35.0854 5728	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:21:35.0854 5728	kbdclass - ok
19:21:35.0885 5728	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:21:35.0885 5728	kbdhid - ok
19:21:35.0948 5728	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:21:35.0963 5728	KeyIso - ok
19:21:36.0041 5728	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:21:36.0041 5728	KSecDD - ok
19:21:36.0119 5728	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:21:36.0119 5728	KtmRm - ok
19:21:36.0213 5728	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:21:36.0213 5728	LanmanServer - ok
19:21:36.0322 5728	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:21:36.0322 5728	LanmanWorkstation - ok
19:21:36.0400 5728	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
19:21:36.0400 5728	LgBttPort - ok
19:21:36.0494 5728	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
19:21:36.0494 5728	lgbusenum - ok
19:21:36.0556 5728	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
19:21:36.0556 5728	LGVMODEM - ok
19:21:36.0619 5728	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:21:36.0619 5728	lltdio - ok
19:21:36.0712 5728	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:21:36.0712 5728	lltdsvc - ok
19:21:36.0759 5728	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:21:36.0759 5728	lmhosts - ok
19:21:36.0821 5728	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:21:36.0821 5728	LSI_FC - ok
19:21:36.0915 5728	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:21:36.0915 5728	LSI_SAS - ok
19:21:36.0977 5728	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:21:36.0977 5728	LSI_SCSI - ok
19:21:37.0040 5728	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:21:37.0040 5728	luafv - ok
19:21:37.0133 5728	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:21:37.0133 5728	MBAMProtector - ok
19:21:37.0243 5728	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:21:37.0243 5728	MBAMService - ok
19:21:37.0305 5728	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:21:37.0305 5728	Mcx2Svc - ok
19:21:37.0414 5728	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:21:37.0414 5728	megasas - ok
19:21:37.0508 5728	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:21:37.0508 5728	MegaSR - ok
19:21:37.0586 5728	Microsoft SharePoint Workspace Audit Service - ok
19:21:37.0679 5728	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:21:37.0679 5728	MMCSS - ok
19:21:37.0742 5728	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:21:37.0742 5728	Modem - ok
19:21:37.0851 5728	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:21:37.0851 5728	monitor - ok
19:21:37.0898 5728	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:21:37.0898 5728	mouclass - ok
19:21:37.0945 5728	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
19:21:37.0945 5728	mouhid - ok
19:21:37.0991 5728	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:21:37.0991 5728	MountMgr - ok
19:21:38.0069 5728	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:21:38.0069 5728	mpio - ok
19:21:38.0132 5728	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:21:38.0132 5728	mpsdrv - ok
19:21:38.0210 5728	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:21:38.0225 5728	MpsSvc - ok
19:21:38.0288 5728	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:21:38.0288 5728	Mraid35x - ok
19:21:38.0381 5728	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:21:38.0397 5728	MRxDAV - ok
19:21:38.0444 5728	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:38.0444 5728	mrxsmb - ok
19:21:38.0506 5728	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:38.0506 5728	mrxsmb10 - ok
19:21:38.0569 5728	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:38.0569 5728	mrxsmb20 - ok
19:21:38.0662 5728	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:21:38.0662 5728	msahci - ok
19:21:38.0709 5728	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:21:38.0709 5728	msdsm - ok
19:21:38.0771 5728	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:21:38.0771 5728	MSDTC - ok
19:21:38.0865 5728	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:21:38.0865 5728	Msfs - ok
19:21:38.0896 5728	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:21:38.0896 5728	msisadrv - ok
19:21:38.0974 5728	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:21:38.0974 5728	MSiSCSI - ok
19:21:39.0037 5728	msiserver - ok
19:21:39.0099 5728	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:21:39.0099 5728	MSKSSRV - ok
19:21:39.0193 5728	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:39.0193 5728	MSPCLOCK - ok
19:21:39.0302 5728	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:21:39.0302 5728	MSPQM - ok
19:21:39.0380 5728	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:21:39.0380 5728	MsRPC - ok
19:21:39.0442 5728	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:21:39.0442 5728	mssmbios - ok
19:21:39.0489 5728	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:21:39.0489 5728	MSTEE - ok
19:21:39.0598 5728	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:21:39.0614 5728	Mup - ok
19:21:39.0692 5728	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:21:39.0707 5728	napagent - ok
19:21:39.0785 5728	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:21:39.0785 5728	NativeWifiP - ok
19:21:39.0910 5728	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:21:39.0910 5728	NDIS - ok
19:21:39.0973 5728	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:39.0973 5728	NdisTapi - ok
19:21:40.0035 5728	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:40.0035 5728	Ndisuio - ok
19:21:40.0129 5728	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:40.0144 5728	NdisWan - ok
19:21:40.0207 5728	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:21:40.0222 5728	NDProxy - ok
19:21:40.0285 5728	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:21:40.0285 5728	NetBIOS - ok
19:21:40.0331 5728	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:21:40.0347 5728	netbt - ok
19:21:40.0441 5728	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:21:40.0441 5728	Netlogon - ok
19:21:40.0487 5728	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:21:40.0503 5728	Netman - ok
19:21:40.0550 5728	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:21:40.0550 5728	netprofm - ok
19:21:40.0659 5728	netr28          (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys
19:21:40.0659 5728	netr28 - ok
19:21:40.0721 5728	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:40.0721 5728	NetTcpPortSharing - ok
19:21:40.0815 5728	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:21:40.0815 5728	nfrd960 - ok
19:21:40.0877 5728	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:21:40.0893 5728	NlaSvc - ok
19:21:40.0955 5728	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:21:40.0955 5728	Npfs - ok
19:21:41.0018 5728	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:21:41.0018 5728	nsi - ok
19:21:41.0096 5728	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:21:41.0096 5728	nsiproxy - ok
19:21:41.0189 5728	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:21:41.0221 5728	Ntfs - ok
19:21:41.0314 5728	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:21:41.0314 5728	ntrigdigi - ok
19:21:41.0361 5728	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:21:41.0361 5728	Null - ok
19:21:41.0439 5728	NVHDA           (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
19:21:41.0439 5728	NVHDA - ok
19:21:41.0689 5728	nvlddmkm        (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:21:41.0845 5728	nvlddmkm - ok
19:21:41.0938 5728	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:21:41.0938 5728	nvraid - ok
19:21:42.0001 5728	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:21:42.0001 5728	nvstor - ok
19:21:42.0063 5728	nvsvc           (11e1dc466c3e384c1a697b95dc5aa785) C:\Windows\system32\nvvsvc.exe
19:21:42.0063 5728	nvsvc - ok
19:21:42.0110 5728	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:21:42.0125 5728	nv_agp - ok
19:21:42.0188 5728	NwlnkFlt - ok
19:21:42.0235 5728	NwlnkFwd - ok
19:21:42.0297 5728	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:21:42.0297 5728	ohci1394 - ok
19:21:42.0344 5728	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:42.0359 5728	ose - ok
19:21:42.0547 5728	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:21:42.0562 5728	osppsvc - ok
19:21:42.0687 5728	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:21:42.0703 5728	p2pimsvc - ok
19:21:42.0718 5728	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:21:42.0734 5728	p2psvc - ok
19:21:42.0796 5728	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:21:42.0796 5728	Parport - ok
19:21:42.0859 5728	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:21:42.0859 5728	partmgr - ok
19:21:42.0921 5728	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:21:42.0921 5728	Parvdm - ok
19:21:42.0968 5728	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:21:42.0968 5728	PcaSvc - ok
19:21:43.0046 5728	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:21:43.0046 5728	pci - ok
19:21:43.0093 5728	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:21:43.0093 5728	pciide - ok
19:21:43.0155 5728	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:21:43.0155 5728	pcmcia - ok
19:21:43.0217 5728	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:21:43.0233 5728	PEAUTH - ok
19:21:43.0327 5728	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:21:43.0358 5728	pla - ok
19:21:43.0436 5728	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:21:43.0451 5728	PlugPlay - ok
19:21:43.0514 5728	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:21:43.0514 5728	PNRPAutoReg - ok
19:21:43.0545 5728	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:21:43.0561 5728	PNRPsvc - ok
19:21:43.0592 5728	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:21:43.0592 5728	PolicyAgent - ok
19:21:43.0685 5728	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:21:43.0685 5728	PptpMiniport - ok
19:21:43.0732 5728	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:21:43.0732 5728	Processor - ok
19:21:43.0779 5728	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:21:43.0779 5728	ProfSvc - ok
19:21:43.0841 5728	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:21:43.0841 5728	ProtectedStorage - ok
19:21:43.0935 5728	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:21:43.0935 5728	PSched - ok
19:21:43.0997 5728	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:21:44.0029 5728	ql2300 - ok
19:21:44.0091 5728	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:21:44.0091 5728	ql40xx - ok
19:21:44.0169 5728	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:21:44.0169 5728	QWAVE - ok
19:21:44.0216 5728	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:21:44.0216 5728	QWAVEdrv - ok
19:21:44.0247 5728	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:21:44.0247 5728	RasAcd - ok
19:21:44.0294 5728	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:21:44.0294 5728	RasAuto - ok
19:21:44.0356 5728	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:44.0356 5728	Rasl2tp - ok
19:21:44.0450 5728	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:21:44.0450 5728	RasMan - ok
19:21:44.0528 5728	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:44.0528 5728	RasPppoe - ok
19:21:44.0606 5728	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:21:44.0606 5728	RasSstp - ok
19:21:44.0715 5728	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:21:44.0715 5728	rdbss - ok
19:21:44.0777 5728	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:44.0777 5728	RDPCDD - ok
19:21:44.0840 5728	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:21:44.0840 5728	rdpdr - ok
19:21:44.0902 5728	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:21:44.0902 5728	RDPENCDD - ok
19:21:44.0965 5728	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:21:44.0965 5728	RDPWD - ok
19:21:45.0043 5728	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:21:45.0043 5728	RemoteAccess - ok
19:21:45.0105 5728	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:21:45.0105 5728	RemoteRegistry - ok
19:21:45.0199 5728	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
19:21:45.0199 5728	RFCOMM - ok
19:21:45.0261 5728	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:21:45.0261 5728	RpcLocator - ok
19:21:45.0651 5728	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:21:45.0651 5728	RpcSs - ok
19:21:45.0745 5728	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:21:45.0745 5728	rspndr - ok
19:21:45.0838 5728	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:21:45.0838 5728	RTL8169 - ok
19:21:45.0885 5728	RTSTOR          (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
19:21:45.0885 5728	RTSTOR - ok
19:21:45.0947 5728	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:21:45.0947 5728	SamSs - ok
19:21:46.0010 5728	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:21:46.0010 5728	sbp2port - ok
19:21:46.0088 5728	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:21:46.0088 5728	SCardSvr - ok
19:21:46.0197 5728	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:21:46.0197 5728	Schedule - ok
