Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mebroot/Torpig/Sinowal, Warnung der Uni

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.05.2012, 17:01   #1
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Guten Tag allerseits!

Ich habe folgendes Problem: Meine Universität X hat mir eine Mail zukommen lassen. Danach sei meine Kiste mit Malware, einem (?) Bot belastet. Wenn ich das Zeug nicht wegmachen kann, sperren die wohl meinen WLan-Account der Uni.

Hier das Email der Uni:
Zitat:
Aufgrund den von uns erhaltenen Informationen scheint Ihr Computer
von einer 'Malware' [1] infiziert zu sein (vgl. Anhang).

Bei dieser Malware handelt es sich um einen sogenannten 'Bot' [2],
welcher Teil eines Bot-Netzes [3] ist. Diese wurde vermutlich
über einen Virus eingeschleppt.

Falls Ihr Computer eine UniFR-Inventarnummer kleiner als 100'000
besitzt, bitten wir Sie unseren HelpDesk zu kontaktieren.
Andernalls wollen Sie bitte Ihren Händler kontaktieren oder
die im Anhang aufgeführten Links konsultieren.

Sie sollten diese Malware so rasch wie möglich entfernen,
andernfalls würden wir uns vorbehalten den Netzwerk-
anschluss Ihres Computers zu sperren.

Bot-Netze müssen bekämpft werden!

[1] hxxp://de.wikipedia.org/wiki/Malware
[2] hxxp://de.wikipedia.org/wiki/Bot
[3] hxxp://de.wikipedia.org/wiki/Bot-Netz



En espérant votre coopération, | Wir danken für Ihr Verständnis und
recevez mes salutations les | Ihre Mithilfe.
meilleures. | Mit freundlichen Grüssen.

Bruno X
Uni. X - Uni. X

---------
Annexe : | Anhang :
traces (logs) de votre machine,| Protokolldatei Ihres Computers
et URLs d'aide. | und URLs für weitere Hilfe.

[...]
is most likely compromised with Mebroot/Torpig/Sinowal malware.
(targeting Windows systems only).

That malware is known for its information stealing/manipulation
capabilitities (e.g targeting online business applications).

The system was detected by contacting malware specific domains.
The system can be identified by IP address and SRC port as listed
and dst port 80.

Please check, if your AV Scanner can detect and remove Torpig,
as often Torpig hides pretty well.

Please also check out the link (German):
hxxp://blog.botfrei.de/2011/06/torpig-basierend-auf-mebroot-finden-und-entfernen/


[1] hxxp://www.sophos.com/security/analyses/trojtorpigbf.html

first log entries (localtime: UTC+1 / UTC+2):
2012-05-21 11:16:01.217 0.128 TCP 178.63.88.12:80 -> 134.21.135.31:49531 5 560 B
2012-05-21 11:16:01.333 0.064 TCP 178.63.88.12:80 -> 134.21.135.31:49532 5 586 B
2012-05-21 11:16:01.337 0.079 TCP 134.21.135.31:49531 -> 178.63.88.12:80 6 843 B
2012-05-21 11:16:01.434 0.073 TCP 134.21.135.31:49532 -> 178.63.88.12:80 5 820 B
2012-05-21 11:16:01.480 0.064 TCP 178.63.88.12:80 -> 134.21.135.31:49531 5 560 B
2012-05-21 11:16:01.547 0.064 TCP 178.63.88.12:80 -> 134.21.135.31:49532 5 586 B
---------------------
displayName : MEIN Name
mail : MEINname@meineuni.ch
---------------------
May 21 11:16:02 WLC Acct-Start MEINname@meineuni.ch 1c65.9d19.7dcf 134.21.135.31 128 4fba07d2/1c:65:9d:19:7d:cf/353726 134.21.205.22-13
May 21 11:19:39 WLC Acct-Alive MEINname@meineuni.ch 1c65.9d19.7dcf 134.21.135.31 128 4fba07d2/1c:65:9d:19:7d:cf/353726 218 134.21.205.22-13
May 21 11:29:29 WLC Acct-Stop MEINname@meineuni.ch 1c65.9d19.7dcf 134.21.135.31 128 4fba07d2/1c:65:9d:19:7d:cf/353726 807 Idle-Timeout 134.21.205.22-13
Ich habe Windows 7. Darauf läuft Norton AntiVirus 2012. Dazu einige Freeware-Programme wie CCleaner, Glary Utilities, Spybot - Search and Distroy, avast! Internet Security, Microsoft Security Essentials.

Ich habe mir allem gescannt und es wurde auch einiges entfernt bzw. in Quarantänt gestellt.
Das Teil von Sophos (im Link des Uni-Mails) habe ich mir heruntergeladen, das hat nichts mehr gefunden.

Ich frage mich, ob ich nun immernoch was auf der Kiste habe.

Hier mein Logfile:
Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:35:51, on 31.05.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\gaemmi\Downloads\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/17
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/17
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12909 bytes
Besten Dank für Eure Hilfe!

FritzPhantom

Alt 31.05.2012, 18:34   #2
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.


Schritt 2: OTL


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.



Schritt 3: Gmer


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!



Schritt 4: Scan m. TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 31.05.2012, 19:07   #3
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Hallo Marius! Besten Dank schon jetzt für deine Mühe und deine Hilfe.

Bin nun bei Schritt 2.

Hier die Logfiles von OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.05.2012 19:55:39 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\gaemmi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,47% Memory free
7,60 Gb Paging File | 5,46 Gb Available in Paging File | 71,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,04 Gb Total Space | 319,97 Gb Free Space | 70,16% Space Free | Partition Type: NTFS
 
Computer Name: GAEMMI-PC | User Name: gaemmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gaemmi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DpHost) @C:\Program Files (x86) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\ex64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120530.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{414B7E16-647F-4F54-BAB3-041AA9B9423F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{732D2947-4261-4399-A49E-74B6A74FA7EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/17
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3767
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010.11.03 19:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.04.12 15:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.22 14:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.05 17:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 09:12:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010.11.03 19:23:22 | 000,000,000 | ---D | M]
 
[2010.09.20 17:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaemmi\AppData\Roaming\mozilla\Extensions
[2012.05.22 11:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaemmi\AppData\Roaming\mozilla\Firefox\Profiles\kt5fg83a.default\extensions
[2011.07.27 23:26:53 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\gaemmi\AppData\Roaming\mozilla\Firefox\Profiles\kt5fg83a.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.09.29 18:59:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\gaemmi\AppData\Roaming\mozilla\Firefox\Profiles\kt5fg83a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.19 00:29:06 | 000,000,000 | ---D | M] ("GreenWebPlayer") -- C:\Users\gaemmi\AppData\Roaming\mozilla\Firefox\Profiles\kt5fg83a.default\extensions\greenwebplayer@greentube.com
[2012.05.05 17:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: YouTube = C:\Users\gaemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\gaemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\gaemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Users\gaemmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.03.26 20:51:35 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BE0D8B-4EAD-4F32-8E24-BDFAACF9C5B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3aad7fe2-f1cb-11df-ba6c-f04da28a259c}\Shell - "" = AutoRun
O33 - MountPoints2\{3aad7fe2-f1cb-11df-ba6c-f04da28a259c}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{3aad7ffe-f1cb-11df-ba6c-f04da28a259c}\Shell - "" = AutoRun
O33 - MountPoints2\{3aad7ffe-f1cb-11df-ba6c-f04da28a259c}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{7860f620-9912-11e0-9a49-e86ceac6d790}\Shell - "" = AutoRun
O33 - MountPoints2\{7860f620-9912-11e0-9a49-e86ceac6d790}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.31 19:52:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\gaemmi\Desktop\OTL.exe
[2012.05.31 14:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.05.31 14:47:37 | 000,000,000 | ---D | C] -- C:\Users\gaemmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.05.31 14:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.05.31 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\gaemmi\AppData\Roaming\Malwarebytes
[2012.05.31 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 13:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.31 13:26:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.31 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.31 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\gaemmi\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.31 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\gaemmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.31 11:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.31 11:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.23 19:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.23 19:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.23 19:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.23 19:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.05.22 21:14:28 | 000,141,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.05.22 21:14:11 | 000,258,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.05.22 21:14:10 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.05.22 21:14:09 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.05.22 21:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.05.22 20:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.05.22 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.05.22 20:33:05 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.05.22 14:59:31 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.05.22 14:59:31 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.05.22 14:59:29 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.05.22 14:59:29 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.05.22 14:59:29 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.05.22 14:59:29 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.05.22 14:59:29 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.05.22 14:58:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.05.22 14:58:53 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.05.22 14:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.05.22 14:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.05.22 12:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.22 12:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.22 12:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.22 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\gaemmi\AppData\Roaming\GlarySoft
[2012.05.22 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.05.22 12:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.05.15 22:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.05.15 01:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.15 01:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.15 01:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.12 13:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.10 00:27:51 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 00:27:51 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 00:27:51 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 00:27:51 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 00:27:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 00:25:43 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 00:25:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 00:25:42 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.05 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.05 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 19:58:18 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 19:58:18 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 19:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.31 19:52:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\gaemmi\Desktop\OTL.exe
[2012.05.31 19:50:42 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.05.31 19:50:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.31 19:50:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 19:50:03 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.31 19:49:16 | 000,000,020 | ---- | M] () -- C:\Users\gaemmi\defogger_reenable
[2012.05.31 19:46:40 | 000,050,477 | ---- | M] () -- C:\Users\gaemmi\Desktop\Defogger.exe
[2012.05.31 19:28:26 | 000,013,376 | ---- | M] () -- C:\Users\gaemmi\Desktop\hijackthisLOG2
[2012.05.31 19:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.31 17:35:51 | 000,012,911 | ---- | M] () -- C:\Users\gaemmi\Desktop\hijackthisLOG
[2012.05.31 17:13:49 | 001,912,192 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\Cat.DB
[2012.05.31 14:47:37 | 000,003,211 | ---- | M] () -- C:\Users\gaemmi\Desktop\Sophos Virus Removal Tool.lnk
[2012.05.31 13:26:31 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 11:29:29 | 000,001,810 | ---- | M] () -- C:\Users\gaemmi\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.24 10:36:05 | 000,002,390 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012.05.24 10:35:06 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\VT20120410.034
[2012.05.23 19:13:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.22 21:14:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.05.22 21:10:56 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.05.22 20:34:03 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.22 20:33:33 | 001,799,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.22 20:33:33 | 000,762,656 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.22 20:33:33 | 000,706,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.22 20:33:33 | 000,171,142 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.22 20:33:33 | 000,139,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 12:42:04 | 000,001,260 | ---- | M] () -- C:\Users\gaemmi\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 12:17:56 | 000,001,068 | ---- | M] () -- C:\Users\gaemmi\Desktop\Glary Utilities.lnk
[2012.05.13 09:47:36 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\isolate.ini
[2012.05.12 13:16:47 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.10 11:25:07 | 000,310,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 00:53:02 | 001,792,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.06 13:40:18 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.06 13:40:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.06 13:40:12 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.05 17:45:53 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.05 17:41:05 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.31 19:49:16 | 000,000,020 | ---- | C] () -- C:\Users\gaemmi\defogger_reenable
[2012.05.31 19:46:39 | 000,050,477 | ---- | C] () -- C:\Users\gaemmi\Desktop\Defogger.exe
[2012.05.31 19:28:26 | 000,013,376 | ---- | C] () -- C:\Users\gaemmi\Desktop\hijackthisLOG2
[2012.05.31 17:35:50 | 000,012,911 | ---- | C] () -- C:\Users\gaemmi\Desktop\hijackthisLOG
[2012.05.31 14:47:37 | 000,003,211 | ---- | C] () -- C:\Users\gaemmi\Desktop\Sophos Virus Removal Tool.lnk
[2012.05.31 13:26:31 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 11:29:29 | 000,001,810 | ---- | C] () -- C:\Users\gaemmi\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.23 19:13:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.22 21:10:56 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.05.22 20:34:03 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.05.22 20:33:41 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.05.22 14:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.05.22 12:42:04 | 000,001,260 | ---- | C] () -- C:\Users\gaemmi\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 12:17:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.05.22 12:17:56 | 000,001,068 | ---- | C] () -- C:\Users\gaemmi\Desktop\Glary Utilities.lnk
[2012.05.12 13:16:47 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.08 22:39:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.04 15:08:16 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.05.17 23:24:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.17 23:24:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.05.17 23:24:00 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.02.28 11:50:58 | 000,005,243 | ---- | C] () -- C:\Users\gaemmi\AppData\Roaming\UserTile.png
[2011.02.23 22:03:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.13 16:27:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.21 09:39:07 | 000,007,597 | ---- | C] () -- C:\Users\gaemmi\AppData\Local\Resmon.ResmonCfg
[2010.09.05 16:52:34 | 000,000,617 | ---- | C] () -- C:\Windows\eReg.dat
[2010.09.01 18:54:21 | 001,799,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 06:09:39 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.30 06:09:39 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.30 06:09:39 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.30 06:09:39 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.08.30 06:09:38 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.30 03:41:09 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.05.2012 19:55:39 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\gaemmi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,47% Memory free
7,60 Gb Paging File | 5,46 Gb Available in Paging File | 71,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,04 Gb Total Space | 319,97 Gb Free Space | 70,16% Space Free | Partition Type: NTFS
 
Computer Name: GAEMMI-PC | User Name: gaemmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D95A5BB-CBAA-4D99-92D5-3B8C91A85706}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{16AC7110-53BE-4C38-ADB9-730D463FAB33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16D764C5-E149-4F8D-989C-DE029218281C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C80B497-372F-4035-B7B8-396534056F38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{201CD4E0-120E-452D-B2F8-0388125D6385}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{21918821-36FD-45EE-B3BB-EAF30DC7C356}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2382D0F5-89C8-45D0-8B7D-DB435575D531}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{39152AA2-DBE5-4DA6-A10A-27338523980D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44C5D92A-420D-4C06-8041-D1269A8A7126}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45225CA2-C6A7-431D-BC58-C83269085FC3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A85B140-B825-4B07-BBFE-4DCB386C0DD0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{65ACC42F-2B06-4329-96E7-697AA8B48DA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7079D828-1F2A-4C44-8973-F7A13072A4EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{788545B2-59F7-40DD-8AFA-D7E51E51552F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7920BE06-DE41-47F1-94BE-72A9D46DC4AA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{842A7996-27D2-4728-B670-857C143C0909}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84425BD0-D4F8-43AE-98A9-77F52EB47E2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8FE1499D-2769-4DC1-BA1C-D043F9B74286}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90A2CAB8-337D-41B0-80B7-72A7997314F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9BF61602-5B06-40BF-A989-43FD84BA1B18}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A3A2C69F-5A2E-4458-8C15-87088FAE1E86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A478AFC8-46C8-40AC-950A-AE3196F50E84}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A6921689-58D3-4A64-82C5-1A5F2AB93733}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B4043C52-00BF-419B-BBE2-2A66AC18F202}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B98FD959-40D2-40C3-BCB9-7A89E805FB82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CBA8944F-B4BA-4E8E-B721-13DE6E86EF30}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E40BB2F5-54F1-4260-8D79-5D1B2F4F540E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E512F830-DD1F-478B-9AE5-D01C151C8C96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8E2BAA2-D8EA-4DB2-9EB2-7ACCA5D88EAD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E97F76FE-1B9B-4133-8482-00D73CA51D81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F59D324F-0D52-4F85-B993-9C5BDC67E4D5}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13A6ECEE-70CB-41AA-BCC2-6990E4D8E3E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1506E6CA-CAC8-4D3F-BE98-253689977228}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{1917F019-4376-4498-A82E-2FE9036E861B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{192CCB48-3324-4A57-8006-334EC1012FEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E64FCB-5317-44C8-B82F-09D33AB8BDBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3394E30D-7BEE-48D8-B6CB-B36005A43D7F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4B2578D4-D074-4344-B7AC-884A3C22D18A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58F0BAA4-05D1-4742-A042-2598BBE2CFB1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5938C89B-11F8-4429-B4D9-C8275D2AF3C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62FBFAB7-A0AA-4B58-8A3F-79C5F89E5BF7}" = protocol=6 | dir=out | app=system | 
"{6D7C1780-7A27-4E17-8AAB-595EC3E6134E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71FF6CBC-6FCF-4C13-937F-35BB143A26C2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{72DD69A9-64BE-43FF-845B-C9BFEADA88FF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{74EE941A-021D-4A1D-A12C-721D1F873F5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76A0D6D6-EEBD-4DD4-9BF2-329A3853221E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7CEF55A2-9ABE-4D3B-8186-443D04E486BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DD6EB30-6113-49C3-9541-B3876B176446}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{8A83DDFC-663C-4531-9E65-FB34CCBD892F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8AE3F4E8-53D2-48FE-9893-B83B5DF9007B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8EE6B983-D19B-4A9B-8D32-7D9E1097225C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{91B3EDF0-1B59-402F-A98D-0683F4EB60DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{98E3EC0D-AD12-42A7-98C3-CB97B7D9614C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B6980673-ADC4-4CEC-A141-468C8C51FCBC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CC2E6B7E-9CBC-46A5-86A0-9B4213C11C81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D45DFAC2-CE9E-41A2-B672-C5439CD3986C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D7AA692E-3F58-4E88-882B-4AF197C2B6C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBF6A4E6-02EC-4C42-B10B-E26C57D87B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED2171BC-251D-4244-A75F-A0DE4DF235AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1C982BD-4020-4D81-ABB4-2AB53EF0616D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F351908C-77AA-4CD7-9301-F7F7AC5DA925}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{DB24655F-1B6F-4373-BAF1-C3EA0E2304B9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{7CEBEA3C-376D-4C46-ABE3-07CEC85A5FDA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{661DD62F-D0F2-4573-902B-DBCAAD8229AF}" = Validity Sensors DDK
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Internet Security
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.2.1
"Glary Utilities_is1" = Glary Utilities 2.45.0.1481
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.5.1
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.01.2012 09:47:53 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.01.2012 09:03:17 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.01.2012 10:27:42 | Computer Name = gaemmi-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.01.2012 17:59:18 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.01.2012 20:02:40 | Computer Name = gaemmi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.01.2012 20:02:40 | Computer Name = gaemmi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7215421
 
