| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2012, 14:41
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2012, 15:01
| #17 |
 | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? So, bin wieder da...
__________________Code:
ATTFilter OTL logfile created on: 29.05.2012 12:40:28 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Benutzer\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.42% Memory free 3.98 Gb Paging File | 2.60 Gb Available in Paging File | 65.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.69 Gb Total Space | 7.74 Gb Free Space | 6.93% Space Free | Partition Type: NTFS Computer Name: Benutzer-PC | User Name: Benutzer| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.29 12:34:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.20 12:31:17 | 001,005,056 | ---- | M] (Swiss International Airlines) -- C:\Users\Benutzer\AppData\Local\Apps\2.0\A6YYZV7L.28E\W9R11LGZ.4T4\swis..tion_0c581f7c10d77799_0001.0000_5702398fa69462f7\Swiss.CLO.Hub.exe PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.09.22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012.05.12 09:20:43 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9c2da5bc8e93845d80dc6768efa78de7\System.Web.Services.ni.dll MOD - [2012.05.12 09:20:37 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll MOD - [2012.05.12 09:20:36 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll MOD - [2012.05.12 09:20:35 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll MOD - [2012.05.12 09:20:34 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll MOD - [2012.05.12 09:20:31 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll MOD - [2012.05.12 09:20:02 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll MOD - [2012.05.12 09:19:53 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\31df9a0b86a3259cb02bbe741e501b85\System.Data.Entity.ni.dll MOD - [2012.05.12 09:18:36 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\bc5bf4e71af4c7689ffed22f5187d922\System.Data.DataSetExtensions.ni.dll MOD - [2012.05.12 09:18:12 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\edfac26fdb2ed44310e9f22665a1ef95\System.Deployment.ni.dll MOD - [2012.05.12 09:18:07 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012.05.12 09:18:07 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.12 09:18:06 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012.05.12 09:18:05 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll MOD - [2012.05.12 09:18:04 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll MOD - [2012.05.12 09:18:03 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012.05.12 09:17:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012.05.12 09:17:46 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll MOD - [2012.05.12 05:48:06 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll MOD - [2012.05.12 05:47:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll MOD - [2012.05.12 05:47:35 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll MOD - [2012.05.12 05:47:34 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 05:43:44 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012.05.12 05:43:37 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\dcf415181fba99d99ec87eefdf082864\System.ComponentModel.Composition.ni.dll MOD - [2012.05.12 05:43:34 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll MOD - [2012.05.12 05:43:23 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll MOD - [2012.05.12 05:43:18 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll MOD - [2012.05.12 05:43:16 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012.05.12 05:43:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012.05.12 05:43:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012.05.12 05:43:06 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012.05.12 05:43:00 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll MOD - [2012.05.12 05:42:58 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.05.10 16:40:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ucwncwif.sys -- (ucwncwif) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.05.11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC) DRV - [2007.05.11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.05.11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.unhooked.ch/2008/spotguide/ IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 A0 EF 2D 22 0F CC 01 [binary data] IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes,DefaultScope = {C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745} IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=de_CH&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=859de00d-5391-4a9e-b1ec-6b23fd964022&apn_sauid=27C05271-8B6A-402F-B882-D66C7614CFA0 IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2011.05.13 08:59:32 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 192.168.1.4 NPI89FFA4 O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrewLink Offline HUB.appref-ms () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE089F1A-8C43-4782-A157-BCC483F47148}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SMPCHelper - SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: tvnserver - SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.29 12:34:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Bachmann\Desktop\OTL.exe [2012.05.29 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Local\AskToolbar [2012.05.27 10:08:38 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Avira [2012.05.27 10:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.27 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.05.27 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Local\APN [2012.05.27 10:00:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.05.27 10:00:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.05.27 10:00:40 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.27 10:00:40 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.27 09:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.27 09:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.05.27 09:17:27 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mark Bachmann\Desktop\unhide.exe [2012.05.26 11:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\ShowMyPCService [2012.05.26 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShowMyPC [2012.05.24 10:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.23 16:14:28 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Malwarebytes [2012.05.23 16:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.23 16:14:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.23 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.23 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.23 16:12:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mark Bachmann\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.22 06:19:16 | 000,000,000 | ---D | C] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.05.02 15:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.02 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.02 15:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.05.14 14:07:28 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.29 12:34:46 | 000,014,640 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 12:34:46 | 000,014,640 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 12:34:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Bachmann\Desktop\OTL.exe [2012.05.29 12:31:15 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.29 12:31:15 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.29 12:31:15 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.29 12:31:15 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.29 12:25:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.29 12:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.29 12:24:00 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2012.05.27 10:02:48 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.27 09:17:27 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mark Bachmann\Desktop\unhide.exe [2012.05.26 10:57:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 18:53:09 | 000,000,168 | ---- | M] () -- C:\ProgramData\-dEALrSvqaxGNSnr [2012.05.23 18:53:09 | 000,000,000 | ---- | M] () -- C:\ProgramData\-dEALrSvqaxGNSn [2012.05.23 18:52:17 | 000,000,256 | ---- | M] () -- C:\ProgramData\dEALrSvqaxGNSn [2012.05.23 16:14:23 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.23 16:13:35 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mark Bachmann\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.22 16:33:36 | 000,050,477 | ---- | M] () -- C:\Users\Mark Bachmann\Desktop\Defogger.exe [2012.05.22 15:00:20 | 000,000,000 | ---- | M] () -- C:\Users\Mark Bachmann\defogger_reenable [2012.05.22 06:33:02 | 000,000,152 | ---- | M] () -- C:\ProgramData\-qy1qQi4MEWM1jtr [2012.05.22 06:33:02 | 000,000,000 | ---- | M] () -- C:\ProgramData\-qy1qQi4MEWM1jt [2012.05.22 06:29:14 | 000,000,256 | ---- | M] () -- C:\ProgramData\qy1qQi4MEWM1jt [2012.05.18 11:12:58 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.12 08:35:21 | 000,481,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.02 15:19:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.27 10:02:48 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.27 09:34:28 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.05.27 09:34:28 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.27 09:34:28 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2011.lnk [2012.05.27 09:34:28 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\CLX.PayMaker.lnk [2012.05.27 09:34:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.27 09:34:28 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.05.27 09:34:28 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\TuneAid.lnk [2012.05.27 09:34:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk [2012.05.27 09:34:28 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2010.lnk [2012.05.27 09:34:28 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.05.27 09:34:27 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.05.27 09:34:27 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.27 09:34:27 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.05.27 09:34:27 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.05.27 09:34:27 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.05.27 09:34:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.05.27 09:34:27 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.05.27 09:34:27 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.05.27 09:34:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.05.27 09:34:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.05.27 09:34:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.23 18:54:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.23 18:53:09 | 000,000,168 | ---- | C] () -- C:\ProgramData\-dEALrSvqaxGNSnr [2012.05.23 18:53:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\-dEALrSvqaxGNSn [2012.05.23 18:52:17 | 000,000,256 | ---- | C] () -- C:\ProgramData\dEALrSvqaxGNSn [2012.05.22 16:33:36 | 000,050,477 | ---- | C] () -- C:\Users\Mark Bachmann\Desktop\Defogger.exe [2012.05.22 15:00:20 | 000,000,000 | ---- | C] () -- C:\Users\Mark Bachmann\defogger_reenable [2012.05.22 06:33:02 | 000,000,152 | ---- | C] () -- C:\ProgramData\-qy1qQi4MEWM1jtr [2012.05.22 06:33:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qy1qQi4MEWM1jt [2012.05.22 06:19:14 | 000,000,256 | ---- | C] () -- C:\ProgramData\qy1qQi4MEWM1jt [2012.02.11 17:03:49 | 000,007,625 | ---- | C] () -- C:\Users\Mark Bachmann\AppData\Local\Resmon.ResmonCfg [2012.01.12 15:55:34 | 000,002,247 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.08.01 13:09:38 | 000,003,584 | ---- | C] () -- C:\Users\Mark Bachmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.05 10:29:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.13 09:01:45 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2011.05.13 09:01:45 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2011.05.13 08:59:13 | 000,000,190 | ---- | C] () -- C:\Windows\System32\AddPort.ini [2011.05.13 08:57:52 | 000,000,739 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2011.05.13 08:54:06 | 000,199,121 | ---- | C] () -- C:\Windows\hppins11.dat [2011.05.13 08:54:06 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat [2011.05.13 08:53:06 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat [2011.05.10 16:28:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.05.10 15:48:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll ========== LOP Check ========== [2012.03.05 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\.Kanton ZH [2011.07.27 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Acoustica [2011.12.11 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\bookfactory.ch [2012.03.05 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Information Factory [2011.07.27 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\SynthMaker [2011.05.16 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\TuneAid [2011.12.09 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\uTorrent [2011.05.16 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,022,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.05 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\.Kanton ZH [2011.07.27 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Acoustica [2011.05.10 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Adobe [2012.03.06 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Apple Computer [2012.05.27 10:08:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Avira [2011.12.11 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\bookfactory.ch [2011.05.10 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Identities [2012.03.05 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Information Factory [2011.08.07 08:42:02 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\InstallShield [2011.05.11 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Macromedia [2012.05.23 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Media Center Programs [2011.07.05 21:49:49 | 000,000,000 | --SD | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Microsoft [2012.04.17 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Mozilla [2011.10.26 14:31:41 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\Skype [2011.07.27 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\SynthMaker [2011.05.16 22:57:33 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\TuneAid [2011.12.09 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\uTorrent [2011.05.16 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Bachmann\AppData\Roaming\WindSolutions < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.10 16:52:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.05.10 16:52:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Ganz schön lang das Log... Gruss Mark |
|
30.05.2012, 08:17
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=de_CH&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=859de00d-5391-4a9e-b1ec-6b23fd964022&apn_sauid=27C05271-8B6A-402F-B882-D66C7614CFA0
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2895716680-826352517-3616735052-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Programme\Ask.com
C:\Users\Mark Bachmann\AppData\Local\AskToolbar
C:\ProgramData\-dEALrSvqaxGNSnr
C:\ProgramData\-dEALrSvqaxGNSn
C:\ProgramData\dEALrSvqaxGNSn
C:\ProgramData\-qy1qQi4MEWM1jtr
C:\ProgramData\-qy1qQi4MEWM1jt
C:\ProgramData\qy1qQi4MEWM1jt
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
30.05.2012, 10:55
| #19 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Log nach dem OTL fix: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C28335C3-CFCA-4AC9-AF33-F9DEF9D1B745}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2895716680-826352517-3616735052-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Users\Mark Bachmann\AppData\Local\AskToolbar folder moved successfully.
C:\ProgramData\-dEALrSvqaxGNSnr moved successfully.
C:\ProgramData\-dEALrSvqaxGNSn moved successfully.
C:\ProgramData\dEALrSvqaxGNSn moved successfully.
C:\ProgramData\-qy1qQi4MEWM1jtr moved successfully.
C:\ProgramData\-qy1qQi4MEWM1jt moved successfully.