19:21:46.0228 5728	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:21:46.0228 5728	SCPolicySvc - ok
19:21:46.0275 5728	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:21:46.0291 5728	SDRSVC - ok
19:21:46.0353 5728	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:21:46.0353 5728	secdrv - ok
19:21:46.0415 5728	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:21:46.0415 5728	seclogon - ok
19:21:46.0447 5728	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:21:46.0462 5728	SENS - ok
19:21:46.0478 5728	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:21:46.0493 5728	Serenum - ok
19:21:46.0540 5728	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:21:46.0540 5728	Serial - ok
19:21:46.0603 5728	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:21:46.0603 5728	sermouse - ok
19:21:46.0696 5728	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:21:46.0696 5728	SessionEnv - ok
19:21:46.0727 5728	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:21:46.0727 5728	sffdisk - ok
19:21:46.0759 5728	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:21:46.0774 5728	sffp_mmc - ok
19:21:46.0837 5728	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:21:46.0837 5728	sffp_sd - ok
19:21:46.0899 5728	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:21:46.0899 5728	sfloppy - ok
19:21:46.0961 5728	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:21:46.0961 5728	SharedAccess - ok
19:21:47.0024 5728	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:21:47.0039 5728	ShellHWDetection - ok
19:21:47.0102 5728	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:21:47.0102 5728	sisagp - ok
19:21:47.0164 5728	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:21:47.0180 5728	SiSRaid2 - ok
19:21:47.0211 5728	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:21:47.0211 5728	SiSRaid4 - ok
19:21:47.0336 5728	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:21:47.0414 5728	slsvc - ok
19:21:47.0492 5728	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:21:47.0507 5728	SLUINotify - ok
19:21:47.0617 5728	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:21:47.0617 5728	Smb - ok
19:21:47.0679 5728	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:21:47.0679 5728	SNMPTRAP - ok
19:21:47.0757 5728	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:21:47.0757 5728	spldr - ok
19:21:47.0804 5728	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:21:47.0804 5728	Spooler - ok
19:21:47.0897 5728	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:21:47.0897 5728	srv - ok
19:21:47.0975 5728	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:21:47.0975 5728	srv2 - ok
19:21:48.0007 5728	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:21:48.0007 5728	srvnet - ok
19:21:48.0053 5728	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:21:48.0053 5728	SSDPSRV - ok
19:21:48.0131 5728	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:21:48.0147 5728	ssmdrv - ok
19:21:48.0194 5728	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:21:48.0209 5728	SstpSvc - ok
19:21:48.0272 5728	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:21:48.0287 5728	stisvc - ok
19:21:48.0365 5728	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:21:48.0365 5728	swenum - ok
19:21:48.0443 5728	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:21:48.0459 5728	swprv - ok
19:21:48.0490 5728	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:21:48.0490 5728	Symc8xx - ok
19:21:48.0537 5728	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:21:48.0537 5728	Sym_hi - ok
19:21:48.0599 5728	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:21:48.0599 5728	Sym_u3 - ok
19:21:48.0693 5728	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:21:48.0693 5728	SynTP - ok
19:21:48.0755 5728	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:21:48.0771 5728	SysMain - ok
19:21:48.0849 5728	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:21:48.0865 5728	TabletInputService - ok
19:21:48.0927 5728	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:21:48.0927 5728	TapiSrv - ok
19:21:48.0974 5728	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:21:48.0974 5728	TBS - ok
19:21:49.0052 5728	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:21:49.0052 5728	Tcpip - ok
19:21:49.0130 5728	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:49.0130 5728	Tcpip6 - ok
19:21:49.0208 5728	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:21:49.0208 5728	tcpipreg - ok
19:21:49.0255 5728	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:21:49.0255 5728	TDPIPE - ok
19:21:49.0301 5728	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:21:49.0301 5728	TDTCP - ok
19:21:49.0379 5728	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:21:49.0379 5728	tdx - ok
19:21:49.0457 5728	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:21:49.0457 5728	TermDD - ok
19:21:49.0535 5728	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:21:49.0535 5728	TermService - ok
19:21:49.0613 5728	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:21:49.0629 5728	Themes - ok
19:21:49.0691 5728	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:21:49.0691 5728	THREADORDER - ok
19:21:49.0723 5728	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:21:49.0738 5728	TrkWks - ok
19:21:49.0769 5728	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:21:49.0769 5728	TrustedInstaller - ok
19:21:49.0879 5728	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:49.0879 5728	tssecsrv - ok
19:21:49.0925 5728	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:21:49.0925 5728	tunmp - ok
19:21:49.0988 5728	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:49.0988 5728	tunnel - ok
19:21:50.0019 5728	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:21:50.0019 5728	uagp35 - ok
19:21:50.0128 5728	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:21:50.0128 5728	udfs - ok
19:21:50.0206 5728	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:21:50.0206 5728	UI0Detect - ok
19:21:50.0253 5728	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:21:50.0269 5728	uliagpkx - ok
19:21:50.0347 5728	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:21:50.0347 5728	uliahci - ok
19:21:50.0409 5728	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:21:50.0409 5728	UlSata - ok
19:21:50.0456 5728	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:21:50.0471 5728	ulsata2 - ok
19:21:50.0549 5728	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:21:50.0549 5728	umbus - ok
19:21:50.0596 5728	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:21:50.0596 5728	upnphost - ok
19:21:50.0674 5728	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:21:50.0674 5728	USBAAPL - ok
19:21:50.0752 5728	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:21:50.0768 5728	usbbus - ok
19:21:50.0799 5728	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:50.0799 5728	usbccgp - ok
19:21:50.0846 5728	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:21:50.0846 5728	usbcir - ok
19:21:50.0908 5728	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:21:50.0908 5728	UsbDiag - ok
19:21:51.0017 5728	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:21:51.0017 5728	usbehci - ok
19:21:51.0064 5728	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:51.0080 5728	usbhub - ok
19:21:51.0158 5728	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:21:51.0158 5728	USBModem - ok
19:21:51.0189 5728	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:21:51.0189 5728	usbohci - ok
19:21:51.0283 5728	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:51.0283 5728	usbprint - ok
19:21:51.0345 5728	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:51.0345 5728	USBSTOR - ok
19:21:51.0376 5728	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:51.0376 5728	usbuhci - ok
19:21:51.0439 5728	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:21:51.0439 5728	usbvideo - ok
19:21:51.0532 5728	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:21:51.0532 5728	UxSms - ok
19:21:51.0595 5728	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:21:51.0610 5728	vds - ok
19:21:51.0673 5728	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:51.0688 5728	vga - ok
19:21:51.0751 5728	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:21:51.0751 5728	VgaSave - ok
19:21:51.0782 5728	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:21:51.0782 5728	viaagp - ok
19:21:51.0813 5728	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:21:51.0813 5728	ViaC7 - ok
19:21:51.0907 5728	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:21:51.0907 5728	viaide - ok
19:21:51.0969 5728	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:21:51.0969 5728	volmgr - ok
19:21:52.0031 5728	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:21:52.0047 5728	volmgrx - ok
19:21:52.0125 5728	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:21:52.0125 5728	volsnap - ok
19:21:52.0219 5728	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:21:52.0219 5728	vsmraid - ok
19:21:52.0312 5728	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:21:52.0328 5728	VSS - ok
19:21:52.0390 5728	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:21:52.0406 5728	W32Time - ok
19:21:52.0499 5728	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:21:52.0499 5728	WacomPen - ok
19:21:52.0531 5728	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:52.0531 5728	Wanarp - ok
19:21:52.0531 5728	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:52.0531 5728	Wanarpv6 - ok
19:21:52.0577 5728	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:21:52.0577 5728	wcncsvc - ok
19:21:52.0640 5728	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:21:52.0640 5728	WcsPlugInService - ok
19:21:52.0749 5728	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:21:52.0749 5728	Wd - ok
19:21:52.0811 5728	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:21:52.0811 5728	Wdf01000 - ok
19:21:52.0874 5728	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:21:52.0874 5728	WdiServiceHost - ok
19:21:52.0889 5728	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:21:52.0889 5728	WdiSystemHost - ok
19:21:52.0967 5728	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:21:52.0967 5728	WebClient - ok
19:21:53.0030 5728	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:21:53.0030 5728	Wecsvc - ok
19:21:53.0077 5728	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:21:53.0077 5728	wercplsupport - ok
19:21:53.0155 5728	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:21:53.0155 5728	WerSvc - ok
19:21:53.0233 5728	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:21:53.0233 5728	WimFltr - ok
19:21:53.0295 5728	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:21:53.0295 5728	WinDefend - ok
19:21:53.0311 5728	WinHttpAutoProxySvc - ok
19:21:53.0404 5728	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:21:53.0404 5728	Winmgmt - ok
19:21:53.0529 5728	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:21:53.0560 5728	WinRM - ok
19:21:53.0638 5728	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:21:53.0654 5728	Wlansvc - ok
19:21:53.0716 5728	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:21:53.0716 5728	WmiAcpi - ok
19:21:53.0794 5728	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:21:53.0810 5728	wmiApSrv - ok
19:21:53.0872 5728	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:21:53.0888 5728	WMPNetworkSvc - ok
19:21:53.0935 5728	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:21:53.0935 5728	WPCSvc - ok
19:21:54.0028 5728	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:21:54.0028 5728	WPDBusEnum - ok
19:21:54.0106 5728	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:21:54.0106 5728	WpdUsb - ok
19:21:54.0231 5728	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:21:54.0262 5728	WPFFontCache_v0400 - ok
19:21:54.0356 5728	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:54.0356 5728	ws2ifsl - ok
19:21:54.0418 5728	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:21:54.0434 5728	wscsvc - ok
19:21:54.0449 5728	WSearch - ok
19:21:54.0512 5728	WSVD            (b7f30c50a2e6e46822cd388608e06bb4) C:\Windows\system32\drivers\WSVD.sys
19:21:54.0512 5728	WSVD - ok
19:21:54.0652 5728	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:21:54.0668 5728	wuauserv - ok
19:21:54.0746 5728	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:54.0746 5728	WUDFRd - ok
19:21:54.0808 5728	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:21:54.0808 5728	wudfsvc - ok
19:21:54.0839 5728	MBR (0x1B8)     (c8c6dc722d4ef7ca320585d4bd90474e) \Device\Harddisk0\DR0
19:21:57.0819 5728	\Device\Harddisk0\DR0 - ok
19:21:57.0850 5728	Boot (0x1200)   (270b3243ae81a193ddeddfaa453c2f38) \Device\Harddisk0\DR0\Partition0
19:21:57.0850 5728	\Device\Harddisk0\DR0\Partition0 - ok
19:21:57.0881 5728	Boot (0x1200)   (56838bff36871812752f8d6c6bebc618) \Device\Harddisk0\DR0\Partition1
19:21:57.0881 5728	\Device\Harddisk0\DR0\Partition1 - ok
19:21:57.0881 5728	============================================================
19:21:57.0881 5728	Scan finished
         

