| |
| |||||||
Log-Analyse und Auswertung: tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.04.2012, 21:40
| #16 |
 |  tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Den Fix habe ich jetzt auch ausgeführt: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKU\S-1-5-21-2780499411-348196821-419369589-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2780499411-348196821-419369589-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2780499411-348196821-419369589-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
C:\Users\************\AppData\Local\Opera\Opera\cache\sesn folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\revocation\g_0000 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\revocation folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_007A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0079 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0078 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0077 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0076 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0075 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0074 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0073 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0072 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0071 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0070 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_006A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0069 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0068 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0067 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0066 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0065 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0064 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0063 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0062 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0061 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0060 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_005A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0059 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0058 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0057 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0056 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0055 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0054 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0053 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0052 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0051 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0050 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_004A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0049 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0048 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0047 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0046 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0045 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0044 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0043 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0042 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0041 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0040 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_003A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0039 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0038 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0037 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0036 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0035 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0034 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0033 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0032 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0031 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0030 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_002A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0029 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0028 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0027 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0026 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0025 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0024 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0023 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0022 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0021 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0020 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_001A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0019 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0018 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0017 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0016 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0015 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0014 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0013 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0012 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0011 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0010 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000E folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000D folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_000A folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0009 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0008 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0007 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0006 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0005 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0004 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0003 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0002 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0001 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\g_0000 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\sesn folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0078 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_004C folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_004B folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0049 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0035 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_001F folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0006 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002\g_0004 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache\assoc002 folder moved successfully.
C:\Users\************\AppData\Local\Opera\Opera\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ************
->Temp folder emptied: 216484954 bytes
->Temporary Internet Files folder emptied: 30253477 bytes
->Java cache emptied: 21633 bytes
->Google Chrome cache emptied: 211672970 bytes
->Flash cache emptied: 10317 bytes
User: Gast
->Temp folder emptied: 1323859 bytes
->Temporary Internet Files folder emptied: 1592634 bytes
->Opera cache emptied: 16224297 bytes
->Flash cache emptied: 1074 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68530768 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 700426959 bytes
Total Files Cleaned = 1.189,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ************
->Flash cache emptied: 0 bytes
User: Gast
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04242012_222044
Files\Folders moved on Reboot...
C:\Users\************\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
25.04.2012, 10:36
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
26.04.2012, 05:52
| #18 |
| | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer TDDS ist ausgeführt worden, hier der Log:
__________________Code:
ATTFilter 06:44:47.0286 4484 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
06:44:47.0516 4484 ============================================================
06:44:47.0516 4484 Current date / time: 2012/04/26 06:44:47.0516
06:44:47.0516 4484 SystemInfo:
06:44:47.0516 4484
06:44:47.0516 4484 OS Version: 6.1.7601 ServicePack: 1.0
06:44:47.0516 4484 Product type: Workstation
06:44:47.0516 4484 ComputerName: SCHLEPPI
06:44:47.0516 4484 UserName: **************
06:44:47.0516 4484 Windows directory: C:\windows
06:44:47.0516 4484 System windows directory: C:\windows
06:44:47.0516 4484 Running under WOW64
06:44:47.0516 4484 Processor architecture: Intel x64
06:44:47.0516 4484 Number of processors: 4
06:44:47.0516 4484 Page size: 0x1000
06:44:47.0516 4484 Boot type: Normal boot
06:44:47.0516 4484 ============================================================
06:44:51.0612 4484 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:44:51.0623 4484 ============================================================
06:44:51.0623 4484 \Device\Harddisk0\DR0:
06:44:51.0644 4484 MBR partitions:
06:44:51.0644 4484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
06:44:51.0644 4484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x22629000
06:44:51.0644 4484 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x226BF800, BlocksNum 0x236D800
06:44:51.0644 4484 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x24A2D000, BlocksNum 0x9FD800
06:44:51.0644 4484 ============================================================
06:44:51.0690 4484 C: <-> \Device\Harddisk0\DR0\Partition1
06:44:51.0789 4484 E: <-> \Device\Harddisk0\DR0\Partition2