Error - 14.01.2012 20:02:40 | Computer Name = gaemmi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7215421
 
Error - 16.01.2012 08:54:05 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 17.01.2012 06:05:18 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.01.2012 05:46:00 | Computer Name = gaemmi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Broadcom Wireless LAN Events ]
Error - 22.05.2012 14:59:52 | Computer Name = gaemmi-PC | Source = WLAN-Tray | ID = 0
Description = 20:57:15, Tue, May 22, 12 Error - Unable to gain access to user store

 
[ Cisco AnyConnect VPN Client Events ]
Error - 31.05.2012 11:03:18 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4991 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7566 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4116
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:06:53 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:14:12 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:14:12 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 31.05.2012 11:14:12 | Computer Name = gaemmi-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
[ System Events ]
Error - 31.05.2012 11:08:55 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 31.05.2012 11:09:25 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IKEEXT erreicht.
 
Error - 31.05.2012 11:09:55 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst RasMan erreicht.
 
Error - 31.05.2012 11:10:25 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Browser erreicht.
 
Error - 31.05.2012 11:10:55 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst MMCSS erreicht.
 
Error - 31.05.2012 11:10:55 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 31.05.2012 11:11:25 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst gpsvc erreicht.
 
Error - 31.05.2012 11:11:55 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 31.05.2012 11:13:56 | Computer Name = gaemmi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?05.?2012 um 17:03:14 unerwartet heruntergefahren.
 
Error - 31.05.2012 12:50:10 | Computer Name = gaemmi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >
         
--- --- ---


Schritt 3.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-31 20:36:36
Windows 6.1.7600  
Running: lokcjzv9.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cdc6221                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cdc6221@0025e7645382                            0x22 0x21 0x83 0x53 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                    ?????????????????v???e????????????????????????????v??????T??\0??????? ???????6?????52B??????????????? ??????????????nJ?????????????????????????????????????????????????????a??????"??????????????????????????????????????j????$??????P??????????????????6.1.7600.16778??????????????????????Port_#0005.Hub_#0004?3???$???????D??????????????????Tc???????????-??23???????????????????????????????????????????????????????????????????????????????????????????????????B???????????o?z?z?z?|???|??????????@%systemroot%\system32\rascfg.dll,-32012?????????????????????????z?z?{?{?|???|??\S????.????????????n????WFP Lightweight Filter????????P??????????????d???????????????????????x?z?z?{?|?|?{???|??ws???i?z?{?{?|?|?{?{?g?|al??system32\DRIVERS\WinUSB.sys?????Microsoft Windows Management Interface for ACPI?????acpi.inf_amd64_neutral_2a841284c9de8962??????l?m?p?r?|?{???sS6???Y?0??????????????4?? ?????????? ??????????????? ??????????? ??????????? ??????????? ????????????????????????????????????? ??????? ????????? ??????????? ??????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                   ???w?????????????w??????????????????????????????????????????Root\*6TO4MP\0040????????????????????????x???x??????????????????(???Root\*6TO4MP\0039????w????????????????????(?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????\\?\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{3E28DE32-ECF3-44C5-8126-D92E7A061DE4}?????Root\*6TO4MP\0038????????????????????M???????????T??????1?????$??x??????????????PxHlpa64?????w???w?????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                  ???j?????????}????X??????????????????f???.???.??????oem33.inf:INTEL_SYS.NTamd64:PCI_DRV:9.1.1.1022:pci\ven_8086&dev_3b44?????????k???m??s;???????????j???????????????????d???S??.N???????????p??ot???????h???h??.d??IDE-Kanal???? ???????j?????j???????0????????????????????? ???????j???????????j?0????????,???????????pci\ven_8086&dev_3b34????????????N??L_?????j????? ???????j?????j???????0???????????????????????j???j???j???j???j???j???j???j???j???j???j????? ???????j???????????j?0?????????????????????????j???:?????????j????? ???????j?????j???????0????????????????????? ???????j???????????j?0????????P?????????????P??j???:??????usbui.dll,USBControllerPropPageProvider??????????????3??4????j?j08?????j????? ???????j?????j???????0????????????????????? ???????j???????????j?0?????????????????????????????c??ve???????????????????j?jN_?????j????? ???????j?????j???????0?????????? ?????????? ???????j???????????j?0?????????????????????????j???????u??usbport.inf??i?????????????????????5???????j????? ???????j?????j???????0???????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                               ????????Enumerator-Treiber f?r Microsoft Virtual Drive???7??machine.inf_amd64_neutral_9e6bb86c3b39a3e9???????l?n?o?z?|?????p?????????????????????e???????????????????????????????????????B???????????B???????????????????????u?u?u?u?y?u???ur????????????????????????????x??????????????????????? ???????c???????w??System Bus Extender???????V??????????????d???z?y?z?z?? ??y??st????6??????????????????????????????F??????FF???????????????????k??USB?os??????????????????????????????????????????Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64???system32\DRIVERS\vwifibus.sys?wifibus.sys???Virtueller WiFi-Bustreiber?ers\vwifibus.sys,-258????Virtual WiFi Filter Driver??????? ??????????????s???????????????tunnel???????????k???????????????????f???????????f???????????????s?????st????????????t??????????????C:????N??????????????d??*6to4mp?????umbus.inf_amd64_neutral_694fa3d3c00382f7????192.168.1.1??????????????????????????????????????????????o???????y????????????????????????????s???????????&?????????????machine.inf_amd
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                              ???x????oem87.inf????????o???????????????e??? ??????{4d36e972-e325-11ce-bfc1-08002be10318}\0017??????x??? ???????@????????????????????$?N?1??????????????????2????????????N??x???d??????????{03F5873F-17CD-42B2-BE78-BCFBA1521491}???????????????.???e???????????1??????????? ???????s??????????????????????????????? ???????x??????00??????%???????????????????????Microsoft-6zu4-Adapter #3???????????????s?????X??????????????????5????????????6?????????????1?????X??????*???t????N???????????D???????:????????g????{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}?imi??? ???e???????????????????????u???????????.???.??????????????????????????????????????????????*6to4mp?????????????????????????tcpip???????????????????????????????????????????????????????????????????????e0???????e??????????{4d36e972-e325-11ce-bfc1-08002be10318}????????:??????????????????????????F??????.i??????????? P???????????????????`???????????????:????????g??????N??????A????D-42??NAVEX15?42??{4d36e97d-e325-11ce-bfc1-08002be103
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                             ???k?????????????i?k?k?k?????k??????????????t???ms_pptpminiport??1??????32??????t????????????????s???????|?????????n?????????k???????????k?k?????k?k????????? ???????k???????????????????????????????????k?k????? ???????k?????k???????0??L????????? ??????????????k???k????? ???????k?????k???????0????????????&???????????????????????? ???????k?????k???????0????????????????????????????? ???????k???????????k?0????????????????????blbdrive.inf:MSFT.NTamd64:blbdrive_device:6.1.7600.16385:root\blbdrive?5:r???????????????????????k???????3???k?k???????k????? ???????k?????k???????0?????????????????????k?k????????? ???????k???????????k?0?????????????????????????k??????Mi??????t????k?kMi???k?kt??????k????? ???????k?????k???????0???????????????????????k???k???k????????? ???????k???????????k?0?????????????????????????????????????????k?????????????????????k????? ???????k?????k???????0????????????&??????????????????????????k???k????? ???????k?????k???????0????????????????????? ???????k???????????k?0???????????????????????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xE5 0x15 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x78 0x16 0x08 0x8F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x18 0xCD 0x40 0x4D ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x5B 0x9C 0xF4 0xD4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x05 0xE2 0xFA 0x83 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0                        0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12                     0x33 0x37 0xF1 0xA8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12                0x5B 0x9C 0xF4 0xD4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cdc6221 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cdc6221@0025e7645382                                0x22 0x21 0x83 0x53 ...
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                        ???e?{??????????? ??????????????s???????????{4d36e97d-e325-11ce-bfc1-08002be10318}??????? .??f???/?????/???????????????????????????????????s?????j?j??????????????????????????N??g???.?????D4.????N??h?????????D?????????????????????????????f?f?f???e???????????????$???e????????????????????????????r??????e?g?\????N??g?????????D???????????????????s????System?ind??????????? ???????f?????e????????????????????????????? ???????e?????d?? ???????"?????v????????????????????7??????????????TermDD??????{50127dc3-0f36-415e-a6cc-4cb3be910b65}\0001?????{00000000-0000-0000-ffff-ffffffffffff}????????"?????????????? .??e??????????????{00000000-0000-0000-ffff-ffffffffffff}?D1}????N??f???o????DAP-??seehcri?????btwavdt?????? ???i??????????s???? ???i???????????????????d????????????X??l???m????????X?????????????? ???????e???????????e????????$??????????????????????????????????????????/??? ???????e???????????????????????????????f??? ???????e?????d???????0??L????????? ???????????? ???????e?????d???????0????????????&??????????????????????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                       ???U????Root\*6TO4MP\0018????U???????????U???U???U???????_???A??????ap???T???U???f?f?d???f?f?A???????;???????h????$??U???????????????U????X?????????????\\?\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_520__@_2.40GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}???ACPI\GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_520__@_2.40GHz\_4???-??\\?\ACPI#GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_520__@_2.40GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}???Root\*6TO4MP\0019????U??\\?\USB#VID_04F9&PID_000C#B2J135951#{a5dcbf10-6530-11d2-901f-00c04fb951ed}???????T??ACPI\GenuineIntel_-_Intel64_Family_6_Model_37_-_Intel(R)_Core(TM)_i5_CPU_______M_520__@_2.40GHz\_1?.in??PCI\VEN_8086&DEV_3B32&SUBSYS_04411028&REV_06\3&11583659&0&FE?????T???U???U??System??????\\?\PCI#VEN_10EC&DEV_8168&SUBSYS_04411028&REV_03#4&22a5284d&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{7E7C7D98-856D-4CD0-9ACE-6B5563D8B8BF}????\\?\PCI#VEN_14E4&DEV_4727&SUBSY
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                      ???k?k???k???k??? ???????k???????????j??????????P???????????? ??????????????s???PNP_TDI??????k?????k?&????N????????????Din??.NT?5A???k???k?k?7???k???????????k???????????0????????????????????????????????????????????????????X??k???????????k??????????????t???FltMgr???????k??? P??????6???????????????????k??????????? ???????j?????k?????k????????????3??????????0??????????????????????? ???????k???????????k??????????P?????????????V??z?????????e????bth.inf?(????k?????k?&???????????5?????s3-??usbhub???????k???k??? *??k???p???????1?????????????????????????????????????&?&???????????????????????k?????????????????????????g?????k???????????v???????4??STORAGE\VolumeSnapshot??????????????????????????t?????X???????????????8??p????????h??????????k???????:???????k???:???:???????k???s??ep?????????????????????k????????ep????????????????????????????X?????????????Microsoft????????????????????????p????????????????????????X??n??????????? ??????????????????ms_agilevpnminiport?????????????????t????k??text??????????????4??????9?g?????k?
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                   ???k????????ep????????????????????????????X?????????????Microsoft????????????????????????p????????????????????????X??n??????????? ??????????????????ms_agilevpnminiport?????????????????t????k??text??????????????4??????9?g?????k???k???????????D??????La?????????????????s?????????{??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????<????????g??????>????????g???????k?????k???l?los???k?l?k????8??o????????h??????k???????????D??????A7????????????????????????N????????????D?????????????????????????o??????p????????????m???????????/??????s???*6to4mp??????k????X??m???&???&???????????????????????k??tunnel?0D7??????????????????? ???????j?????k?????k????????????4????????S?????????|??????s????k??? ???????k??????????????????????N??????????????????????????s????????????????e????????l??????8}????????????????????????X??????&???&???k?????k?&???????????????e???????}??*6to4mp??j??.NTAMD64?????k????????????????????????????N??r?????????e???????k?&??? ???????j?????k?????k????????????5??????????V????B??n?????g?????k??? ???????k?????????????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                  ???k?????k???l?los???k?l?k????8??o????????h??????k???????????D??????A7????????????????????????N????????????D?????????????????????????o??????p????????????m???????????/??????s???*6to4mp??????k????X??m???&???&???????????????????????k??tunnel?0D7??????????????????? ???????j?????k?????k????????????4????????S?????????|??????s????k??? ???????k??????????????????????N??????????????????????????s????????????????e????????l??????8}????????????????????????X??????&???&???k?????k?&???????????????e???????}??*6to4mp??j??.NTAMD64?????k????????????????????????????N??r?????????e???????k?&??? ???????j?????k?????k????????????5??????????V????B??n?????g?????k??? ???????k??????????????????????N??????????????????????????????????s?u???}?????????????????k?&???????@??????s?????"??o???????????????????????????????k???????z???k???k??????????????Trend Micro TDI Driver???????????Z??????s????????o???????k??????s????????i???????e??? ???????k??????1l??????????????????\c??????????? ???????j?????k?????k????????????6? ????????T??LegacyDriver?????k?
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                 ???p????????????????t???system32\drivers\HTTP.sys???????????????????????tunnel?9EE?????????u?????{??????????????????????????????? ???????r?????p?????p???????????????????????????????p??????????????FileInfo?<??? ???????p???????????p???????????????????????????p??????????45000????????????????????p?p???????p????? ???????n?????p?????r??????????h?????????e???????h??p?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??p??????p???FSFilter Activity Monitor??????????????g???????r????????????????????????????????????LocalSystem?????%systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll??????????????????.0???5???????????????? ???????n???????????p????????$???i???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS?
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xE5 0x15 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x78 0x16 0x08 0x8F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x18 0xCD 0x40 0x4D ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x5B 0x9C 0xF4 0xD4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x05 0xE2 0xFA 0x83 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0                            0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12                         0x33 0x37 0xF1 0xA8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12                    0x5B 0x9C 0xF4 0xD4 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 31.05.2012, 19:55   #4
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Schritt 4.

Wurde nichts gefunden mit dem TDSSKiller, das LOG-File musste ich selber abspeichern.