Alt 21.04.2012, 19:26   #17
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



zweiter Teil:

Code:
ATTFilter
 19:21:57.0881 5728	============================================================
19:21:57.0897 5620	Detected object count: 0
19:21:57.0897 5620	Actual detected object count: 0
19:23:02.0114 3252	============================================================
19:23:02.0114 3252	Scan started
19:23:02.0114 3252	Mode: Manual; SigCheck; TDLFS; 
19:23:02.0114 3252	============================================================
19:23:03.0455 3252	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:23:03.0611 3252	ACPI - ok
19:23:03.0689 3252	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:23:03.0705 3252	AdobeFlashPlayerUpdateSvc - ok
19:23:03.0830 3252	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:23:03.0861 3252	adp94xx - ok
19:23:03.0923 3252	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:23:03.0939 3252	adpahci - ok
19:23:04.0048 3252	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:23:04.0064 3252	adpu160m - ok
19:23:04.0095 3252	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:23:04.0111 3252	adpu320 - ok
19:23:04.0204 3252	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:23:04.0267 3252	AeLookupSvc - ok
19:23:04.0345 3252	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:23:04.0391 3252	AFD - ok
19:23:04.0501 3252	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
19:23:04.0547 3252	AgereModemAudio - ok
19:23:04.0610 3252	AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
19:23:04.0813 3252	AgereSoftModem - ok
19:23:04.0906 3252	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:23:04.0922 3252	agp440 - ok
19:23:04.0953 3252	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:23:04.0969 3252	aic78xx - ok
19:23:05.0078 3252	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:23:05.0125 3252	ALG - ok
19:23:05.0234 3252	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:23:05.0249 3252	aliide - ok
19:23:05.0390 3252	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:23:05.0391 3252	amdagp - ok
19:23:05.0500 3252	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:23:05.0500 3252	amdide - ok
19:23:05.0578 3252	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:23:05.0625 3252	AmdK7 - ok
19:23:05.0718 3252	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:23:05.0765 3252	AmdK8 - ok
19:23:06.0202 3252	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:23:06.0218 3252	AntiVirSchedulerService - ok
19:23:06.0249 3252	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:23:06.0249 3252	AntiVirService - ok
19:23:06.0374 3252	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:23:06.0406 3252	Appinfo - ok
19:23:06.0499 3252	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:23:06.0499 3252	Apple Mobile Device - ok
19:23:06.0562 3252	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:23:06.0562 3252	arc - ok
19:23:06.0624 3252	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:23:06.0640 3252	arcsas - ok
19:23:06.0671 3252	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:06.0733 3252	AsyncMac - ok
19:23:06.0780 3252	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:23:06.0796 3252	atapi - ok
19:23:06.0858 3252	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:23:06.0889 3252	AudioEndpointBuilder - ok
19:23:06.0905 3252	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:23:06.0936 3252	Audiosrv - ok
19:23:07.0014 3252	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:23:07.0045 3252	avgntflt - ok
19:23:07.0077 3252	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
19:23:07.0092 3252	avipbb - ok
19:23:07.0139 3252	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:23:07.0139 3252	avkmgr - ok
19:23:07.0186 3252	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:23:07.0233 3252	Beep - ok
19:23:07.0326 3252	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:23:07.0357 3252	BFE - ok
19:23:07.0435 3252	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:23:07.0498 3252	BITS - ok
19:23:07.0560 3252	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:23:07.0607 3252	blbdrive - ok
19:23:07.0669 3252	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:23:07.0685 3252	Bonjour Service - ok
19:23:07.0794 3252	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:23:07.0825 3252	bowser - ok
19:23:07.0872 3252	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:23:07.0919 3252	BrFiltLo - ok
19:23:07.0997 3252	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:23:08.0044 3252	BrFiltUp - ok
19:23:08.0106 3252	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:23:08.0153 3252	Browser - ok
19:23:08.0231 3252	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:23:08.0325 3252	Brserid - ok
19:23:08.0371 3252	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:23:08.0418 3252	BrSerWdm - ok
19:23:08.0512 3252	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:23:08.0559 3252	BrUsbMdm - ok
19:23:08.0605 3252	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:23:08.0668 3252	BrUsbSer - ok
19:23:08.0761 3252	BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
19:23:08.0793 3252	BthEnum - ok
19:23:08.0902 3252	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:23:08.0949 3252	BTHMODEM - ok
19:23:09.0151 3252	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:23:09.0198 3252	BthPan - ok
19:23:09.0307 3252	BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
19:23:09.0370 3252	BTHPORT - ok
19:23:09.0417 3252	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:23:09.0448 3252	BthServ - ok
19:23:09.0557 3252	BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
19:23:09.0619 3252	BTHUSB - ok
19:23:09.0697 3252	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:23:09.0713 3252	cdfs - ok
19:23:09.0791 3252	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:23:09.0822 3252	cdrom - ok
19:23:09.0900 3252	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:23:09.0947 3252	CertPropSvc - ok
19:23:10.0025 3252	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:23:10.0072 3252	circlass - ok
19:23:10.0165 3252	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:23:10.0181 3252	CLFS - ok
19:23:10.0243 3252	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:10.0259 3252	clr_optimization_v2.0.50727_32 - ok
19:23:10.0368 3252	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:10.0399 3252	clr_optimization_v4.0.30319_32 - ok
19:23:10.0477 3252	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:10.0540 3252	CmBatt - ok
19:23:10.0618 3252	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:23:10.0618 3252	cmdide - ok
19:23:10.0680 3252	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:23:10.0696 3252	Compbatt - ok
19:23:10.0743 3252	COMSysApp - ok
19:23:10.0805 3252	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:23:10.0805 3252	crcdisk - ok
19:23:10.0867 3252	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:23:10.0914 3252	Crusoe - ok
19:23:11.0008 3252	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:23:11.0039 3252	CryptSvc - ok
19:23:11.0133 3252	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:23:11.0179 3252	DcomLaunch - ok
19:23:11.0289 3252	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:23:11.0320 3252	DfsC - ok
19:23:11.0460 3252	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:23:11.0538 3252	DFSR - ok
19:23:11.0647 3252	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:23:11.0663 3252	Dhcp - ok
19:23:11.0772 3252	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:23:11.0788 3252	disk - ok
19:23:11.0881 3252	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:23:11.0913 3252	Dnscache - ok
19:23:12.0006 3252	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:23:12.0037 3252	dot3svc - ok
19:23:12.0131 3252	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:23:12.0178 3252	DPS - ok
19:23:12.0271 3252	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:23:12.0318 3252	drmkaud - ok
19:23:12.0443 3252	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:23:12.0490 3252	DXGKrnl - ok
19:23:12.0599 3252	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:23:12.0646 3252	E1G60 - ok
19:23:12.0739 3252	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:23:12.0771 3252	EapHost - ok
19:23:12.0895 3252	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:23:12.0911 3252	Ecache - ok
19:23:12.0973 3252	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:23:12.0989 3252	ehRecvr - ok
19:23:13.0005 3252	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:23:13.0036 3252	ehSched - ok
19:23:13.0083 3252	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:23:13.0114 3252	ehstart - ok
19:23:13.0223 3252	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:23:13.0239 3252	elxstor - ok
19:23:13.0363 3252	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:23:13.0395 3252	EMDMgmt - ok
19:23:13.0551 3252	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:23:13.0582 3252	ErrDev - ok
19:23:13.0691 3252	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:23:13.0738 3252	EventSystem - ok
19:23:13.0847 3252	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:23:13.0894 3252	exfat - ok
19:23:13.0972 3252	Fabs - ok
19:23:14.0112 3252	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:23:14.0143 3252	fastfat - ok
19:23:14.0253 3252	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:23:14.0299 3252	fdc - ok
19:23:14.0377 3252	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:23:14.0409 3252	fdPHost - ok
19:23:14.0502 3252	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:23:14.0549 3252	FDResPub - ok
19:23:14.0705 3252	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:23:14.0705 3252	FileInfo - ok
19:23:14.0783 3252	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:23:14.0830 3252	Filetrace - ok
19:23:14.0986 3252	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:23:15.0157 3252	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:23:15.0157 3252	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:23:15.0267 3252	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:15.0282 3252	flpydisk - ok
19:23:15.0345 3252	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:23:15.0360 3252	FltMgr - ok
19:23:15.0485 3252	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:23:15.0547 3252	FontCache - ok
19:23:15.0641 3252	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:23:15.0641 3252	FontCache3.0.0.0 - ok
19:23:15.0735 3252	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:23:15.0766 3252	Fs_Rec - ok
19:23:15.0828 3252	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:23:15.0844 3252	gagp30kx - ok
19:23:15.0937 3252	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:15.0953 3252	GEARAspiWDM - ok
19:23:16.0031 3252	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:23:16.0062 3252	gpsvc - ok
19:23:16.0171 3252	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:23:16.0234 3252	HdAudAddService - ok
19:23:16.0327 3252	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:16.0359 3252	HDAudBus - ok
19:23:16.0483 3252	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:23:16.0530 3252	HidBth - ok
19:23:16.0577 3252	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:23:16.0624 3252	HidIr - ok
19:23:16.0733 3252	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:23:16.0764 3252	hidserv - ok
19:23:16.0827 3252	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:23:16.0858 3252	HidUsb - ok
19:23:16.0951 3252	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:23:16.0983 3252	hkmsvc - ok
19:23:17.0029 3252	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:23:17.0045 3252	HpCISSs - ok
19:23:17.0154 3252	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:23:17.0185 3252	HTTP - ok
19:23:17.0263 3252	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:23:17.0263 3252	i2omp - ok
19:23:17.0341 3252	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:17.0373 3252	i8042prt - ok
19:23:17.0435 3252	IAANTMON        (e03216d695cdc2d223afc0cab4498888) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:23:17.0466 3252	IAANTMON - ok
19:23:17.0591 3252	iaStor          (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys
19:23:17.0607 3252	iaStor - ok
19:23:17.0653 3252	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:23:17.0669 3252	iaStorV - ok
19:23:17.0763 3252	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:23:17.0841 3252	idsvc - ok
19:23:17.0950 3252	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:23:17.0965 3252	iirsp - ok
19:23:18.0075 3252	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:23:18.0121 3252	IKEEXT - ok
19:23:18.0277 3252	IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
19:23:18.0340 3252	IntcAzAudAddService - ok
19:23:18.0605 3252	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:23:18.0621 3252	intelide - ok
19:23:18.0714 3252	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:23:18.0761 3252	intelppm - ok
19:23:18.0870 3252	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:23:18.0901 3252	IPBusEnum - ok
19:23:18.0995 3252	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:19.0042 3252	IpFilterDriver - ok
19:23:19.0151 3252	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:23:19.0167 3252	iphlpsvc - ok
19:23:19.0260 3252	IpInIp - ok
19:23:19.0307 3252	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:23:19.0338 3252	IPMIDRV - ok
19:23:19.0447 3252	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:23:19.0494 3252	IPNAT - ok
19:23:19.0557 3252	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:23:19.0588 3252	iPod Service - ok