C:\ProgramData\qy1qQi4MEWM1jt moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mark Bachmann
->Temp folder emptied: 784477271 bytes
->Temporary Internet Files folder emptied: 373832676 bytes
->Java cache emptied: 5025522 bytes
->Flash cache emptied: 2668 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1239040 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115191996 bytes
RecycleBin emptied: 3871422807 bytes
Total Files Cleaned = 4'913.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Mark Bachmann
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.44.0 log created on 05302012_113606
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
30.05.2012, 11:55
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 12:28
| #21 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Alles mit Skip behalndelt, hier das Log Code:
ATTFilter 13:22:22.0812 5700 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
13:22:23.0031 5700 ============================================================
13:22:23.0031 5700 Current date / time: 2012/05/30 13:22:23.0031
13:22:23.0031 5700 SystemInfo:
13:22:23.0031 5700
13:22:23.0031 5700 OS Version: 6.1.7601 ServicePack: 1.0
13:22:23.0031 5700 Product type: Workstation
13:22:23.0031 5700 ComputerName: MARKBACHMANN-PC
13:22:23.0031 5700 UserName: Mark Bachmann
13:22:23.0031 5700 Windows directory: C:\Windows
13:22:23.0031 5700 System windows directory: C:\Windows
13:22:23.0031 5700 Processor architecture: Intel x86
13:22:23.0031 5700 Number of processors: 2
13:22:23.0031 5700 Page size: 0x1000
13:22:23.0031 5700 Boot type: Normal boot
13:22:23.0031 5700 ============================================================
13:22:24.0903 5700 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:24.0903 5700 ============================================================
13:22:24.0903 5700 \Device\Harddisk0\DR0:
13:22:24.0903 5700 MBR partitions:
13:22:24.0903 5700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:22:24.0903 5700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:22:24.0903 5700 ============================================================
13:22:24.0918 5700 C: <-> \Device\Harddisk0\DR0\Partition1
13:22:24.0918 5700 ============================================================
13:22:24.0918 5700 Initialize success
13:22:24.0918 5700 ============================================================
13:24:08.0980 3728 ============================================================
13:24:08.0980 3728 Scan started
13:24:08.0980 3728 Mode: Manual; SigCheck; TDLFS;
13:24:08.0980 3728 ============================================================
13:24:11.0133 3728 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:24:11.0289 3728 1394ohci - ok
13:24:11.0320 3728 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:24:11.0336 3728 Accelerometer - ok
13:24:11.0398 3728 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:24:11.0445 3728 ACPI - ok
13:24:11.0508 3728 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:24:11.0617 3728 AcpiPmi - ok
13:24:11.0726 3728 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
13:24:11.0820 3728 ADIHdAudAddService - ok
13:24:11.0898 3728 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:24:11.0929 3728 adp94xx - ok
13:24:11.0960 3728 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:24:11.0976 3728 adpahci - ok
13:24:12.0007 3728 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:24:12.0022 3728 adpu320 - ok
13:24:12.0069 3728 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
13:24:12.0100 3728 AEADIFilters - ok
13:24:12.0132 3728 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:24:12.0163 3728 AeLookupSvc - ok
13:24:12.0256 3728 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:24:12.0334 3728 AFD - ok
13:24:12.0428 3728 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
13:24:12.0490 3728 AgereSoftModem - ok
13:24:12.0553 3728 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:24:12.0584 3728 agp440 - ok
13:24:12.0615 3728 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:24:12.0631 3728 aic78xx - ok
13:24:12.0678 3728 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:24:12.0756 3728 ALG - ok
13:24:12.0834 3728 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:24:12.0865 3728 aliide - ok
13:24:12.0880 3728 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:24:12.0896 3728 amdagp - ok
13:24:12.0912 3728 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:24:12.0927 3728 amdide - ok
13:24:12.0958 3728 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:24:13.0005 3728 AmdK8 - ok
13:24:13.0005 3728 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:24:13.0036 3728 AmdPPM - ok
13:24:13.0114 3728 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:24:13.0146 3728 amdsata - ok
13:24:13.0177 3728 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:24:13.0192 3728 amdsbs - ok
13:24:13.0208 3728 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:24:13.0224 3728 amdxata - ok
13:24:13.0333 3728 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:24:13.0364 3728 AntiVirSchedulerService - ok
13:24:13.0411 3728 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:24:13.0442 3728 AntiVirService - ok
13:24:13.0473 3728 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:24:13.0504 3728 AntiVirWebService - ok
13:24:13.0551 3728 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:24:13.0692 3728 AppID - ok
13:24:13.0738 3728 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:24:13.0801 3728 AppIDSvc - ok
13:24:13.0832 3728 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:24:13.0894 3728 Appinfo - ok
13:24:13.0988 3728 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:14.0004 3728 Apple Mobile Device - ok
13:24:14.0082 3728 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:24:14.0144 3728 AppMgmt - ok
13:24:14.0191 3728 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:24:14.0222 3728 arc - ok
13:24:14.0238 3728 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:24:14.0253 3728 arcsas - ok
13:24:14.0284 3728 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:14.0472 3728 AsyncMac - ok
13:24:14.0518 3728 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:24:14.0534 3728 atapi - ok
13:24:14.0596 3728 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
13:24:14.0643 3728 ATSwpWDF - ok
13:24:14.0721 3728 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:24:14.0768 3728 AudioEndpointBuilder - ok
13:24:14.0784 3728 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:24:14.0815 3728 Audiosrv - ok
13:24:14.0862 3728 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:24:14.0893 3728 avgntflt - ok
13:24:14.0924 3728 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:24:14.0940 3728 avipbb - ok
13:24:14.0971 3728 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
13:24:14.0986 3728 avkmgr - ok
13:24:15.0033 3728 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:24:15.0111 3728 AxInstSV - ok
13:24:15.0174 3728 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:24:15.0220 3728 b06bdrv - ok
13:24:15.0252 3728 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:24:15.0283 3728 b57nd60x - ok
13:24:15.0330 3728 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:24:15.0376 3728 BDESVC - ok
13:24:15.0423 3728 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:24:15.0486 3728 Beep - ok
13:24:16.0406 3728 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:24:16.0515 3728 BFE - ok
13:24:16.0624 3728 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:24:16.0702 3728 BITS - ok
13:24:16.0702 3728 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:24:16.0734 3728 blbdrive - ok
13:24:16.0936 3728 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:24:16.0952 3728 Bonjour Service - ok
13:24:16.0999 3728 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:24:17.0030 3728 bowser - ok
13:24:17.0092 3728 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:24:17.0170 3728 BrFiltLo - ok
13:24:17.0186 3728 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:24:17.0248 3728 BrFiltUp - ok
13:24:17.0311 3728 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:24:17.0404 3728 Browser - ok
13:24:17.0467 3728 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:24:17.0545 3728 Brserid - ok
13:24:17.0654 3728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:24:17.0701 3728 BrSerWdm - ok
13:24:17.0732 3728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:24:17.0763 3728 BrUsbMdm - ok
13:24:17.0779 3728 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:24:17.0841 3728 BrUsbSer - ok
13:24:17.0935 3728 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:24:18.0028 3728 BthEnum - ok
13:24:18.0044 3728 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:24:18.0075 3728 BTHMODEM - ok
13:24:18.0106 3728 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:24:18.0138 3728 BthPan - ok
13:24:18.0200 3728 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:24:18.0231 3728 BTHPORT - ok
13:24:18.0278 3728 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:24:18.0325 3728 bthserv - ok
13:24:18.0356 3728 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:24:18.0372 3728 BTHUSB - ok
13:24:18.0418 3728 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:24:18.0481 3728 cdfs - ok
13:24:18.0574 3728 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:24:18.0606 3728 cdrom - ok
13:24:18.0715 3728 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:24:18.0793 3728 CertPropSvc - ok
13:24:18.0808 3728 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:24:18.0824 3728 circlass - ok
13:24:18.0871 3728 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:24:18.0886 3728 CLFS - ok
13:24:18.0964 3728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:18.0996 3728 clr_optimization_v2.0.50727_32 - ok
13:24:19.0089 3728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:19.0136 3728 clr_optimization_v4.0.30319_32 - ok
13:24:19.0167 3728 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:19.0183 3728 CmBatt - ok
13:24:19.0214 3728 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:24:19.0230 3728 cmdide - ok
13:24:19.0308 3728 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:24:19.0370 3728 CNG - ok
13:24:19.0386 3728 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:24:19.0401 3728 Compbatt - ok
13:24:19.0479 3728 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:24:19.0542 3728 CompositeBus - ok
13:24:19.0557 3728 COMSysApp - ok
13:24:19.0588 3728 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:24:19.0604 3728 crcdisk - ok
13:24:19.0666 3728 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:24:19.0729 3728 CryptSvc - ok
13:24:19.0791 3728 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:24:19.0869 3728 CSC - ok
13:24:19.0900 3728 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:24:19.0947 3728 CscService - ok
13:24:19.0978 3728 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:24:20.0025 3728 DcomLaunch - ok
13:24:20.0056 3728 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:24:20.0103 3728 defragsvc - ok
13:24:20.0181 3728 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:24:20.0228 3728 DfsC - ok
13:24:20.0290 3728 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:24:20.0384 3728 Dhcp - ok
13:24:20.0400 3728 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:24:20.0446 3728 discache - ok
13:24:20.0524 3728 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:24:20.0571 3728 Disk - ok
13:24:20.0602 3728 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:24:20.0634 3728 Dnscache - ok
13:24:20.0696 3728 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:24:20.0727 3728 dot3svc - ok
13:24:20.0790 3728 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:24:20.0868 3728 DPS - ok
13:24:20.0899 3728 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:24:20.0930 3728 drmkaud - ok
13:24:20.0992 3728 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:24:21.0024 3728 DXGKrnl - ok
13:24:21.0055 3728 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:24:21.0102 3728 EapHost - ok
13:24:21.0289 3728 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:24:21.0382 3728 ebdrv - ok
13:24:21.0570 3728 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:24:21.0616 3728 EFS - ok
13:24:21.0741 3728 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:24:21.0819 3728 ehRecvr - ok
13:24:21.0850 3728 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:24:21.0913 3728 ehSched - ok
13:24:21.0991 3728 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:24:22.0038 3728 elxstor - ok
13:24:22.0084 3728 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:24:22.0116 3728 ErrDev - ok
13:24:22.0162 3728 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:24:22.0209 3728 EventSystem - ok
13:24:22.0240 3728 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:24:22.0287 3728 exfat - ok
13:24:22.0318 3728 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:24:22.0350 3728 fastfat - ok
13:24:22.0428 3728 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:24:22.0506 3728 Fax - ok
13:24:22.0537 3728 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:24:22.0568 3728 fdc - ok
13:24:22.0599 3728 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:24:22.0630 3728 fdPHost - ok
13:24:22.0646 3728 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:24:22.0693 3728 FDResPub - ok
13:24:22.0708 3728 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:24:22.0724 3728 FileInfo - ok
13:24:22.0740 3728 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:24:22.0786 3728 Filetrace - ok
13:24:22.0802 3728 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:22.0818 3728 flpydisk - ok
13:24:22.0864 3728 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:24:22.0880 3728 FltMgr - ok
13:24:22.0942 3728 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:24:22.0974 3728 FontCache - ok
13:24:23.0052 3728 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:23.0083 3728 FontCache3.0.0.0 - ok
13:24:23.0098 3728 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:24:23.0114 3728 FsDepends - ok
13:24:23.0161 3728 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:24:23.0176 3728 Fs_Rec - ok
13:24:23.0239 3728 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:24:23.0270 3728 fvevol - ok
13:24:23.0301 3728 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:24:23.0317 3728 gagp30kx - ok
13:24:23.0348 3728 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:24:23.0364 3728 GEARAspiWDM - ok
13:24:23.0442 3728 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:24:23.0488 3728 gpsvc - ok
13:24:23.0598 3728 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:23.0629 3728 gupdate - ok
13:24:23.0629 3728 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:23.0644 3728 gupdatem - ok
13:24:23.0676 3728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:23.0691 3728 gusvc - ok
13:24:23.0722 3728 HBtnKey (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys
13:24:23.0738 3728 HBtnKey - ok
13:24:23.0769 3728 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:24:23.0816 3728 hcw85cir - ok
13:24:23.0878 3728 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:24:23.0910 3728 HdAudAddService - ok
13:24:23.0941 3728 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:24:23.0972 3728 HDAudBus - ok
13:24:23.0972 3728 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:24:23.0988 3728 HidBatt - ok
13:24:24.0019 3728 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:24:24.0050 3728 HidBth - ok
13:24:24.0081 3728 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:24:24.0097 3728 HidIr - ok
13:24:24.0128 3728 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:24:24.0175 3728 hidserv - ok
13:24:24.0237 3728 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:24:24.0268 3728 HidUsb - ok
13:24:24.0315 3728 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:24:24.0362 3728 hkmsvc - ok
13:24:24.0409 3728 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:24:24.0471 3728 HomeGroupListener - ok