06:44:51.0827 4484 F: <-> \Device\Harddisk0\DR0\Partition3
06:44:51.0827 4484 ============================================================
06:44:51.0827 4484 Initialize success
06:44:51.0827 4484 ============================================================
06:45:47.0286 5244 ============================================================
06:45:47.0286 5244 Scan started
06:45:47.0287 5244 Mode: Manual; SigCheck; TDLFS;
06:45:47.0287 5244 ============================================================
06:45:48.0009 5244 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
06:45:48.0163 5244 1394ohci - ok
06:45:48.0218 5244 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\windows\system32\DRIVERS\Accelerometer.sys
06:45:48.0296 5244 Accelerometer - ok
06:45:48.0406 5244 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
06:45:48.0437 5244 ACDaemon - ok
06:45:48.0499 5244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
06:45:48.0530 5244 ACPI - ok
06:45:48.0562 5244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
06:45:48.0624 5244 AcpiPmi - ok
06:45:48.0730 5244 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:45:48.0746 5244 AdobeARMservice - ok
06:45:48.0872 5244 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:45:48.0902 5244 AdobeFlashPlayerUpdateSvc - ok
06:45:48.0961 5244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
06:45:48.0986 5244 adp94xx - ok
06:45:49.0027 5244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
06:45:49.0044 5244 adpahci - ok
06:45:49.0064 5244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
06:45:49.0074 5244 adpu320 - ok
06:45:49.0114 5244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
06:45:49.0274 5244 AeLookupSvc - ok
06:45:49.0386 5244 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
06:45:49.0446 5244 AESTFilters - ok
06:45:49.0569 5244 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\windows\syswow64\drivers\Afc.sys
06:45:49.0597 5244 Afc - ok
06:45:49.0660 5244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
06:45:49.0741 5244 AFD - ok
06:45:49.0788 5244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
06:45:49.0819 5244 agp440 - ok
06:45:49.0834 5244 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
06:45:49.0928 5244 ALG - ok
06:45:49.0959 5244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
06:45:49.0975 5244 aliide - ok
06:45:50.0006 5244 AMD External Events Utility (c08ade825268d291afe06eda71415c7d) C:\windows\system32\atiesrxx.exe
06:45:50.0115 5244 AMD External Events Utility - ok
06:45:50.0131 5244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
06:45:50.0146 5244 amdide - ok
06:45:50.0178 5244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
06:45:50.0240 5244 AmdK8 - ok
06:45:50.0754 5244 amdkmdag (f59a32a90c4f96189cd74473f7be572b) C:\windows\system32\DRIVERS\atikmdag.sys
06:45:51.0023 5244 amdkmdag - ok
06:45:51.0196 5244 amdkmdap (0327723d45a7bb7c1fe4835eb784ac61) C:\windows\system32\DRIVERS\atikmpag.sys
06:45:51.0255 5244 amdkmdap - ok
06:45:51.0295 5244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
06:45:51.0341 5244 AmdPPM - ok
06:45:51.0404 5244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
06:45:51.0419 5244 amdsata - ok
06:45:51.0451 5244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
06:45:51.0466 5244 amdsbs - ok
06:45:51.0497 5244 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
06:45:51.0513 5244 amdxata - ok
06:45:51.0607 5244 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:45:51.0622 5244 AntiVirSchedulerService - ok
06:45:51.0653 5244 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:45:51.0669 5244 AntiVirService - ok
06:45:51.0700 5244 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
06:45:51.0866 5244 AppID - ok
06:45:51.0897 5244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
06:45:51.0963 5244 AppIDSvc - ok
06:45:51.0988 5244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
06:45:52.0069 5244 Appinfo - ok
06:45:52.0128 5244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
06:45:52.0203 5244 AppMgmt - ok
06:45:52.0239 5244 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
06:45:52.0253 5244 arc - ok
06:45:52.0278 5244 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
06:45:52.0292 5244 arcsas - ok
06:45:52.0355 5244 ARCVCAM (357635f16d28558c50870f4ef8aa4712) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
06:45:52.0374 5244 ARCVCAM - ok
06:45:52.0474 5244 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:45:52.0558 5244 aspnet_state - ok
06:45:52.0585 5244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
06:45:52.0664 5244 AsyncMac - ok
06:45:52.0719 5244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
06:45:52.0741 5244 atapi - ok
06:45:52.0809 5244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:45:52.0879 5244 AudioEndpointBuilder - ok
06:45:52.0895 5244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
06:45:52.0926 5244 AudioSrv - ok
06:45:52.0973 5244 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
06:45:52.0989 5244 avgntflt - ok
06:45:53.0082 5244 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys
06:45:53.0098 5244 avipbb - ok
06:45:53.0191 5244 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
06:45:53.0207 5244 avkmgr - ok
06:45:53.0269 5244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
06:45:53.0408 5244 AxInstSV - ok
06:45:53.0464 5244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
06:45:53.0534 5244 b06bdrv - ok
06:45:53.0591 5244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
06:45:53.0647 5244 b57nd60a - ok
06:45:53.0740 5244 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
06:45:53.0768 5244 BBSvc - ok
06:45:53.0827 5244 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
06:45:53.0851 5244 BBUpdate - ok
06:45:53.0879 5244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
06:45:53.0948 5244 BDESVC - ok
06:45:53.0970 5244 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
06:45:54.0039 5244 Beep - ok
06:45:54.0115 5244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
06:45:54.0212 5244 BFE - ok
06:45:54.0303 5244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
06:45:54.0444 5244 BITS - ok
06:45:54.0522 5244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
06:45:54.0569 5244 blbdrive - ok
06:45:54.0913 5244 Bluetooth Device Manager (94a6341079918db7bf799ee897bd2563) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
06:45:55.0047 5244 Bluetooth Device Manager - ok
06:45:55.0169 5244 Bluetooth Media Service (7e76bf0972822a9b63fd55a73df3eed6) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
06:45:55.0216 5244 Bluetooth Media Service - ok
06:45:55.0250 5244 Bluetooth OBEX Service (f7d36e135bf9274bb3435f95e7fad339) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
06:45:55.0270 5244 Bluetooth OBEX Service - ok
06:45:55.0346 5244 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
06:45:55.0384 5244 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
06:45:55.0384 5244 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
06:45:55.0507 5244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
06:45:55.0578 5244 bowser - ok
06:45:55.0606 5244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
06:45:55.0666 5244 BrFiltLo - ok
06:45:55.0691 5244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
06:45:55.0735 5244 BrFiltUp - ok
06:45:55.0787 5244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
06:45:55.0856 5244 Browser - ok
06:45:55.0904 5244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
06:45:55.0982 5244 Brserid - ok
06:45:56.0013 5244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
06:45:56.0060 5244 BrSerWdm - ok
06:45:56.0107 5244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
06:45:56.0154 5244 BrUsbMdm - ok
06:45:56.0185 5244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
06:45:56.0232 5244 BrUsbSer - ok
06:45:56.0294 5244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
06:45:56.0357 5244 BthEnum - ok
06:45:56.0403 5244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
06:45:56.0435 5244 BTHMODEM - ok
06:45:56.0472 5244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
06:45:56.0508 5244 BthPan - ok
06:45:56.0579 5244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
06:45:56.0622 5244 BTHPORT - ok
06:45:56.0673 5244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
06:45:56.0735 5244 bthserv - ok
06:45:56.0757 5244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
06:45:56.0789 5244 BTHUSB - ok
06:45:56.0825 5244 btmaudio (bd21a9c1e361f9ad74407b38a55f36b0) C:\windows\system32\drivers\btmaud.sys
06:45:56.0894 5244 btmaudio - ok
06:45:56.0922 5244 BTMCOM (6d3ff2b480f7ab8da103cbc7fbeacd48) C:\windows\system32\Drivers\btmcom.sys
06:45:56.0998 5244 BTMCOM - ok
06:45:57.0063 5244 BTMUSB (b64cfabe65e241c784bb9f301795449b) C:\windows\system32\Drivers\btmusb.sys
06:45:57.0134 5244 BTMUSB - ok
06:45:57.0167 5244 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
06:45:57.0233 5244 cdfs - ok
06:45:57.0279 5244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
06:45:57.0324 5244 cdrom - ok
06:45:57.0361 5244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:45:57.0442 5244 CertPropSvc - ok
06:45:57.0473 5244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
06:45:57.0520 5244 circlass - ok
06:45:57.0629 5244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
06:45:57.0661 5244 CLFS - ok