Falls es dieses File hier nicht gebraucht hätte, dann sorry für das

Zitat:
20:46:39.0447 5912 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:46:39.0593 5912 ============================================================
20:46:39.0593 5912 Current date / time: 2012/05/31 20:46:39.0593
20:46:39.0593 5912 SystemInfo:
20:46:39.0593 5912
20:46:39.0593 5912 OS Version: 6.1.7600 ServicePack: 0.0
20:46:39.0593 5912 Product type: Workstation
20:46:39.0594 5912 ComputerName: GAEMMI-PC
20:46:39.0594 5912 UserName: gaemmi
20:46:39.0594 5912 Windows directory: C:\Windows
20:46:39.0594 5912 System windows directory: C:\Windows
20:46:39.0594 5912 Running under WOW64
20:46:39.0594 5912 Processor architecture: Intel x64
20:46:39.0594 5912 Number of processors: 4
20:46:39.0594 5912 Page size: 0x1000
20:46:39.0594 5912 Boot type: Normal boot
20:46:39.0594 5912 ============================================================
20:46:41.0101 5912 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:41.0117 5912 ============================================================
20:46:41.0117 5912 \Device\Harddisk0\DR0:
20:46:41.0119 5912 MBR partitions:
20:46:41.0119 5912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x135F000
20:46:41.0119 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1373000, BlocksNum 0x39012800
20:46:41.0119 5912 ============================================================
20:46:41.0179 5912 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:41.0179 5912 ============================================================
20:46:41.0179 5912 Initialize success
20:46:41.0179 5912 ============================================================
20:48:50.0033 5536 ============================================================
20:48:50.0033 5536 Scan started
20:48:50.0033 5536 Mode: Manual; TDLFS;
20:48:50.0033 5536 ============================================================
20:48:50.0312 5536 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:48:50.0315 5536 !SASCORE - ok
20:48:50.0512 5536 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
20:48:50.0522 5536 1394ohci - ok
20:48:50.0562 5536 Acceler (e388503069001f0797ec200ce19b265e) C:\Windows\system32\DRIVERS\Acceler.sys
20:48:50.0563 5536 Acceler - ok
20:48:50.0626 5536 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:48:50.0633 5536 ACPI - ok
20:48:50.0651 5536 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:48:50.0652 5536 AcpiPmi - ok
20:48:50.0759 5536 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
20:48:50.0762 5536 AdobeActiveFileMonitor5.0 - ok
20:48:50.0914 5536 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:50.0944 5536 AdobeFlashPlayerUpdateSvc - ok
20:48:51.0005 5536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:48:51.0032 5536 adp94xx - ok
20:48:51.0080 5536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:48:51.0099 5536 adpahci - ok
20:48:51.0134 5536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:48:51.0146 5536 adpu320 - ok
20:48:51.0186 5536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:48:51.0188 5536 AeLookupSvc - ok
20:48:51.0300 5536 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
20:48:51.0303 5536 AESTFilters - ok
20:48:51.0377 5536 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:48:51.0412 5536 AFD - ok
20:48:51.0428 5536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:48:51.0430 5536 agp440 - ok
20:48:51.0453 5536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:48:51.0456 5536 ALG - ok
20:48:51.0472 5536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:48:51.0473 5536 aliide - ok
20:48:51.0498 5536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:48:51.0499 5536 amdide - ok
20:48:51.0516 5536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:48:51.0518 5536 AmdK8 - ok
20:48:51.0539 5536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:48:51.0541 5536 AmdPPM - ok
20:48:51.0588 5536 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:48:51.0591 5536 amdsata - ok
20:48:51.0622 5536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:48:51.0633 5536 amdsbs - ok
20:48:51.0671 5536 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:48:51.0672 5536 amdxata - ok
20:48:51.0737 5536 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
20:48:51.0740 5536 AppHostSvc - ok
20:48:51.0762 5536 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:48:51.0765 5536 AppID - ok
20:48:51.0793 5536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:48:51.0805 5536 AppIDSvc - ok
20:48:51.0825 5536 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:48:51.0827 5536 Appinfo - ok
20:48:51.0944 5536 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:48:51.0947 5536 Apple Mobile Device - ok
20:48:52.0003 5536 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:48:52.0032 5536 AppMgmt - ok
20:48:52.0059 5536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:48:52.0061 5536 arc - ok
20:48:52.0080 5536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:48:52.0083 5536 arcsas - ok
20:48:52.0157 5536 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:48:52.0158 5536 aswFsBlk - ok
20:48:52.0224 5536 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
20:48:52.0226 5536 aswFW - ok
20:48:52.0299 5536 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
20:48:52.0300 5536 aswKbd - ok
20:48:52.0343 5536 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:48:52.0344 5536 aswMonFlt - ok
20:48:52.0361 5536 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
20:48:52.0362 5536 aswNdis - ok
20:48:52.0398 5536 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
20:48:52.0401 5536 aswNdis2 - ok
20:48:52.0418 5536 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
20:48:52.0420 5536 aswRdr - ok
20:48:52.0500 5536 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:48:52.0509 5536 aswSnx - ok
20:48:52.0558 5536 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:48:52.0561 5536 aswSP - ok
20:48:52.0583 5536 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:48:52.0584 5536 aswTdi - ok
20:48:52.0617 5536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:52.0618 5536 AsyncMac - ok
20:48:52.0639 5536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:48:52.0640 5536 atapi - ok
20:48:52.0721 5536 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:48:52.0731 5536 AudioEndpointBuilder - ok
20:48:52.0742 5536 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:48:52.0750 5536 AudioSrv - ok
20:48:52.0854 5536 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:48:52.0855 5536 avast! Antivirus - ok
20:48:52.0896 5536 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
20:48:52.0898 5536 avast! Firewall - ok
20:48:52.0938 5536 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:48:52.0947 5536 AxInstSV - ok
20:48:53.0004 5536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:48:53.0015 5536 b06bdrv - ok
20:48:53.0050 5536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:53.0058 5536 b57nd60a - ok
20:48:53.0085 5536 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
20:48:53.0086 5536 BCM42RLY - ok
20:48:53.0285 5536 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:48:53.0315 5536 BCM43XX - ok
20:48:53.0420 5536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:48:53.0446 5536 BDESVC - ok
20:48:53.0485 5536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:48:53.0487 5536 Beep - ok
20:48:53.0571 5536 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:48:53.0582 5536 BFE - ok
20:48:53.0817 5536 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
20:48:53.0833 5536 BHDrvx64 - ok
20:48:53.0966 5536 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:48:53.0984 5536 BITS - ok
20:48:54.0013 5536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:54.0015 5536 blbdrive - ok
20:48:54.0125 5536 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:48:54.0131 5536 Bonjour Service - ok
20:48:54.0167 5536 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:48:54.0170 5536 bowser - ok
20:48:54.0191 5536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:48:54.0193 5536 BrFiltLo - ok
20:48:54.0206 5536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:48:54.0208 5536 BrFiltUp - ok
20:48:54.0234 5536 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:48:54.0238 5536 Browser - ok
20:48:54.0276 5536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:48:54.0292 5536 Brserid - ok
20:48:54.0312 5536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:54.0314 5536 BrSerWdm - ok
20:48:54.0330 5536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:54.0332 5536 BrUsbMdm - ok
20:48:54.0342 5536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:54.0344 5536 BrUsbSer - ok
20:48:54.0389 5536 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:48:54.0391 5536 BthEnum - ok
20:48:54.0410 5536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:48:54.0412 5536 BTHMODEM - ok
20:48:54.0443 5536 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:48:54.0451 5536 BthPan - ok
20:48:54.0503 5536 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
20:48:54.0517 5536 BTHPORT - ok
20:48:54.0541 5536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:48:54.0555 5536 bthserv - ok
20:48:54.0576 5536 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
20:48:54.0578 5536 BTHUSB - ok
20:48:54.0610 5536 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:48:54.0612 5536 btwaudio - ok
20:48:54.0656 5536 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
20:48:54.0663 5536 btwavdt - ok
20:48:54.0790 5536 btwdins (8318678c71b12d6663d76473f5ec28b1) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:48:54.0816 5536 btwdins - ok
20:48:54.0845 5536 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:48:54.0847 5536 btwl2cap - ok
20:48:54.0861 5536 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:48:54.0863 5536 btwrchid - ok
20:48:54.0961 5536 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
20:48:54.0964 5536 ccSet_NAV - ok
20:48:55.0006 5536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:48:55.0008 5536 cdfs - ok
20:48:55.0047 5536 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:48:55.0054 5536 cdrom - ok
20:48:55.0094 5536 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:48:55.0098 5536 CertPropSvc - ok
20:48:55.0116 5536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:48:55.0118 5536 circlass - ok
20:48:55.0165 5536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:48:55.0184 5536 CLFS - ok
20:48:55.0268 5536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:55.0272 5536 clr_optimization_v2.0.50727_32 - ok
20:48:55.0311 5536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:55.0314 5536 clr_optimization_v2.0.50727_64 - ok
20:48:55.0396 5536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:55.0398 5536 clr_optimization_v4.0.30319_32 - ok
20:48:55.0455 5536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:55.0457 5536 clr_optimization_v4.0.30319_64 - ok
20:48:55.0477 5536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:55.0478 5536 CmBatt - ok
20:48:55.0507 5536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:48:55.0509 5536 cmdide - ok
20:48:55.0575 5536 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:48:55.0582 5536 CNG - ok
20:48:55.0595 5536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:48:55.0596 5536 Compbatt - ok
20:48:55.0623 5536 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:48:55.0625 5536 CompositeBus - ok
20:48:55.0629 5536 COMSysApp - ok
20:48:55.0646 5536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:48:55.0648 5536 crcdisk - ok
20:48:55.0687 5536 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:48:55.0690 5536 CryptSvc - ok
20:48:55.0752 5536 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:48:55.0769 5536 CSC - ok
20:48:55.0832 5536 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:48:55.0842 5536 CscService - ok
20:48:55.0896 5536 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:48:55.0908 5536 CtClsFlt - ok
20:48:55.0982 5536 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:48:55.0993 5536 DcomLaunch - ok
20:48:56.0029 5536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:48:56.0051 5536 defragsvc - ok
20:48:56.0094 5536 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:48:56.0103 5536 DfsC - ok
20:48:56.0136 5536 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:48:56.0143 5536 Dhcp - ok
20:48:56.0153 5536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:48:56.0155 5536 discache - ok
20:48:56.0189 5536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:48:56.0191 5536 Disk - ok
20:48:56.0233 5536 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:48:56.0237 5536 Dnscache - ok
20:48:56.0274 5536 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:48:56.0299 5536 dot3svc - ok
20:48:56.0382 5536 DpHost (0c23bf4cddbecbaca8659a96c359e0dd) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
20:48:56.0417 5536 DpHost - ok
20:48:56.0439 5536 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:48:56.0443 5536 DPS - ok
20:48:56.0466 5536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:48:56.0468 5536 drmkaud - ok
20:48:56.0559 5536 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:48:56.0570 5536 DXGKrnl - ok
20:48:56.0604 5536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:48:56.0608 5536 EapHost - ok
20:48:56.0809 5536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:48:56.0872 5536 ebdrv - ok
20:48:56.0973 5536 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:48:56.0991 5536 eeCtrl - ok
20:48:57.0096 5536 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:48:57.0101 5536 EFS - ok
20:48:57.0186 5536 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:48:57.0198 5536 ehRecvr - ok
20:48:57.0226 5536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:48:57.0250 5536 ehSched - ok
20:48:57.0333 5536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:48:57.0349 5536 elxstor - ok
20:48:57.0400 5536 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:48:57.0403 5536 EraserUtilRebootDrv - ok
20:48:57.0428 5536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:48:57.0430 5536 ErrDev - ok
20:48:57.0497 5536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:48:57.0503 5536 EventSystem - ok
20:48:57.0532 5536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:48:57.0544 5536 exfat - ok
20:48:57.0570 5536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:48:57.0583 5536 fastfat - ok
20:48:57.0654 5536 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:48:57.0684 5536 Fax - ok
20:48:57.0702 5536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:48:57.0704 5536 fdc - ok
20:48:57.0720 5536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:48:57.0723 5536 fdPHost - ok
20:48:57.0742 5536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:48:57.0752 5536 FDResPub - ok
20:48:57.0772 5536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:48:57.0774 5536 FileInfo - ok
20:48:57.0787 5536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:48:57.0789 5536 Filetrace - ok
20:48:57.0803 5536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:57.0805 5536 flpydisk - ok
20:48:57.0842 5536 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:48:57.0846 5536 FltMgr - ok
20:48:57.0957 5536 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:48:57.0976 5536 FontCache - ok
20:48:58.0025 5536 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:58.0036 5536 FontCache3.0.0.0 - ok
20:48:58.0082 5536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:48:58.0084 5536 FsDepends - ok
20:48:58.0113 5536 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:48:58.0115 5536 Fs_Rec - ok
20:48:58.0162 5536 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:48:58.0166 5536 fvevol - ok
20:48:58.0182 5536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:48:58.0185 5536 gagp30kx - ok
20:48:58.0238 5536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:58.0239 5536 GEARAspiWDM - ok
20:48:58.0314 5536 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:48:58.0327 5536 gpsvc - ok
20:48:58.0444 5536 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:58.0446 5536 gupdate - ok
20:48:58.0466 5536 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:58.0468 5536 gupdatem - ok
20:48:58.0491 5536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:48:58.0492 5536 hcw85cir - ok
20:48:58.0556 5536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:48:58.0565 5536 HdAudAddService - ok
20:48:58.0606 5536 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:58.0609 5536 HDAudBus - ok
20:48:58.0654 5536 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:48:58.0656 5536 HECIx64 - ok
20:48:58.0671 5536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:48:58.0673 5536 HidBatt - ok
20:48:58.0703 5536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:48:58.0712 5536 HidBth - ok
20:48:58.0733 5536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:48:58.0735 5536 HidIr - ok
20:48:58.0751 5536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:48:58.0755 5536 hidserv - ok
20:48:58.0801 5536 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:48:58.0803 5536 HidUsb - ok
20:48:58.0836 5536 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:48:58.0842 5536 hkmsvc - ok
20:48:58.0879 5536 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:48:58.0905 5536 HomeGroupListener - ok
20:48:58.0944 5536 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:48:58.0951 5536 HomeGroupProvider - ok
20:48:58.0985 5536 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:48:58.0987 5536 HpSAMD - ok
20:48:59.0066 5536 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:48:59.0084 5536 HTTP - ok
20:48:59.0101 5536 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:48:59.0104 5536 hwpolicy - ok
20:48:59.0142 5536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:59.0150 5536 i8042prt - ok
20:48:59.0215 5536 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:48:59.0222 5536 iaStor - ok
20:48:59.0278 5536 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:48:59.0292 5536 iaStorV - ok
20:48:59.0425 5536 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:59.0460 5536 idsvc - ok
20:48:59.0640 5536 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120530.001\IDSvia64.sys
20:48:59.0646 5536 IDSVia64 - ok
20:48:59.0736 5536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:48:59.0738 5536 iirsp - ok
20:48:59.0835 5536 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:48:59.0850 5536 IKEEXT - ok
20:48:59.0882 5536 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
20:48:59.0889 5536 Impcd - ok
20:48:59.0964 5536 InstallFilterService (cb8e52c468d674324260d1102955d42e) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
20:48:59.0975 5536 InstallFilterService - ok
20:49:00.0012 5536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:49:00.0014 5536 intelide - ok
20:49:00.0038 5536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:49:00.0040 5536 intelppm - ok
20:49:00.0061 5536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:49:00.0072 5536 IPBusEnum - ok
20:49:00.0096 5536 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:00.0104 5536 IpFilterDriver - ok
20:49:00.0158 5536 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:49:00.0168 5536 iphlpsvc - ok
20:49:00.0187 5536 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:49:00.0189 5536 IPMIDRV - ok
20:49:00.0209 5536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:49:00.0217 5536 IPNAT - ok
20:49:00.0352 5536 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:49:00.0363 5536 iPod Service - ok
20:49:00.0391 5536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:49:00.0393 5536 IRENUM - ok
20:49:00.0407 5536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:49:00.0408 5536 isapnp - ok
20:49:00.0435 5536 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:49:00.0445 5536 iScsiPrt - ok
20:49:00.0466 5536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:49:00.0468 5536 kbdclass - ok
20:49:00.0482 5536 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:49:00.0484 5536 kbdhid - ok
20:49:00.0513 5536 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:00.0517 5536 KeyIso - ok
20:49:00.0537 5536 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:49:00.0540 5536 KSecDD - ok
20:49:00.0566 5536 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:49:00.0570 5536 KSecPkg - ok
20:49:00.0581 5536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:49:00.0583 5536 ksthunk - ok
20:49:00.0626 5536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:49:00.0645 5536 KtmRm - ok
20:49:00.0694 5536 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:49:00.0704 5536 LanmanServer - ok
20:49:00.0737 5536 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:49:00.0746 5536 LanmanWorkstation - ok
20:49:00.0774 5536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:49:00.0776 5536 lltdio - ok
20:49:00.0808 5536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:49:00.0822 5536 lltdsvc - ok
20:49:00.0828 5536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:49:00.0833 5536 lmhosts - ok
20:49:00.0913 5536 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:49:00.0917 5536 LMS - ok
20:49:00.0951 5536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:00.0959 5536 LSI_FC - ok
20:49:00.0983 5536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:00.0986 5536 LSI_SAS - ok
20:49:01.0008 5536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:01.0010 5536 LSI_SAS2 - ok
20:49:01.0034 5536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:01.0041 5536 LSI_SCSI - ok
20:49:01.0072 5536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:49:01.0080 5536 luafv - ok
20:49:01.0107 5536 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:49:01.0118 5536 Mcx2Svc - ok
20:49:01.0134 5536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:49:01.0136 5536 megasas - ok
20:49:01.0175 5536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:01.0190 5536 MegaSR - ok
20:49:01.0208 5536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:01.0213 5536 MMCSS - ok
20:49:01.0231 5536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:49:01.0233 5536 Modem - ok
20:49:01.0280 5536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:49:01.0282 5536 monitor - ok
20:49:01.0291 5536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:49:01.0293 5536 mouclass - ok
20:49:01.0318 5536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:49:01.0320 5536 mouhid - ok
20:49:01.0344 5536 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:49:01.0347 5536 mountmgr - ok
20:49:01.0409 5536 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:01.0432 5536 MozillaMaintenance - ok
20:49:01.0483 5536 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:49:01.0487 5536 MpFilter - ok
20:49:01.0517 5536 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:49:01.0523 5536 mpio - ok
20:49:01.0583 5536 MpKsl11f75b3a - ok
20:49:01.0607 5536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:49:01.0610 5536 mpsdrv - ok
20:49:01.0683 5536 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:49:01.0698 5536 MpsSvc - ok
20:49:01.0723 5536 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:49:01.0729 5536 MRxDAV - ok
20:49:01.0775 5536 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:01.0788 5536 mrxsmb - ok
20:49:01.0845 5536 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:01.0860 5536 mrxsmb10 - ok
20:49:01.0884 5536 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:01.0891 5536 mrxsmb20 - ok
20:49:01.0915 5536 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
20:49:01.0917 5536 msahci - ok
20:49:01.0933 5536 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:49:01.0936 5536 msdsm - ok
20:49:01.0963 5536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:49:01.0978 5536 MSDTC - ok
20:49:02.0010 5536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:49:02.0012 5536 Msfs - ok
20:49:02.0023 5536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:49:02.0025 5536 mshidkmdf - ok
20:49:02.0037 5536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:49:02.0039 5536 msisadrv - ok
20:49:02.0076 5536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:49:02.0107 5536 MSiSCSI - ok
20:49:02.0112 5536 msiserver - ok
20:49:02.0142 5536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:49:02.0144 5536 MSKSSRV - ok
20:49:02.0213 5536 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:49:02.0215 5536 MsMpSvc - ok
20:49:02.0231 5536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:02.0232 5536 MSPCLOCK - ok
20:49:02.0245 5536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:49:02.0247 5536 MSPQM - ok
20:49:02.0291 5536 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:49:02.0297 5536 MsRPC - ok
20:49:02.0312 5536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:49:02.0313 5536 mssmbios - ok
20:49:02.0325 5536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:49:02.0327 5536 MSTEE - ok
20:49:02.0342 5536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:02.0344 5536 MTConfig - ok
20:49:02.0376 5536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:49:02.0377 5536 Mup - ok
20:49:02.0435 5536 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:49:02.0446 5536 napagent - ok
20:49:02.0496 5536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:49:02.0508 5536 NativeWifiP - ok
20:49:02.0608 5536 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
20:49:02.0610 5536 NAV - ok
20:49:02.0770 5536 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\ENG64.SYS
20:49:02.0779 5536 NAVENG - ok
20:49:02.0926 5536 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\EX64.SYS
20:49:02.0948 5536 NAVEX15 - ok
20:49:03.0143 5536 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:49:03.0155 5536 NDIS - ok