13:24:24.0534 3728 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:24:24.0596 3728 HomeGroupProvider - ok
13:24:24.0643 3728 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:24:24.0643 3728 hpdskflt - ok
13:24:24.0783 3728 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:24:24.0814 3728 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:24:24.0814 3728 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:24:24.0846 3728 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:24:24.0861 3728 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:24:24.0861 3728 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:24:24.0924 3728 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:24:24.0939 3728 HpSAMD - ok
13:24:24.0939 3728 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
13:24:24.0955 3728 hpsrv - ok
13:24:25.0048 3728 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:24:25.0080 3728 HTTP - ok
13:24:25.0142 3728 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:24:25.0142 3728 hwpolicy - ok
13:24:25.0204 3728 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:24:25.0251 3728 i8042prt - ok
13:24:25.0329 3728 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:24:25.0360 3728 iaStorV - ok
13:24:25.0548 3728 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:25.0594 3728 idsvc - ok
13:24:25.0875 3728 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:24:26.0000 3728 igfx - ok
13:24:26.0140 3728 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:24:26.0172 3728 iirsp - ok
13:24:26.0250 3728 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:24:26.0312 3728 IKEEXT - ok
13:24:26.0374 3728 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:24:26.0406 3728 intelide - ok
13:24:26.0421 3728 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:24:26.0437 3728 intelppm - ok
13:24:26.0484 3728 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:24:26.0530 3728 IPBusEnum - ok
13:24:26.0562 3728 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:26.0624 3728 IpFilterDriver - ok
13:24:26.0702 3728 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:24:26.0764 3728 iphlpsvc - ok
13:24:26.0811 3728 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:24:26.0858 3728 IPMIDRV - ok
13:24:26.0874 3728 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:24:26.0920 3728 IPNAT - ok
13:24:27.0045 3728 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:24:27.0076 3728 iPod Service - ok
13:24:27.0108 3728 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:24:27.0186 3728 IRENUM - ok
13:24:27.0248 3728 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:24:27.0279 3728 isapnp - ok
13:24:27.0342 3728 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:24:27.0373 3728 iScsiPrt - ok
13:24:27.0420 3728 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:24:27.0435 3728 kbdclass - ok
13:24:27.0466 3728 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:24:27.0482 3728 kbdhid - ok
13:24:27.0529 3728 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:27.0560 3728 KeyIso - ok
13:24:27.0576 3728 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:24:27.0591 3728 KSecDD - ok
13:24:27.0638 3728 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:24:27.0654 3728 KSecPkg - ok
13:24:27.0700 3728 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:24:27.0747 3728 KtmRm - ok
13:24:27.0810 3728 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:24:27.0856 3728 LanmanServer - ok
13:24:27.0903 3728 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:24:27.0966 3728 LanmanWorkstation - ok
13:24:28.0012 3728 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:28.0075 3728 lltdio - ok
13:24:28.0106 3728 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:24:28.0153 3728 lltdsvc - ok
13:24:28.0168 3728 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:24:28.0200 3728 lmhosts - ok
13:24:28.0231 3728 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:24:28.0246 3728 LSI_FC - ok
13:24:28.0262 3728 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:24:28.0278 3728 LSI_SAS - ok
13:24:28.0278 3728 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:24:28.0293 3728 LSI_SAS2 - ok
13:24:28.0309 3728 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:24:28.0324 3728 LSI_SCSI - ok
13:24:28.0340 3728 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:24:28.0371 3728 luafv - ok
13:24:28.0558 3728 lvpopflt (b0456b8a332135c1216ff2374b584161) C:\Windows\system32\DRIVERS\lvpopflt.sys
13:24:28.0621 3728 lvpopflt - ok
13:24:28.0808 3728 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys
13:24:28.0824 3728 LVUSBSta - ok
13:24:29.0011 3728 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys
13:24:29.0104 3728 LVUVC - ok
13:24:29.0276 3728 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:24:29.0307 3728 MBAMProtector - ok
13:24:29.0432 3728 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:29.0479 3728 MBAMService - ok
13:24:29.0541 3728 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:24:29.0572 3728 Mcx2Svc - ok
13:24:29.0604 3728 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:24:29.0619 3728 megasas - ok
13:24:29.0666 3728 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:24:29.0682 3728 MegaSR - ok
13:24:29.0728 3728 Microsoft SharePoint Workspace Audit Service - ok
13:24:29.0760 3728 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:24:29.0806 3728 MMCSS - ok
13:24:29.0822 3728 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:24:29.0869 3728 Modem - ok
13:24:29.0916 3728 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:24:29.0931 3728 monitor - ok
13:24:29.0994 3728 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:24:30.0040 3728 mouclass - ok
13:24:30.0072 3728 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:30.0103 3728 mouhid - ok
13:24:30.0150 3728 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:24:30.0165 3728 mountmgr - ok
13:24:30.0228 3728 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:24:30.0259 3728 mpio - ok
13:24:30.0274 3728 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:24:30.0306 3728 mpsdrv - ok
13:24:30.0384 3728 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:24:30.0462 3728 MpsSvc - ok
13:24:30.0508 3728 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:24:30.0524 3728 MRxDAV - ok
13:24:30.0586 3728 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:30.0664 3728 mrxsmb - ok
13:24:30.0727 3728 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:30.0789 3728 mrxsmb10 - ok
13:24:30.0805 3728 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:30.0836 3728 mrxsmb20 - ok
13:24:30.0883 3728 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:24:30.0914 3728 msahci - ok
13:24:30.0976 3728 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:24:31.0008 3728 msdsm - ok
13:24:31.0039 3728 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:24:31.0070 3728 MSDTC - ok
13:24:31.0101 3728 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:24:31.0132 3728 Msfs - ok
13:24:31.0148 3728 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:24:31.0179 3728 mshidkmdf - ok
13:24:31.0179 3728 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:24:31.0195 3728 msisadrv - ok
13:24:31.0226 3728 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:24:31.0273 3728 MSiSCSI - ok
13:24:31.0273 3728 msiserver - ok
13:24:31.0304 3728 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:31.0367 3728 MSKSSRV - ok
13:24:31.0398 3728 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:31.0429 3728 MSPCLOCK - ok
13:24:31.0445 3728 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:24:31.0476 3728 MSPQM - ok
13:24:31.0491 3728 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:24:31.0523 3728 MsRPC - ok
13:24:31.0569 3728 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:24:31.0601 3728 mssmbios - ok
13:24:31.0616 3728 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:24:31.0647 3728 MSTEE - ok
13:24:31.0647 3728 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:24:31.0663 3728 MTConfig - ok
13:24:31.0663 3728 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:24:31.0694 3728 Mup - ok
13:24:31.0757 3728 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:24:31.0803 3728 napagent - ok
13:24:31.0866 3728 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:31.0897 3728 NativeWifiP - ok
13:24:32.0006 3728 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:24:32.0053 3728 NDIS - ok
13:24:32.0100 3728 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:32.0147 3728 NdisCap - ok
13:24:32.0162 3728 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:32.0209 3728 NdisTapi - ok
13:24:32.0256 3728 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:32.0303 3728 Ndisuio - ok
13:24:32.0365 3728 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:32.0412 3728 NdisWan - ok
13:24:32.0459 3728 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:24:32.0490 3728 NDProxy - ok
13:24:32.0537 3728 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
13:24:32.0568 3728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:32.0568 3728 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:32.0615 3728 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
13:24:32.0677 3728 Netaapl - ok
13:24:32.0724 3728 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:24:32.0786 3728 NetBIOS - ok
13:24:32.0833 3728 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:24:32.0895 3728 NetBT - ok
13:24:32.0958 3728 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:32.0989 3728 Netlogon - ok
13:24:33.0051 3728 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:24:33.0114 3728 Netman - ok
13:24:33.0145 3728 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:24:33.0176 3728 netprofm - ok
13:24:33.0285 3728 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:33.0317 3728 NetTcpPortSharing - ok
13:24:33.0535 3728 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:24:33.0675 3728 netw5v32 - ok
13:24:33.0800 3728 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:24:33.0831 3728 nfrd960 - ok
13:24:33.0894 3728 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:24:33.0972 3728 NlaSvc - ok
13:24:33.0987 3728 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:24:34.0034 3728 Npfs - ok
13:24:34.0050 3728 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:24:34.0097 3728 nsi - ok
13:24:34.0097 3728 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:24:34.0143 3728 nsiproxy - ok
13:24:34.0253 3728 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:24:34.0284 3728 Ntfs - ok
13:24:34.0315 3728 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:24:34.0362 3728 Null - ok
13:24:34.0455 3728 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:24:34.0471 3728 nvraid - ok
13:24:34.0549 3728 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:24:34.0580 3728 nvstor - ok
13:24:34.0627 3728 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:24:34.0658 3728 nv_agp - ok
13:24:34.0705 3728 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:24:34.0736 3728 ohci1394 - ok
13:24:34.0814 3728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:34.0845 3728 ose - ok
13:24:35.0204 3728 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:24:35.0329 3728 osppsvc - ok
13:24:35.0454 3728 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:24:35.0516 3728 p2pimsvc - ok
13:24:35.0547 3728 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:24:35.0563 3728 p2psvc - ok
13:24:35.0610 3728 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:24:35.0625 3728 Parport - ok
13:24:35.0672 3728 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:24:35.0688 3728 partmgr - ok
13:24:35.0703 3728 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:24:35.0735 3728 Parvdm - ok
13:24:35.0766 3728 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:24:35.0781 3728 PcaSvc - ok
13:24:35.0844 3728 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:24:35.0859 3728 pci - ok
13:24:35.0906 3728 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:24:35.0922 3728 pciide - ok
13:24:35.0937 3728 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:24:35.0969 3728 pcmcia - ok
13:24:35.0984 3728 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:24:36.0000 3728 pcw - ok
13:24:36.0047 3728 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:24:36.0093 3728 PEAUTH - ok
13:24:36.0187 3728 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:24:36.0265 3728 PeerDistSvc - ok
13:24:36.0390 3728 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:24:36.0468 3728 pla - ok
13:24:36.0639 3728 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:24:36.0717 3728 PlugPlay - ok
13:24:36.0749 3728 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
13:24:36.0764 3728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:36.0764 3728 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:36.0780 3728 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:24:36.0811 3728 PNRPAutoReg - ok
13:24:36.0842 3728 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:24:36.0858 3728 PNRPsvc - ok
13:24:36.0920 3728 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:24:36.0983 3728 PolicyAgent - ok
13:24:37.0045 3728 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:24:37.0076 3728 Power - ok
13:24:37.0139 3728 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:37.0217 3728 PptpMiniport - ok
13:24:37.0232 3728 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:24:37.0248 3728 Processor - ok
13:24:37.0310 3728 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:24:37.0357 3728 ProfSvc - ok
13:24:37.0404 3728 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:37.0451 3728 ProtectedStorage - ok
13:24:37.0466 3728 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:24:37.0513 3728 Psched - ok
13:24:37.0591 3728 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:24:37.0638 3728 ql2300 - ok
13:24:37.0778 3728 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:24:37.0809 3728 ql40xx - ok
13:24:37.0841 3728 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:24:37.0887 3728 QWAVE - ok
13:24:37.0903 3728 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:24:37.0919 3728 QWAVEdrv - ok
13:24:37.0919 3728 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:37.0965 3728 RasAcd - ok
13:24:37.0997 3728 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:38.0043 3728 RasAgileVpn - ok
13:24:38.0059 3728 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:24:38.0090 3728 RasAuto - ok
13:24:38.0137 3728 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:38.0199 3728 Rasl2tp - ok
13:24:38.0246 3728 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:24:38.0309 3728 RasMan - ok
13:24:38.0324 3728 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:38.0355 3728 RasPppoe - ok
13:24:38.0387 3728 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:38.0433 3728 RasSstp - ok
13:24:38.0496 3728 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:38.0558 3728 rdbss - ok
13:24:38.0589 3728 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:38.0605 3728 rdpbus - ok
13:24:38.0667 3728 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:38.0714 3728 RDPCDD - ok
13:24:38.0730 3728 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:24:38.0761 3728 RDPDR - ok
13:24:38.0792 3728 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:24:38.0839 3728 RDPENCDD - ok
13:24:38.0855 3728 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:24:38.0886 3728 RDPREFMP - ok
13:24:38.0948 3728 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:24:38.0995 3728 RDPWD - ok
13:24:39.0057 3728 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:24:39.0104 3728 rdyboost - ok
13:24:39.0135 3728 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:24:39.0182 3728 RemoteAccess - ok
13:24:39.0213 3728 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:24:39.0260 3728 RemoteRegistry - ok
13:24:39.0307 3728 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:24:39.0323 3728 RFCOMM - ok