19:23:19.0666 3252	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:23:19.0713 3252	IRENUM - ok
19:23:19.0806 3252	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:23:19.0822 3252	isapnp - ok
19:23:19.0931 3252	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:23:19.0947 3252	iScsiPrt - ok
19:23:20.0040 3252	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:23:20.0056 3252	iteatapi - ok
19:23:20.0134 3252	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:23:20.0149 3252	iteraid - ok
19:23:20.0259 3252	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:20.0259 3252	kbdclass - ok
19:23:20.0352 3252	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:23:20.0383 3252	kbdhid - ok
19:23:20.0508 3252	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:23:20.0524 3252	KeyIso - ok
19:23:20.0664 3252	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:23:20.0680 3252	KSecDD - ok
19:23:20.0789 3252	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:23:20.0867 3252	KtmRm - ok
19:23:20.0992 3252	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:23:21.0007 3252	LanmanServer - ok
19:23:21.0101 3252	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:23:21.0132 3252	LanmanWorkstation - ok
19:23:21.0257 3252	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
19:23:21.0273 3252	LgBttPort - ok
19:23:21.0382 3252	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
19:23:21.0413 3252	lgbusenum - ok
19:23:21.0522 3252	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
19:23:21.0538 3252	LGVMODEM - ok
19:23:21.0647 3252	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:23:21.0678 3252	lltdio - ok
19:23:21.0772 3252	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:23:21.0819 3252	lltdsvc - ok
19:23:21.0912 3252	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:23:21.0943 3252	lmhosts - ok
19:23:22.0053 3252	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:23:22.0068 3252	LSI_FC - ok
19:23:22.0177 3252	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:23:22.0177 3252	LSI_SAS - ok
19:23:22.0287 3252	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:23:22.0302 3252	LSI_SCSI - ok
19:23:22.0396 3252	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:23:22.0427 3252	luafv - ok
19:23:22.0521 3252	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:23:22.0536 3252	MBAMProtector - ok
19:23:22.0614 3252	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:23:22.0645 3252	MBAMService - ok
19:23:22.0739 3252	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:23:22.0770 3252	Mcx2Svc - ok
19:23:22.0864 3252	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:23:22.0879 3252	megasas - ok
19:23:22.0989 3252	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:23:23.0020 3252	MegaSR - ok
19:23:23.0082 3252	Microsoft SharePoint Workspace Audit Service - ok
19:23:23.0145 3252	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:23:23.0191 3252	MMCSS - ok
19:23:23.0301 3252	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:23:23.0332 3252	Modem - ok
19:23:23.0441 3252	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:23:23.0457 3252	monitor - ok
19:23:23.0566 3252	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:23:23.0581 3252	mouclass - ok
19:23:23.0675 3252	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
19:23:23.0706 3252	mouhid - ok
19:23:23.0815 3252	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:23:23.0831 3252	MountMgr - ok
19:23:23.0893 3252	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:23:23.0909 3252	mpio - ok
19:23:24.0003 3252	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:23:24.0034 3252	mpsdrv - ok
19:23:24.0143 3252	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:23:24.0174 3252	MpsSvc - ok
19:23:24.0268 3252	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:23:24.0283 3252	Mraid35x - ok
19:23:24.0408 3252	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:23:24.0439 3252	MRxDAV - ok
19:23:24.0549 3252	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:24.0595 3252	mrxsmb - ok
19:23:24.0720 3252	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:24.0736 3252	mrxsmb10 - ok
19:23:24.0861 3252	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:24.0892 3252	mrxsmb20 - ok
19:23:25.0001 3252	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:23:25.0017 3252	msahci - ok
19:23:25.0110 3252	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:23:25.0126 3252	msdsm - ok
19:23:25.0204 3252	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:23:25.0235 3252	MSDTC - ok
19:23:25.0344 3252	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:23:25.0375 3252	Msfs - ok
19:23:25.0469 3252	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:23:25.0485 3252	msisadrv - ok
19:23:25.0578 3252	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:23:25.0625 3252	MSiSCSI - ok
19:23:25.0719 3252	msiserver - ok
19:23:25.0812 3252	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:23:25.0843 3252	MSKSSRV - ok
19:23:25.0937 3252	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:25.0984 3252	MSPCLOCK - ok
19:23:26.0077 3252	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:23:26.0124 3252	MSPQM - ok
19:23:26.0249 3252	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:23:26.0265 3252	MsRPC - ok
19:23:26.0358 3252	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:26.0374 3252	mssmbios - ok
19:23:26.0467 3252	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:23:26.0514 3252	MSTEE - ok
19:23:26.0623 3252	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:23:26.0639 3252	Mup - ok
19:23:26.0748 3252	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:23:26.0779 3252	napagent - ok
19:23:26.0889 3252	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:23:26.0904 3252	NativeWifiP - ok
19:23:27.0013 3252	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:23:27.0045 3252	NDIS - ok
19:23:27.0138 3252	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:27.0169 3252	NdisTapi - ok
19:23:27.0263 3252	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:27.0310 3252	Ndisuio - ok
19:23:27.0419 3252	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:27.0450 3252	NdisWan - ok
19:23:27.0575 3252	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:23:27.0591 3252	NDProxy - ok
19:23:27.0700 3252	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:23:27.0731 3252	NetBIOS - ok
19:23:27.0856 3252	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:23:27.0887 3252	netbt - ok
19:23:27.0981 3252	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:23:27.0996 3252	Netlogon - ok
19:23:28.0090 3252	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:23:28.0121 3252	Netman - ok
19:23:28.0215 3252	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:23:28.0261 3252	netprofm - ok
19:23:28.0386 3252	netr28          (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys
19:23:28.0402 3252	netr28 - ok
19:23:28.0480 3252	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:28.0495 3252	NetTcpPortSharing - ok
19:23:28.0605 3252	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:23:28.0620 3252	nfrd960 - ok
19:23:28.0714 3252	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:23:28.0761 3252	NlaSvc - ok
19:23:28.0870 3252	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:23:28.0885 3252	Npfs - ok
19:23:28.0979 3252	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:23:29.0026 3252	nsi - ok
19:23:29.0119 3252	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:23:29.0151 3252	nsiproxy - ok
19:23:29.0291 3252	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:23:29.0369 3252	Ntfs - ok
19:23:29.0463 3252	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:23:29.0525 3252	ntrigdigi - ok
19:23:29.0650 3252	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:23:29.0681 3252	Null - ok
19:23:29.0775 3252	NVHDA           (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys
19:23:29.0775 3252	NVHDA - ok
19:23:30.0040 3252	nvlddmkm        (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:23:30.0321 3252	nvlddmkm - ok
19:23:30.0430 3252	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:23:30.0445 3252	nvraid - ok
19:23:30.0555 3252	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:23:30.0555 3252	nvstor - ok
19:23:30.0679 3252	nvsvc           (11e1dc466c3e384c1a697b95dc5aa785) C:\Windows\system32\nvvsvc.exe
19:23:30.0695 3252	nvsvc - ok
19:23:30.0835 3252	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:23:30.0851 3252	nv_agp - ok
19:23:30.0929 3252	NwlnkFlt - ok
19:23:31.0054 3252	NwlnkFwd - ok
19:23:31.0163 3252	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:23:31.0210 3252	ohci1394 - ok
19:23:31.0288 3252	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:31.0303 3252	ose - ok
19:23:31.0491 3252	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:23:32.0052 3252	osppsvc - ok
19:23:32.0255 3252	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:23:32.0302 3252	p2pimsvc - ok
19:23:32.0333 3252	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:23:32.0380 3252	p2psvc - ok
19:23:32.0458 3252	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:23:32.0520 3252	Parport - ok
19:23:32.0614 3252	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:23:32.0629 3252	partmgr - ok
19:23:32.0676 3252	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:23:32.0707 3252	Parvdm - ok
19:23:32.0754 3252	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:23:32.0785 3252	PcaSvc - ok
19:23:32.0879 3252	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:23:32.0879 3252	pci - ok
19:23:32.0957 3252	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:23:32.0973 3252	pciide - ok
19:23:33.0004 3252	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:23:33.0019 3252	pcmcia - ok
19:23:33.0097 3252	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:23:33.0175 3252	PEAUTH - ok
19:23:33.0285 3252	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:23:33.0363 3252	pla - ok
19:23:33.0425 3252	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:23:33.0456 3252	PlugPlay - ok
19:23:33.0550 3252	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:23:33.0581 3252	PNRPAutoReg - ok
19:23:33.0612 3252	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:23:33.0628 3252	PNRPsvc - ok
19:23:33.0737 3252	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:23:33.0784 3252	PolicyAgent - ok
19:23:33.0831 3252	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:23:33.0862 3252	PptpMiniport - ok
19:23:33.0924 3252	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:23:33.0955 3252	Processor - ok
19:23:34.0049 3252	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:23:34.0080 3252	ProfSvc - ok
19:23:34.0127 3252	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:23:34.0143 3252	ProtectedStorage - ok
19:23:34.0221 3252	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:23:34.0252 3252	PSched - ok
19:23:34.0361 3252	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:23:34.0423 3252	ql2300 - ok
19:23:34.0486 3252	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:23:34.0501 3252	ql40xx - ok
19:23:34.0564 3252	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:23:34.0579 3252	QWAVE - ok
19:23:34.0626 3252	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:23:34.0626 3252	QWAVEdrv - ok
19:23:34.0689 3252	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:23:34.0720 3252	RasAcd - ok
19:23:34.0782 3252	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:23:34.0798 3252	RasAuto - ok
19:23:34.0860 3252	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:34.0891 3252	Rasl2tp - ok
19:23:34.0969 3252	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:23:35.0001 3252	RasMan - ok
19:23:35.0079 3252	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:35.0094 3252	RasPppoe - ok
19:23:35.0157 3252	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:23:35.0172 3252	RasSstp - ok
19:23:35.0250 3252	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:23:35.0281 3252	rdbss - ok
19:23:35.0344 3252	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:35.0375 3252	RDPCDD - ok
19:23:35.0422 3252	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:23:35.0453 3252	rdpdr - ok
19:23:35.0484 3252	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:23:35.0515 3252	RDPENCDD - ok
19:23:35.0609 3252	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:23:35.0625 3252	RDPWD - ok
19:23:35.0703 3252	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:23:35.0734 3252	RemoteAccess - ok
19:23:35.0796 3252	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:23:35.0827 3252	RemoteRegistry - ok
19:23:35.0890 3252	RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
19:23:35.0921 3252	RFCOMM - ok
19:23:35.0999 3252	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:23:36.0030 3252	RpcLocator - ok
19:23:36.0124 3252	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:23:36.0155 3252	RpcSs - ok
19:23:36.0217 3252	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:23:36.0264 3252	rspndr - ok
19:23:36.0342 3252	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:23:36.0358 3252	RTL8169 - ok
19:23:36.0420 3252	RTSTOR          (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
19:23:36.0420 3252	RTSTOR - ok
19:23:36.0483 3252	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:23:36.0498 3252	SamSs - ok
19:23:36.0561 3252	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:23:36.0561 3252	sbp2port - ok
19:23:36.0654 3252	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:23:36.0685 3252	SCardSvr - ok
19:23:36.0795 3252	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:23:36.0826 3252	Schedule - ok