06:45:57.0754 5244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:45:57.0770 5244 clr_optimization_v2.0.50727_32 - ok
06:45:57.0848 5244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:45:57.0879 5244 clr_optimization_v2.0.50727_64 - ok
06:45:57.0957 5244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:45:58.0072 5244 clr_optimization_v4.0.30319_32 - ok
06:45:58.0115 5244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:45:58.0165 5244 clr_optimization_v4.0.30319_64 - ok
06:45:58.0198 5244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
06:45:58.0226 5244 CmBatt - ok
06:45:58.0276 5244 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
06:45:58.0334 5244 cmdide - ok
06:45:58.0423 5244 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
06:45:58.0483 5244 CNG - ok
06:45:58.0515 5244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
06:45:58.0526 5244 Compbatt - ok
06:45:58.0560 5244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
06:45:58.0592 5244 CompositeBus - ok
06:45:58.0595 5244 COMSysApp - ok
06:45:58.0641 5244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
06:45:58.0665 5244 crcdisk - ok
06:45:58.0693 5244 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
06:45:58.0754 5244 CryptSvc - ok
06:45:58.0817 5244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
06:45:58.0900 5244 CSC - ok
06:45:58.0969 5244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
06:45:59.0043 5244 CscService - ok
06:45:59.0089 5244 DAMDrv (b9aac23bcc9326e5e50d937fecb7dcb5) C:\windows\system32\DRIVERS\DAMDrv64.sys
06:45:59.0089 5244 DAMDrv - ok
06:45:59.0152 5244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:45:59.0230 5244 DcomLaunch - ok
06:45:59.0277 5244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
06:45:59.0323 5244 defragsvc - ok
06:45:59.0386 5244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
06:45:59.0464 5244 DfsC - ok
06:45:59.0511 5244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
06:45:59.0589 5244 Dhcp - ok
06:45:59.0628 5244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
06:45:59.0726 5244 discache - ok
06:45:59.0757 5244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
06:45:59.0768 5244 Disk - ok
06:45:59.0786 5244 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\windows\system32\drivers\dmvsc.sys
06:45:59.0851 5244 dmvsc - ok
06:45:59.0892 5244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
06:45:59.0962 5244 Dnscache - ok
06:46:00.0010 5244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
06:46:00.0065 5244 dot3svc - ok
06:46:00.0201 5244 DpHost (aa224b1ba5b2093de97d6fcddcf5d13b) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
06:46:00.0228 5244 DpHost - ok
06:46:00.0257 5244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
06:46:00.0306 5244 DPS - ok
06:46:00.0347 5244 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
06:46:00.0402 5244 drmkaud - ok
06:46:00.0492 5244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
06:46:00.0528 5244 DXGKrnl - ok
06:46:00.0557 5244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
06:46:00.0596 5244 EapHost - ok
06:46:00.0799 5244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
06:46:00.0877 5244 ebdrv - ok
06:46:00.0986 5244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
06:46:01.0064 5244 EFS - ok
06:46:01.0167 5244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
06:46:01.0243 5244 ehRecvr - ok
06:46:01.0268 5244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
06:46:01.0325 5244 ehSched - ok
06:46:01.0426 5244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
06:46:01.0457 5244 elxstor - ok
06:46:01.0467 5244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
06:46:01.0494 5244 ErrDev - ok
06:46:01.0561 5244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
06:46:01.0635 5244 EventSystem - ok
06:46:01.0689 5244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
06:46:01.0763 5244 exfat - ok
06:46:01.0795 5244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
06:46:01.0850 5244 fastfat - ok
06:46:01.0936 5244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
06:46:02.0010 5244 Fax - ok
06:46:02.0044 5244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
06:46:02.0058 5244 fdc - ok
06:46:02.0089 5244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
06:46:02.0166 5244 fdPHost - ok
06:46:02.0212 5244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
06:46:02.0275 5244 FDResPub - ok
06:46:02.0322 5244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
06:46:02.0337 5244 FileInfo - ok
06:46:02.0353 5244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
06:46:02.0400 5244 Filetrace - ok
06:46:02.0509 5244 FLCDLOCK (551034d58aaafe0ebb087cd4c7767eb8) c:\Windows\SysWOW64\flcdlock.exe
06:46:02.0540 5244 FLCDLOCK - ok
06:46:02.0634 5244 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:46:02.0649 5244 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
06:46:02.0649 5244 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
06:46:02.0757 5244 FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
06:46:02.0822 5244 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
06:46:02.0822 5244 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
06:46:02.0963 5244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
06:46:02.0993 5244 flpydisk - ok
06:46:03.0049 5244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
06:46:03.0079 5244 FltMgr - ok
06:46:03.0159 5244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
06:46:03.0246 5244 FontCache - ok
06:46:03.0314 5244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:46:03.0330 5244 FontCache3.0.0.0 - ok
06:46:03.0362 5244 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
06:46:03.0374 5244 FsDepends - ok
06:46:03.0454 5244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
06:46:03.0480 5244 Fs_Rec - ok
06:46:03.0569 5244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
06:46:03.0598 5244 fvevol - ok
06:46:03.0640 5244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
06:46:03.0651 5244 gagp30kx - ok
06:46:03.0735 5244 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
06:46:03.0766 5244 GameConsoleService - ok
06:46:03.0813 5244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
06:46:03.0875 5244 gpsvc - ok
06:46:03.0906 5244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
06:46:03.0938 5244 gusvc - ok
06:46:03.0969 5244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
06:46:04.0016 5244 hcw85cir - ok
06:46:04.0062 5244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
06:46:04.0125 5244 HdAudAddService - ok
06:46:04.0156 5244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
06:46:04.0187 5244 HDAudBus - ok
06:46:04.0218 5244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
06:46:04.0258 5244 HidBatt - ok
06:46:04.0296 5244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
06:46:04.0332 5244 HidBth - ok
06:46:04.0355 5244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
06:46:04.0371 5244 HidIr - ok
06:46:04.0400 5244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
06:46:04.0465 5244 hidserv - ok
06:46:04.0510 5244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
06:46:04.0525 5244 HidUsb - ok
06:46:04.0552 5244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
06:46:04.0612 5244 hkmsvc - ok
06:46:04.0688 5244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
06:46:04.0778 5244 HomeGroupListener - ok
06:46:04.0868 5244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
06:46:04.0920 5244 HomeGroupProvider - ok
06:46:05.0024 5244 HP Power Assistant Service (02c2108111d9656a9729995d2219fb99) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
06:46:05.0049 5244 HP Power Assistant Service - ok
06:46:05.0141 5244 HP ProtectTools Service (37890fdd25beac6aeda3e2d57f2b29eb) c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
06:46:05.0172 5244 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
06:46:05.0172 5244 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
06:46:05.0257 5244 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
06:46:05.0273 5244 HP Support Assistant Service - ok
06:46:05.0413 5244 hpCMSrv (d4b198e9b3ce6d05771e116d2d560f2f) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
06:46:05.0444 5244 hpCMSrv - ok
06:46:05.0507 5244 HPDayStarterService (a9fc4d7ea174bbf5a675b299ffad80a2) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
06:46:05.0538 5244 HPDayStarterService - ok
06:46:05.0585 5244 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
06:46:05.0600 5244 HPDrvMntSvc.exe - ok
06:46:05.0741 5244 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\windows\system32\DRIVERS\hpdskflt.sys
06:46:05.0756 5244 hpdskflt - ok
06:46:05.0825 5244 HPFSService (98fab0413c7365c9069994d7ce47f3ec) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
06:46:05.0841 5244 HPFSService ( UnsignedFile.Multi.Generic ) - warning
06:46:05.0841 5244 HPFSService - detected UnsignedFile.Multi.Generic (1)
06:46:05.0911 5244 hpHotkeyMonitor (0adc6afab2b17ffc9c6e24dd1583f888) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
06:46:05.0934 5244 hpHotkeyMonitor - ok
06:46:05.0963 5244 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\drivers\HpqKbFiltr.sys
06:46:05.0973 5244 HpqKbFiltr - ok
06:46:06.0064 5244 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
06:46:06.0109 5244 hpqwmiex - ok
06:46:06.0145 5244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