13:24:39.0338 3728 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:24:39.0385 3728 RpcEptMapper - ok
13:24:39.0416 3728 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:24:39.0447 3728 RpcLocator - ok
13:24:39.0525 3728 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:24:39.0572 3728 RpcSs - ok
13:24:39.0603 3728 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:39.0666 3728 rspndr - ok
13:24:39.0697 3728 s217bus (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
13:24:39.0713 3728 s217bus - ok
13:24:39.0744 3728 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
13:24:39.0744 3728 s217mdfl - ok
13:24:39.0759 3728 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
13:24:39.0775 3728 s217mdm - ok
13:24:39.0822 3728 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
13:24:39.0853 3728 s217nd5 - ok
13:24:39.0884 3728 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
13:24:39.0915 3728 s217obex - ok
13:24:39.0931 3728 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
13:24:39.0947 3728 s217unic - ok
13:24:39.0993 3728 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:24:40.0040 3728 s3cap - ok
13:24:40.0071 3728 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:40.0087 3728 SamSs - ok
13:24:40.0118 3728 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:24:40.0134 3728 sbp2port - ok
13:24:40.0165 3728 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:24:40.0212 3728 SCardSvr - ok
13:24:40.0259 3728 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:24:40.0290 3728 scfilter - ok
13:24:40.0399 3728 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:24:40.0461 3728 Schedule - ok
13:24:40.0508 3728 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:24:40.0555 3728 SCPolicySvc - ok
13:24:40.0602 3728 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:24:40.0664 3728 SDRSVC - ok
13:24:40.0695 3728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:24:40.0758 3728 secdrv - ok
13:24:40.0789 3728 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:24:40.0820 3728 seclogon - ok
13:24:40.0851 3728 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:24:40.0883 3728 SENS - ok
13:24:40.0914 3728 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:24:40.0945 3728 SensrSvc - ok
13:24:40.0961 3728 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:24:40.0976 3728 Serenum - ok
13:24:40.0992 3728 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:24:41.0023 3728 Serial - ok
13:24:41.0070 3728 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:24:41.0101 3728 sermouse - ok
13:24:41.0163 3728 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:24:41.0210 3728 SessionEnv - ok
13:24:41.0257 3728 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:24:41.0304 3728 sffdisk - ok
13:24:41.0335 3728 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:41.0351 3728 sffp_mmc - ok
13:24:41.0351 3728 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:24:41.0366 3728 sffp_sd - ok
13:24:41.0397 3728 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:24:41.0413 3728 sfloppy - ok
13:24:41.0460 3728 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:24:41.0507 3728 SharedAccess - ok
13:24:41.0569 3728 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:24:41.0616 3728 ShellHWDetection - ok
13:24:41.0678 3728 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:24:41.0709 3728 sisagp - ok
13:24:41.0725 3728 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:24:41.0741 3728 SiSRaid2 - ok
13:24:41.0756 3728 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:24:41.0772 3728 SiSRaid4 - ok
13:24:41.0819 3728 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:24:41.0850 3728 Smb - ok
13:24:41.0881 3728 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:24:41.0897 3728 SNMPTRAP - ok
13:24:41.0928 3728 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:24:41.0928 3728 spldr - ok
13:24:42.0006 3728 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:24:42.0084 3728 Spooler - ok
13:24:42.0271 3728 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:24:42.0380 3728 sppsvc - ok
13:24:42.0536 3728 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:24:42.0583 3728 sppuinotify - ok
13:24:42.0692 3728 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:24:42.0755 3728 srv - ok
13:24:42.0817 3728 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:24:42.0864 3728 srv2 - ok
13:24:42.0879 3728 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:24:42.0895 3728 srvnet - ok
13:24:42.0926 3728 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:24:42.0957 3728 SSDPSRV - ok
13:24:43.0004 3728 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:24:43.0020 3728 ssmdrv - ok
13:24:43.0035 3728 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:24:43.0067 3728 SstpSvc - ok
13:24:43.0098 3728 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:24:43.0113 3728 stexstor - ok
13:24:43.0145 3728 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:24:43.0176 3728 StillCam - ok
13:24:43.0254 3728 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:24:43.0316 3728 StiSvc - ok
13:24:43.0363 3728 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:24:43.0394 3728 storflt - ok
13:24:43.0410 3728 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:24:43.0441 3728 StorSvc - ok
13:24:43.0457 3728 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:24:43.0457 3728 storvsc - ok
13:24:43.0503 3728 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:24:43.0535 3728 swenum - ok
13:24:43.0581 3728 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:24:43.0628 3728 swprv - ok
13:24:43.0753 3728 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:24:43.0784 3728 SysMain - ok
13:24:43.0847 3728 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:24:43.0893 3728 TabletInputService - ok
13:24:43.0971 3728 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:24:44.0018 3728 TapiSrv - ok
13:24:44.0034 3728 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:24:44.0081 3728 TBS - ok
13:24:44.0221 3728 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:24:44.0283 3728 Tcpip - ok
13:24:44.0299 3728 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:24:44.0330 3728 TCPIP6 - ok
13:24:44.0377 3728 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:24:44.0439 3728 tcpipreg - ok
13:24:44.0502 3728 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:24:44.0549 3728 TDPIPE - ok
13:24:44.0595 3728 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:24:44.0627 3728 TDTCP - ok
13:24:44.0673 3728 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:24:44.0720 3728 tdx - ok
13:24:44.0783 3728 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:24:44.0798 3728 TermDD - ok
13:24:44.0861 3728 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:24:44.0907 3728 TermService - ok
13:24:44.0939 3728 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:24:44.0985 3728 Themes - ok
13:24:45.0017 3728 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:24:45.0048 3728 THREADORDER - ok
13:24:45.0079 3728 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:24:45.0110 3728 TPM - ok
13:24:45.0126 3728 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:24:45.0173 3728 TrkWks - ok
13:24:45.0266 3728 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:24:45.0329 3728 TrustedInstaller - ok
13:24:45.0344 3728 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:45.0375 3728 tssecsrv - ok
13:24:45.0438 3728 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:24:45.0485 3728 TsUsbFlt - ok
13:24:45.0563 3728 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:24:45.0609 3728 tunnel - ok
13:24:45.0625 3728 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:24:45.0641 3728 uagp35 - ok
13:24:45.0656 3728 ucwncwif - ok
13:24:45.0719 3728 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:24:45.0797 3728 udfs - ok
13:24:45.0828 3728 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:24:45.0859 3728 UI0Detect - ok
13:24:45.0906 3728 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:24:45.0937 3728 uliagpkx - ok
13:24:45.0999 3728 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:24:46.0031 3728 umbus - ok
13:24:46.0062 3728 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:24:46.0093 3728 UmPass - ok
13:24:46.0140 3728 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:24:46.0187 3728 UmRdpService - ok
13:24:46.0218 3728 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:24:46.0265 3728 upnphost - ok
13:24:46.0327 3728 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:24:46.0374 3728 USBAAPL - ok
13:24:46.0436 3728 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:24:46.0499 3728 usbaudio - ok
13:24:46.0545 3728 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
13:24:46.0592 3728 usbccgp - ok
13:24:46.0655 3728 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:24:46.0686 3728 usbcir - ok
13:24:46.0701 3728 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:24:46.0717 3728 usbehci - ok
13:24:46.0748 3728 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:24:46.0779 3728 usbhub - ok
13:24:46.0795 3728 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:24:46.0811 3728 usbohci - ok
13:24:46.0842 3728 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:24:46.0857 3728 usbprint - ok
13:24:46.0904 3728 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:46.0967 3728 USBSTOR - ok
13:24:47.0029 3728 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:24:47.0060 3728 usbuhci - ok
13:24:47.0091 3728 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:24:47.0123 3728 UxSms - ok
13:24:47.0169 3728 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:24:47.0185 3728 VaultSvc - ok
13:24:47.0247 3728 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:24:47.0279 3728 vdrvroot - ok
13:24:47.0357 3728 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:24:47.0419 3728 vds - ok
13:24:47.0450 3728 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:47.0481 3728 vga - ok
13:24:47.0497 3728 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:24:47.0528 3728 VgaSave - ok
13:24:47.0575 3728 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:24:47.0591 3728 vhdmp - ok
13:24:47.0653 3728 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:24:47.0700 3728 viaagp - ok
13:24:47.0715 3728 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:24:47.0731 3728 ViaC7 - ok
13:24:47.0747 3728 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:24:47.0762 3728 viaide - ok
13:24:47.0825 3728 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:24:47.0856 3728 vmbus - ok
13:24:47.0887 3728 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:24:47.0903 3728 VMBusHID - ok
13:24:47.0918 3728 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:24:47.0934 3728 volmgr - ok
13:24:47.0981 3728 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:24:47.0996 3728 volmgrx - ok
13:24:48.0059 3728 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:24:48.0105 3728 volsnap - ok
13:24:48.0137 3728 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:24:48.0152 3728 vsmraid - ok
13:24:48.0277 3728 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:24:48.0339 3728 VSS - ok
13:24:48.0355 3728 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:24:48.0386 3728 vwifibus - ok
13:24:48.0433 3728 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:24:48.0495 3728 W32Time - ok
13:24:48.0527 3728 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:24:48.0558 3728 WacomPen - ok
13:24:48.0620 3728 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:48.0683 3728 WANARP - ok
13:24:48.0683 3728 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:48.0714 3728 Wanarpv6 - ok
13:24:48.0854 3728 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:24:48.0917 3728 WatAdminSvc - ok
13:24:49.0041 3728 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:24:49.0104 3728 wbengine - ok
13:24:49.0135 3728 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:24:49.0166 3728 WbioSrvc - ok
13:24:49.0244 3728 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:24:49.0291 3728 wcncsvc - ok
13:24:49.0307 3728 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:24:49.0353 3728 WcsPlugInService - ok
13:24:49.0400 3728 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:24:49.0431 3728 Wd - ok
13:24:49.0478 3728 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:24:49.0509 3728 Wdf01000 - ok
13:24:49.0525 3728 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:24:49.0587 3728 WdiServiceHost - ok
13:24:49.0587 3728 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:24:49.0603 3728 WdiSystemHost - ok
13:24:49.0665 3728 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:24:49.0712 3728 WebClient - ok
13:24:49.0728 3728 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:24:49.0759 3728 Wecsvc - ok
13:24:49.0790 3728 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:24:49.0837 3728 wercplsupport - ok
13:24:49.0868 3728 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:24:49.0899 3728 WerSvc - ok
13:24:49.0931 3728 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:24:49.0962 3728 WfpLwf - ok
13:24:49.0962 3728 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:24:49.0977 3728 WIMMount - ok
13:24:50.0102 3728 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:24:50.0165 3728 WinDefend - ok
13:24:50.0180 3728 WinHttpAutoProxySvc - ok
13:24:50.0243 3728 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:24:50.0305 3728 Winmgmt - ok
13:24:50.0399 3728 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:24:50.0445 3728 WinRM - ok
13:24:50.0586 3728 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:24:50.0633 3728 WinUsb - ok
13:24:50.0711 3728 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:24:50.0773 3728 Wlansvc - ok
13:24:50.0820 3728 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:24:50.0835 3728 WmiAcpi - ok
13:24:50.0898 3728 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:24:50.0929 3728 wmiApSrv - ok
13:24:51.0085 3728 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:24:51.0132 3728 WMPNetworkSvc - ok
13:24:51.0163 3728 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:24:51.0194 3728 WPCSvc - ok
13:24:51.0241 3728 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:24:51.0319 3728 WPDBusEnum - ok
13:24:51.0350 3728 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:24:51.0428 3728 ws2ifsl - ok
13:24:51.0444 3728 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
13:24:51.0475 3728 wscsvc - ok
13:24:51.0491 3728 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:24:51.0522 3728 WSDPrintDevice - ok
13:24:51.0537 3728 WSearch - ok
13:24:51.0709 3728 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:24:51.0787 3728 wuauserv - ok
13:24:51.0943 3728 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:24:51.0990 3728 WudfPf - ok
13:24:52.0052 3728 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:52.0099 3728 WUDFRd - ok
13:24:52.0161 3728 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:24:52.0208 3728 wudfsvc - ok
13:24:52.0239 3728 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:24:52.0271 3728 WwanSvc - ok
13:24:52.0349 3728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:24:52.0583 3728 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:24:52.0583 3728 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:24:52.0598 3728 Boot (0x1200) (ce491615b4c7214f08fef38a76ec1503) \Device\Harddisk0\DR0\Partition0
13:24:52.0598 3728 \Device\Harddisk0\DR0\Partition0 - ok
13:24:52.0629 3728 Boot (0x1200) (ca8b0dfded686013ffbae896772428a1) \Device\Harddisk0\DR0\Partition1
13:24:52.0629 3728 \Device\Harddisk0\DR0\Partition1 - ok
13:24:52.0629 3728 ============================================================
13:24:52.0629 3728 Scan finished
13:24:52.0629 3728 ============================================================
13:24:52.0645 5988 Detected object count: 5
13:24:52.0645 5988 Actual detected object count: 5