20:49:03.0175 5536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:03.0177 5536 NdisCap - ok
20:49:03.0193 5536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:03.0195 5536 NdisTapi - ok
20:49:03.0208 5536 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:03.0210 5536 Ndisuio - ok
20:49:03.0234 5536 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:03.0247 5536 NdisWan - ok
20:49:03.0267 5536 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:49:03.0270 5536 NDProxy - ok
20:49:03.0287 5536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:49:03.0289 5536 NetBIOS - ok
20:49:03.0324 5536 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:49:03.0331 5536 NetBT - ok
20:49:03.0363 5536 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:03.0367 5536 Netlogon - ok
20:49:03.0414 5536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:49:03.0424 5536 Netman - ok
20:49:03.0493 5536 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0496 5536 NetMsmqActivator - ok
20:49:03.0501 5536 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0504 5536 NetPipeActivator - ok
20:49:03.0549 5536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:49:03.0556 5536 netprofm - ok
20:49:03.0561 5536 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0563 5536 NetTcpActivator - ok
20:49:03.0570 5536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0572 5536 NetTcpPortSharing - ok
20:49:03.0606 5536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:49:03.0608 5536 nfrd960 - ok
20:49:03.0665 5536 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:49:03.0668 5536 NisDrv - ok
20:49:04.0165 5536 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:49:04.0243 5536 NisSrv - ok
20:49:04.0294 5536 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:49:04.0305 5536 NlaSvc - ok
20:49:04.0327 5536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:49:04.0329 5536 Npfs - ok
20:49:04.0343 5536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:49:04.0349 5536 nsi - ok
20:49:04.0361 5536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:49:04.0363 5536 nsiproxy - ok
20:49:04.0521 5536 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:49:04.0559 5536 Ntfs - ok
20:49:04.0695 5536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:49:04.0697 5536 Null - ok
20:49:04.0729 5536 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
20:49:04.0732 5536 NVHDA - ok
20:49:05.0386 5536 nvlddmkm (b8a1174bfd21af0379b4807bfc85fa66) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:05.0458 5536 nvlddmkm - ok
20:49:05.0579 5536 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:49:05.0584 5536 nvraid - ok
20:49:05.0638 5536 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:49:05.0651 5536 nvstor - ok
20:49:05.0704 5536 nvsvc (8c639660b1cb88a966674fc13b8f43a2) C:\Windows\system32\nvvsvc.exe
20:49:05.0729 5536 nvsvc - ok
20:49:05.0762 5536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:49:05.0765 5536 nv_agp - ok
20:49:05.0797 5536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:49:05.0799 5536 ohci1394 - ok
20:49:05.0866 5536 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:05.0889 5536 ose - ok
20:49:05.0939 5536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:05.0949 5536 p2pimsvc - ok
20:49:05.0997 5536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:49:06.0010 5536 p2psvc - ok
20:49:06.0031 5536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:49:06.0034 5536 Parport - ok
20:49:06.0070 5536 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:49:06.0073 5536 partmgr - ok
20:49:06.0104 5536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:49:06.0112 5536 PcaSvc - ok
20:49:06.0150 5536 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:49:06.0154 5536 pci - ok
20:49:06.0169 5536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:49:06.0170 5536 pciide - ok
20:49:06.0205 5536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:49:06.0215 5536 pcmcia - ok
20:49:06.0232 5536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:49:06.0234 5536 pcw - ok
20:49:06.0295 5536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:49:06.0313 5536 PEAUTH - ok
20:49:06.0434 5536 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:49:06.0471 5536 PeerDistSvc - ok
20:49:06.0560 5536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:49:06.0579 5536 PerfHost - ok
20:49:06.0763 5536 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:49:06.0807 5536 pla - ok
20:49:06.0872 5536 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:49:06.0883 5536 PlugPlay - ok
20:49:06.0899 5536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:49:06.0912 5536 PNRPAutoReg - ok
20:49:06.0955 5536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:06.0963 5536 PNRPsvc - ok
20:49:07.0027 5536 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:49:07.0046 5536 PolicyAgent - ok
20:49:07.0082 5536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:49:07.0091 5536 Power - ok
20:49:07.0146 5536 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:49:07.0156 5536 PptpMiniport - ok
20:49:07.0178 5536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:49:07.0180 5536 Processor - ok
20:49:07.0216 5536 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:49:07.0224 5536 ProfSvc - ok
20:49:07.0254 5536 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:07.0258 5536 ProtectedStorage - ok
20:49:07.0296 5536 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:49:07.0299 5536 Psched - ok
20:49:07.0330 5536 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:49:07.0332 5536 PxHlpa64 - ok
20:49:07.0465 5536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:49:07.0498 5536 ql2300 - ok
20:49:07.0595 5536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:49:07.0602 5536 ql40xx - ok
20:49:07.0646 5536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:49:07.0663 5536 QWAVE - ok
20:49:07.0683 5536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:49:07.0685 5536 QWAVEdrv - ok
20:49:07.0697 5536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:49:07.0699 5536 RasAcd - ok
20:49:07.0728 5536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:49:07.0730 5536 RasAgileVpn - ok
20:49:07.0752 5536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:49:07.0761 5536 RasAuto - ok
20:49:07.0787 5536 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:07.0795 5536 Rasl2tp - ok
20:49:07.0848 5536 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:49:07.0858 5536 RasMan - ok
20:49:07.0881 5536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:07.0884 5536 RasPppoe - ok
20:49:07.0915 5536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:49:07.0917 5536 RasSstp - ok
20:49:07.0959 5536 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:49:07.0972 5536 rdbss - ok
20:49:07.0985 5536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:49:07.0986 5536 rdpbus - ok
20:49:08.0000 5536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:08.0002 5536 RDPCDD - ok
20:49:08.0040 5536 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:49:08.0053 5536 RDPDR - ok
20:49:08.0076 5536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:49:08.0077 5536 RDPENCDD - ok
20:49:08.0096 5536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:49:08.0097 5536 RDPREFMP - ok
20:49:08.0150 5536 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:49:08.0161 5536 RDPWD - ok
20:49:08.0205 5536 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:49:08.0209 5536 rdyboost - ok
20:49:08.0233 5536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:49:08.0243 5536 RemoteAccess - ok
20:49:08.0271 5536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:49:08.0302 5536 RemoteRegistry - ok
20:49:08.0346 5536 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:49:08.0361 5536 RFCOMM - ok
20:49:08.0383 5536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:49:08.0390 5536 RpcEptMapper - ok
20:49:08.0413 5536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:49:08.0419 5536 RpcLocator - ok
20:49:08.0473 5536 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:49:08.0484 5536 RpcSs - ok
20:49:08.0509 5536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:49:08.0512 5536 rspndr - ok
20:49:08.0553 5536 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
20:49:08.0563 5536 RSUSBSTOR - ok
20:49:08.0615 5536 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:49:08.0629 5536 RTL8167 - ok
20:49:08.0685 5536 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
20:49:08.0694 5536 s0017bus - ok
20:49:08.0708 5536 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
20:49:08.0710 5536 s0017mdfl - ok
20:49:08.0737 5536 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
20:49:08.0743 5536 s0017mdm - ok
20:49:08.0769 5536 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
20:49:08.0776 5536 s0017mgmt - ok
20:49:08.0794 5536 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
20:49:08.0796 5536 s0017nd5 - ok
20:49:08.0821 5536 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
20:49:08.0829 5536 s0017obex - ok
20:49:08.0863 5536 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
20:49:08.0869 5536 s0017unic - ok
20:49:08.0898 5536 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:49:08.0900 5536 s3cap - ok
20:49:08.0929 5536 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:08.0933 5536 SamSs - ok
20:49:09.0021 5536 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:49:09.0034 5536 SASDIFSV - ok
20:49:09.0046 5536 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:49:09.0054 5536 SASKUTIL - ok
20:49:09.0092 5536 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:49:09.0102 5536 sbp2port - ok
20:49:09.0262 5536 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:49:09.0279 5536 SBSDWSCService - ok
20:49:09.0321 5536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:49:09.0357 5536 SCardSvr - ok
20:49:09.0401 5536 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:49:09.0403 5536 scfilter - ok
20:49:09.0518 5536 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:49:09.0538 5536 Schedule - ok
20:49:09.0574 5536 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:49:09.0577 5536 SCPolicySvc - ok
20:49:09.0603 5536 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:49:09.0615 5536 SDRSVC - ok
20:49:09.0640 5536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:49:09.0642 5536 secdrv - ok
20:49:09.0660 5536 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:49:09.0665 5536 seclogon - ok
20:49:09.0714 5536 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
20:49:09.0715 5536 seehcri - ok
20:49:09.0736 5536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:49:09.0741 5536 SENS - ok
20:49:09.0771 5536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:49:09.0778 5536 SensrSvc - ok
20:49:09.0804 5536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:49:09.0806 5536 Serenum - ok
20:49:09.0826 5536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:49:09.0829 5536 Serial - ok
20:49:09.0843 5536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:49:09.0845 5536 sermouse - ok
20:49:09.0878 5536 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:49:09.0894 5536 SessionEnv - ok
20:49:09.0919 5536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:49:09.0921 5536 sffdisk - ok
20:49:09.0934 5536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:49:09.0935 5536 sffp_mmc - ok
20:49:09.0946 5536 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:49:09.0947 5536 sffp_sd - ok
20:49:09.0964 5536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:49:09.0965 5536 sfloppy - ok
20:49:10.0026 5536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:49:10.0053 5536 SharedAccess - ok
20:49:10.0099 5536 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:49:10.0108 5536 ShellHWDetection - ok
20:49:10.0137 5536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:49:10.0139 5536 SiSRaid2 - ok
20:49:10.0159 5536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:49:10.0161 5536 SiSRaid4 - ok
20:49:10.0195 5536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:49:10.0197 5536 Smb - ok
20:49:10.0254 5536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:49:10.0261 5536 SNMPTRAP - ok
20:49:10.0274 5536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:49:10.0276 5536 spldr - ok
20:49:10.0351 5536 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:49:10.0363 5536 Spooler - ok
20:49:10.0572 5536 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:49:10.0638 5536 sppsvc - ok
20:49:10.0740 5536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:49:10.0762 5536 sppuinotify - ok
20:49:10.0887 5536 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
20:49:10.0895 5536 sptd - ok
20:49:11.0023 5536 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS
20:49:11.0031 5536 SRTSP - ok
20:49:11.0070 5536 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
20:49:11.0072 5536 SRTSPX - ok
20:49:11.0135 5536 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:49:11.0148 5536 srv - ok
20:49:11.0189 5536 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:49:11.0197 5536 srv2 - ok
20:49:11.0247 5536 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:49:11.0261 5536 srvnet - ok
20:49:11.0293 5536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:49:11.0301 5536 SSDPSRV - ok
20:49:11.0323 5536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:49:11.0331 5536 SstpSvc - ok
20:49:11.0463 5536 STacSV (de9e765bd64fff598e9f3aab41874d8a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
20:49:11.0467 5536 STacSV - ok
20:49:11.0498 5536 stdflt (3d69f5f3beb8aa28d7f46f5548b8d6d7) C:\Windows\system32\DRIVERS\stdflt.sys
20:49:11.0499 5536 stdflt - ok
20:49:11.0523 5536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:49:11.0525 5536 stexstor - ok
20:49:11.0590 5536 STHDA (3fe584503dc68cd206143bc334c43484) C:\Windows\system32\DRIVERS\stwrt64.sys
20:49:11.0607 5536 STHDA - ok
20:49:11.0667 5536 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:49:11.0683 5536 stisvc - ok
20:49:11.0716 5536 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:49:11.0718 5536 storflt - ok
20:49:11.0745 5536 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:49:11.0753 5536 StorSvc - ok
20:49:11.0786 5536 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:49:11.0789 5536 storvsc - ok
20:49:11.0803 5536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:49:11.0805 5536 swenum - ok
20:49:11.0859 5536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:49:11.0873 5536 swprv - ok
20:49:11.0988 5536 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
20:49:11.0996 5536 SymDS - ok
20:49:12.0109 5536 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
20:49:12.0125 5536 SymEFA - ok
20:49:12.0178 5536 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:49:12.0180 5536 SymEvent - ok
20:49:12.0233 5536 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
20:49:12.0243 5536 SymIRON - ok
20:49:12.0288 5536 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS
20:49:12.0293 5536 SymNetS - ok
20:49:12.0347 5536 SynTP (e5d73228176c9f69072d1f91ced83484) C:\Windows\system32\DRIVERS\SynTP.sys
20:49:12.0351 5536 SynTP - ok
20:49:12.0523 5536 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:49:12.0563 5536 SysMain - ok
20:49:12.0664 5536 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:49:12.0690 5536 TabletInputService - ok
20:49:12.0727 5536 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:49:12.0737 5536 TapiSrv - ok
20:49:12.0756 5536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:49:12.0762 5536 TBS - ok
20:49:12.0951 5536 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:49:12.0998 5536 Tcpip - ok
20:49:13.0205 5536 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:49:13.0224 5536 TCPIP6 - ok
20:49:13.0298 5536 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:49:13.0301 5536 tcpipreg - ok
20:49:13.0327 5536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:49:13.0329 5536 TDPIPE - ok
20:49:13.0342 5536 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:49:13.0344 5536 TDTCP - ok
20:49:13.0370 5536 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:49:13.0373 5536 tdx - ok
20:49:13.0387 5536 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:49:13.0389 5536 TermDD - ok
20:49:13.0455 5536 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:49:13.0468 5536 TermService - ok
20:49:13.0493 5536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:49:13.0500 5536 Themes - ok
20:49:13.0529 5536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:13.0534 5536 THREADORDER - ok
20:49:13.0560 5536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:49:13.0567 5536 TrkWks - ok
20:49:13.0612 5536 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:49:13.0623 5536 TrustedInstaller - ok
20:49:13.0648 5536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:13.0651 5536 tssecsrv - ok
20:49:13.0681 5536 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:49:13.0684 5536 tunnel - ok
20:49:13.0714 5536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:49:13.0717 5536 uagp35 - ok
20:49:13.0768 5536 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
20:49:13.0779 5536 udfs - ok
20:49:13.0801 5536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:49:13.0814 5536 UI0Detect - ok
20:49:13.0834 5536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:49:13.0836 5536 uliagpkx - ok
20:49:13.0869 5536 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:49:13.0872 5536 umbus - ok
20:49:13.0887 5536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:49:13.0888 5536 UmPass - ok
20:49:13.0921 5536 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:49:13.0929 5536 UmRdpService - ok
20:49:14.0153 5536 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:49:14.0190 5536 UNS - ok
20:49:14.0300 5536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:49:14.0309 5536 upnphost - ok
20:49:14.0381 5536 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:49:14.0383 5536 USBAAPL64 - ok
20:49:14.0426 5536 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:14.0429 5536 usbccgp - ok
20:49:14.0448 5536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:49:14.0457 5536 usbcir - ok
20:49:14.0493 5536 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
20:49:14.0496 5536 usbehci - ok
20:49:14.0563 5536 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:49:14.0574 5536 usbhub - ok
20:49:14.0602 5536 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:49:14.0604 5536 usbohci - ok
20:49:14.0633 5536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:49:14.0635 5536 usbprint - ok
20:49:14.0673 5536 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:14.0683 5536 USBSTOR - ok
20:49:14.0707 5536 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
20:49:14.0710 5536 usbuhci - ok
20:49:14.0749 5536 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:49:14.0763 5536 usbvideo - ok
20:49:14.0794 5536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:49:14.0800 5536 UxSms - ok
20:49:14.0826 5536 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:14.0829 5536 VaultSvc - ok
20:49:14.0984 5536 vcsFPService (20c2342a2b11545601fab8a0c8026f6e) C:\Windows\system32\vcsFPService.exe
20:49:15.0008 5536 vcsFPService - ok
20:49:15.0120 5536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:49:15.0122 5536 vdrvroot - ok
20:49:15.0176 5536 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:49:15.0191 5536 vds - ok
20:49:15.0216 5536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:15.0218 5536 vga - ok
20:49:15.0232 5536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:49:15.0234 5536 VgaSave - ok
20:49:15.0268 5536 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:49:15.0281 5536 vhdmp - ok
20:49:15.0314 5536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:49:15.0316 5536 viaide - ok
20:49:15.0351 5536 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:49:15.0372 5536 vmbus - ok
20:49:15.0388 5536 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:49:15.0390 5536 VMBusHID - ok
20:49:15.0409 5536 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:49:15.0412 5536 volmgr - ok
20:49:15.0451 5536 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:49:15.0457 5536 volmgrx - ok
20:49:15.0496 5536 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:49:15.0501 5536 volsnap - ok
20:49:15.0622 5536 vpnagent (3730b7b03e2fd363d63e9327e0e1ebea) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:49:15.0672 5536 vpnagent - ok
20:49:15.0700 5536 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
20:49:15.0701 5536 vpnva - ok
20:49:15.0738 5536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:49:15.0751 5536 vsmraid - ok
20:49:15.0912 5536 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:49:15.0968 5536 VSS - ok
20:49:16.0072 5536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:49:16.0075 5536 vwifibus - ok
20:49:16.0101 5536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:49:16.0104 5536 vwififlt - ok
20:49:16.0130 5536 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:49:16.0132 5536 vwifimp - ok
20:49:16.0179 5536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:49:16.0192 5536 W32Time - ok
20:49:16.0271 5536 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:16.0281 5536 W3SVC - ok
20:49:16.0298 5536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:49:16.0300 5536 WacomPen - ok
20:49:16.0333 5536 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:16.0336 5536 WANARP - ok
20:49:16.0342 5536 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:16.0345 5536 Wanarpv6 - ok
20:49:16.0364 5536 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:16.0368 5536 WAS - ok
20:49:16.0519 5536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:49:16.0551 5536 WatAdminSvc - ok
20:49:16.0675 5536 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:49:16.0715 5536 wbengine - ok
20:49:16.0833 5536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:49:16.0860 5536 WbioSrvc - ok
20:49:16.0920 5536 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:49:16.0953 5536 wcncsvc - ok
20:49:16.0973 5536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:49:16.0981 5536 WcsPlugInService - ok
20:49:17.0019 5536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:49:17.0022 5536 Wd - ok
20:49:17.0083 5536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:49:17.0093 5536 Wdf01000 - ok
20:49:17.0112 5536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:17.0119 5536 WdiServiceHost - ok
20:49:17.0126 5536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:17.0133 5536 WdiSystemHost - ok
20:49:17.0184 5536 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:49:17.0208 5536 WebClient - ok
20:49:17.0241 5536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:49:17.0259 5536 Wecsvc - ok
20:49:17.0281 5536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:49:17.0288 5536 wercplsupport - ok
20:49:17.0327 5536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:49:17.0334 5536 WerSvc - ok
20:49:17.0367 5536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:17.0369 5536 WfpLwf - ok
20:49:17.0387 5536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:49:17.0389 5536 WIMMount - ok
20:49:17.0412 5536 WinDefend - ok
20:49:17.0422 5536 WinHttpAutoProxySvc - ok
20:49:17.0484 5536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:49:17.0487 5536 Winmgmt - ok
20:49:17.0641 5536 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:49:17.0688 5536 WinRM - ok
20:49:17.0810 5536 WinUSB (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
20:49:17.0813 5536 WinUSB - ok
20:49:17.0892 5536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:49:17.0911 5536 Wlansvc - ok
20:49:17.0997 5536 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
20:49:17.0999 5536 wltrysvc - ok
20:49:18.0016 5536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:49:18.0018 5536 WmiAcpi - ok
20:49:18.0062 5536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:49:18.0098 5536 wmiApSrv - ok
20:49:18.0142 5536 WMPNetworkSvc - ok
20:49:18.0159 5536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:49:18.0178 5536 WPCSvc - ok
20:49:18.0204 5536 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:49:18.0212 5536 WPDBusEnum - ok
20:49:18.0230 5536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:49:18.0232 5536 ws2ifsl - ok
20:49:18.0278 5536 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
20:49:18.0287 5536 wscsvc - ok
20:49:18.0293 5536 WSearch - ok
20:49:18.0474 5536 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:49:18.0527 5536 wuauserv - ok
20:49:18.0654 5536 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
20:49:18.0663 5536 WudfPf - ok
20:49:18.0712 5536 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:18.0724 5536 WUDFRd - ok
20:49:18.0746 5536 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
20:49:18.0754 5536 wudfsvc - ok
20:49:18.0785 5536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:49:18.0804 5536 WwanSvc - ok
20:49:18.0862 5536 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:49:19.0250 5536 \Device\Harddisk0\DR0 - ok
20:49:19.0255 5536 Boot (0x1200) (16f1794dc8b784f08a83efabed785ad7) \Device\Harddisk0\DR0\Partition0
20:49:19.0257 5536 \Device\Harddisk0\DR0\Partition0 - ok
20:49:19.0283 5536 Boot (0x1200) (8dfc5f953f41a2c4b3dd9293ee93f1e0) \Device\Harddisk0\DR0\Partition1
20:49:19.0286 5536 \Device\Harddisk0\DR0\Partition1 - ok
20:49:19.0287 5536 ============================================================
20:49:19.0287 5536 Scan finished
20:49:19.0287 5536 ============================================================
20:49:19.0303 4756 Detected object count: 0
20:49:19.0303 4756 Actual detected object count: 0
Schritt 4.