19:23:36.0904 3252	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:23:36.0919 3252	SCPolicySvc - ok
19:23:36.0966 3252	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:23:36.0982 3252	SDRSVC - ok
19:23:37.0060 3252	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:23:37.0107 3252	secdrv - ok
19:23:37.0153 3252	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:23:37.0200 3252	seclogon - ok
19:23:37.0263 3252	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:23:37.0309 3252	SENS - ok
19:23:37.0372 3252	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:23:37.0419 3252	Serenum - ok
19:23:37.0481 3252	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:23:37.0543 3252	Serial - ok
19:23:37.0590 3252	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:23:37.0606 3252	sermouse - ok
19:23:37.0684 3252	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:23:37.0715 3252	SessionEnv - ok
19:23:37.0793 3252	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:23:37.0809 3252	sffdisk - ok
19:23:37.0871 3252	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:23:37.0887 3252	sffp_mmc - ok
19:23:37.0949 3252	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:23:37.0980 3252	sffp_sd - ok
19:23:38.0043 3252	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:23:38.0089 3252	sfloppy - ok
19:23:38.0152 3252	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:23:38.0183 3252	SharedAccess - ok
19:23:38.0261 3252	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:23:38.0277 3252	ShellHWDetection - ok
19:23:38.0355 3252	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:23:38.0370 3252	sisagp - ok
19:23:38.0417 3252	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:23:38.0433 3252	SiSRaid2 - ok
19:23:38.0464 3252	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:23:38.0479 3252	SiSRaid4 - ok
19:23:38.0620 3252	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:23:38.0776 3252	slsvc - ok
19:23:38.0869 3252	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:23:38.0901 3252	SLUINotify - ok
19:23:38.0963 3252	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:23:38.0994 3252	Smb - ok
19:23:39.0072 3252	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:23:39.0088 3252	SNMPTRAP - ok
19:23:39.0150 3252	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:23:39.0166 3252	spldr - ok
19:23:39.0213 3252	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:23:39.0244 3252	Spooler - ok
19:23:39.0306 3252	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:23:39.0322 3252	srv - ok
19:23:39.0400 3252	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:23:39.0415 3252	srv2 - ok
19:23:39.0462 3252	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:23:39.0478 3252	srvnet - ok
19:23:39.0525 3252	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:23:39.0571 3252	SSDPSRV - ok
19:23:39.0634 3252	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:23:39.0649 3252	ssmdrv - ok
19:23:39.0727 3252	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:23:39.0743 3252	SstpSvc - ok
19:23:39.0821 3252	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:23:39.0852 3252	stisvc - ok
19:23:39.0915 3252	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:23:39.0915 3252	swenum - ok
19:23:39.0977 3252	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:23:40.0008 3252	swprv - ok
19:23:40.0086 3252	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:23:40.0102 3252	Symc8xx - ok
19:23:40.0149 3252	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:23:40.0164 3252	Sym_hi - ok
19:23:40.0211 3252	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:23:40.0227 3252	Sym_u3 - ok
19:23:40.0273 3252	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:23:40.0273 3252	SynTP - ok
19:23:40.0383 3252	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:23:40.0414 3252	SysMain - ok
19:23:40.0476 3252	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:23:40.0492 3252	TabletInputService - ok
19:23:40.0539 3252	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:23:40.0585 3252	TapiSrv - ok
19:23:40.0617 3252	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:23:40.0663 3252	TBS - ok
19:23:40.0788 3252	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:23:40.0851 3252	Tcpip - ok
19:23:40.0944 3252	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:23:40.0991 3252	Tcpip6 - ok
19:23:41.0116 3252	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:23:41.0131 3252	tcpipreg - ok
19:23:41.0163 3252	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:23:41.0209 3252	TDPIPE - ok
19:23:41.0272 3252	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:23:41.0287 3252	TDTCP - ok
19:23:41.0381 3252	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:23:41.0397 3252	tdx - ok
19:23:41.0459 3252	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:23:41.0475 3252	TermDD - ok
19:23:41.0553 3252	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:23:41.0599 3252	TermService - ok
19:23:41.0740 3252	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:23:41.0755 3252	Themes - ok
19:23:41.0802 3252	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:23:41.0833 3252	THREADORDER - ok
19:23:41.0880 3252	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:23:41.0911 3252	TrkWks - ok
19:23:41.0958 3252	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:23:41.0974 3252	TrustedInstaller - ok
19:23:42.0067 3252	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:42.0114 3252	tssecsrv - ok
19:23:42.0177 3252	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:23:42.0192 3252	tunmp - ok
19:23:42.0255 3252	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:23:42.0270 3252	tunnel - ok
19:23:42.0364 3252	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:23:42.0379 3252	uagp35 - ok
19:23:42.0457 3252	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:23:42.0473 3252	udfs - ok
19:23:42.0535 3252	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:23:42.0582 3252	UI0Detect - ok
19:23:42.0676 3252	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:23:42.0691 3252	uliagpkx - ok
19:23:42.0738 3252	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:23:42.0754 3252	uliahci - ok
19:23:42.0801 3252	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:23:42.0816 3252	UlSata - ok
19:23:42.0847 3252	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:23:42.0863 3252	ulsata2 - ok
19:23:42.0972 3252	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:23:42.0988 3252	umbus - ok
19:23:43.0050 3252	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:23:43.0081 3252	upnphost - ok
19:23:43.0128 3252	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:23:43.0144 3252	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:23:43.0144 3252	USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:23:43.0222 3252	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:23:43.0253 3252	usbbus - ok
19:23:43.0315 3252	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:43.0347 3252	usbccgp - ok
19:23:43.0393 3252	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:23:43.0440 3252	usbcir - ok
19:23:43.0487 3252	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:23:43.0518 3252	UsbDiag - ok
19:23:43.0612 3252	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:23:43.0643 3252	usbehci - ok
19:23:43.0690 3252	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:23:43.0737 3252	usbhub - ok
19:23:43.0799 3252	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:23:43.0830 3252	USBModem - ok
19:23:43.0908 3252	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:23:43.0971 3252	usbohci - ok
19:23:44.0033 3252	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:23:44.0064 3252	usbprint - ok
19:23:44.0111 3252	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:44.0142 3252	USBSTOR - ok
19:23:44.0236 3252	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:23:44.0267 3252	usbuhci - ok
19:23:44.0329 3252	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:23:44.0376 3252	usbvideo - ok
19:23:44.0423 3252	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:23:44.0470 3252	UxSms - ok
19:23:44.0579 3252	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:23:44.0626 3252	vds - ok
19:23:44.0688 3252	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:44.0719 3252	vga - ok
19:23:44.0797 3252	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:23:44.0844 3252	VgaSave - ok
19:23:44.0891 3252	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:23:44.0891 3252	viaagp - ok
19:23:44.0969 3252	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:23:45.0000 3252	ViaC7 - ok
19:23:45.0031 3252	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:23:45.0047 3252	viaide - ok
19:23:45.0125 3252	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:23:45.0125 3252	volmgr - ok
19:23:45.0203 3252	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:23:45.0219 3252	volmgrx - ok
19:23:45.0297 3252	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:23:45.0312 3252	volsnap - ok
19:23:45.0390 3252	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:23:45.0406 3252	vsmraid - ok
19:23:45.0484 3252	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:23:45.0546 3252	VSS - ok
19:23:45.0671 3252	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:23:45.0702 3252	W32Time - ok
19:23:45.0780 3252	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:23:45.0811 3252	WacomPen - ok
19:23:45.0889 3252	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:45.0921 3252	Wanarp - ok
19:23:45.0921 3252	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:45.0936 3252	Wanarpv6 - ok
19:23:46.0014 3252	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:23:46.0045 3252	wcncsvc - ok
19:23:46.0108 3252	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:23:46.0139 3252	WcsPlugInService - ok
19:23:46.0248 3252	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:23:46.0264 3252	Wd - ok
19:23:46.0295 3252	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:23:46.0326 3252	Wdf01000 - ok
19:23:46.0342 3252	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:23:46.0373 3252	WdiServiceHost - ok
19:23:46.0373 3252	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:23:46.0404 3252	WdiSystemHost - ok
19:23:46.0529 3252	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:23:46.0560 3252	WebClient - ok
19:23:46.0607 3252	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:23:46.0638 3252	Wecsvc - ok
19:23:46.0732 3252	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:23:46.0747 3252	wercplsupport - ok
19:23:46.0810 3252	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:23:46.0857 3252	WerSvc - ok
19:23:46.0919 3252	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:23:46.0935 3252	WimFltr - ok
19:23:46.0997 3252	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:23:47.0013 3252	WinDefend - ok
19:23:47.0028 3252	WinHttpAutoProxySvc - ok
19:23:47.0122 3252	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:23:47.0153 3252	Winmgmt - ok
19:23:47.0231 3252	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:23:47.0325 3252	WinRM - ok
19:23:47.0434 3252	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:23:47.0449 3252	Wlansvc - ok
19:23:47.0543 3252	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:23:47.0559 3252	WmiAcpi - ok
19:23:47.0621 3252	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:23:47.0652 3252	wmiApSrv - ok
19:23:47.0730 3252	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:23:47.0793 3252	WMPNetworkSvc - ok
19:23:47.0886 3252	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:23:47.0917 3252	WPCSvc - ok
19:23:47.0995 3252	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:23:48.0011 3252	WPDBusEnum - ok
19:23:48.0105 3252	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:23:48.0120 3252	WpdUsb - ok
19:23:48.0276 3252	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:23:48.0292 3252	WPFFontCache_v0400 - ok
19:23:48.0417 3252	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:23:48.0432 3252	ws2ifsl - ok
19:23:48.0541 3252	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:23:48.0557 3252	wscsvc - ok
19:23:48.0635 3252	WSearch - ok
19:23:48.0713 3252	WSVD            (b7f30c50a2e6e46822cd388608e06bb4) C:\Windows\system32\drivers\WSVD.sys
19:23:48.0713 3252	WSVD - ok
19:23:48.0853 3252	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:23:48.0947 3252	wuauserv - ok
19:23:49.0009 3252	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:49.0041 3252	WUDFRd - ok
19:23:49.0134 3252	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:23:49.0150 3252	wudfsvc - ok
19:23:49.0181 3252	MBR (0x1B8)     (c8c6dc722d4ef7ca320585d4bd90474e) \Device\Harddisk0\DR0
19:23:52.0317 3252	\Device\Harddisk0\DR0 - ok
19:23:52.0348 3252	Boot (0x1200)   (270b3243ae81a193ddeddfaa453c2f38) \Device\Harddisk0\DR0\Partition0
19:23:52.0348 3252	\Device\Harddisk0\DR0\Partition0 - ok
19:23:52.0379 3252	Boot (0x1200)   (56838bff36871812752f8d6c6bebc618) \Device\Harddisk0\DR0\Partition1
19:23:52.0379 3252	\Device\Harddisk0\DR0\Partition1 - ok
19:23:52.0379 3252	============================================================
19:23:52.0379 3252	Scan finished
19:23:52.0379 3252	============================================================
19:23:52.0379 5192	Detected object count: 2
19:23:52.0379 5192	Actual detected object count: 2
19:26:05.0166 5192	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:05.0166 5192	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:26:05.0166 5192	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:05.0166 5192	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________