13:26:21.0524 5988 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:21.0524 5988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:21.0524 5988 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:26:21.0524 5988 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
30.05.2012, 12:47
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 17:37
| #23 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?Code:
ATTFilter 18:32:50.0002 5280 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
18:32:50.0173 5280 ============================================================
18:32:50.0173 5280 Current date / time: 2012/05/30 18:32:50.0173
18:32:50.0173 5280 SystemInfo:
18:32:50.0173 5280
18:32:50.0173 5280 OS Version: 6.1.7601 ServicePack: 1.0
18:32:50.0173 5280 Product type: Workstation
18:32:50.0173 5280 ComputerName: MARKBACHMANN-PC
18:32:50.0173 5280 UserName: Mark Bachmann
18:32:50.0173 5280 Windows directory: C:\Windows
18:32:50.0173 5280 System windows directory: C:\Windows
18:32:50.0173 5280 Processor architecture: Intel x86
18:32:50.0173 5280 Number of processors: 2
18:32:50.0173 5280 Page size: 0x1000
18:32:50.0173 5280 Boot type: Normal boot
18:32:50.0173 5280 ============================================================
18:32:51.0796 5280 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:32:51.0796 5280 ============================================================
18:32:51.0796 5280 \Device\Harddisk0\DR0:
18:32:51.0796 5280 MBR partitions:
18:32:51.0796 5280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:32:51.0796 5280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
18:32:51.0796 5280 ============================================================
18:32:51.0827 5280 C: <-> \Device\Harddisk0\DR0\Partition1
18:32:51.0827 5280 ============================================================
18:32:51.0827 5280 Initialize success
18:32:51.0827 5280 ============================================================
18:33:02.0778 5432 ============================================================
18:33:02.0778 5432 Scan started
18:33:02.0778 5432 Mode: Manual; SigCheck; TDLFS;
18:33:02.0778 5432 ============================================================
18:33:04.0026 5432 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:33:04.0151 5432 1394ohci - ok
18:33:04.0198 5432 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:33:04.0214 5432 Accelerometer - ok
18:33:04.0276 5432 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:33:04.0292 5432 ACPI - ok
18:33:04.0354 5432 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:33:04.0416 5432 AcpiPmi - ok
18:33:04.0510 5432 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
18:33:04.0557 5432 ADIHdAudAddService - ok
18:33:04.0635 5432 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:04.0666 5432 adp94xx - ok
18:33:04.0775 5432 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:04.0791 5432 adpahci - ok
18:33:04.0822 5432 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:04.0838 5432 adpu320 - ok
18:33:04.0900 5432 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
18:33:04.0931 5432 AEADIFilters - ok
18:33:04.0947 5432 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:33:04.0994 5432 AeLookupSvc - ok
18:33:05.0103 5432 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:33:05.0150 5432 AFD - ok
18:33:05.0228 5432 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
18:33:05.0306 5432 AgereSoftModem - ok
18:33:05.0352 5432 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:33:05.0368 5432 agp440 - ok
18:33:05.0415 5432 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:33:05.0430 5432 aic78xx - ok
18:33:05.0493 5432 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:33:05.0555 5432 ALG - ok
18:33:05.0618 5432 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:33:05.0633 5432 aliide - ok
18:33:05.0742 5432 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:33:05.0758 5432 amdagp - ok
18:33:05.0774 5432 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:33:05.0789 5432 amdide - ok
18:33:05.0836 5432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:05.0883 5432 AmdK8 - ok
18:33:05.0883 5432 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:05.0914 5432 AmdPPM - ok
18:33:05.0976 5432 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:33:06.0008 5432 amdsata - ok
18:33:06.0023 5432 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:06.0039 5432 amdsbs - ok
18:33:06.0054 5432 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:33:06.0070 5432 amdxata - ok
18:33:06.0164 5432 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:33:06.0179 5432 AntiVirSchedulerService - ok
18:33:06.0226 5432 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:33:06.0242 5432 AntiVirService - ok
18:33:06.0273 5432 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:33:06.0304 5432 AntiVirWebService - ok
18:33:06.0351 5432 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:33:06.0476 5432 AppID - ok
18:33:06.0507 5432 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:33:06.0569 5432 AppIDSvc - ok
18:33:06.0694 5432 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:33:06.0741 5432 Appinfo - ok
18:33:06.0819 5432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:33:06.0834 5432 Apple Mobile Device - ok
18:33:06.0881 5432 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:33:06.0928 5432 AppMgmt - ok
18:33:06.0975 5432 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:33:06.0990 5432 arc - ok
18:33:07.0006 5432 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:07.0037 5432 arcsas - ok
18:33:07.0053 5432 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:07.0209 5432 AsyncMac - ok
18:33:07.0256 5432 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:33:07.0271 5432 atapi - ok
18:33:07.0334 5432 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
18:33:07.0396 5432 ATSwpWDF - ok
18:33:07.0474 5432 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:33:07.0521 5432 AudioEndpointBuilder - ok
18:33:07.0536 5432 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:33:07.0568 5432 Audiosrv - ok
18:33:07.0708 5432 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:33:07.0724 5432 avgntflt - ok
18:33:07.0770 5432 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:33:07.0786 5432 avipbb - ok
18:33:07.0833 5432 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
18:33:07.0848 5432 avkmgr - ok
18:33:07.0926 5432 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:33:07.0989 5432 AxInstSV - ok
18:33:08.0051 5432 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:33:08.0098 5432 b06bdrv - ok
18:33:08.0129 5432 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:33:08.0160 5432 b57nd60x - ok
18:33:08.0207 5432 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:33:08.0254 5432 BDESVC - ok
18:33:08.0301 5432 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:33:08.0348 5432 Beep - ok
18:33:08.0426 5432 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:33:08.0488 5432 BFE - ok
18:33:08.0550 5432 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:33:08.0613 5432 BITS - ok
18:33:08.0722 5432 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:08.0753 5432 blbdrive - ok
18:33:08.0862 5432 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:33:08.0878 5432 Bonjour Service - ok
18:33:08.0909 5432 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:33:08.0940 5432 bowser - ok
18:33:08.0972 5432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:09.0034 5432 BrFiltLo - ok
18:33:09.0050 5432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:09.0096 5432 BrFiltUp - ok
18:33:09.0143 5432 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:33:09.0206 5432 Browser - ok
18:33:09.0252 5432 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:33:09.0299 5432 Brserid - ok
18:33:09.0330 5432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:09.0362 5432 BrSerWdm - ok
18:33:09.0377 5432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:09.0408 5432 BrUsbMdm - ok
18:33:09.0424 5432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:09.0471 5432 BrUsbSer - ok
18:33:09.0549 5432 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:33:09.0596 5432 BthEnum - ok
18:33:09.0674 5432 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:09.0705 5432 BTHMODEM - ok
18:33:09.0720 5432 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:33:09.0752 5432 BthPan - ok
18:33:09.0830 5432 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
18:33:09.0861 5432 BTHPORT - ok
18:33:09.0908 5432 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:33:09.0954 5432 bthserv - ok
18:33:09.0970 5432 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
18:33:09.0986 5432 BTHUSB - ok
18:33:10.0032 5432 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:10.0079 5432 cdfs - ok
18:33:10.0157 5432 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:33:10.0188 5432 cdrom - ok
18:33:10.0251 5432 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:33:10.0298 5432 CertPropSvc - ok
18:33:10.0313 5432 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:33:10.0360 5432 circlass - ok
18:33:10.0391 5432 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:33:10.0407 5432 CLFS - ok
18:33:10.0500 5432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:10.0516 5432 clr_optimization_v2.0.50727_32 - ok
18:33:10.0610 5432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:10.0656 5432 clr_optimization_v4.0.30319_32 - ok
18:33:10.0766 5432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:10.0781 5432 CmBatt - ok
18:33:10.0828 5432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:33:10.0844 5432 cmdide - ok
18:33:10.0906 5432 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:33:10.0937 5432 CNG - ok
18:33:10.0984 5432 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:11.0000 5432 Compbatt - ok
18:33:11.0078 5432 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:33:11.0109 5432 CompositeBus - ok
18:33:11.0124 5432 COMSysApp - ok
18:33:11.0156 5432 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:11.0171 5432 crcdisk - ok
18:33:11.0249 5432 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:33:11.0296 5432 CryptSvc - ok
18:33:11.0358 5432 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:33:11.0405 5432 CSC - ok
18:33:11.0483 5432 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:33:11.0514 5432 CscService - ok
18:33:11.0577 5432 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:33:11.0686 5432 DcomLaunch - ok
18:33:11.0842 5432 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:33:11.0889 5432 defragsvc - ok
18:33:11.0967 5432 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:33:11.0998 5432 DfsC - ok
18:33:12.0045 5432 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:33:12.0107 5432 Dhcp - ok
18:33:12.0138 5432 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:33:12.0185 5432 discache - ok
18:33:12.0263 5432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:33:12.0279 5432 Disk - ok
18:33:12.0310 5432 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:33:12.0357 5432 Dnscache - ok
18:33:12.0419 5432 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:33:12.0466 5432 dot3svc - ok
18:33:12.0513 5432 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:33:12.0560 5432 DPS - ok
18:33:12.0638 5432 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:33:12.0669 5432 drmkaud - ok
18:33:12.0731 5432 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:12.0747 5432 DXGKrnl - ok
18:33:12.0794 5432 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:33:12.0840 5432 EapHost - ok
18:33:13.0012 5432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:33:13.0106 5432 ebdrv - ok
18:33:13.0216 5432 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:33:13.0263 5432 EFS - ok
18:33:13.0372 5432 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:33:13.0434 5432 ehRecvr - ok
18:33:13.0465 5432 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:33:13.0512 5432 ehSched - ok
18:33:13.0590 5432 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:13.0621 5432 elxstor - ok
18:33:13.0699 5432 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:33:13.0731 5432 ErrDev - ok
18:33:13.0777 5432 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:33:13.0824 5432 EventSystem - ok
18:33:13.0855 5432 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:33:13.0902 5432 exfat - ok
18:33:13.0918 5432 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:33:13.0965 5432 fastfat - ok
18:33:14.0043 5432 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:33:14.0089 5432 Fax - ok
18:33:14.0121 5432 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:33:14.0152 5432 fdc - ok
18:33:14.0183 5432 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:33:14.0230 5432 fdPHost - ok
18:33:14.0245 5432 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:33:14.0292 5432 FDResPub - ok
18:33:14.0323 5432 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:33:14.0339 5432 FileInfo - ok
18:33:14.0370 5432 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:33:14.0433 5432 Filetrace - ok
18:33:14.0479 5432 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:14.0526 5432 flpydisk - ok
18:33:14.0776 5432 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:33:14.0791 5432 FltMgr - ok
18:33:15.0292 5432 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:33:15.0370 5432 FontCache - ok
18:33:15.0541 5432 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:33:15.0557 5432 FontCache3.0.0.0 - ok
18:33:15.0682 5432 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:33:15.0697 5432 FsDepends - ok
18:33:15.0760 5432 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:15.0775 5432 Fs_Rec - ok
18:33:15.0931 5432 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:15.0978 5432 fvevol - ok
18:33:16.0025 5432 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:16.0040 5432 gagp30kx - ok
18:33:16.0134 5432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:33:16.0150 5432 GEARAspiWDM - ok
18:33:16.0229 5432 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:33:16.0307 5432 gpsvc - ok
18:33:16.0619 5432 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:16.0634 5432 gupdate - ok
18:33:16.0728 5432 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:16.0743 5432 gupdatem - ok
18:33:16.0821 5432 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:16.0837 5432 gusvc - ok
18:33:16.0915 5432 HBtnKey (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys
18:33:16.0931 5432 HBtnKey - ok
18:33:16.0977 5432 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:33:17.0071 5432 hcw85cir - ok
18:33:17.0602 5432 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:33:17.0696 5432 HdAudAddService - ok
18:33:17.0992 5432 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:33:18.0055 5432 HDAudBus - ok
18:33:18.0117 5432 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:18.0226 5432 HidBatt - ok
18:33:18.0258 5432 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:33:18.0336 5432 HidBth - ok
18:33:18.0429 5432 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:33:18.0538 5432 HidIr - ok
18:33:18.0694 5432 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:33:18.0757 5432 hidserv - ok
18:33:19.0069 5432 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:33:19.0100 5432 HidUsb - ok
18:33:19.0194 5432 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:33:19.0272 5432 hkmsvc - ok
18:33:19.0381 5432 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:33:19.0552 5432 HomeGroupListener - ok
18:33:19.0708 5432 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:33:19.0818 5432 HomeGroupProvider - ok
18:33:19.0958 5432 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:33:19.0974 5432 hpdskflt - ok
18:33:20.0629 5432 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:33:20.0676 5432 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:33:20.0676 5432 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:33:20.0738 5432 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:33:20.0800 5432 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:33:20.0800 5432 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:33:20.0894 5432 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:33:20.0910 5432 HpSAMD - ok