Wurde nichts gefunden mit dem TDSSKiller, das LOG-File musste ich selber abspeichern.

Falls es dieses File hier nicht gebraucht hätte, dann sorry für das

Zitat:
20:46:39.0447 5912 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:46:39.0593 5912 ============================================================
20:46:39.0593 5912 Current date / time: 2012/05/31 20:46:39.0593
20:46:39.0593 5912 SystemInfo:
20:46:39.0593 5912
20:46:39.0593 5912 OS Version: 6.1.7600 ServicePack: 0.0
20:46:39.0593 5912 Product type: Workstation
20:46:39.0594 5912 ComputerName: GAEMMI-PC
20:46:39.0594 5912 UserName: gaemmi
20:46:39.0594 5912 Windows directory: C:\Windows
20:46:39.0594 5912 System windows directory: C:\Windows
20:46:39.0594 5912 Running under WOW64
20:46:39.0594 5912 Processor architecture: Intel x64
20:46:39.0594 5912 Number of processors: 4
20:46:39.0594 5912 Page size: 0x1000
20:46:39.0594 5912 Boot type: Normal boot
20:46:39.0594 5912 ============================================================
20:46:41.0101 5912 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:41.0117 5912 ============================================================
20:46:41.0117 5912 \Device\Harddisk0\DR0:
20:46:41.0119 5912 MBR partitions:
20:46:41.0119 5912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x135F000
20:46:41.0119 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1373000, BlocksNum 0x39012800
20:46:41.0119 5912 ============================================================
20:46:41.0179 5912 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:41.0179 5912 ============================================================
20:46:41.0179 5912 Initialize success
20:46:41.0179 5912 ============================================================
20:48:50.0033 5536 ============================================================
20:48:50.0033 5536 Scan started
20:48:50.0033 5536 Mode: Manual; TDLFS;
20:48:50.0033 5536 ============================================================
20:48:50.0312 5536 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:48:50.0315 5536 !SASCORE - ok
20:48:50.0512 5536 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
20:48:50.0522 5536 1394ohci - ok
20:48:50.0562 5536 Acceler (e388503069001f0797ec200ce19b265e) C:\Windows\system32\DRIVERS\Acceler.sys
20:48:50.0563 5536 Acceler - ok
20:48:50.0626 5536 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:48:50.0633 5536 ACPI - ok
20:48:50.0651 5536 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:48:50.0652 5536 AcpiPmi - ok
20:48:50.0759 5536 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
20:48:50.0762 5536 AdobeActiveFileMonitor5.0 - ok
20:48:50.0914 5536 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:50.0944 5536 AdobeFlashPlayerUpdateSvc - ok
20:48:51.0005 5536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:48:51.0032 5536 adp94xx - ok
20:48:51.0080 5536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:48:51.0099 5536 adpahci - ok
20:48:51.0134 5536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:48:51.0146 5536 adpu320 - ok
20:48:51.0186 5536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:48:51.0188 5536 AeLookupSvc - ok
20:48:51.0300 5536 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
20:48:51.0303 5536 AESTFilters - ok
20:48:51.0377 5536 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:48:51.0412 5536 AFD - ok
20:48:51.0428 5536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:48:51.0430 5536 agp440 - ok
20:48:51.0453 5536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:48:51.0456 5536 ALG - ok
20:48:51.0472 5536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:48:51.0473 5536 aliide - ok
20:48:51.0498 5536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:48:51.0499 5536 amdide - ok
20:48:51.0516 5536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:48:51.0518 5536 AmdK8 - ok
20:48:51.0539 5536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:48:51.0541 5536 AmdPPM - ok
20:48:51.0588 5536 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:48:51.0591 5536 amdsata - ok
20:48:51.0622 5536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:48:51.0633 5536 amdsbs - ok
20:48:51.0671 5536 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:48:51.0672 5536 amdxata - ok
20:48:51.0737 5536 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
20:48:51.0740 5536 AppHostSvc - ok
20:48:51.0762 5536 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:48:51.0765 5536 AppID - ok
20:48:51.0793 5536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:48:51.0805 5536 AppIDSvc - ok
20:48:51.0825 5536 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:48:51.0827 5536 Appinfo - ok
20:48:51.0944 5536 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:48:51.0947 5536 Apple Mobile Device - ok
20:48:52.0003 5536 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:48:52.0032 5536 AppMgmt - ok
20:48:52.0059 5536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:48:52.0061 5536 arc - ok
20:48:52.0080 5536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:48:52.0083 5536 arcsas - ok
20:48:52.0157 5536 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:48:52.0158 5536 aswFsBlk - ok
20:48:52.0224 5536 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
20:48:52.0226 5536 aswFW - ok
20:48:52.0299 5536 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
20:48:52.0300 5536 aswKbd - ok
20:48:52.0343 5536 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:48:52.0344 5536 aswMonFlt - ok
20:48:52.0361 5536 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
20:48:52.0362 5536 aswNdis - ok
20:48:52.0398 5536 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
20:48:52.0401 5536 aswNdis2 - ok
20:48:52.0418 5536 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
20:48:52.0420 5536 aswRdr - ok
20:48:52.0500 5536 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:48:52.0509 5536 aswSnx - ok
20:48:52.0558 5536 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:48:52.0561 5536 aswSP - ok
20:48:52.0583 5536 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:48:52.0584 5536 aswTdi - ok
20:48:52.0617 5536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:52.0618 5536 AsyncMac - ok
20:48:52.0639 5536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:48:52.0640 5536 atapi - ok
20:48:52.0721 5536 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:48:52.0731 5536 AudioEndpointBuilder - ok
20:48:52.0742 5536 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:48:52.0750 5536 AudioSrv - ok
20:48:52.0854 5536 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:48:52.0855 5536 avast! Antivirus - ok
20:48:52.0896 5536 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
20:48:52.0898 5536 avast! Firewall - ok
20:48:52.0938 5536 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:48:52.0947 5536 AxInstSV - ok
20:48:53.0004 5536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:48:53.0015 5536 b06bdrv - ok
20:48:53.0050 5536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:53.0058 5536 b57nd60a - ok
20:48:53.0085 5536 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
20:48:53.0086 5536 BCM42RLY - ok
20:48:53.0285 5536 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:48:53.0315 5536 BCM43XX - ok
20:48:53.0420 5536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:48:53.0446 5536 BDESVC - ok
20:48:53.0485 5536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:48:53.0487 5536 Beep - ok
20:48:53.0571 5536 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:48:53.0582 5536 BFE - ok
20:48:53.0817 5536 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
20:48:53.0833 5536 BHDrvx64 - ok
20:48:53.0966 5536 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:48:53.0984 5536 BITS - ok
20:48:54.0013 5536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:54.0015 5536 blbdrive - ok
20:48:54.0125 5536 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:48:54.0131 5536 Bonjour Service - ok
20:48:54.0167 5536 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:48:54.0170 5536 bowser - ok
20:48:54.0191 5536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:48:54.0193 5536 BrFiltLo - ok
20:48:54.0206 5536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:48:54.0208 5536 BrFiltUp - ok
20:48:54.0234 5536 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:48:54.0238 5536 Browser - ok
20:48:54.0276 5536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:48:54.0292 5536 Brserid - ok
20:48:54.0312 5536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:54.0314 5536 BrSerWdm - ok
20:48:54.0330 5536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:54.0332 5536 BrUsbMdm - ok
20:48:54.0342 5536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:54.0344 5536 BrUsbSer - ok
20:48:54.0389 5536 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:48:54.0391 5536 BthEnum - ok
20:48:54.0410 5536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:48:54.0412 5536 BTHMODEM - ok
20:48:54.0443 5536 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:48:54.0451 5536 BthPan - ok
20:48:54.0503 5536 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
20:48:54.0517 5536 BTHPORT - ok
20:48:54.0541 5536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:48:54.0555 5536 bthserv - ok
20:48:54.0576 5536 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
20:48:54.0578 5536 BTHUSB - ok
20:48:54.0610 5536 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:48:54.0612 5536 btwaudio - ok
20:48:54.0656 5536 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
20:48:54.0663 5536 btwavdt - ok
20:48:54.0790 5536 btwdins (8318678c71b12d6663d76473f5ec28b1) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:48:54.0816 5536 btwdins - ok
20:48:54.0845 5536 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:48:54.0847 5536 btwl2cap - ok
20:48:54.0861 5536 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:48:54.0863 5536 btwrchid - ok
20:48:54.0961 5536 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
20:48:54.0964 5536 ccSet_NAV - ok
20:48:55.0006 5536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:48:55.0008 5536 cdfs - ok
20:48:55.0047 5536 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:48:55.0054 5536 cdrom - ok
20:48:55.0094 5536 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:48:55.0098 5536 CertPropSvc - ok
20:48:55.0116 5536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:48:55.0118 5536 circlass - ok
20:48:55.0165 5536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:48:55.0184 5536 CLFS - ok
20:48:55.0268 5536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:55.0272 5536 clr_optimization_v2.0.50727_32 - ok
20:48:55.0311 5536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:55.0314 5536 clr_optimization_v2.0.50727_64 - ok
20:48:55.0396 5536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:55.0398 5536 clr_optimization_v4.0.30319_32 - ok
20:48:55.0455 5536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:55.0457 5536 clr_optimization_v4.0.30319_64 - ok
20:48:55.0477 5536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:55.0478 5536 CmBatt - ok
20:48:55.0507 5536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:48:55.0509 5536 cmdide - ok
20:48:55.0575 5536 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:48:55.0582 5536 CNG - ok
20:48:55.0595 5536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:48:55.0596 5536 Compbatt - ok
20:48:55.0623 5536 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:48:55.0625 5536 CompositeBus - ok
20:48:55.0629 5536 COMSysApp - ok
20:48:55.0646 5536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:48:55.0648 5536 crcdisk - ok
20:48:55.0687 5536 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:48:55.0690 5536 CryptSvc - ok
20:48:55.0752 5536 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:48:55.0769 5536 CSC - ok
20:48:55.0832 5536 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:48:55.0842 5536 CscService - ok
20:48:55.0896 5536 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:48:55.0908 5536 CtClsFlt - ok
20:48:55.0982 5536 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:48:55.0993 5536 DcomLaunch - ok
20:48:56.0029 5536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:48:56.0051 5536 defragsvc - ok
20:48:56.0094 5536 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:48:56.0103 5536 DfsC - ok
20:48:56.0136 5536 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:48:56.0143 5536 Dhcp - ok
20:48:56.0153 5536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:48:56.0155 5536 discache - ok
20:48:56.0189 5536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:48:56.0191 5536 Disk - ok
20:48:56.0233 5536 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:48:56.0237 5536 Dnscache - ok
20:48:56.0274 5536 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:48:56.0299 5536 dot3svc - ok
20:48:56.0382 5536 DpHost (0c23bf4cddbecbaca8659a96c359e0dd) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
20:48:56.0417 5536 DpHost - ok
20:48:56.0439 5536 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:48:56.0443 5536 DPS - ok
20:48:56.0466 5536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:48:56.0468 5536 drmkaud - ok
20:48:56.0559 5536 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:48:56.0570 5536 DXGKrnl - ok
20:48:56.0604 5536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:48:56.0608 5536 EapHost - ok
20:48:56.0809 5536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:48:56.0872 5536 ebdrv - ok
20:48:56.0973 5536 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:48:56.0991 5536 eeCtrl - ok
20:48:57.0096 5536 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:48:57.0101 5536 EFS - ok
20:48:57.0186 5536 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:48:57.0198 5536 ehRecvr - ok
20:48:57.0226 5536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:48:57.0250 5536 ehSched - ok
20:48:57.0333 5536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:48:57.0349 5536 elxstor - ok
20:48:57.0400 5536 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:48:57.0403 5536 EraserUtilRebootDrv - ok
20:48:57.0428 5536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:48:57.0430 5536 ErrDev - ok
20:48:57.0497 5536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:48:57.0503 5536 EventSystem - ok
20:48:57.0532 5536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:48:57.0544 5536 exfat - ok
20:48:57.0570 5536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:48:57.0583 5536 fastfat - ok
20:48:57.0654 5536 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:48:57.0684 5536 Fax - ok
20:48:57.0702 5536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:48:57.0704 5536 fdc - ok
20:48:57.0720 5536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:48:57.0723 5536 fdPHost - ok
20:48:57.0742 5536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:48:57.0752 5536 FDResPub - ok
20:48:57.0772 5536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:48:57.0774 5536 FileInfo - ok
20:48:57.0787 5536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:48:57.0789 5536 Filetrace - ok
20:48:57.0803 5536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:48:57.0805 5536 flpydisk - ok
20:48:57.0842 5536 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:48:57.0846 5536 FltMgr - ok
20:48:57.0957 5536 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:48:57.0976 5536 FontCache - ok
20:48:58.0025 5536 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:58.0036 5536 FontCache3.0.0.0 - ok
20:48:58.0082 5536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:48:58.0084 5536 FsDepends - ok
20:48:58.0113 5536 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:48:58.0115 5536 Fs_Rec - ok
20:48:58.0162 5536 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:48:58.0166 5536 fvevol - ok
20:48:58.0182 5536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:48:58.0185 5536 gagp30kx - ok
20:48:58.0238 5536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:58.0239 5536 GEARAspiWDM - ok
20:48:58.0314 5536 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:48:58.0327 5536 gpsvc - ok
20:48:58.0444 5536 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:58.0446 5536 gupdate - ok
20:48:58.0466 5536 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:58.0468 5536 gupdatem - ok
20:48:58.0491 5536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:48:58.0492 5536 hcw85cir - ok
20:48:58.0556 5536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:48:58.0565 5536 HdAudAddService - ok
20:48:58.0606 5536 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:58.0609 5536 HDAudBus - ok
20:48:58.0654 5536 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:48:58.0656 5536 HECIx64 - ok
20:48:58.0671 5536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:48:58.0673 5536 HidBatt - ok
20:48:58.0703 5536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:48:58.0712 5536 HidBth - ok
20:48:58.0733 5536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:48:58.0735 5536 HidIr - ok
20:48:58.0751 5536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:48:58.0755 5536 hidserv - ok
20:48:58.0801 5536 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:48:58.0803 5536 HidUsb - ok