Alt 21.04.2012, 20:58   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 22.04.2012, 16:08   #19
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



erledigt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-22.01 - ******* 22.04.2012  16:56:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1897 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\lgcenter.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-22 bis 2012-04-22  ))))))))))))))))))))))))))))))
.
.
2012-04-22 15:02 . 2012-04-22 15:02	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-04-22 15:02 . 2012-04-22 15:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-21 16:36 . 2012-04-21 16:36	--------	d-----w-	C:\_OTL
2012-04-21 09:33 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D078AEC-A0AC-4195-81AF-A71F7B86D66C}\mpengine.dll
2012-04-15 14:18 . 2012-04-15 14:54	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-14 20:02 . 2012-04-14 20:02	--------	d-----w-	c:\program files\ESET
2012-04-11 01:10 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 01:10 . 2012-02-29 15:11	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 01:10 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 01:10 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 01:09 . 2012-03-06 06:39	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 01:09 . 2012-03-06 06:39	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 01:02 . 2012-04-11 01:02	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-04-07 18:41 . 2012-04-07 18:41	--------	d-----w-	c:\program files\7-Zip
2012-04-07 17:04 . 2012-04-07 17:04	--------	d-----w-	c:\programdata\WindowsSearch
2012-04-05 19:59 . 2012-04-06 23:31	--------	d-----w-	c:\users\*******\Ebooks_Calibre
2012-04-05 19:58 . 2012-04-05 20:08	--------	d-----w-	c:\users\*******\AppData\Roaming\calibre
2012-04-05 19:58 . 2012-04-05 19:58	--------	d-----w-	c:\program files\Calibre2
2012-03-29 18:26 . 2012-03-29 18:28	--------	d-----w-	c:\program files\ALDI Bestellsoftware
2012-03-28 16:10 . 2012-03-28 16:10	--------	d-----w-	c:\program files\iPod
2012-03-28 16:10 . 2012-03-28 16:11	--------	d-----w-	c:\program files\iTunes
2012-03-28 09:00 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-28 09:00 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-28 09:00 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-28 09:00 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-28 09:00 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-28 09:00 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-28 09:00 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-28 09:00 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 14:54 . 2012-02-26 20:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-03 19:41	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 12:38 . 2011-11-27 21:31	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 10:09 . 2012-02-14 10:09	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2008-06-09 2867200]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-10 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-10 92704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-21 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:54]
.
2012-04-22 c:\windows\Tasks\User_Feed_Synchronization-{79CDFA36-96EB-4BAB-8459-53F9FFBDCA6D}.job
- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-22 17:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-22  17:05:20
ComboFix-quarantined-files.txt  2012-04-22 15:05
.
Vor Suchlauf: 10 Verzeichnis(se), 91.971.915.776 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 91.905.998.848 Bytes frei
.
- - End Of File - - 85F8D72C4C9EF4CEBF00CDFD9AF5063E
         
--- --- ---

Alt 22.04.2012, 19:59   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2012, 17:27   #21
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



So, einmal das GMER:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-27 18:16:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: 3ncid3re.exe; Driver: C:\Users\*******\AppData\Local\Temp\pxliifow.sys