18:33:21.0019 5432 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
18:33:21.0019 5432 hpsrv - ok
18:33:21.0222 5432 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:33:21.0284 5432 HTTP - ok
18:33:21.0331 5432 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:33:21.0346 5432 hwpolicy - ok
18:33:21.0409 5432 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:33:21.0471 5432 i8042prt - ok
18:33:21.0690 5432 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:33:21.0721 5432 iaStorV - ok
18:33:22.0111 5432 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:22.0220 5432 idsvc - ok
18:33:23.0828 5432 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:33:24.0155 5432 igfx - ok
18:33:24.0592 5432 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:33:24.0623 5432 iirsp - ok
18:33:25.0279 5432 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:33:25.0403 5432 IKEEXT - ok
18:33:25.0450 5432 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:33:25.0466 5432 intelide - ok
18:33:25.0544 5432 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:33:25.0559 5432 intelppm - ok
18:33:25.0715 5432 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:33:25.0778 5432 IPBusEnum - ok
18:33:25.0856 5432 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:25.0903 5432 IpFilterDriver - ok
18:33:26.0636 5432 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:33:26.0714 5432 iphlpsvc - ok
18:33:26.0854 5432 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:33:26.0901 5432 IPMIDRV - ok
18:33:26.0995 5432 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:33:27.0057 5432 IPNAT - ok
18:33:27.0759 5432 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:33:27.0806 5432 iPod Service - ok
18:33:27.0931 5432 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:33:27.0962 5432 IRENUM - ok
18:33:28.0071 5432 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:33:28.0087 5432 isapnp - ok
18:33:28.0133 5432 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:33:28.0165 5432 iScsiPrt - ok
18:33:28.0227 5432 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:33:28.0243 5432 kbdclass - ok
18:33:28.0274 5432 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:33:28.0289 5432 kbdhid - ok
18:33:28.0399 5432 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:28.0414 5432 KeyIso - ok
18:33:28.0492 5432 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:33:28.0508 5432 KSecDD - ok
18:33:28.0617 5432 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:28.0633 5432 KSecPkg - ok
18:33:28.0773 5432 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:33:28.0835 5432 KtmRm - ok
18:33:28.0991 5432 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:33:29.0038 5432 LanmanServer - ok
18:33:29.0132 5432 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:33:29.0194 5432 LanmanWorkstation - ok
18:33:29.0366 5432 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:29.0428 5432 lltdio - ok
18:33:29.0506 5432 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:33:29.0537 5432 lltdsvc - ok
18:33:29.0584 5432 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:33:29.0725 5432 lmhosts - ok
18:33:29.0771 5432 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:29.0803 5432 LSI_FC - ok
18:33:29.0818 5432 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:29.0834 5432 LSI_SAS - ok
18:33:29.0865 5432 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:29.0881 5432 LSI_SAS2 - ok
18:33:29.0896 5432 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:29.0912 5432 LSI_SCSI - ok
18:33:29.0927 5432 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:33:29.0974 5432 luafv - ok
18:33:30.0785 5432 lvpopflt (b0456b8a332135c1216ff2374b584161) C:\Windows\system32\DRIVERS\lvpopflt.sys
18:33:30.0926 5432 lvpopflt - ok
18:33:31.0300 5432 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys
18:33:31.0300 5432 LVUSBSta - ok
18:33:32.0362 5432 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys
18:33:32.0677 5432 LVUVC - ok
18:33:32.0989 5432 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:33:33.0005 5432 MBAMProtector - ok
18:33:33.0551 5432 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:33:33.0566 5432 MBAMService - ok
18:33:33.0738 5432 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:33:33.0769 5432 Mcx2Svc - ok
18:33:33.0800 5432 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:33:33.0816 5432 megasas - ok
18:33:33.0972 5432 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:33.0987 5432 MegaSR - ok
18:33:34.0159 5432 Microsoft SharePoint Workspace Audit Service - ok
18:33:34.0221 5432 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:33:34.0268 5432 MMCSS - ok
18:33:34.0299 5432 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:33:34.0362 5432 Modem - ok
18:33:34.0424 5432 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:33:34.0455 5432 monitor - ok
18:33:34.0611 5432 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:33:34.0627 5432 mouclass - ok
18:33:34.0752 5432 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:34.0814 5432 mouhid - ok
18:33:34.0923 5432 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:33:34.0955 5432 mountmgr - ok
18:33:35.0001 5432 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:33:35.0017 5432 mpio - ok
18:33:35.0064 5432 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:33:35.0111 5432 mpsdrv - ok
18:33:35.0423 5432 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:33:35.0485 5432 MpsSvc - ok
18:33:35.0625 5432 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:33:35.0703 5432 MRxDAV - ok
18:33:35.0922 5432 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:35.0984 5432 mrxsmb - ok
18:33:36.0156 5432 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:36.0203 5432 mrxsmb10 - ok
18:33:36.0296 5432 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:36.0343 5432 mrxsmb20 - ok
18:33:36.0452 5432 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:33:36.0468 5432 msahci - ok
18:33:36.0593 5432 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:33:36.0608 5432 msdsm - ok
18:33:36.0655 5432 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:33:36.0702 5432 MSDTC - ok
18:33:36.0858 5432 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:33:36.0889 5432 Msfs - ok
18:33:36.0951 5432 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:37.0014 5432 mshidkmdf - ok
18:33:37.0107 5432 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:33:37.0123 5432 msisadrv - ok
18:33:37.0185 5432 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:33:37.0248 5432 MSiSCSI - ok
18:33:37.0248 5432 msiserver - ok
18:33:37.0341 5432 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:37.0388 5432 MSKSSRV - ok
18:33:37.0435 5432 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:37.0591 5432 MSPCLOCK - ok
18:33:37.0669 5432 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:33:37.0747 5432 MSPQM - ok
18:33:37.0841 5432 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:33:37.0856 5432 MsRPC - ok
18:33:37.0934 5432 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:33:37.0950 5432 mssmbios - ok
18:33:37.0997 5432 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:33:38.0028 5432 MSTEE - ok
18:33:38.0059 5432 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:38.0090 5432 MTConfig - ok
18:33:38.0231 5432 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:33:38.0246 5432 Mup - ok
18:33:38.0714 5432 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:33:38.0792 5432 napagent - ok
18:33:38.0917 5432 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:38.0979 5432 NativeWifiP - ok
18:33:39.0276 5432 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:33:39.0338 5432 NDIS - ok
18:33:39.0369 5432 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:39.0557 5432 NdisCap - ok
18:33:39.0603 5432 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:39.0791 5432 NdisTapi - ok
18:33:39.0853 5432 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:39.0947 5432 Ndisuio - ok
18:33:40.0103 5432 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:40.0149 5432 NdisWan - ok
18:33:40.0259 5432 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:33:40.0305 5432 NDProxy - ok
18:33:40.0415 5432 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
18:33:40.0477 5432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:33:40.0477 5432 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:33:40.0649 5432 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
18:33:40.0695 5432 Netaapl - ok
18:33:40.0758 5432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:33:40.0914 5432 NetBIOS - ok
18:33:41.0007 5432 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:33:41.0085 5432 NetBT - ok
18:33:41.0132 5432 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:41.0163 5432 Netlogon - ok
18:33:41.0210 5432 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:33:41.0382 5432 Netman - ok
18:33:41.0475 5432 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:33:41.0538 5432 netprofm - ok
18:33:42.0302 5432 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:42.0318 5432 NetTcpPortSharing - ok
18:33:43.0457 5432 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
18:33:43.0753 5432 netw5v32 - ok
18:33:43.0878 5432 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:43.0893 5432 nfrd960 - ok
18:33:43.0971 5432 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:33:44.0159 5432 NlaSvc - ok
18:33:44.0221 5432 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:33:44.0393 5432 Npfs - ok
18:33:44.0486 5432 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:33:44.0517 5432 nsi - ok
18:33:44.0549 5432 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:33:44.0596 5432 nsiproxy - ok
18:33:44.0830 5432 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:33:44.0908 5432 Ntfs - ok
18:33:44.0924 5432 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:33:45.0033 5432 Null - ok
18:33:45.0127 5432 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:33:45.0142 5432 nvraid - ok
18:33:45.0189 5432 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:33:45.0205 5432 nvstor - ok
18:33:45.0314 5432 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:33:45.0345 5432 nv_agp - ok
18:33:45.0454 5432 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:33:45.0704 5432 ohci1394 - ok
18:33:45.0782 5432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:45.0798 5432 ose - ok
18:33:46.0780 5432 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:47.0061 5432 osppsvc - ok
18:33:47.0467 5432 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:33:47.0607 5432 p2pimsvc - ok
18:33:47.0935 5432 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:33:47.0997 5432 p2psvc - ok
18:33:48.0075 5432 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:33:48.0106 5432 Parport - ok
18:33:48.0200 5432 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:33:48.0216 5432 partmgr - ok
18:33:48.0231 5432 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:33:48.0325 5432 Parvdm - ok
18:33:48.0356 5432 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:33:48.0387 5432 PcaSvc - ok
18:33:48.0465 5432 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:33:48.0496 5432 pci - ok
18:33:48.0574 5432 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:33:48.0606 5432 pciide - ok
18:33:48.0746 5432 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:48.0762 5432 pcmcia - ok
18:33:48.0777 5432 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:33:48.0793 5432 pcw - ok
18:33:48.0918 5432 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:33:48.0980 5432 PEAUTH - ok
18:33:49.0261 5432 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:33:49.0323 5432 PeerDistSvc - ok
18:33:49.0651 5432 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:33:49.0900 5432 pla - ok
18:33:50.0166 5432 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:33:50.0275 5432 PlugPlay - ok
18:33:50.0322 5432 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
18:33:50.0384 5432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:33:50.0384 5432 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:33:50.0446 5432 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:33:50.0509 5432 PNRPAutoReg - ok
18:33:50.0680 5432 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:33:50.0712 5432 PNRPsvc - ok
18:33:50.0883 5432 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:33:50.0977 5432 PolicyAgent - ok
18:33:51.0055 5432 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:33:51.0086 5432 Power - ok
18:33:51.0180 5432 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:51.0242 5432 PptpMiniport - ok
18:33:51.0273 5432 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:33:51.0304 5432 Processor - ok
18:33:51.0398 5432 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:33:51.0429 5432 ProfSvc - ok
18:33:51.0492 5432 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:51.0538 5432 ProtectedStorage - ok
18:33:51.0585 5432 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:33:51.0710 5432 Psched - ok
18:33:51.0819 5432 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:33:51.0897 5432 ql2300 - ok
18:33:52.0038 5432 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:52.0069 5432 ql40xx - ok
18:33:52.0100 5432 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:33:52.0147 5432 QWAVE - ok
18:33:52.0147 5432 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:33:52.0178 5432 QWAVEdrv - ok
18:33:52.0194 5432 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:52.0240 5432 RasAcd - ok
18:33:52.0303 5432 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:52.0350 5432 RasAgileVpn - ok
18:33:52.0381 5432 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:33:52.0412 5432 RasAuto - ok
18:33:52.0428 5432 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:52.0474 5432 Rasl2tp - ok
18:33:52.0552 5432 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:33:52.0693 5432 RasMan - ok
18:33:52.0724 5432 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:52.0755 5432 RasPppoe - ok
18:33:52.0786 5432 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:52.0833 5432 RasSstp - ok
18:33:52.0927 5432 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:53.0005 5432 rdbss - ok
18:33:53.0020 5432 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:53.0036 5432 rdpbus - ok
18:33:53.0083 5432 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:53.0130 5432 RDPCDD - ok
18:33:53.0176 5432 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:33:53.0239 5432 RDPDR - ok
18:33:53.0270 5432 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:33:53.0317 5432 RDPENCDD - ok
18:33:53.0332 5432 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:33:53.0379 5432 RDPREFMP - ok
18:33:53.0442 5432 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:33:53.0473 5432 RDPWD - ok
18:33:53.0535 5432 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:33:53.0551 5432 rdyboost - ok
18:33:53.0691 5432 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:33:53.0738 5432 RemoteAccess - ok
18:33:53.0785 5432 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:33:53.0832 5432 RemoteRegistry - ok
18:33:53.0863 5432 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:53.0894 5432 RFCOMM - ok
18:33:53.0910 5432 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:33:53.0972 5432 RpcEptMapper - ok
18:33:54.0003 5432 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:33:54.0034 5432 RpcLocator - ok
18:33:54.0112 5432 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:33:54.0144 5432 RpcSs - ok
18:33:54.0175 5432 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:54.0206 5432 rspndr - ok
18:33:54.0253 5432 s217bus (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
18:33:54.0268 5432 s217bus - ok
18:33:54.0300 5432 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