20:48:58.0836 5536 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:48:58.0842 5536 hkmsvc - ok
20:48:58.0879 5536 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:48:58.0905 5536 HomeGroupListener - ok
20:48:58.0944 5536 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:48:58.0951 5536 HomeGroupProvider - ok
20:48:58.0985 5536 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:48:58.0987 5536 HpSAMD - ok
20:48:59.0066 5536 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:48:59.0084 5536 HTTP - ok
20:48:59.0101 5536 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:48:59.0104 5536 hwpolicy - ok
20:48:59.0142 5536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:59.0150 5536 i8042prt - ok
20:48:59.0215 5536 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:48:59.0222 5536 iaStor - ok
20:48:59.0278 5536 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:48:59.0292 5536 iaStorV - ok
20:48:59.0425 5536 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:59.0460 5536 idsvc - ok
20:48:59.0640 5536 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120530.001\IDSvia64.sys
20:48:59.0646 5536 IDSVia64 - ok
20:48:59.0736 5536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:48:59.0738 5536 iirsp - ok
20:48:59.0835 5536 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:48:59.0850 5536 IKEEXT - ok
20:48:59.0882 5536 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
20:48:59.0889 5536 Impcd - ok
20:48:59.0964 5536 InstallFilterService (cb8e52c468d674324260d1102955d42e) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
20:48:59.0975 5536 InstallFilterService - ok
20:49:00.0012 5536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:49:00.0014 5536 intelide - ok
20:49:00.0038 5536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:49:00.0040 5536 intelppm - ok
20:49:00.0061 5536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:49:00.0072 5536 IPBusEnum - ok
20:49:00.0096 5536 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:00.0104 5536 IpFilterDriver - ok
20:49:00.0158 5536 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:49:00.0168 5536 iphlpsvc - ok
20:49:00.0187 5536 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:49:00.0189 5536 IPMIDRV - ok
20:49:00.0209 5536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:49:00.0217 5536 IPNAT - ok
20:49:00.0352 5536 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:49:00.0363 5536 iPod Service - ok
20:49:00.0391 5536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:49:00.0393 5536 IRENUM - ok
20:49:00.0407 5536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:49:00.0408 5536 isapnp - ok
20:49:00.0435 5536 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:49:00.0445 5536 iScsiPrt - ok
20:49:00.0466 5536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:49:00.0468 5536 kbdclass - ok
20:49:00.0482 5536 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:49:00.0484 5536 kbdhid - ok
20:49:00.0513 5536 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:00.0517 5536 KeyIso - ok
20:49:00.0537 5536 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:49:00.0540 5536 KSecDD - ok
20:49:00.0566 5536 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:49:00.0570 5536 KSecPkg - ok
20:49:00.0581 5536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:49:00.0583 5536 ksthunk - ok
20:49:00.0626 5536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:49:00.0645 5536 KtmRm - ok
20:49:00.0694 5536 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:49:00.0704 5536 LanmanServer - ok
20:49:00.0737 5536 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:49:00.0746 5536 LanmanWorkstation - ok
20:49:00.0774 5536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:49:00.0776 5536 lltdio - ok
20:49:00.0808 5536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:49:00.0822 5536 lltdsvc - ok
20:49:00.0828 5536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:49:00.0833 5536 lmhosts - ok
20:49:00.0913 5536 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:49:00.0917 5536 LMS - ok
20:49:00.0951 5536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:00.0959 5536 LSI_FC - ok
20:49:00.0983 5536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:00.0986 5536 LSI_SAS - ok
20:49:01.0008 5536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:01.0010 5536 LSI_SAS2 - ok
20:49:01.0034 5536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:01.0041 5536 LSI_SCSI - ok
20:49:01.0072 5536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:49:01.0080 5536 luafv - ok
20:49:01.0107 5536 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:49:01.0118 5536 Mcx2Svc - ok
20:49:01.0134 5536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:49:01.0136 5536 megasas - ok
20:49:01.0175 5536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:01.0190 5536 MegaSR - ok
20:49:01.0208 5536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:01.0213 5536 MMCSS - ok
20:49:01.0231 5536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:49:01.0233 5536 Modem - ok
20:49:01.0280 5536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:49:01.0282 5536 monitor - ok
20:49:01.0291 5536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:49:01.0293 5536 mouclass - ok
20:49:01.0318 5536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:49:01.0320 5536 mouhid - ok
20:49:01.0344 5536 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:49:01.0347 5536 mountmgr - ok
20:49:01.0409 5536 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:01.0432 5536 MozillaMaintenance - ok
20:49:01.0483 5536 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:49:01.0487 5536 MpFilter - ok
20:49:01.0517 5536 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:49:01.0523 5536 mpio - ok
20:49:01.0583 5536 MpKsl11f75b3a - ok
20:49:01.0607 5536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:49:01.0610 5536 mpsdrv - ok
20:49:01.0683 5536 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:49:01.0698 5536 MpsSvc - ok
20:49:01.0723 5536 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:49:01.0729 5536 MRxDAV - ok
20:49:01.0775 5536 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:01.0788 5536 mrxsmb - ok
20:49:01.0845 5536 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:01.0860 5536 mrxsmb10 - ok
20:49:01.0884 5536 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:01.0891 5536 mrxsmb20 - ok
20:49:01.0915 5536 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
20:49:01.0917 5536 msahci - ok
20:49:01.0933 5536 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:49:01.0936 5536 msdsm - ok
20:49:01.0963 5536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:49:01.0978 5536 MSDTC - ok
20:49:02.0010 5536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:49:02.0012 5536 Msfs - ok
20:49:02.0023 5536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:49:02.0025 5536 mshidkmdf - ok
20:49:02.0037 5536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:49:02.0039 5536 msisadrv - ok
20:49:02.0076 5536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:49:02.0107 5536 MSiSCSI - ok
20:49:02.0112 5536 msiserver - ok
20:49:02.0142 5536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:49:02.0144 5536 MSKSSRV - ok
20:49:02.0213 5536 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:49:02.0215 5536 MsMpSvc - ok
20:49:02.0231 5536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:02.0232 5536 MSPCLOCK - ok
20:49:02.0245 5536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:49:02.0247 5536 MSPQM - ok
20:49:02.0291 5536 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:49:02.0297 5536 MsRPC - ok
20:49:02.0312 5536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:49:02.0313 5536 mssmbios - ok
20:49:02.0325 5536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:49:02.0327 5536 MSTEE - ok
20:49:02.0342 5536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:02.0344 5536 MTConfig - ok
20:49:02.0376 5536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:49:02.0377 5536 Mup - ok
20:49:02.0435 5536 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:49:02.0446 5536 napagent - ok
20:49:02.0496 5536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:49:02.0508 5536 NativeWifiP - ok
20:49:02.0608 5536 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
20:49:02.0610 5536 NAV - ok
20:49:02.0770 5536 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\ENG64.SYS
20:49:02.0779 5536 NAVENG - ok
20:49:02.0926 5536 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120530.036\EX64.SYS
20:49:02.0948 5536 NAVEX15 - ok
20:49:03.0143 5536 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:49:03.0155 5536 NDIS - ok
20:49:03.0175 5536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:03.0177 5536 NdisCap - ok
20:49:03.0193 5536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:03.0195 5536 NdisTapi - ok
20:49:03.0208 5536 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:03.0210 5536 Ndisuio - ok
20:49:03.0234 5536 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:03.0247 5536 NdisWan - ok
20:49:03.0267 5536 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:49:03.0270 5536 NDProxy - ok
20:49:03.0287 5536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:49:03.0289 5536 NetBIOS - ok
20:49:03.0324 5536 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:49:03.0331 5536 NetBT - ok
20:49:03.0363 5536 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:03.0367 5536 Netlogon - ok
20:49:03.0414 5536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:49:03.0424 5536 Netman - ok
20:49:03.0493 5536 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0496 5536 NetMsmqActivator - ok
20:49:03.0501 5536 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0504 5536 NetPipeActivator - ok
20:49:03.0549 5536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:49:03.0556 5536 netprofm - ok
20:49:03.0561 5536 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0563 5536 NetTcpActivator - ok
20:49:03.0570 5536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:03.0572 5536 NetTcpPortSharing - ok
20:49:03.0606 5536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:49:03.0608 5536 nfrd960 - ok
20:49:03.0665 5536 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:49:03.0668 5536 NisDrv - ok
20:49:04.0165 5536 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:49:04.0243 5536 NisSrv - ok
20:49:04.0294 5536 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:49:04.0305 5536 NlaSvc - ok
20:49:04.0327 5536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:49:04.0329 5536 Npfs - ok
20:49:04.0343 5536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:49:04.0349 5536 nsi - ok
20:49:04.0361 5536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:49:04.0363 5536 nsiproxy - ok
20:49:04.0521 5536 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:49:04.0559 5536 Ntfs - ok
20:49:04.0695 5536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:49:04.0697 5536 Null - ok
20:49:04.0729 5536 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
20:49:04.0732 5536 NVHDA - ok
20:49:05.0386 5536 nvlddmkm (b8a1174bfd21af0379b4807bfc85fa66) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:05.0458 5536 nvlddmkm - ok
20:49:05.0579 5536 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:49:05.0584 5536 nvraid - ok
20:49:05.0638 5536 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:49:05.0651 5536 nvstor - ok
20:49:05.0704 5536 nvsvc (8c639660b1cb88a966674fc13b8f43a2) C:\Windows\system32\nvvsvc.exe
20:49:05.0729 5536 nvsvc - ok
20:49:05.0762 5536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:49:05.0765 5536 nv_agp - ok
20:49:05.0797 5536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:49:05.0799 5536 ohci1394 - ok
20:49:05.0866 5536 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:05.0889 5536 ose - ok
20:49:05.0939 5536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:05.0949 5536 p2pimsvc - ok
20:49:05.0997 5536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:49:06.0010 5536 p2psvc - ok
20:49:06.0031 5536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:49:06.0034 5536 Parport - ok
20:49:06.0070 5536 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:49:06.0073 5536 partmgr - ok
20:49:06.0104 5536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:49:06.0112 5536 PcaSvc - ok
20:49:06.0150 5536 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:49:06.0154 5536 pci - ok
20:49:06.0169 5536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:49:06.0170 5536 pciide - ok
20:49:06.0205 5536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:49:06.0215 5536 pcmcia - ok
20:49:06.0232 5536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:49:06.0234 5536 pcw - ok
20:49:06.0295 5536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:49:06.0313 5536 PEAUTH - ok
20:49:06.0434 5536 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:49:06.0471 5536 PeerDistSvc - ok
20:49:06.0560 5536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:49:06.0579 5536 PerfHost - ok
20:49:06.0763 5536 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:49:06.0807 5536 pla - ok
20:49:06.0872 5536 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:49:06.0883 5536 PlugPlay - ok
20:49:06.0899 5536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:49:06.0912 5536 PNRPAutoReg - ok
20:49:06.0955 5536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:06.0963 5536 PNRPsvc - ok
20:49:07.0027 5536 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:49:07.0046 5536 PolicyAgent - ok
20:49:07.0082 5536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:49:07.0091 5536 Power - ok
20:49:07.0146 5536 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:49:07.0156 5536 PptpMiniport - ok
20:49:07.0178 5536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:49:07.0180 5536 Processor - ok
20:49:07.0216 5536 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:49:07.0224 5536 ProfSvc - ok
20:49:07.0254 5536 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:07.0258 5536 ProtectedStorage - ok
20:49:07.0296 5536 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:49:07.0299 5536 Psched - ok
20:49:07.0330 5536 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:49:07.0332 5536 PxHlpa64 - ok
20:49:07.0465 5536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:49:07.0498 5536 ql2300 - ok
20:49:07.0595 5536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:49:07.0602 5536 ql40xx - ok
20:49:07.0646 5536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:49:07.0663 5536 QWAVE - ok
20:49:07.0683 5536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:49:07.0685 5536 QWAVEdrv - ok
20:49:07.0697 5536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:49:07.0699 5536 RasAcd - ok
20:49:07.0728 5536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:49:07.0730 5536 RasAgileVpn - ok
20:49:07.0752 5536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:49:07.0761 5536 RasAuto - ok
20:49:07.0787 5536 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:07.0795 5536 Rasl2tp - ok
20:49:07.0848 5536 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:49:07.0858 5536 RasMan - ok
20:49:07.0881 5536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:07.0884 5536 RasPppoe - ok
20:49:07.0915 5536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:49:07.0917 5536 RasSstp - ok
20:49:07.0959 5536 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:49:07.0972 5536 rdbss - ok
20:49:07.0985 5536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:49:07.0986 5536 rdpbus - ok
20:49:08.0000 5536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:08.0002 5536 RDPCDD - ok
20:49:08.0040 5536 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:49:08.0053 5536 RDPDR - ok
20:49:08.0076 5536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:49:08.0077 5536 RDPENCDD - ok
20:49:08.0096 5536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:49:08.0097 5536 RDPREFMP - ok
20:49:08.0150 5536 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:49:08.0161 5536 RDPWD - ok
20:49:08.0205 5536 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:49:08.0209 5536 rdyboost - ok
20:49:08.0233 5536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:49:08.0243 5536 RemoteAccess - ok
20:49:08.0271 5536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:49:08.0302 5536 RemoteRegistry - ok
20:49:08.0346 5536 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:49:08.0361 5536 RFCOMM - ok
20:49:08.0383 5536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:49:08.0390 5536 RpcEptMapper - ok
20:49:08.0413 5536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:49:08.0419 5536 RpcLocator - ok
20:49:08.0473 5536 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:49:08.0484 5536 RpcSs - ok
20:49:08.0509 5536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:49:08.0512 5536 rspndr - ok
20:49:08.0553 5536 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
20:49:08.0563 5536 RSUSBSTOR - ok
20:49:08.0615 5536 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:49:08.0629 5536 RTL8167 - ok
20:49:08.0685 5536 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
20:49:08.0694 5536 s0017bus - ok