---- System - GMER 1.0.15 ----

SSDT            8D5609F6                                                                                                ZwCreateSection
SSDT            8D560A00                                                                                                ZwRequestWaitReplyPort
SSDT            8D5609FB                                                                                                ZwSetContextThread
SSDT            8D560A05                                                                                                ZwSetSecurityObject
SSDT            8D560A0A                                                                                                ZwSystemDebugControl
SSDT            8D560997                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                           828F0998 4 Bytes  [F6, 09, 56, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                           828F0CBC 4 Bytes  [00, 0A, 56, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                           828F0CF0 4 Bytes  [FB, 09, 56, 8D] {STI ; OR [ESI-0x73], EDX}
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                           828F0D54 4 Bytes  [05, 0A, 56, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                           828F0D9C 4 Bytes  [0A, 0A, 56, 8D]
.text           ...                                                                                                     
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                section is writeable [0x8E60E340, 0x3E9407, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         C:\Users\*******\Desktop\3ncid3re.exe (*** hidden *** ) @ C:\Users\Martina\Desktop\3ncid3re.exe [5840]  0x00400000                                                               

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df052969b                             
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df052969b (not active ControlSet)         

---- EOF - GMER 1.0.15 ----
         
--- --- ---


und einmal das OSAM:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:22:52 on 27.04.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Martina\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pxliifow" (pxliifow) - "GMER" - C:\pxliifow.sys  (Hidden registry entry, rootkit activity)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys
"WSVD" (WSVD) - "CyberLink" - C:\Windows\system32\drivers\WSVD.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ApplePhotoStreams" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"KeybdUtility" - "LG Electronics" - C:\Program Files\LG Software\LG OSD\HotKey.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR folgt...

und hier das aswMBR:

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-27 18:51:12
-----------------------------
18:51:12.102    OS Version: Windows 6.0.6002 Service Pack 2
18:51:12.102    Number of processors: 2 586 0xF0D
18:51:12.102    ComputerName: MARTINA-PC  UserName: Martina
18:51:13.132    Initialize success
18:51:17.936    AVAST engine defs: 12042700
18:51:38.934    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:51:38.981    Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3
18:51:39.184    Disk 0 MBR read successfully
18:51:39.184    Disk 0 MBR scan
18:51:39.215    Disk 0 unknown MBR code
18:51:39.230    Disk 0 Partition 1 00     12  Compaq diag NTFS         1536 MB offset 2048
18:51:39.246    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       151552 MB offset 3147776
18:51:39.308    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152155 MB offset 313526272
18:51:39.355    Disk 0 scanning sectors +625139712
18:51:39.527    Disk 0 scanning C:\Windows\system32\drivers
18:52:02.630    Service scanning
18:52:29.228    Modules scanning
18:52:40.747    Disk 0 trace - called modules:
18:52:41.293    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:52:41.308    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e0cac8]
18:52:41.308    3 CLASSPNP.SYS[8afa18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da4028]
18:52:41.308    Scan finished successfully
19:16:40.034    Disk 0 MBR has been saved successfully to "C:\Users\Martina\Desktop\MBR.dat"
19:16:40.049    The log file has been saved successfully to "C:\Users\Martina\Desktop\aswMBR.txt"
         

Alt 27.04.2012, 18:57   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.04.2012, 13:31   #23
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



erledigt:
Das fixen dauert nur in paar Sekunden, kann das stimmen?

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-28 14:25:34
-----------------------------
14:25:34.594    OS Version: Windows 6.0.6002 Service Pack 2
14:25:34.594    Number of processors: 2 586 0xF0D
14:25:34.594    ComputerName: *******-PC  UserName: *******
14:25:35.327    Initialize success
14:25:40.600    AVAST engine defs: 12042700
14:25:59.039    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:25:59.039    Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3
14:25:59.054    Disk 0 MBR read successfully
14:25:59.054    Disk 0 MBR scan
14:25:59.070    Disk 0 Windows VISTA default MBR code
14:25:59.086    Disk 0 Partition 1 00     12  Compaq diag NTFS         1536 MB offset 2048
14:25:59.101    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       151552 MB offset 3147776
14:25:59.132    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152155 MB offset 313526272
14:25:59.132    Disk 0 scanning sectors +625139712
14:25:59.226    Disk 0 scanning C:\Windows\system32\drivers
14:26:12.299    Service scanning
14:26:42.532    Modules scanning
14:26:49.130    Disk 0 trace - called modules:
14:26:49.146    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:26:49.162    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8689e1d0]
14:26:49.162    3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da4028]
14:26:49.177    Scan finished successfully
14:28:41.996    Disk 0 MBR has been saved successfully to "C:\Users\*******\Desktop\MBR.dat"
14:28:41.996    The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"
         

Alt 28.04.2012, 14:17   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.05.2012, 17:05   #25
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Einmal Malewarebyte:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Martina :: *******-PC [Administrator]

Schutz: Deaktiviert

01.05.2012 16:08:40
mbam-log-2012-05-01 (16-08-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401271
Laufzeit: 1 Stunde(n), 52 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
SuperAntiSpyware:

Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/01/2012 at 06:23 PM

Application Version : 5.0.1148

Core Rules Database Version : 8535
Trace Rules Database Version: 6347

Scan type       : Quick Scan
Total Scan Time : 00:10:46

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 682
Memory threats detected   : 0
Registry items scanned    : 27195
Registry threats detected : 0
File items scanned        : 10271
File threats detected     : 96

Adware.Tracking Cookie
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\R69X3XT1.txt [ /zanox.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9CGUZDL3.txt [ /fastclick.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\4MUVRVJG.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1NK9D1G4.txt [ /apmebf.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\ASI6QR9L.txt [ /ww251.smartadserver.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\K2BD5RBC.txt [ /deutschepostag.112.2o7.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BMN30Q3F.txt [ /dyntracker.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\NRWVMROJ.txt [ /invitemedia.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\EHUNMPZN.txt [ /webmasterplan.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\OWUS46WT.txt [ /amazon-adsystem.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\5GWNWHA6.txt [ /track.effiliation.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\ULVOGE4Z.txt [ /smartadserver.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\0WG3EI4S.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7YO0MLIO.txt [ /doubleclick.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7OD0LS9J.txt [ /e2.emediate.se ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\FPMTO6DA.txt [ /adfarm1.adition.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\SW2RCJ7V.txt [ /ad.360yield.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\JNU1HR8Z.txt [ /ad.zanox.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1TVVTRPC.txt [ /track.effiliation.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1U9XNZ5E.txt [ /im.banner.t-online.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\RKE88CJW.txt [ /revsci.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\MV0HG8C8.txt [ /www.googleadservices.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\5RJJ1ABW.txt [ /autoscout24.112.2o7.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\W6XG6FHR.txt [ /eas.apm.emediate.eu ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\29M30F2F.txt [ /statse.webtrendslive.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\69ER2NEM.txt [ /mediaplex.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BX1G1YW0.txt [ /clickfuse.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\WPQTGHNT.txt [ /tracking.mobile.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\3X8NMM48.txt [ /adtech.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\PYYEL0FY.txt [ /ad.yieldmanager.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9E713V9O.txt [ /atdmt.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BCIRDUN0.txt [ /tracking.quisma.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\NP90CFIW.txt [ /tradedoubler.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\D5B1YKF5.txt [ /www.etracker.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\IR9C4XH7.txt [ /zanox-affiliate.de ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\DY6GZHJF.txt [ Cookie:gast@tracking.quisma.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMWI2LOY.txt [ Cookie:gast@statse.webtrendslive.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DG2TD0W.txt [ Cookie:gast@www.burstnet.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIH1LEI4.txt [ Cookie:gast@invitemedia.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUOO86T5.txt [ Cookie:gast@adserver.mitfahrzentrale.de/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\67FWMQ0P.txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1071668411/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NPJA3YWW.txt [ Cookie:gast@stat.aldi.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6WL2AXMD.txt [ Cookie:gast@adfarm1.adition.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\3SC9ON5C.txt [ Cookie:gast@ad4.adfarm1.adition.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6N4TO5NC.txt [ Cookie:gast@doubleclick.net/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJFIL740.txt [ Cookie:gast@eyewonder.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQSINMJZ.txt [ Cookie:gast@traffictrack.de/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PIUUEZL.txt [ Cookie:gast@ad.yieldmanager.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLOBWIM6.txt [ Cookie:gast@tradedoubler.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLZTLUAD.txt [ Cookie:gast@smartadserver.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8O5KI87.txt [ Cookie:gast@apmebf.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLKRN5IJ.txt [ Cookie:gast@mediaplex.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\WW230KV3.txt [ Cookie:gast@germanwings.112.2o7.net/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFDY1WT9.txt [ Cookie:gast@ww251.smartadserver.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBOOR3HM.txt [ Cookie:gast@xiti.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\CERW909E.txt [ Cookie:gast@specificclick.net/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\OYK5RPU6.txt [ Cookie:gast@yieldmanager.net/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1BDQFPU.txt [ Cookie:gast@ad3.adfarm1.adition.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\32Z9J8I8.txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1071459391/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\A563EFPO.txt [ Cookie:gast@ad2.adfarm1.adition.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\9NYW23I3.txt [ Cookie:gast@adtech.de/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\QT04LYGO.txt [ Cookie:gast@imrworldwide.com/cgi-bin ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFWIYSVX.txt [ Cookie:gast@advertising.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NS9VLTNT.txt [ Cookie:gast@zanox-affiliate.de/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNG8NRIK.txt [ Cookie:gast@serving-sys.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTW5VD1Z.txt [ Cookie:gast@webmasterplan.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\5UEK96IF.txt [ Cookie:gast@ads.mikinimedia.de/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXGQ8HYL.txt [ Cookie:gast@adviva.net/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYNIGD6J.txt [ Cookie:gast@clickfuse.com/ ]
	C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPOLOPZG.txt [ Cookie:gast@2o7.net/ ]
	C:\USERS\*******\Cookies\R69X3XT1.txt [ Cookie:*******@zanox.com/ ]
	C:\USERS\*******\Cookies\4MUVRVJG.txt [ Cookie:*******@ad2.adfarm1.adition.com/ ]
	C:\USERS\*******\Cookies\1NK9D1G4.txt [ Cookie:*******@apmebf.com/ ]
	C:\USERS\*******\Cookies\ASI6QR9L.txt [ Cookie:*******@ww251.smartadserver.com/ ]
	C:\USERS\*******\Cookies\K2BD5RBC.txt [ Cookie:*******@deutschepostag.112.2o7.net/ ]
	C:\USERS\*******\Cookies\BMN30Q3F.txt [ Cookie:*******@dyntracker.com/ ]
	C:\USERS\*******\Cookies\NRWVMROJ.txt [ Cookie:*******@invitemedia.com/ ]
	C:\USERS\*******\Cookies\EHUNMPZN.txt [ Cookie:*******@webmasterplan.com/ ]
	C:\USERS\*******\Cookies\5GWNWHA6.txt [ Cookie:*******@track.effiliation.com/servlet/ ]
	C:\USERS\*******\Cookies\ULVOGE4Z.txt [ Cookie:*******@smartadserver.com/ ]
	C:\USERS\*******\Cookies\0WG3EI4S.txt [ Cookie:*******@ad4.adfarm1.adition.com/ ]
	C:\USERS\*******\Cookies\7YO0MLIO.txt [ Cookie:*******@doubleclick.net/ ]
	C:\USERS\*******\Cookies\7OD0LS9J.txt [ Cookie:*******@e2.emediate.se/ ]
	C:\USERS\*******\Cookies\JNU1HR8Z.txt [ Cookie:*******@ad.zanox.com/ ]
	C:\USERS\*******\Cookies\1TVVTRPC.txt [ Cookie:*******@track.effiliation.com/ ]
	C:\USERS\*******\Cookies\RKE88CJW.txt [ Cookie:*******@revsci.net/ ]
	C:\USERS\*******\Cookies\5RJJ1ABW.txt [ Cookie:*******@autoscout24.112.2o7.net/ ]
	C:\USERS\*******\Cookies\W6XG6FHR.txt [ Cookie:*******@eas.apm.emediate.eu/ ]
	C:\USERS\*******\Cookies\BX1G1YW0.txt [ Cookie:*******@clickfuse.com/ ]
	C:\USERS\*******\Cookies\WPQTGHNT.txt [ Cookie:*******@tracking.mobile.de/ ]
	C:\USERS\*******\Cookies\3X8NMM48.txt [ Cookie:*******@adtech.de/ ]
	C:\USERS\*******\Cookies\9E713V9O.txt [ Cookie:*******@atdmt.com/ ]
	C:\USERS\*******\Cookies\BCIRDUN0.txt [ Cookie:*******@tracking.quisma.com/ ]
	C:\USERS\*******\Cookies\NP90CFIW.txt [ Cookie:*******@tradedoubler.com/ ]
	C:\USERS\*******\Cookies\D5B1YKF5.txt [ Cookie:*******@www.etracker.de/ ]
	C:\USERS\*******\Cookies\IR9C4XH7.txt [ Cookie:*******@zanox-affiliate.de/ ]
         