18:33:54.0315 5432 s217mdfl - ok
18:33:54.0315 5432 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
18:33:54.0331 5432 s217mdm - ok
18:33:54.0378 5432 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
18:33:54.0378 5432 s217nd5 - ok
18:33:54.0424 5432 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
18:33:54.0440 5432 s217obex - ok
18:33:54.0456 5432 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
18:33:54.0471 5432 s217unic - ok
18:33:54.0534 5432 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:33:54.0580 5432 s3cap - ok
18:33:54.0674 5432 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:33:54.0690 5432 SamSs - ok
18:33:54.0736 5432 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:33:54.0752 5432 sbp2port - ok
18:33:54.0783 5432 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:33:54.0830 5432 SCardSvr - ok
18:33:54.0877 5432 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:54.0908 5432 scfilter - ok
18:33:54.0986 5432 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:33:55.0080 5432 Schedule - ok
18:33:55.0126 5432 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:33:55.0220 5432 SCPolicySvc - ok
18:33:55.0282 5432 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:33:55.0392 5432 SDRSVC - ok
18:33:55.0438 5432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:33:55.0485 5432 secdrv - ok
18:33:55.0532 5432 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:33:55.0610 5432 seclogon - ok
18:33:55.0688 5432 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:33:55.0797 5432 SENS - ok
18:33:55.0844 5432 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:33:55.0938 5432 SensrSvc - ok
18:33:56.0062 5432 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:33:56.0109 5432 Serenum - ok
18:33:56.0125 5432 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:33:56.0156 5432 Serial - ok
18:33:56.0203 5432 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:33:56.0234 5432 sermouse - ok
18:33:56.0499 5432 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:33:56.0562 5432 SessionEnv - ok
18:33:56.0733 5432 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:33:56.0764 5432 sffdisk - ok
18:33:56.0780 5432 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:33:56.0811 5432 sffp_mmc - ok
18:33:56.0827 5432 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:33:56.0842 5432 sffp_sd - ok
18:33:56.0920 5432 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:56.0952 5432 sfloppy - ok
18:33:56.0998 5432 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:33:57.0061 5432 SharedAccess - ok
18:33:57.0217 5432 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:33:57.0264 5432 ShellHWDetection - ok
18:33:57.0388 5432 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:33:57.0404 5432 sisagp - ok
18:33:57.0435 5432 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:57.0466 5432 SiSRaid2 - ok
18:33:57.0482 5432 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:57.0498 5432 SiSRaid4 - ok
18:33:57.0529 5432 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:33:57.0560 5432 Smb - ok
18:33:57.0732 5432 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:33:57.0794 5432 SNMPTRAP - ok
18:33:57.0825 5432 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:33:57.0841 5432 spldr - ok
18:33:57.0919 5432 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:33:58.0012 5432 Spooler - ok
18:33:58.0543 5432 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:33:58.0683 5432 sppsvc - ok
18:33:58.0917 5432 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:33:59.0073 5432 sppuinotify - ok
18:33:59.0323 5432 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:33:59.0416 5432 srv - ok
18:33:59.0494 5432 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:33:59.0572 5432 srv2 - ok
18:33:59.0744 5432 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:33:59.0806 5432 srvnet - ok
18:33:59.0838 5432 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:33:59.0884 5432 SSDPSRV - ok
18:33:59.0962 5432 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:33:59.0978 5432 ssmdrv - ok
18:33:59.0994 5432 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:34:00.0072 5432 SstpSvc - ok
18:34:00.0150 5432 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:00.0181 5432 stexstor - ok
18:34:00.0196 5432 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
18:34:00.0243 5432 StillCam - ok
18:34:00.0415 5432 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:34:00.0462 5432 StiSvc - ok
18:34:00.0555 5432 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:34:00.0571 5432 storflt - ok
18:34:00.0696 5432 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
18:34:00.0742 5432 StorSvc - ok
18:34:00.0789 5432 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:34:00.0805 5432 storvsc - ok
18:34:00.0883 5432 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:34:00.0898 5432 swenum - ok
18:34:01.0008 5432 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:34:01.0054 5432 swprv - ok
18:34:01.0257 5432 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:34:01.0382 5432 SysMain - ok
18:34:01.0600 5432 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:34:01.0663 5432 TabletInputService - ok
18:34:01.0881 5432 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:34:01.0912 5432 TapiSrv - ok
18:34:02.0162 5432 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:34:02.0209 5432 TBS - ok
18:34:02.0911 5432 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:34:03.0004 5432 Tcpip - ok
18:34:03.0067 5432 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:03.0114 5432 TCPIP6 - ok
18:34:03.0238 5432 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:34:03.0285 5432 tcpipreg - ok
18:34:03.0379 5432 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:34:03.0426 5432 TDPIPE - ok
18:34:03.0504 5432 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:34:03.0550 5432 TDTCP - ok
18:34:03.0706 5432 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:34:03.0847 5432 tdx - ok
18:34:03.0940 5432 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:34:03.0956 5432 TermDD - ok
18:34:04.0206 5432 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:34:04.0315 5432 TermService - ok
18:34:04.0486 5432 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:34:04.0502 5432 Themes - ok
18:34:04.0580 5432 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:34:04.0611 5432 THREADORDER - ok
18:34:04.0736 5432 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
18:34:04.0783 5432 TPM - ok
18:34:04.0892 5432 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:34:04.0970 5432 TrkWks - ok
18:34:05.0142 5432 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:34:05.0188 5432 TrustedInstaller - ok
18:34:05.0344 5432 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:05.0376 5432 tssecsrv - ok
18:34:05.0485 5432 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:34:05.0547 5432 TsUsbFlt - ok
18:34:05.0688 5432 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:05.0734 5432 tunnel - ok
18:34:05.0766 5432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:05.0781 5432 uagp35 - ok
18:34:05.0890 5432 ucwncwif - ok
18:34:06.0062 5432 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:34:06.0124 5432 udfs - ok
18:34:06.0140 5432 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:34:06.0187 5432 UI0Detect - ok
18:34:06.0390 5432 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:34:06.0405 5432 uliagpkx - ok
18:34:06.0577 5432 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:34:06.0608 5432 umbus - ok
18:34:06.0670 5432 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:34:06.0702 5432 UmPass - ok
18:34:06.0858 5432 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:34:06.0873 5432 UmRdpService - ok
18:34:07.0060 5432 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:34:07.0123 5432 upnphost - ok
18:34:07.0248 5432 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:34:07.0294 5432 USBAAPL - ok
18:34:07.0388 5432 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
18:34:07.0435 5432 usbaudio - ok
18:34:07.0840 5432 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
18:34:07.0856 5432 usbccgp - ok
18:34:07.0996 5432 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:34:08.0043 5432 usbcir - ok
18:34:08.0059 5432 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:08.0074 5432 usbehci - ok
18:34:08.0106 5432 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:08.0137 5432 usbhub - ok
18:34:08.0230 5432 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:34:08.0277 5432 usbohci - ok
18:34:08.0355 5432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:08.0402 5432 usbprint - ok
18:34:08.0511 5432 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:08.0542 5432 USBSTOR - ok
18:34:08.0558 5432 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:08.0574 5432 usbuhci - ok
18:34:08.0698 5432 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:34:08.0745 5432 UxSms - ok
18:34:08.0808 5432 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:34:08.0839 5432 VaultSvc - ok
18:34:08.0932 5432 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:34:08.0948 5432 vdrvroot - ok
18:34:09.0244 5432 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:34:09.0307 5432 vds - ok
18:34:09.0369 5432 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:09.0400 5432 vga - ok
18:34:09.0510 5432 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:34:09.0541 5432 VgaSave - ok
18:34:09.0681 5432 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:34:09.0697 5432 vhdmp - ok
18:34:09.0744 5432 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:34:09.0759 5432 viaagp - ok
18:34:09.0790 5432 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:34:09.0915 5432 ViaC7 - ok
18:34:10.0009 5432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:34:10.0040 5432 viaide - ok
18:34:10.0149 5432 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:34:10.0165 5432 vmbus - ok
18:34:10.0305 5432 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:34:10.0352 5432 VMBusHID - ok
18:34:10.0368 5432 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:34:10.0383 5432 volmgr - ok
18:34:10.0461 5432 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:34:10.0492 5432 volmgrx - ok
18:34:10.0680 5432 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:34:10.0695 5432 volsnap - ok
18:34:10.0726 5432 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:10.0742 5432 vsmraid - ok
18:34:11.0023 5432 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:34:11.0288 5432 VSS - ok
18:34:11.0319 5432 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:34:11.0444 5432 vwifibus - ok
18:34:11.0616 5432 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:34:11.0787 5432 W32Time - ok
18:34:11.0896 5432 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:11.0943 5432 WacomPen - ok
18:34:12.0052 5432 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:12.0084 5432 WANARP - ok
18:34:12.0084 5432 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:12.0115 5432 Wanarpv6 - ok
18:34:12.0723 5432 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:34:12.0832 5432 WatAdminSvc - ok
18:34:13.0020 5432 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:34:13.0176 5432 wbengine - ok
18:34:13.0207 5432 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:34:13.0254 5432 WbioSrvc - ok
18:34:13.0410 5432 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:34:13.0503 5432 wcncsvc - ok
18:34:13.0550 5432 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:34:13.0612 5432 WcsPlugInService - ok
18:34:13.0659 5432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:34:13.0675 5432 Wd - ok
18:34:13.0924 5432 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:34:13.0956 5432 Wdf01000 - ok
18:34:14.0049 5432 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:34:14.0158 5432 WdiServiceHost - ok
18:34:14.0158 5432 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:34:14.0190 5432 WdiSystemHost - ok
18:34:14.0314 5432 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:34:14.0361 5432 WebClient - ok
18:34:14.0408 5432 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:34:14.0455 5432 Wecsvc - ok
18:34:14.0470 5432 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:34:14.0533 5432 wercplsupport - ok
18:34:14.0611 5432 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:34:14.0642 5432 WerSvc - ok
18:34:14.0767 5432 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:14.0798 5432 WfpLwf - ok
18:34:14.0829 5432 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:34:14.0845 5432 WIMMount - ok
18:34:15.0204 5432 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:34:15.0250 5432 WinDefend - ok
18:34:15.0250 5432 WinHttpAutoProxySvc - ok
18:34:15.0453 5432 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:34:15.0547 5432 Winmgmt - ok
18:34:15.0812 5432 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:34:15.0906 5432 WinRM - ok
18:34:16.0062 5432 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:16.0124 5432 WinUsb - ok
18:34:16.0327 5432 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:34:16.0374 5432 Wlansvc - ok
18:34:16.0405 5432 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:34:16.0420 5432 WmiAcpi - ok
18:34:16.0764 5432 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:16.0810 5432 wmiApSrv - ok
18:34:17.0434 5432 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:34:17.0512 5432 WMPNetworkSvc - ok
18:34:17.0544 5432 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:34:17.0606 5432 WPCSvc - ok
18:34:17.0653 5432 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:34:17.0700 5432 WPDBusEnum - ok
18:34:17.0746 5432 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:17.0840 5432 ws2ifsl - ok
18:34:17.0856 5432 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:34:17.0887 5432 wscsvc - ok
18:34:17.0980 5432 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:34:18.0012 5432 WSDPrintDevice - ok
18:34:18.0027 5432 WSearch - ok
18:34:18.0714 5432 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:34:18.0854 5432 wuauserv - ok
18:34:19.0353 5432 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:34:19.0384 5432 WudfPf - ok
18:34:19.0478 5432 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:19.0509 5432 WUDFRd - ok
18:34:19.0618 5432 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:34:19.0650 5432 wudfsvc - ok
18:34:20.0055 5432 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:34:20.0227 5432 WwanSvc - ok
18:34:20.0320 5432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:34:21.0256 5432 \Device\Harddisk0\DR0 - ok
18:34:21.0272 5432 Boot (0x1200) (ce491615b4c7214f08fef38a76ec1503) \Device\Harddisk0\DR0\Partition0
18:34:21.0334 5432 \Device\Harddisk0\DR0\Partition0 - ok
18:34:21.0366 5432 Boot (0x1200) (ca8b0dfded686013ffbae896772428a1) \Device\Harddisk0\DR0\Partition1
18:34:21.0444 5432 \Device\Harddisk0\DR0\Partition1 - ok
18:34:21.0444 5432 ============================================================
18:34:21.0444 5432 Scan finished
18:34:21.0444 5432 ============================================================
18:34:21.0459 5424 Detected object count: 4
18:34:21.0459 5424 Actual detected object count: 4
18:34:27.0231 5424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0231 5424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:27.0247 5424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:27.0247 5424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.05.2012, 20:50
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 08:08
| #25 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?Code:
ATTFilter ComboFix 12-05-30.04 - Mark Bachmann 31.05.2012 8:38.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.2039.1135 [GMT 2:00]
ausgeführt von:: c:\users\Mark Bachmann\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark Bachmann\Desktop\Internet Security.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-31 ))))))))))))))))))))))))))))))
.