20:49:08.0708 5536 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
20:49:08.0710 5536 s0017mdfl - ok
20:49:08.0737 5536 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
20:49:08.0743 5536 s0017mdm - ok
20:49:08.0769 5536 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
20:49:08.0776 5536 s0017mgmt - ok
20:49:08.0794 5536 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
20:49:08.0796 5536 s0017nd5 - ok
20:49:08.0821 5536 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
20:49:08.0829 5536 s0017obex - ok
20:49:08.0863 5536 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
20:49:08.0869 5536 s0017unic - ok
20:49:08.0898 5536 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:49:08.0900 5536 s3cap - ok
20:49:08.0929 5536 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:08.0933 5536 SamSs - ok
20:49:09.0021 5536 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:49:09.0034 5536 SASDIFSV - ok
20:49:09.0046 5536 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:49:09.0054 5536 SASKUTIL - ok
20:49:09.0092 5536 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:49:09.0102 5536 sbp2port - ok
20:49:09.0262 5536 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:49:09.0279 5536 SBSDWSCService - ok
20:49:09.0321 5536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:49:09.0357 5536 SCardSvr - ok
20:49:09.0401 5536 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:49:09.0403 5536 scfilter - ok
20:49:09.0518 5536 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:49:09.0538 5536 Schedule - ok
20:49:09.0574 5536 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:49:09.0577 5536 SCPolicySvc - ok
20:49:09.0603 5536 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:49:09.0615 5536 SDRSVC - ok
20:49:09.0640 5536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:49:09.0642 5536 secdrv - ok
20:49:09.0660 5536 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:49:09.0665 5536 seclogon - ok
20:49:09.0714 5536 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
20:49:09.0715 5536 seehcri - ok
20:49:09.0736 5536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:49:09.0741 5536 SENS - ok
20:49:09.0771 5536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:49:09.0778 5536 SensrSvc - ok
20:49:09.0804 5536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:49:09.0806 5536 Serenum - ok
20:49:09.0826 5536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:49:09.0829 5536 Serial - ok
20:49:09.0843 5536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:49:09.0845 5536 sermouse - ok
20:49:09.0878 5536 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:49:09.0894 5536 SessionEnv - ok
20:49:09.0919 5536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:49:09.0921 5536 sffdisk - ok
20:49:09.0934 5536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:49:09.0935 5536 sffp_mmc - ok
20:49:09.0946 5536 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:49:09.0947 5536 sffp_sd - ok
20:49:09.0964 5536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:49:09.0965 5536 sfloppy - ok
20:49:10.0026 5536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:49:10.0053 5536 SharedAccess - ok
20:49:10.0099 5536 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:49:10.0108 5536 ShellHWDetection - ok
20:49:10.0137 5536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:49:10.0139 5536 SiSRaid2 - ok
20:49:10.0159 5536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:49:10.0161 5536 SiSRaid4 - ok
20:49:10.0195 5536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:49:10.0197 5536 Smb - ok
20:49:10.0254 5536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:49:10.0261 5536 SNMPTRAP - ok
20:49:10.0274 5536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:49:10.0276 5536 spldr - ok
20:49:10.0351 5536 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:49:10.0363 5536 Spooler - ok
20:49:10.0572 5536 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:49:10.0638 5536 sppsvc - ok
20:49:10.0740 5536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:49:10.0762 5536 sppuinotify - ok
20:49:10.0887 5536 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
20:49:10.0895 5536 sptd - ok
20:49:11.0023 5536 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS
20:49:11.0031 5536 SRTSP - ok
20:49:11.0070 5536 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
20:49:11.0072 5536 SRTSPX - ok
20:49:11.0135 5536 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:49:11.0148 5536 srv - ok
20:49:11.0189 5536 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:49:11.0197 5536 srv2 - ok
20:49:11.0247 5536 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:49:11.0261 5536 srvnet - ok
20:49:11.0293 5536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:49:11.0301 5536 SSDPSRV - ok
20:49:11.0323 5536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:49:11.0331 5536 SstpSvc - ok
20:49:11.0463 5536 STacSV (de9e765bd64fff598e9f3aab41874d8a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
20:49:11.0467 5536 STacSV - ok
20:49:11.0498 5536 stdflt (3d69f5f3beb8aa28d7f46f5548b8d6d7) C:\Windows\system32\DRIVERS\stdflt.sys
20:49:11.0499 5536 stdflt - ok
20:49:11.0523 5536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:49:11.0525 5536 stexstor - ok
20:49:11.0590 5536 STHDA (3fe584503dc68cd206143bc334c43484) C:\Windows\system32\DRIVERS\stwrt64.sys
20:49:11.0607 5536 STHDA - ok
20:49:11.0667 5536 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:49:11.0683 5536 stisvc - ok
20:49:11.0716 5536 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:49:11.0718 5536 storflt - ok
20:49:11.0745 5536 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:49:11.0753 5536 StorSvc - ok
20:49:11.0786 5536 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:49:11.0789 5536 storvsc - ok
20:49:11.0803 5536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:49:11.0805 5536 swenum - ok
20:49:11.0859 5536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:49:11.0873 5536 swprv - ok
20:49:11.0988 5536 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
20:49:11.0996 5536 SymDS - ok
20:49:12.0109 5536 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
20:49:12.0125 5536 SymEFA - ok
20:49:12.0178 5536 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:49:12.0180 5536 SymEvent - ok
20:49:12.0233 5536 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
20:49:12.0243 5536 SymIRON - ok
20:49:12.0288 5536 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS
20:49:12.0293 5536 SymNetS - ok
20:49:12.0347 5536 SynTP (e5d73228176c9f69072d1f91ced83484) C:\Windows\system32\DRIVERS\SynTP.sys
20:49:12.0351 5536 SynTP - ok
20:49:12.0523 5536 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:49:12.0563 5536 SysMain - ok
20:49:12.0664 5536 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:49:12.0690 5536 TabletInputService - ok
20:49:12.0727 5536 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:49:12.0737 5536 TapiSrv - ok
20:49:12.0756 5536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:49:12.0762 5536 TBS - ok
20:49:12.0951 5536 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:49:12.0998 5536 Tcpip - ok
20:49:13.0205 5536 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:49:13.0224 5536 TCPIP6 - ok
20:49:13.0298 5536 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:49:13.0301 5536 tcpipreg - ok
20:49:13.0327 5536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:49:13.0329 5536 TDPIPE - ok
20:49:13.0342 5536 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:49:13.0344 5536 TDTCP - ok
20:49:13.0370 5536 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:49:13.0373 5536 tdx - ok
20:49:13.0387 5536 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:49:13.0389 5536 TermDD - ok
20:49:13.0455 5536 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:49:13.0468 5536 TermService - ok
20:49:13.0493 5536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:49:13.0500 5536 Themes - ok
20:49:13.0529 5536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:13.0534 5536 THREADORDER - ok
20:49:13.0560 5536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:49:13.0567 5536 TrkWks - ok
20:49:13.0612 5536 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:49:13.0623 5536 TrustedInstaller - ok
20:49:13.0648 5536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:13.0651 5536 tssecsrv - ok
20:49:13.0681 5536 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:49:13.0684 5536 tunnel - ok
20:49:13.0714 5536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:49:13.0717 5536 uagp35 - ok
20:49:13.0768 5536 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
20:49:13.0779 5536 udfs - ok
20:49:13.0801 5536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:49:13.0814 5536 UI0Detect - ok
20:49:13.0834 5536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:49:13.0836 5536 uliagpkx - ok
20:49:13.0869 5536 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:49:13.0872 5536 umbus - ok
20:49:13.0887 5536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:49:13.0888 5536 UmPass - ok
20:49:13.0921 5536 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:49:13.0929 5536 UmRdpService - ok
20:49:14.0153 5536 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:49:14.0190 5536 UNS - ok
20:49:14.0300 5536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:49:14.0309 5536 upnphost - ok
20:49:14.0381 5536 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:49:14.0383 5536 USBAAPL64 - ok
20:49:14.0426 5536 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:14.0429 5536 usbccgp - ok
20:49:14.0448 5536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:49:14.0457 5536 usbcir - ok
20:49:14.0493 5536 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
20:49:14.0496 5536 usbehci - ok
20:49:14.0563 5536 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:49:14.0574 5536 usbhub - ok
20:49:14.0602 5536 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:49:14.0604 5536 usbohci - ok
20:49:14.0633 5536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:49:14.0635 5536 usbprint - ok
20:49:14.0673 5536 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:14.0683 5536 USBSTOR - ok
20:49:14.0707 5536 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
20:49:14.0710 5536 usbuhci - ok
20:49:14.0749 5536 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:49:14.0763 5536 usbvideo - ok
20:49:14.0794 5536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:49:14.0800 5536 UxSms - ok
20:49:14.0826 5536 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:49:14.0829 5536 VaultSvc - ok
20:49:14.0984 5536 vcsFPService (20c2342a2b11545601fab8a0c8026f6e) C:\Windows\system32\vcsFPService.exe
20:49:15.0008 5536 vcsFPService - ok
20:49:15.0120 5536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:49:15.0122 5536 vdrvroot - ok
20:49:15.0176 5536 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:49:15.0191 5536 vds - ok
20:49:15.0216 5536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:15.0218 5536 vga - ok
20:49:15.0232 5536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:49:15.0234 5536 VgaSave - ok
20:49:15.0268 5536 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:49:15.0281 5536 vhdmp - ok
20:49:15.0314 5536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:49:15.0316 5536 viaide - ok
20:49:15.0351 5536 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:49:15.0372 5536 vmbus - ok
20:49:15.0388 5536 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:49:15.0390 5536 VMBusHID - ok
20:49:15.0409 5536 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:49:15.0412 5536 volmgr - ok
20:49:15.0451 5536 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:49:15.0457 5536 volmgrx - ok
20:49:15.0496 5536 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:49:15.0501 5536 volsnap - ok
20:49:15.0622 5536 vpnagent (3730b7b03e2fd363d63e9327e0e1ebea) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:49:15.0672 5536 vpnagent - ok
20:49:15.0700 5536 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
20:49:15.0701 5536 vpnva - ok
20:49:15.0738 5536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:49:15.0751 5536 vsmraid - ok
20:49:15.0912 5536 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:49:15.0968 5536 VSS - ok
20:49:16.0072 5536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:49:16.0075 5536 vwifibus - ok
20:49:16.0101 5536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:49:16.0104 5536 vwififlt - ok
20:49:16.0130 5536 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:49:16.0132 5536 vwifimp - ok
20:49:16.0179 5536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:49:16.0192 5536 W32Time - ok
20:49:16.0271 5536 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:16.0281 5536 W3SVC - ok
20:49:16.0298 5536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:49:16.0300 5536 WacomPen - ok
20:49:16.0333 5536 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:16.0336 5536 WANARP - ok
20:49:16.0342 5536 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:16.0345 5536 Wanarpv6 - ok
20:49:16.0364 5536 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:16.0368 5536 WAS - ok
20:49:16.0519 5536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:49:16.0551 5536 WatAdminSvc - ok
20:49:16.0675 5536 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:49:16.0715 5536 wbengine - ok
20:49:16.0833 5536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:49:16.0860 5536 WbioSrvc - ok
20:49:16.0920 5536 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:49:16.0953 5536 wcncsvc - ok
20:49:16.0973 5536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:49:16.0981 5536 WcsPlugInService - ok
20:49:17.0019 5536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:49:17.0022 5536 Wd - ok
20:49:17.0083 5536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:49:17.0093 5536 Wdf01000 - ok
20:49:17.0112 5536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:17.0119 5536 WdiServiceHost - ok
20:49:17.0126 5536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:17.0133 5536 WdiSystemHost - ok
20:49:17.0184 5536 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:49:17.0208 5536 WebClient - ok
20:49:17.0241 5536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:49:17.0259 5536 Wecsvc - ok
20:49:17.0281 5536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:49:17.0288 5536 wercplsupport - ok
20:49:17.0327 5536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:49:17.0334 5536 WerSvc - ok
20:49:17.0367 5536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:17.0369 5536 WfpLwf - ok
20:49:17.0387 5536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:49:17.0389 5536 WIMMount - ok
20:49:17.0412 5536 WinDefend - ok
20:49:17.0422 5536 WinHttpAutoProxySvc - ok
20:49:17.0484 5536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:49:17.0487 5536 Winmgmt - ok
20:49:17.0641 5536 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:49:17.0688 5536 WinRM - ok
20:49:17.0810 5536 WinUSB (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
20:49:17.0813 5536 WinUSB - ok
20:49:17.0892 5536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:49:17.0911 5536 Wlansvc - ok
20:49:17.0997 5536 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
20:49:17.0999 5536 wltrysvc - ok
20:49:18.0016 5536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:49:18.0018 5536 WmiAcpi - ok
20:49:18.0062 5536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:49:18.0098 5536 wmiApSrv - ok
20:49:18.0142 5536 WMPNetworkSvc - ok
20:49:18.0159 5536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:49:18.0178 5536 WPCSvc - ok
20:49:18.0204 5536 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:49:18.0212 5536 WPDBusEnum - ok
20:49:18.0230 5536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:49:18.0232 5536 ws2ifsl - ok
20:49:18.0278 5536 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
20:49:18.0287 5536 wscsvc - ok
20:49:18.0293 5536 WSearch - ok
20:49:18.0474 5536 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:49:18.0527 5536 wuauserv - ok
20:49:18.0654 5536 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
20:49:18.0663 5536 WudfPf - ok
20:49:18.0712 5536 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:18.0724 5536 WUDFRd - ok
20:49:18.0746 5536 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
20:49:18.0754 5536 wudfsvc - ok
20:49:18.0785 5536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:49:18.0804 5536 WwanSvc - ok
20:49:18.0862 5536 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:49:19.0250 5536 \Device\Harddisk0\DR0 - ok
20:49:19.0255 5536 Boot (0x1200) (16f1794dc8b784f08a83efabed785ad7) \Device\Harddisk0\DR0\Partition0
20:49:19.0257 5536 \Device\Harddisk0\DR0\Partition0 - ok
20:49:19.0283 5536 Boot (0x1200) (8dfc5f953f41a2c4b3dd9293ee93f1e0) \Device\Harddisk0\DR0\Partition1
20:49:19.0286 5536 \Device\Harddisk0\DR0\Partition1 - ok
20:49:19.0287 5536 ============================================================
20:49:19.0287 5536 Scan finished
20:49:19.0287 5536 ============================================================
20:49:19.0303 4756 Detected object count: 0
20:49:19.0303 4756 Actual detected object count: 0