06:46:06.0159 5244 HpSAMD - ok
06:46:06.0198 5244 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\windows\system32\Hpservice.exe
06:46:06.0218 5244 hpsrv - ok
06:46:06.0271 5244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
06:46:06.0346 5244 HTTP - ok
06:46:06.0369 5244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
06:46:06.0376 5244 hwpolicy - ok
06:46:06.0409 5244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
06:46:06.0418 5244 i8042prt - ok
06:46:06.0476 5244 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
06:46:06.0504 5244 iaStor - ok
06:46:06.0580 5244 IAStorDataMgrSvc (117ff657e0d9bbd61b5c3e71e63d3919) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
06:46:06.0595 5244 IAStorDataMgrSvc - ok
06:46:06.0658 5244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
06:46:06.0685 5244 iaStorV - ok
06:46:06.0780 5244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:46:06.0827 5244 idsvc - ok
06:46:07.0407 5244 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
06:46:07.0695 5244 igfx - ok
06:46:07.0801 5244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
06:46:07.0820 5244 iirsp - ok
06:46:07.0887 5244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
06:46:07.0964 5244 IKEEXT - ok
06:46:08.0004 5244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
06:46:08.0011 5244 intelide - ok
06:46:08.0833 5244 intelkmd (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdpmd64.sys
06:46:09.0143 5244 intelkmd - ok
06:46:09.0256 5244 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
06:46:09.0306 5244 intelppm - ok
06:46:09.0353 5244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
06:46:09.0407 5244 IPBusEnum - ok
06:46:09.0441 5244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
06:46:09.0513 5244 IpFilterDriver - ok
06:46:09.0576 5244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
06:46:09.0646 5244 iphlpsvc - ok
06:46:09.0687 5244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
06:46:09.0733 5244 IPMIDRV - ok
06:46:09.0775 5244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
06:46:09.0836 5244 IPNAT - ok
06:46:09.0856 5244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
06:46:09.0889 5244 IRENUM - ok
06:46:09.0905 5244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
06:46:09.0920 5244 isapnp - ok
06:46:09.0967 5244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
06:46:09.0967 5244 iScsiPrt - ok
06:46:10.0092 5244 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
06:46:10.0123 5244 jhi_service - ok
06:46:10.0170 5244 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
06:46:10.0201 5244 JMCR - ok
06:46:10.0217 5244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
06:46:10.0232 5244 kbdclass - ok
06:46:10.0248 5244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
06:46:10.0295 5244 kbdhid - ok
06:46:10.0341 5244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:10.0373 5244 KeyIso - ok
06:46:10.0373 5244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
06:46:10.0388 5244 KSecDD - ok
06:46:10.0419 5244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
06:46:10.0419 5244 KSecPkg - ok
06:46:10.0460 5244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
06:46:10.0526 5244 ksthunk - ok
06:46:10.0576 5244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
06:46:10.0649 5244 KtmRm - ok
06:46:10.0712 5244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
06:46:10.0799 5244 LanmanServer - ok
06:46:10.0834 5244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
06:46:10.0885 5244 LanmanWorkstation - ok
06:46:10.0915 5244 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
06:46:10.0945 5244 lltdio - ok
06:46:10.0979 5244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
06:46:11.0022 5244 lltdsvc - ok
06:46:11.0047 5244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
06:46:11.0088 5244 lmhosts - ok
06:46:11.0217 5244 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
06:46:11.0236 5244 LMS - ok
06:46:11.0299 5244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
06:46:11.0327 5244 LSI_FC - ok
06:46:11.0366 5244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
06:46:11.0381 5244 LSI_SAS - ok
06:46:11.0423 5244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
06:46:11.0432 5244 LSI_SAS2 - ok
06:46:11.0458 5244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
06:46:11.0458 5244 LSI_SCSI - ok
06:46:11.0521 5244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
06:46:11.0630 5244 luafv - ok
06:46:11.0692 5244 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
06:46:11.0723 5244 MBAMProtector - ok
06:46:11.0801 5244 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:46:11.0833 5244 MBAMService - ok
06:46:12.0052 5244 McAfee Endpoint Encryption Agent (80e7e71caaf758bf084bdf13996d52d0) C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
06:46:12.0097 5244 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
06:46:12.0097 5244 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
06:46:12.0209 5244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
06:46:12.0262 5244 Mcx2Svc - ok
06:46:12.0331 5244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
06:46:12.0354 5244 megasas - ok
06:46:12.0384 5244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
06:46:12.0400 5244 MegaSR - ok
06:46:12.0429 5244 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
06:46:12.0436 5244 MEIx64 - ok
06:46:12.0495 5244 MfeEpePc (a11f574a809b3751a17815f00c88781f) C:\windows\system32\drivers\MfeEpePc.sys
06:46:12.0522 5244 MfeEpePc - ok
06:46:12.0545 5244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:46:12.0601 5244 MMCSS - ok
06:46:12.0639 5244 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
06:46:12.0706 5244 Modem - ok
06:46:12.0747 5244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
06:46:12.0800 5244 monitor - ok
06:46:12.0836 5244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
06:46:12.0854 5244 mouclass - ok
06:46:12.0887 5244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
06:46:12.0915 5244 mouhid - ok
06:46:12.0952 5244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
06:46:12.0964 5244 mountmgr - ok
06:46:12.0996 5244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
06:46:13.0012 5244 mpio - ok
06:46:13.0043 5244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
06:46:13.0074 5244 mpsdrv - ok
06:46:13.0152 5244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
06:46:13.0230 5244 MpsSvc - ok
06:46:13.0262 5244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
06:46:13.0308 5244 MRxDAV - ok
06:46:13.0371 5244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
06:46:13.0418 5244 mrxsmb - ok
06:46:13.0480 5244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
06:46:13.0527 5244 mrxsmb10 - ok
06:46:13.0584 5244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
06:46:13.0626 5244 mrxsmb20 - ok
06:46:13.0685 5244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
06:46:13.0702 5244 msahci - ok
06:46:13.0721 5244 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
06:46:13.0731 5244 msdsm - ok
06:46:13.0792 5244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
06:46:13.0862 5244 MSDTC - ok
06:46:13.0912 5244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
06:46:13.0990 5244 Msfs - ok
06:46:14.0008 5244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
06:46:14.0067 5244 mshidkmdf - ok
06:46:14.0104 5244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
06:46:14.0112 5244 msisadrv - ok
06:46:14.0147 5244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
06:46:14.0224 5244 MSiSCSI - ok
06:46:14.0248 5244 msiserver - ok
06:46:14.0275 5244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
06:46:14.0344 5244 MSKSSRV - ok
06:46:14.0348 5244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
06:46:14.0384 5244 MSPCLOCK - ok
06:46:14.0419 5244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
06:46:14.0458 5244 MSPQM - ok
06:46:14.0510 5244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
06:46:14.0550 5244 MsRPC - ok
06:46:14.0567 5244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
06:46:14.0582 5244 mssmbios - ok
06:46:14.0613 5244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
06:46:14.0676 5244 MSTEE - ok
06:46:14.0723 5244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
06:46:14.0769 5244 MTConfig - ok
06:46:14.0816 5244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
06:46:14.0847 5244 Mup - ok
06:46:14.0894 5244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
06:46:14.0972 5244 napagent - ok
06:46:15.0019 5244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
06:46:15.0097 5244 NativeWifiP - ok
06:46:15.0168 5244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
06:46:15.0200 5244 NDIS - ok
06:46:15.0213 5244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
06:46:15.0261 5244 NdisCap - ok
06:46:15.0281 5244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
06:46:15.0306 5244 NdisTapi - ok
06:46:15.0335 5244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
06:46:15.0413 5244 Ndisuio - ok
06:46:15.0450 5244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
06:46:15.0530 5244 NdisWan - ok
06:46:15.0563 5244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
06:46:15.0639 5244 NDProxy - ok
06:46:15.0666 5244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