.
2012-05-31 06:46 . 2012-05-31 06:47 -------- d-----w- c:\users\Mark Bachmann\AppData\Local\temp
2012-05-31 06:46 . 2012-05-31 06:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 06:21 . 2012-05-31 06:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\offreg.dll
2012-05-30 16:26 . 2012-05-30 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-30 09:36 . 2012-05-30 09:36 -------- d-----w- C:\_OTL
2012-05-29 10:39 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\mpengine.dll
2012-05-27 08:08 . 2012-05-27 08:08 -------- d-----w- c:\users\Mark Bachmann\AppData\Roaming\Avira
2012-05-27 08:02 . 2012-05-27 08:02 -------- d-----w- c:\users\Default\AppData\Local\AskToolbar
2012-05-27 08:01 . 2012-05-30 09:36 -------- d-----w- c:\program files\Ask.com
2012-05-27 08:01 . 2012-05-27 08:01 -------- d-----w- c:\users\Mark Bachmann\AppData\Local\APN
2012-05-27 08:00 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-27 08:00 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-27 08:00 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-27 07:59 . 2012-05-27 08:02 -------- d-----w- c:\programdata\Avira
2012-05-27 07:59 . 2012-05-27 07:59 -------- d-----w- c:\program files\Avira
2012-05-26 09:22 . 2012-05-26 09:35 -------- d-----w- c:\program files\ShowMyPCService
2012-05-24 08:55 . 2012-05-24 08:55 -------- d-----w- c:\program files\ESET
2012-05-23 14:14 . 2012-05-23 14:14 -------- d-----w- c:\users\Mark Bachmann\AppData\Roaming\Malwarebytes
2012-05-23 14:14 . 2012-05-24 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-23 14:14 . 2012-05-23 14:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 14:14 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 09:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 09:33 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 09:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:33 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 09:33 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 09:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 09:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 09:32 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 09:31 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 09:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-02 13:18 . 2012-05-02 13:18 -------- d-----w- c:\program files\iPod
2012-05-02 13:18 . 2012-05-02 13:19 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 12:07 . 2011-05-14 12:07 399736 ----a-w- c:\program files\uTorrent.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 2453504]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CrewLink Offline HUB.appref-ms [2012-1-12 354]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ucwncwif;ucwncwif;c:\windows\system32\drivers\ucwncwif.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1343400]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 21532078
*Deregistered* - 21532078
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unhooked.ch/2008/spotguide/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Z0 - Music Converter - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-31 08:50:09
ComboFix-quarantined-files.txt 2012-05-31 06:50
.
Vor Suchlauf: 11 Verzeichnis(se), 16'805'007'360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 16'710'451'200 Bytes frei
.
- - End Of File - - 2CE1DFC6FFBF4A64DBBEDFC44541AB63
|
|
31.05.2012, 10:12
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Default\AppData\Local\AskToolbar
c:\program files\Ask.com
File::
c:\windows\system32\drivers\ucwncwif.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
Driver::
ucwncwif
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 11:50
| #27 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus?Code:
ATTFilter ComboFix 12-05-31.01 - Mark Bachmann 31.05.2012 12:24:56.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.2039.1297 [GMT 2:00]
ausgeführt von:: c:\users\Mark Bachmann\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Mark Bachmann\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ucwncwif.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\AviraBrowserSecurity.exe
c:\program files\Ask.com\cb_161f.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_de4.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\UpdateTask.exe
c:\users\Default\AppData\Local\AskToolbar
c:\users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll
c:\users\Default\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ucwncwif
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-31 ))))))))))))))))))))))))))))))
.
.
2012-05-31 10:33 . 2012-05-31 10:44 -------- d-----w- c:\users\Mark Bachmann\AppData\Local\temp
2012-05-31 10:33 . 2012-05-31 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 09:26 . 2012-05-31 09:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\offreg.dll
2012-05-30 16:26 . 2012-05-30 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-30 09:36 . 2012-05-30 09:36 -------- d-----w- C:\_OTL
2012-05-29 10:39 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12798E88-E826-49FD-ACBC-3E71CB93348D}\mpengine.dll
2012-05-27 08:08 . 2012-05-27 08:08 -------- d-----w- c:\users\Mark Bachmann\AppData\Roaming\Avira
2012-05-27 08:01 . 2012-05-27 08:01 -------- d-----w- c:\users\Mark Bachmann\AppData\Local\APN
2012-05-27 08:00 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-27 08:00 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-27 08:00 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-27 07:59 . 2012-05-27 08:02 -------- d-----w- c:\programdata\Avira
2012-05-27 07:59 . 2012-05-27 07:59 -------- d-----w- c:\program files\Avira
2012-05-26 09:22 . 2012-05-26 09:35 -------- d-----w- c:\program files\ShowMyPCService
2012-05-24 08:55 . 2012-05-24 08:55 -------- d-----w- c:\program files\ESET
2012-05-23 14:14 . 2012-05-23 14:14 -------- d-----w- c:\users\Mark Bachmann\AppData\Roaming\Malwarebytes
2012-05-23 14:14 . 2012-05-24 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-23 14:14 . 2012-05-23 14:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 14:14 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 09:34 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 09:33 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 09:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:33 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 09:33 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 09:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 09:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 09:32 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 09:31 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 09:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-02 13:18 . 2012-05-02 13:18 -------- d-----w- c:\program files\iPod
2012-05-02 13:18 . 2012-05-02 13:19 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 12:07 . 2011-05-14 12:07 399736 ----a-w- c:\program files\uTorrent.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 2453504]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CrewLink Offline HUB.appref-ms [2012-1-12 354]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1343400]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unhooked.ch/2008/spotguide/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-31 12:48:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-31 10:48
ComboFix2.txt 2012-05-31 06:50
.
Vor Suchlauf: 13 Verzeichnis(se), 15'458'189'312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 15'271'825'408 Bytes frei
.
- - End Of File - - 0C4B6A07282A407288214D4BB0F2732D
|
|
31.05.2012, 13:10
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 15:24
| #29 |
| | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Hallo Arne GMER hat nicht geklappt. Bei aswMBR musste ich (none) eingeben, dann hats aber funktioniert. Hier die Logs von OSAM und aswMBR: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:04:47 on 31.05.2012 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "pwkcikob" (pwkcikob) - ? - C:\Users\MARKBA~1\AppData\Local\Temp\pwkcikob.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {48580E34-E37A-454A-8EC4-FC7598B01D77} "IfolorUploader Control" - "Ifolor AG" - C:\Windows\DOWNLO~1\IFOLOR~1.OCX / hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "CrewLink Offline HUB.appref-ms" - ? - C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrewLink Offline HUB.appref-ms "desktop.ini" - ? - C:\Users\Mark Bachmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "HP Color LaserJet CM1312 MFP Series Fax" - "Hewlett-Packard Company" - C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL "HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 16:12:34
-----------------------------
16:12:34.416 OS Version: Windows 6.1.7601 Service Pack 1
16:12:34.416 Number of processors: 2 586 0xF0D
16:12:34.416 ComputerName: MARKBACHMANN-PC UserName: Mark Bachmann
16:12:35.539 Initialize success
16:12:40.624 AVAST engine defs: 12053100
16:12:49.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
16:12:49.033 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7BP Size: 114473MB BusType: 11
16:12:49.048 Disk 0 MBR read successfully
16:12:49.048 Disk 0 MBR scan
16:12:49.064 Disk 0 Windows 7 default MBR code
16:12:49.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:12:49.095 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
16:12:49.111 Disk 0 scanning sectors +234438656
16:12:49.189 Disk 0 scanning C:\Windows\system32\drivers
16:13:05.023 Service scanning
16:13:43.165 Modules scanning
16:13:57.891 Disk 0 trace - called modules:
16:13:57.923 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
16:13:57.923 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e91030]
16:13:57.938 3 CLASSPNP.SYS[8900459e] -> nt!IofCallDriver -> [0x85e90558]
16:13:57.938 5 hpdskflt.sys[891d1f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85dab030]
16:13:57.938 Scan finished successfully
16:20:41.417 Disk 0 MBR has been saved successfully to "C:\Users\Mark Bachmann\Desktop\MBR.dat"
16:20:41.417 The log file has been saved successfully to "C:\Users\Mark Bachmann\Desktop\aswMBR.txt"
Zwischendurch mal wieder vielen hezlichen Dank für deine Bemühungen Mark |
|
31.05.2012, 15:28
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu S.M.A.R.T Befall, wie bekomme ich diesen Trojaner wieder aus meinem Laptop raus? |
| administrator, angezeigt, anleitung, ausgeführt, befall, defogger, desktop, disable, laptop, leitung, log, troja, trojaner, vorgehen, win, win7 |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