Alt 31.05.2012, 19:57   #5
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 31.05.2012, 20:19   #6
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Ich wurde nicht gefragt, ob ich mit der aktuellen Virendefinition von AVAST! mein System scannen will.

Im Programm drin hats noch so ein Schalter, da stand QuickScan, ich hab das so gelassen ...?

Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 21:11:37
-----------------------------
21:11:37.991 OS Version: Windows x64 6.1.7600
21:11:37.991 Number of processors: 4 586 0x2505
21:11:37.991 ComputerName: GAEMMI-PC UserName: gaemmi
21:11:39.582 Initialize success
21:11:39.660 AVAST engine defs: 12053100
21:11:45.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:11:45.120 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:11:45.167 Disk 0 MBR read successfully
21:11:45.167 Disk 0 MBR scan
21:11:45.182 Disk 0 Windows VISTA default MBR code
21:11:45.182 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:11:45.182 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9918 MB offset 81920
21:11:45.198 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466981 MB offset 20393984
21:11:45.214 Disk 0 scanning C:\Windows\system32\drivers
21:11:52.140 Service scanning
21:12:06.508 Modules scanning
21:12:06.508 Disk 0 trace - called modules:
21:12:06.523 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys iaStor.sys hal.dll
21:12:06.539 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d26060]
21:12:06.554 3 CLASSPNP.SYS[fffff88001dac43f] -> nt!IofCallDriver -> [0xfffffa8006c1eb20]
21:12:06.554 5 stdflt.sys[fffff88001cf7a4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c87050]
21:12:07.662 AVAST engine scan C:\Windows
21:12:09.394 AVAST engine scan C:\Windows\system32
21:14:06.000 AVAST engine scan C:\Windows\system32\drivers
21:14:15.173 AVAST engine scan C:\Users\gaemmi
21:16:09.616 Disk 0 MBR has been saved successfully to "C:\Users\gaemmi\Desktop\MBR.dat"
21:16:09.616 The log file has been saved successfully to "C:\Users\gaemmi\Desktop\aswMBR.txt"


Alt 31.05.2012, 20:27   #7
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 31.05.2012, 20:53   #8
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



nächster Punkt

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-31.02 - gaemmi 31.05.2012  21:39:32.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.41.1031.18.3895.2243 [GMT 2:00]
ausgeführt von:: c:\users\gaemmi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\Windows\xessmsxe.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-31 19:44 . 2012-05-31 19:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-31 18:03 . 2012-05-31 18:04	--------	d-----w-	c:\users\gaemmi\Scans
2012-05-31 12:47 . 2012-05-31 12:47	--------	d-----w-	c:\programdata\Sophos
2012-05-31 12:47 . 2012-05-31 12:47	73728	----a-r-	c:\users\gaemmi\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-31 12:47 . 2012-05-31 12:47	73728	----a-r-	c:\users\gaemmi\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-31 12:47 . 2012-05-31 12:47	73728	----a-r-	c:\users\gaemmi\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-31 12:47 . 2012-05-31 12:47	--------	d-----w-	c:\program files (x86)\Sophos
2012-05-31 11:26 . 2012-05-31 11:26	--------	d-----w-	c:\users\gaemmi\AppData\Roaming\Malwarebytes
2012-05-31 11:26 . 2012-05-31 11:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-31 11:26 . 2012-05-31 11:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-31 11:26 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-31 09:30 . 2012-05-31 09:30	--------	d-----w-	c:\users\gaemmi\AppData\Roaming\SUPERAntiSpyware.com
2012-05-31 09:29 . 2012-05-31 09:30	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-05-31 09:29 . 2012-05-31 09:29	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-05-30 20:13 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27C05805-76F9-4FA7-A36F-8FADE66DE5C3}\mpengine.dll
2012-05-29 19:27 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-23 20:17 . 2012-05-23 20:08	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{239B5777-2731-48CF-BA74-5FBBBA89EEE2}\gapaengine.dll
2012-05-23 17:12 . 2012-05-23 17:12	--------	d-----w-	c:\program files\iPod
2012-05-23 17:12 . 2012-05-23 17:13	--------	d-----w-	c:\program files\iTunes
2012-05-23 17:12 . 2012-05-23 17:13	--------	d-----w-	c:\program files (x86)\iTunes
2012-05-22 19:14 . 2012-03-06 23:04	141144	----a-w-	c:\windows\system32\drivers\aswFW.sys
2012-05-22 19:14 . 2012-03-06 23:03	258904	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2012-05-22 19:14 . 2012-03-06 23:02	28504	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-05-22 19:14 . 2012-03-06 22:44	12368	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2012-05-22 18:39 . 2012-01-31 12:44	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-22 18:33 . 2012-05-22 18:33	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-05-22 18:33 . 2012-05-22 18:33	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-22 18:33 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2012-05-22 12:59 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-05-22 12:59 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-05-22 12:59 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-05-22 12:59 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-05-22 12:59 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-05-22 12:59 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-05-22 12:59 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-05-22 12:58 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-05-22 12:58 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-05-22 12:58 . 2012-05-22 12:58	--------	d-----w-	c:\programdata\AVAST Software
2012-05-22 12:58 . 2012-05-22 12:58	--------	d-----w-	c:\program files\AVAST Software
2012-05-22 10:42 . 2012-05-31 18:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-22 10:42 . 2012-05-22 10:42	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-05-22 10:19 . 2012-05-22 10:19	--------	d-----w-	c:\users\gaemmi\AppData\Roaming\GlarySoft
2012-05-22 10:17 . 2012-05-22 10:17	--------	d-----w-	c:\program files (x86)\Glary Utilities
2012-05-19 09:15 . 2012-05-24 08:35	--------	d-----w-	c:\windows\system32\drivers\NAVx64\1307010.005
2012-05-15 20:45 . 2012-05-22 09:44	--------	d-----w-	c:\programdata\Tarma Installer
2012-05-14 23:10 . 2012-05-14 23:10	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-14 23:10 . 2012-05-14 23:10	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-09 22:27 . 2012-03-03 06:29	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-05-09 22:27 . 2012-03-03 06:29	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-09 22:27 . 2012-03-03 06:29	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-09 22:27 . 2012-03-03 06:29	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-09 22:27 . 2012-03-03 06:29	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-09 22:27 . 2012-03-03 05:40	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-09 22:27 . 2012-03-03 05:40	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-05-09 22:27 . 2012-03-03 05:40	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-09 22:27 . 2012-03-03 05:40	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-05-09 22:27 . 2012-03-03 05:40	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-05-09 22:25 . 2012-04-02 05:34	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-09 22:25 . 2012-04-02 04:46	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 22:25 . 2012-04-02 04:46	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 22:25 . 2012-04-02 03:01	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-05-09 22:25 . 2012-03-17 07:55	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-09 22:24 . 2012-03-30 11:09	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-09 22:23 . 2012-04-02 05:26	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 22:23 . 2012-04-02 05:24	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 22:23 . 2012-04-02 04:40	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 22:23 . 2012-04-02 05:24	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 22:23 . 2012-04-02 05:24	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 13:22 . 2012-05-05 15:42	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-05 13:22 . 2012-04-21 01:16	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 13:22 . 2012-04-21 01:16	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 11:40 . 2012-04-11 08:48	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 11:40 . 2011-05-18 07:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 11:40 . 2012-04-11 09:16	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 13:02 . 2012-04-12 13:02	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-20 18:44 . 2012-03-20 18:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl11f75b3a;MpKsl11f75b3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C709D425-987F-4F0C-8845-944FF25F5B14}\MpKsl11f75b3a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120530.001\IDSvia64.sys [2012-04-28 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-06-03 1932592]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 11:40]
.
2012-05-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-05-22 21:13]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 20:51]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 20:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-15 4119920]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-08 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-08 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-08 413208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-08-30 5712896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF31734.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\gaemmi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\gaemmi\AppData\Roaming\Mozilla\Firefox\Profiles\kt5fg83a.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-31  21:50:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-31 19:50
.
Vor Suchlauf: 14 Verzeichnis(se), 343'176'536'064 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 342'775'775'232 Bytes frei
.
- - End Of File - - C39B1427AADE753FF27D3291C0470426
         
--- --- ---

Alt 01.06.2012, 06:38   #9
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Mehrere Anti-Virus-Programme

Code:
ATTFilter
AV: avast! Antivirus 
AV: Microsoft Security Essentials 
AV: Norton AntiVirus
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 01.06.2012, 09:40   #10
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Habe mich für Norton AntiVirus entschieden. Die andern beiden sind deinstalliert.

Alt 01.06.2012, 10:05   #11
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 01.06.2012, 11:29   #12
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Hätte ich Spybot - Search and Distroy auch deinstallieren sollen, oder geht der nicht unter die Antivirus-Programme? Hat etwas zu motzen gehabt, als ich mit MBAM etwas löschen wollte.

Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
gaemmi :: GAEMMI-PC [Administrator]

01.06.2012 11:20:13
mbam-log-2012-06-01 (11-20-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333635
Laufzeit: 38 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\gaemmi\Downloads\SoftonicDownloader_fuer_slimdrivers.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Schritt 2, ESET:

Gescannt, hat aber nichts gefunden. Ein Knopf mit "List of found threats" gibts bei mir nicht ... ? Ebenfalls kein Button um ein Logfile zu erstellen, nur der Finish-Button.

Alt 03.06.2012, 22:37   #13
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Ach, der war ja auch noch da...*schimpf*

Schritt 1: TeaTimer abstellen


Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 05.06.2012, 21:17   #14
FritzPhantom
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
gaemmi :: GAEMMI-PC [Administrator]

05.06.2012 20:17:44
mbam-log-2012-06-05 (20-17-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336947
Laufzeit: 37 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 06.06.2012, 06:57   #15
Psychotic
/// Malwareteam
 
Mebroot/Torpig/Sinowal, Warnung der Uni - Standard

Mebroot/Torpig/Sinowal, Warnung der Uni



adwCleaner



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Mebroot/Torpig/Sinowal, Warnung der Uni
antivirus, bho, bonjour, converter, downloader, email, entfernen, excel, exe, firefox, flash player, frage, hijack, hijackthis, kis, logfile, malware, malware : netbot : mebroot/torpig/sinowal, microsoft security, mozilla, mp3, notification, problem, safer networking, scan, software, symantec, virus, windows



Ähnliche Themen: Mebroot/Torpig/Sinowal, Warnung der Uni


  1. Torpig Befall im netzwerk
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (5)
  2. 1&1 warnt vor Torpig
    Log-Analyse und Auswertung - 18.12.2013 (13)
  3. Verdacht auf Torpig: Mit MBAM massenweise Maleware u.ä. gefunden nach "Sinkhole-Warnung" des Providers
    Plagegeister aller Art und deren Bekämpfung - 01.12.2013 (9)
  4. Rechner mit 'Torpig' und/oder 'Mebroot' infiziert
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (31)
  5. Laut Telekom: Torpig/Mebroot - aber keine Funde
    Log-Analyse und Auswertung - 31.10.2012 (5)
  6. T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (34)
  7. Verdacht auf Torpig-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.05.2012 (11)
  8. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  9. torpig und/oder Mebroot infizierung
    Log-Analyse und Auswertung - 16.10.2011 (5)
  10. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 09.08.2011 (12)
  11. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 03.08.2011 (18)
  12. RKIT/MBR.Sinowal.J ...Boo/Sinowal.C ...W32/Stanit
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (15)
  13. torpig trojaner - was tun ?
    Log-Analyse und Auswertung - 01.03.2010 (1)
  14. boot.mebroot bzw. win32/mebroot.mbr Problem - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (10)
  15. Sinowal/Torpig Domain-Flux
    Diskussionsforum - 10.08.2009 (0)
  16. BOO/Sinowal.A bzw. Trojan.Mebroot.B
    Plagegeister aller Art und deren Bekämpfung - 23.07.2008 (10)
  17. Torpig u. Virtumonde
    Plagegeister aller Art und deren Bekämpfung - 15.09.2007 (25)

Zum Thema Mebroot/Torpig/Sinowal, Warnung der Uni - Guten Tag allerseits! Ich habe folgendes Problem: Meine Universität X hat mir eine Mail zukommen lassen. Danach sei meine Kiste mit Malware, einem (?) Bot belastet. Wenn ich das Zeug - Mebroot/Torpig/Sinowal, Warnung der Uni...
Archiv
Du betrachtest: Mebroot/Torpig/Sinowal, Warnung der Uni auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.