06:46:15.0726 5244 NetBIOS - ok
06:46:15.0774 5244 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
06:46:15.0862 5244 NetBT - ok
06:46:15.0901 5244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:15.0910 5244 Netlogon - ok
06:46:15.0958 5244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
06:46:16.0011 5244 Netman - ok
06:46:16.0105 5244 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0136 5244 NetMsmqActivator - ok
06:46:16.0136 5244 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0151 5244 NetPipeActivator - ok
06:46:16.0198 5244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
06:46:16.0276 5244 netprofm - ok
06:46:16.0307 5244 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0307 5244 NetTcpActivator - ok
06:46:16.0307 5244 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:16.0323 5244 NetTcpPortSharing - ok
06:46:16.0370 5244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
06:46:16.0385 5244 nfrd960 - ok
06:46:16.0432 5244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
06:46:16.0495 5244 NlaSvc - ok
06:46:16.0526 5244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
06:46:16.0604 5244 Npfs - ok
06:46:16.0619 5244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
06:46:16.0651 5244 nsi - ok
06:46:16.0684 5244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
06:46:16.0724 5244 nsiproxy - ok
06:46:16.0842 5244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
06:46:16.0875 5244 Ntfs - ok
06:46:16.0972 5244 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
06:46:17.0081 5244 Null - ok
06:46:17.0125 5244 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
06:46:17.0169 5244 nusb3hub - ok
06:46:17.0231 5244 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
06:46:17.0284 5244 nusb3xhc - ok
06:46:17.0326 5244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
06:46:17.0355 5244 nvraid - ok
06:46:17.0382 5244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
06:46:17.0397 5244 nvstor - ok
06:46:17.0435 5244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
06:46:17.0448 5244 nv_agp - ok
06:46:17.0467 5244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
06:46:17.0498 5244 ohci1394 - ok
06:46:17.0556 5244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:46:17.0633 5244 p2pimsvc - ok
06:46:17.0674 5244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
06:46:17.0721 5244 p2psvc - ok
06:46:17.0768 5244 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
06:46:17.0799 5244 Parport - ok
06:46:17.0830 5244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
06:46:17.0861 5244 partmgr - ok
06:46:17.0908 5244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
06:46:17.0939 5244 PcaSvc - ok
06:46:17.0986 5244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
06:46:18.0017 5244 pci - ok
06:46:18.0033 5244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
06:46:18.0064 5244 pciide - ok
06:46:18.0095 5244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
06:46:18.0111 5244 pcmcia - ok
06:46:18.0142 5244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
06:46:18.0158 5244 pcw - ok
06:46:18.0189 5244 pdfcDispatcher - ok
06:46:18.0269 5244 PdiService (8f924f00f2f81422fd7c340fda0e00d8) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
06:46:18.0288 5244 PdiService - ok
06:46:18.0344 5244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
06:46:18.0430 5244 PEAUTH - ok
06:46:18.0528 5244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
06:46:18.0618 5244 PeerDistSvc - ok
06:46:18.0696 5244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
06:46:18.0743 5244 PerfHost - ok
06:46:18.0935 5244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
06:46:19.0009 5244 pla - ok
06:46:19.0068 5244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
06:46:19.0152 5244 PlugPlay - ok
06:46:19.0182 5244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
06:46:19.0233 5244 PNRPAutoReg - ok
06:46:19.0264 5244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
06:46:19.0295 5244 PNRPsvc - ok
06:46:19.0342 5244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
06:46:19.0404 5244 PolicyAgent - ok
06:46:19.0467 5244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
06:46:19.0529 5244 Power - ok
06:46:19.0591 5244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
06:46:19.0638 5244 PptpMiniport - ok
06:46:19.0685 5244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
06:46:19.0716 5244 Processor - ok
06:46:19.0768 5244 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
06:46:19.0850 5244 ProfSvc - ok
06:46:19.0889 5244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:19.0898 5244 ProtectedStorage - ok
06:46:19.0938 5244 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
06:46:20.0011 5244 Psched - ok
06:46:20.0134 5244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
06:46:20.0179 5244 ql2300 - ok
06:46:20.0295 5244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
06:46:20.0323 5244 ql40xx - ok
06:46:20.0368 5244 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
06:46:20.0389 5244 QWAVE - ok
06:46:20.0422 5244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
06:46:20.0476 5244 QWAVEdrv - ok
06:46:20.0498 5244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
06:46:20.0538 5244 RasAcd - ok
06:46:20.0557 5244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
06:46:20.0583 5244 RasAgileVpn - ok
06:46:20.0614 5244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
06:46:20.0666 5244 RasAuto - ok
06:46:20.0692 5244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
06:46:20.0718 5244 Rasl2tp - ok
06:46:20.0755 5244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
06:46:20.0802 5244 RasMan - ok
06:46:20.0833 5244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
06:46:20.0911 5244 RasPppoe - ok
06:46:20.0942 5244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
06:46:20.0989 5244 RasSstp - ok
06:46:21.0051 5244 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
06:46:21.0098 5244 rdbss - ok
06:46:21.0129 5244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
06:46:21.0176 5244 rdpbus - ok
06:46:21.0207 5244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
06:46:21.0270 5244 RDPCDD - ok
06:46:21.0317 5244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
06:46:21.0370 5244 RDPDR - ok
06:46:21.0377 5244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
06:46:21.0436 5244 RDPENCDD - ok
06:46:21.0455 5244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
06:46:21.0501 5244 RDPREFMP - ok
06:46:21.0548 5244 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
06:46:21.0615 5244 RDPWD - ok
06:46:21.0658 5244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
06:46:21.0677 5244 rdyboost - ok
06:46:21.0734 5244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
06:46:21.0801 5244 RemoteAccess - ok
06:46:21.0838 5244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
06:46:21.0882 5244 RemoteRegistry - ok
06:46:21.0932 5244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
06:46:21.0985 5244 RFCOMM - ok
06:46:22.0025 5244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
06:46:22.0076 5244 RpcEptMapper - ok
06:46:22.0102 5244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
06:46:22.0112 5244 RpcLocator - ok
06:46:22.0165 5244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
06:46:22.0217 5244 RpcSs - ok
06:46:22.0240 5244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
06:46:22.0286 5244 rspndr - ok
06:46:22.0355 5244 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
06:46:22.0387 5244 RTL8167 - ok
06:46:22.0465 5244 RTL8192Ce (f33e70e48a54a7a1bfbeeb4f3b273e4a) C:\windows\system32\DRIVERS\rtl8192Ce.sys
06:46:22.0511 5244 RTL8192Ce - ok
06:46:22.0527 5244 s3cap (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys
06:46:22.0558 5244 s3cap - ok
06:46:22.0589 5244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:22.0605 5244 SamSs - ok
06:46:22.0636 5244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
06:46:22.0652 5244 sbp2port - ok
06:46:22.0683 5244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
06:46:22.0761 5244 SCardSvr - ok
06:46:22.0808 5244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
06:46:22.0889 5244 scfilter - ok
06:46:22.0978 5244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
06:46:23.0066 5244 Schedule - ok
06:46:23.0123 5244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
06:46:23.0176 5244 SCPolicySvc - ok
06:46:23.0244 5244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
06:46:23.0273 5244 sdbus - ok
06:46:23.0321 5244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
06:46:23.0377 5244 SDRSVC - ok
06:46:23.0399 5244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
06:46:23.0443 5244 secdrv - ok
06:46:23.0467 5244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
06:46:23.0496 5244 seclogon - ok
06:46:23.0511 5244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
06:46:23.0563 5244 SENS - ok
06:46:23.0601 5244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
06:46:23.0668 5244 SensrSvc - ok
06:46:23.0696 5244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
06:46:23.0733 5244 Serenum - ok
06:46:23.0761 5244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
06:46:23.0794 5244 Serial - ok
06:46:23.0826 5244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
06:46:23.0862 5244 sermouse - ok