Alt 02.05.2012, 12:23   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Zitat:
Scan type : Quick Scan
Warum nur Quickscan mit SASW?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2012, 21:52   #27
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



mein Fehler, hier das neue File:

Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/04/2012 at 10:45 PM

Application Version : 5.0.1148

Core Rules Database Version : 8557
Trace Rules Database Version: 6369

Scan type       : Complete Scan
Total Scan Time : 02:11:21

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 701
Memory threats detected   : 0
Registry items scanned    : 34164
Registry threats detected : 0
File items scanned        : 181193
File threats detected     : 41

Adware.Tracking Cookie
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9QOVELOA.txt [ /zanox.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\VP963P6N.txt [ /traffictrack.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\TE2XVX0O.txt [ /fastclick.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\49NK53OJ.txt [ /apmebf.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\U605IGBB.txt [ /invitemedia.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\OS9Z7XIS.txt [ /webmasterplan.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BIIM0CYO.txt [ /www.zanox-affiliate.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\C5AZKJ2X.txt [ /doubleclick.net ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\D8H9125R.txt [ /xxxlmoebelhaeuser.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\PBKXNN87.txt [ /www.xxxlmoebelhaeuser.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\4ZB5TLFD.txt [ /ad.zanox.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\90H8IM0E.txt [ /imrworldwide.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\QBBJK4I2.txt [ /mediaplex.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\AF01VUJ2.txt [ /atdmt.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\XTKUFXZL.txt [ /tradedoubler.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\AQM5Q22A.txt [ /tracking.quisma.com ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7CLII0PN.txt [ /www.etracker.de ]
	C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\KEYW4H3C.txt [ /zanox-affiliate.de ]
	C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\1O8ECS5I.txt [ Cookie:*******@zanox.com/ ]
	C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\2B2Q3OFB.txt [ Cookie:*******@webmasterplan.com/ ]
	C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\PM51O1VA.txt [ Cookie:*******@ad.zanox.com/ ]
	C:\USERS\*******\Cookies\1O8ECS5I.txt [ Cookie:*******@zanox.com/ ]
	C:\USERS\*******\Cookies\VP963P6N.txt [ Cookie:*******@traffictrack.de/ ]
	C:\USERS\*******\Cookies\49NK53OJ.txt [ Cookie:*******@apmebf.com/ ]
	C:\USERS\*******\Cookies\U605IGBB.txt [ Cookie:*******@invitemedia.com/ ]
	C:\USERS\*******\Cookies\2B2Q3OFB.txt [ Cookie:*******@webmasterplan.com/ ]
	C:\USERS\*******\Cookies\BIIM0CYO.txt [ Cookie:*******@www.zanox-affiliate.de/ ]
	C:\USERS\*******\Cookies\C5AZKJ2X.txt [ Cookie:*******@doubleclick.net/ ]
	C:\USERS\*******\Cookies\PM51O1VA.txt [ Cookie:*******@ad.zanox.com/ ]
	C:\USERS\*******\Cookies\90H8IM0E.txt [ Cookie:*******@imrworldwide.com/cgi-bin ]
	C:\USERS\*******\Cookies\AF01VUJ2.txt [ Cookie:*******@atdmt.com/ ]
	C:\USERS\*******\Cookies\XTKUFXZL.txt [ Cookie:*******@tradedoubler.com/ ]
	C:\USERS\*******\Cookies\AQM5Q22A.txt [ Cookie:*******@tracking.quisma.com/ ]
	C:\USERS\*******\Cookies\7CLII0PN.txt [ Cookie:*******@www.etracker.de/ ]
	C:\USERS\*******\Cookies\KEYW4H3C.txt [ Cookie:*******@zanox-affiliate.de/ ]
	earlyexperience.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]
	.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	secure.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	ad.yieldmanager.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	ad.yieldmanager.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
	earlyexperience.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
         

Alt 04.05.2012, 22:21   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.05.2012, 19:35   #29
Intenso
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Super, vielen Dank! Mit dem Cookies kann sie leben, soviel ist das eh nicht, wo sie sich einloggt...
Die Probleme sind alle weg! Kam auch schon länger keine Fehlermeldung mehr von Avira...

Alt 06.05.2012, 18:35   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen Trojanermeldung bei Antivir - Standard

tr/crypt.zpack.gen Trojanermeldung bei Antivir



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu tr/crypt.zpack.gen Trojanermeldung bei Antivir
adobe, antivir, avira, bonjour, converter, defender, desktop, dll, document, download, entfernen, excel, explorer, microsoft, mp3, nicht möglich, nvidia, rundll, scan, software, svchost.exe, system, trojaner, virus, windows, windows media player, wmp



Ähnliche Themen: tr/crypt.zpack.gen Trojanermeldung bei Antivir


  1. Antivir: TR/Crypt.ZPACK.50636
    Log-Analyse und Auswertung - 22.02.2014 (7)
  2. Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2014 (9)
  3. AntiVir meldete TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (29)
  4. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  5. (2x) was tun? Antivir hat EXP/JAVA.Ternub.Gen und TR/Crypt.ZPACK.Gen gefunden.
    Mülltonne - 24.03.2012 (1)
  6. Antivir hat folgende Trojaner Meldung entdeckt TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (18)
  7. TR/Crypt.ZPACK.Gen von Antivir 9.0.0.422 gemeldet
    Plagegeister aller Art und deren Bekämpfung - 24.06.2010 (3)
  8. Svchost.exe lastet CPU zu fast 100% aus / AntiVir findet 'TR/Crypt.ZPACK.Gen'
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (8)
  9. 'TR/Agent.155648.BU' und 'TR/Crypt.ZPACK.Gen' von AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (3)
  10. AntiVir meldet crypt.ZPACK.Gen , system extrem langsam!
    Log-Analyse und Auswertung - 02.05.2010 (7)
  11. AntiVir: C:\Windows\Tem\dtnp.tmp\svchost.exe Is the TR/Crypt.ZPACK.Gen Trojan
    Plagegeister aller Art und deren Bekämpfung - 06.04.2010 (45)
  12. TR/Crypt.ZPACK.Gen von AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.02.2010 (10)
  13. AntiVir: TR/Crypt.XDR.Gen & TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (1)
  14. Antivir findet TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  15. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  16. TR/Crypt.ZPACK.Gen von Antivir entdeckt. Lässt sich nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 10.11.2009 (10)
  17. AntiVir hat TR/Crypt.ZPACK.Gen bei mir erkannt
    Log-Analyse und Auswertung - 30.04.2009 (4)

Zum Thema tr/crypt.zpack.gen Trojanermeldung bei Antivir - Das File ist zu groß, deshalb poste ich es auf zweimal... Erster Teil: Code: Alles auswählen Aufklappen ATTFilter TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 19:21:05.0996 5344 ============================================================ - tr/crypt.zpack.gen Trojanermeldung bei Antivir...
Archiv
Du betrachtest: tr/crypt.zpack.gen Trojanermeldung bei Antivir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.