06:46:23.0925 5244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
06:46:23.0987 5244 SessionEnv - ok
06:46:24.0050 5244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
06:46:24.0112 5244 sffdisk - ok
06:46:24.0128 5244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
06:46:24.0159 5244 sffp_mmc - ok
06:46:24.0190 5244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
06:46:24.0221 5244 sffp_sd - ok
06:46:24.0268 5244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
06:46:24.0315 5244 sfloppy - ok
06:46:24.0377 5244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
06:46:24.0437 5244 SharedAccess - ok
06:46:24.0489 5244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
06:46:24.0544 5244 ShellHWDetection - ok
06:46:24.0565 5244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
06:46:24.0573 5244 SiSRaid2 - ok
06:46:24.0607 5244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
06:46:24.0616 5244 SiSRaid4 - ok
06:46:24.0648 5244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
06:46:24.0753 5244 Smb - ok
06:46:24.0830 5244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
06:46:24.0875 5244 SNMPTRAP - ok
06:46:24.0923 5244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
06:46:24.0946 5244 spldr - ok
06:46:24.0996 5244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
06:46:25.0044 5244 Spooler - ok
06:46:25.0218 5244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
06:46:25.0350 5244 sppsvc - ok
06:46:25.0478 5244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
06:46:25.0572 5244 sppuinotify - ok
06:46:25.0759 5244 SPUVCbv (201dd8f0f943584a857da0ae93adf2dd) C:\windows\system32\Drivers\SPUVCbv_x64.sys
06:46:25.0853 5244 SPUVCbv - ok
06:46:26.0014 5244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
06:46:26.0073 5244 srv - ok
06:46:26.0127 5244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
06:46:26.0154 5244 srv2 - ok
06:46:26.0183 5244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
06:46:26.0220 5244 srvnet - ok
06:46:26.0281 5244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
06:46:26.0367 5244 SSDPSRV - ok
06:46:26.0414 5244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
06:46:26.0471 5244 SstpSvc - ok
06:46:26.0587 5244 STacSV (0cdea5acbb69c45f642e96d81e906ccd) C:\Program Files\IDT\WDM\STacSV64.exe
06:46:26.0620 5244 STacSV - ok
06:46:26.0708 5244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
06:46:26.0733 5244 stexstor - ok
06:46:27.0048 5244 STHDA (5c8d6072d1d09f11789c6a014688048a) C:\windows\system32\DRIVERS\stwrt64.sys
06:46:27.0079 5244 STHDA - ok
06:46:27.0391 5244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
06:46:27.0469 5244 stisvc - ok
06:46:27.0500 5244 storflt (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys
06:46:27.0525 5244 storflt - ok
06:46:27.0568 5244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
06:46:27.0627 5244 StorSvc - ok
06:46:27.0663 5244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys
06:46:27.0676 5244 storvsc - ok
06:46:27.0693 5244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
06:46:27.0705 5244 swenum - ok
06:46:27.0767 5244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
06:46:27.0826 5244 swprv - ok
06:46:27.0907 5244 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\drivers\SynTP.sys
06:46:27.0958 5244 SynTP - ok
06:46:28.0147 5244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
06:46:28.0210 5244 SysMain - ok
06:46:28.0319 5244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
06:46:28.0353 5244 TabletInputService - ok
06:46:28.0388 5244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
06:46:28.0439 5244 TapiSrv - ok
06:46:28.0473 5244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
06:46:28.0499 5244 TBS - ok
06:46:28.0648 5244 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
06:46:28.0711 5244 Tcpip - ok
06:46:28.0929 5244 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
06:46:28.0991 5244 TCPIP6 - ok
06:46:29.0114 5244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
06:46:29.0184 5244 tcpipreg - ok
06:46:29.0211 5244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
06:46:29.0252 5244 TDPIPE - ok
06:46:29.0292 5244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
06:46:29.0319 5244 TDTCP - ok
06:46:29.0348 5244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
06:46:29.0410 5244 tdx - ok
06:46:29.0451 5244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
06:46:29.0474 5244 TermDD - ok
06:46:29.0552 5244 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
06:46:29.0636 5244 TermService - ok
06:46:29.0658 5244 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
06:46:29.0712 5244 Themes - ok
06:46:29.0765 5244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
06:46:29.0809 5244 THREADORDER - ok
06:46:29.0837 5244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
06:46:29.0890 5244 TrkWks - ok
06:46:29.0952 5244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
06:46:30.0042 5244 TrustedInstaller - ok
06:46:30.0077 5244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
06:46:30.0155 5244 tssecsrv - ok
06:46:30.0186 5244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
06:46:30.0249 5244 TsUsbFlt - ok
06:46:30.0280 5244 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
06:46:30.0311 5244 TsUsbGD - ok
06:46:30.0358 5244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
06:46:30.0405 5244 tunnel - ok
06:46:30.0436 5244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
06:46:30.0451 5244 uagp35 - ok
06:46:30.0627 5244 uArcCapture (d5994ab5c2b2d72d6320a7004d52617c) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
06:46:30.0650 5244 uArcCapture - ok
06:46:30.0720 5244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
06:46:30.0800 5244 udfs - ok
06:46:30.0842 5244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
06:46:30.0853 5244 UI0Detect - ok
06:46:30.0888 5244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
06:46:30.0898 5244 uliagpkx - ok
06:46:30.0908 5244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
06:46:30.0937 5244 umbus - ok
06:46:30.0981 5244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
06:46:31.0032 5244 UmPass - ok
06:46:31.0078 5244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
06:46:31.0111 5244 UmRdpService - ok
06:46:31.0331 5244 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
06:46:31.0371 5244 UNS - ok
06:46:31.0502 5244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
06:46:31.0560 5244 upnphost - ok
06:46:31.0615 5244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
06:46:31.0677 5244 usbccgp - ok
06:46:31.0724 5244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
06:46:31.0787 5244 usbcir - ok
06:46:31.0802 5244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
06:46:31.0833 5244 usbehci - ok
06:46:31.0896 5244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
06:46:31.0927 5244 usbhub - ok
06:46:31.0958 5244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
06:46:32.0005 5244 usbohci - ok
06:46:32.0052 5244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
06:46:32.0083 5244 usbprint - ok
06:46:32.0114 5244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
06:46:32.0161 5244 USBSTOR - ok
06:46:32.0194 5244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
06:46:32.0233 5244 usbuhci - ok
06:46:32.0280 5244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
06:46:32.0328 5244 usbvideo - ok
06:46:32.0365 5244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
06:46:32.0427 5244 UxSms - ok
06:46:32.0457 5244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
06:46:32.0466 5244 VaultSvc - ok
06:46:32.0682 5244 vcsFPService (41eef971dd82a3674d07f275a4def702) C:\windows\system32\vcsFPService.exe
06:46:32.0740 5244 vcsFPService - ok
06:46:32.0852 5244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
06:46:32.0878 5244 vdrvroot - ok
06:46:32.0938 5244 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
06:46:32.0996 5244 vds - ok
06:46:33.0039 5244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
06:46:33.0070 5244 vga - ok
06:46:33.0092 5244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
06:46:33.0156 5244 VgaSave - ok
06:46:33.0200 5244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
06:46:33.0231 5244 vhdmp - ok
06:46:33.0247 5244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
06:46:33.0262 5244 viaide - ok
06:46:33.0278 5244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys
06:46:33.0293 5244 vmbus - ok
06:46:33.0325 5244 VMBusHID (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys
06:46:33.0340 5244 VMBusHID - ok
06:46:33.0387 5244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
06:46:33.0418 5244 volmgr - ok
06:46:33.0465 5244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
06:46:33.0481 5244 volmgrx - ok
06:46:33.0543 5244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
06:46:33.0574 5244 volsnap - ok
06:46:33.0590 5244 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\windows\system32\drivers\vpchbus.sys
06:46:33.0605 5244 vpcbus - ok
06:46:33.0652 5244 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\windows\system32\DRIVERS\vpcnfltr.sys
06:46:33.0683 5244 vpcnfltr - ok
06:46:33.0715 5244 vpcusb (31924e31bc315773e6d149b157db46d5) C:\windows\system32\DRIVERS\vpcusb.sys
06:46:33.0765 5244 vpcusb - ok
06:46:33.0827 5244 vpcvmm (510d250a08c09850f5c78ca2011b3b62) C:\windows\system32\drivers\vpcvmm.sys
06:46:33.0856 5244 vpcvmm - ok
06:46:33.0901 5244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
06:46:33.0913 5244 vsmraid - ok
06:46:34.0012 5244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
06:46:34.0084 5244 VSS - ok
06:46:34.0202 5244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
06:46:34.0237 5244 vwifibus - ok
06:46:34.0341 5244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
06:46:34.0407 5244 vwififlt - ok
06:46:34.0452 5244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
06:46:34.0477 5244 vwifimp - ok
06:46:34.0532 5244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
06:46:34.0608 5244 W32Time - ok
06:46:34.0652 5244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
06:46:34.0694 5244 WacomPen - ok
06:46:34.0738 5244 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:46:34.0800 5244 WANARP - ok
06:46:34.0800 5244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
06:46:34.0832 5244 Wanarpv6 - ok
06:46:34.0941 5244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
06:46:34.0988 5244 WatAdminSvc - ok
06:46:35.0097 5244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
06:46:35.0175 5244 wbengine - ok
06:46:35.0318 5244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
06:46:35.0358 5244 WbioSrvc - ok
06:46:35.0383 5244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
06:46:35.0420 5244 wcncsvc - ok
06:46:35.0457 5244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
06:46:35.0523 5244 WcsPlugInService - ok
06:46:35.0584 5244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
06:46:35.0610 5244 Wd - ok
06:46:35.0679 5244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
06:46:35.0713 5244 Wdf01000 - ok
06:46:35.0746 5244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:46:35.0834 5244 WdiServiceHost - ok
06:46:35.0836 5244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
06:46:35.0849 5244 WdiSystemHost - ok
06:46:35.0886 5244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
06:46:35.0923 5244 WebClient - ok
06:46:35.0960 5244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
06:46:36.0017 5244 Wecsvc - ok
06:46:36.0056 5244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
06:46:36.0123 5244 wercplsupport - ok
06:46:36.0146 5244 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
06:46:36.0192 5244 WerSvc - ok
06:46:36.0248 5244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
06:46:36.0307 5244 WfpLwf - ok
06:46:36.0323 5244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
06:46:36.0323 5244 WIMMount - ok
06:46:36.0354 5244 WinDefend - ok
06:46:36.0370 5244 WinHttpAutoProxySvc - ok
06:46:36.0432 5244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
06:46:36.0526 5244 Winmgmt - ok
06:46:36.0666 5244 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
06:46:36.0728 5244 WinRM - ok
06:46:36.0842 5244 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
06:46:36.0873 5244 WinUSB - ok
06:46:36.0972 5244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
06:46:37.0053 5244 Wlansvc - ok
06:46:37.0281 5244 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:46:37.0343 5244 wlidsvc - ok
06:46:37.0443 5244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
06:46:37.0490 5244 WmiAcpi - ok
06:46:37.0572 5244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
06:46:37.0616 5244 wmiApSrv - ok
06:46:37.0665 5244 WMPNetworkSvc - ok
06:46:37.0691 5244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
06:46:37.0725 5244 WPCSvc - ok
06:46:37.0749 5244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
06:46:37.0780 5244 WPDBusEnum - ok
06:46:37.0807 5244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
06:46:37.0861 5244 ws2ifsl - ok
06:46:37.0892 5244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
06:46:37.0908 5244 wscsvc - ok
06:46:37.0923 5244 WSearch - ok
06:46:38.0032 5244 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
06:46:38.0126 5244 wuauserv - ok
06:46:38.0282 5244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
06:46:38.0360 5244 WudfPf - ok
06:46:38.0417 5244 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
06:46:38.0480 5244 WUDFRd - ok
06:46:38.0521 5244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
06:46:38.0547 5244 wudfsvc - ok
06:46:38.0601 5244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
06:46:38.0662 5244 WwanSvc - ok
06:46:38.0720 5244 XobniService (a35820791f940822c31908f58f91d973) C:\Program Files (x86)\Xobni\XobniService.exe
06:46:38.0740 5244 XobniService - ok
06:46:38.0791 5244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:46:38.0902 5244 \Device\Harddisk0\DR0 - ok
06:46:38.0912 5244 Boot (0x1200) (426f608e5b98faf1ccbfbb19ffd8ecd5) \Device\Harddisk0\DR0\Partition0
06:46:38.0915 5244 \Device\Harddisk0\DR0\Partition0 - ok
06:46:38.0931 5244 Boot (0x1200) (415de9c235d0b5bcfb7f4a6dabb775d2) \Device\Harddisk0\DR0\Partition1
06:46:38.0933 5244 \Device\Harddisk0\DR0\Partition1 - ok
06:46:38.0965 5244 Boot (0x1200) (34d2bb38022f8b0e2fd9340b23e127c0) \Device\Harddisk0\DR0\Partition2
06:46:38.0967 5244 \Device\Harddisk0\DR0\Partition2 - ok
06:46:38.0984 5244 Boot (0x1200) (033008fdfa50785153bcfad1c4000e11) \Device\Harddisk0\DR0\Partition3
06:46:38.0985 5244 \Device\Harddisk0\DR0\Partition3 - ok
06:46:38.0986 5244 ============================================================
06:46:38.0986 5244 Scan finished
06:46:38.0986 5244 ============================================================
06:46:39.0002 5804 Detected object count: 6
06:46:39.0003 5804 Actual detected object count: 6
06:47:06.0516 5804 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0516 5804 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:47:06.0520 5804 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0520 5804 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:47:06.0522 5804 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0523 5804 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:47:06.0524 5804 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0524 5804 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:47:06.0526 5804 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0526 5804 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:47:06.0527 5804 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:06.0527 5804 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
Alex |
|
26.04.2012, 09:29
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2012, 22:04
| #20 |
| | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Hallo, habe es jetzt erst geschafft Combofix auszuführen. Hier wäre die Logdatei Code:
ATTFilter ComboFix 12-04-28.01 - *********** 29.04.2012 11:04:37.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4030.1988 [GMT 2:00]
ausgeführt von:: c:\users\Erwin Rõuberle\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\DextUVCB.ax
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-28 bis 2012-04-29 ))))))))))))))))))))))))))))))
.
.
2012-04-29 09:10 . 2012-04-29 09:10 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-04-29 09:10 . 2012-04-29 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 08:04 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556476DA-B1AF-4F66-ABED-F65815952918}\mpengine.dll
2012-04-24 20:20 . 2012-04-24 20:20 -------- d-----w- C:\_OTL
2012-04-19 04:54 . 2012-04-19 04:54 -------- d-----w- c:\programdata\Synaptics
2012-04-18 04:25 . 2012-04-18 04:25 -------- d-----w- c:\users\***********\AppData\Local\CrashDumps
2012-04-16 04:29 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 04:29 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 04:29 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-16 04:29 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 04:29 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 04:29 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-16 04:29 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-15 19:54 . 2012-04-15 19:54 -------- d-----w- c:\program files (x86)\ESET
2012-04-01 18:07 . 2012-04-01 18:07 -------- d-----w- c:\users\***********\AppData\Roaming\Malwarebytes
2012-04-01 18:07 . 2012-04-01 18:07 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 18:07 . 2012-04-15 20:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-01 18:07 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 21:11 . 2012-03-29 19:32 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 21:11 . 2012-02-15 22:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-15 21:10 . 2012-03-29 20:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-18 09:06 . 2012-03-18 09:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 21:23 . 2012-02-23 21:23 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 19:47 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 06:36 . 2012-03-14 05:38 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:38 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 17:38 . 2012-01-31 17:38 3120 ----a-w- c:\windows\SysWow64\drivers\wdfjibi.sys
2012-01-31 07:56 . 2012-02-15 21:04 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 07:56 . 2012-02-15 21:04 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-10 169528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***********\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-05-09 464440]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-31 1028096]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:11]
.
2012-04-29 c:\windows\Tasks\HPCeeScheduleFor***********.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-24 c:\windows\Tasks\HPCeeScheduleForSCHLEPPI$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\***********\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-16 21709904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"combofix"="c:\combofix\CF20832.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-29 11:23:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-29 09:23
.
Vor Suchlauf: 13 Verzeichnis(se), 190.568.488.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 189.982.425.088 Bytes frei
.
- - End Of File - - 89AC5488D1B253A4FA00B7B6B344D202
|
|
30.04.2012, 12:41
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer |
|
03.05.2012, 06:01
| #22 |
| | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Jetzt habe ich es endlich geschafft das Tool auszuführen. Hier ist der Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-03 06:38:26
-----------------------------
06:38:26.296 OS Version: Windows x64 6.1.7601 Service Pack 1
06:38:26.296 Number of processors: 4 586 0x2A07
06:38:26.296 ComputerName: SCHLEPPI UserName:
06:38:27.263 Initialize success
06:41:00.201 AVAST engine defs: 12050201
06:41:46.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:41:46.692 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
06:41:46.708 Disk 0 MBR read successfully
06:41:46.708 Disk 0 MBR scan
06:41:46.723 Disk 0 Windows 7 default MBR code
06:41:46.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
06:41:46.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 281682 MB offset 616448
06:41:46.786 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18139 MB offset 577501184
06:41:46.833 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 614649856
06:41:46.895 Disk 0 scanning C:\windows\system32\drivers
06:41:58.533 Service scanning
06:42:33.648 Modules scanning
06:42:33.664 Disk 0 trace - called modules:
06:42:33.711 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
06:42:33.726 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d5a060]
06:42:33.726 3 CLASSPNP.SYS[fffff88001b9143f] -> nt!IofCallDriver -> [0xfffffa8004c1fb10]
06:42:33.742 5 hpdskflt.sys[fffff88001b38361] -> nt!IofCallDriver -> [0xfffffa8004b34e40]
06:42:33.742 7 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b33050]
06:42:34.600 AVAST engine scan C:\windows
06:42:37.891 AVAST engine scan C:\windows\system32
06:45:21.118 AVAST engine scan C:\windows\system32\drivers
06:45:37.863 AVAST engine scan C:\Users\**********
06:52:01.588 AVAST engine scan C:\ProgramData
06:54:22.540 Scan finished successfully
06:58:08.718 Disk 0 MBR has been saved successfully to "C:\Users\**********\Desktop\MBR.dat"
06:58:08.733 The log file has been saved successfully to "C:\Users\**********\Desktop\aswMBR.txt"
|
|
03.05.2012, 14:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 21:29
| #24 |
| | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Mein Laptop war wieder fleißig, hier sind die Logs: Hier von SASW: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/04/2012 at 10:12 PM
Application Version : 5.0.1148
Core Rules Database Version : 8557
Trace Rules Database Version: 6369
Scan type : Complete Scan
Total Scan Time : 01:47:51
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 930
Memory threats detected : 0
Registry items scanned : 68892
Registry threats detected : 0
File items scanned : 215662
File threats detected : 100
Adware.Tracking Cookie
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\E4DYT51D.txt [ /zanox.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\PF6XA3OM.txt [ /tracking.quisma.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\PGGXZM9A.txt [ /smartadserver.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\HY2W25IK.txt [ /mediaplex.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\5BKK66OO.txt [ /trackalyzer.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\O2VT90RL.txt [ /c.atdmt.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\D6Y3NA38.txt [ /apmebf.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\DM3OJH4C.txt [ /fastclick.net ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\JGWIHH00.txt [ /doubleclick.net ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\LE0QQFG3.txt [ /stats.manticoretechnology.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\WX0LOLWY.txt [ /ad.zanox.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\UV4QYBTH.txt [ /t2.trackalyzer.com ]
C:\Users\***************\AppData\Roaming\Microsoft\Windows\Cookies\KKJJGUKN.txt [ /atdmt.com ]
C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJ1C0IN2.txt [ Cookie:***************@ad3.adfarm1.adition.com/ ]
C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\JK9PWOZM.txt [ Cookie:***************@c.atdmt.com/ ]
C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\813X2UM8.txt [ Cookie:***************@doubleclick.net/ ]
C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWX39ID6.txt [ Cookie:***************@adfarm1.adition.com/ ]
C:\USERS\***************\AppData\Roaming\Microsoft\Windows\Cookies\Low\7E5I3EQW.txt [ Cookie:***************@atdmt.com/ ]
C:\USERS\***************\Cookies\PGGXZM9A.txt [ Cookie:***************@smartadserver.com/ ]
C:\USERS\***************\Cookies\HY2W25IK.txt [ Cookie:***************@mediaplex.com/ ]
C:\USERS\***************\Cookies\O2VT90RL.txt [ Cookie:***************@c.atdmt.com/ ]
C:\USERS\***************\Cookies\JGWIHH00.txt [ Cookie:***************@doubleclick.net/ ]
C:\USERS\***************\Cookies\WX0LOLWY.txt [ Cookie:***************@ad.zanox.com/ ]
C:\USERS\***************\Cookies\UV4QYBTH.txt [ Cookie:***************@t2.trackalyzer.com/ ]
C:\USERS\***************\Cookies\KKJJGUKN.txt [ Cookie:***************@atdmt.com/ ]
.doubleclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.mobile.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.autoscout24.112.2o7.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
partners.webmasterplan.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\***************\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-ModBot
C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM
und hier der von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***************** :: SCHLEPPI [Administrator] Schutz: Aktiviert 04.05.2012 06:52:42 mbam-log-2012-05-04 (06-52-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 391963 Laufzeit: 1 Stunde(n), 4 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.05.2012, 21:48
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Sieht ok aus, da wurden nur Cookies gefunden. C:\WINDOWS\HEWLETT-PACKARD\VIDEOMEM32.UDM ist ein Fehlalarm. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2012, 19:17
| #26 |
| | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Hallo Arne, ich kann gerade nichts außergewöhnliches an meinem System feststellen, und gehe davon aus, daß nun alles beseitigt ist, nachdem auch alle Tools nichts mehr gefunden haben. Ich war mir nur am Anfang unsicher, ob sich nicht noch irgendwas verstecktes rumtreibt. Danke auch für die Tips mit den Cookies. Im großen und ganzen bin ich im Internet eher vorsichtig unterwegs. Habe früher mal Backend Programmierung gemacht und weiß daher im Wesentlichen über die Gefahren Bescheid, allerdings habe ich mich in den letzten Jahren eher als User betätigt und bin nicht mehr so in der Materie drin. Mein neues Laptop hat auch so einen HP Quickweb Linux System, daß ich hauptsächlich zum "wilden Surfen" benutze. Dieser Trojaner war in den letzten 12 Jahren mein erster Befall mit Folgen. Was ich noch loswerden muss: Ich finde das was ihr hier in dem Forum macht echt super, habe es auch schon weiterempfohlen. Und ich danke Dir tausendmal für deinen Support in den letzten Wochen. Ich hoffe, daß wir jetzt alles ausgemerzt haben, und ich Deine Hilfe in nächster Zeit nicht mehr benötige. Beste Grüße Alex |
|
06.05.2012, 19:38
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer |
| 0x00000001, 7-zip, antivirus, autorun, avira, backdoor.agent.rcgen, bho, bingbar, browser, dateisystem, desktop, diner dash, error, excel, failed, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, igdpmd64.sys, install.exe, js/agent.nez, logfile, mozilla thunderbird, plug-in, realtek, registry, rundll, searchscopes, security, software, trojaner, usb 3.0, version=1.0, windows |
Linear-Darstellung
