| |
| |||||||
Log-Analyse und Auswertung: immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.06.2012, 15:41
| #1 |
 |  immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo, Mein Antivirus "Antivir" zeigt mir ständig die "TR/ATRAPS.Gen2" als Virus da, Problem an der sache ist, ich habe bereits in Quarantäne getan, und auch gelöscht. Es keehrt immer wieder zurück. Wie ich es mir zugezogen habe? Nun, ich habe eine "neue" Festplatte eingebaut, die bereits Daten vom Kumpel erhielt. Formatiert habe ich sie nicht, jedoch war auch alles sauber, bis ich mein PC ans Internet anschloss, und in Facebook ging. Dannach kamen die Trojaner, nein ich habe in Facebook keine Seite besucht, war nur auf "Neuigkeiten" mehr nicht. Ich weiß nicht genau wie ich diesen Virus zugezogen habe, aber ich habe nichts als Firefox, oder Chrome und Windows Media Player benutzt. Das waren die einzigsten Programme die an waren. Hoffe ihr findet den Grund, würde den auch gerne wissen, was mein Fehler war. Ich hoffe mir kann jemand helfen, die Log-Files usw. sind im Anhang. gruß, Samurait |
|
15.06.2012, 06:50
| #2 |
| /// Malwareteam    | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Ckscan
__________________Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________ |
|
15.06.2012, 13:13
| #3 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 hier der Inhalt:
__________________Code:
ATTFilter CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\allan\desktop\neuer ordner (5)\fritzbox\debian_fritzbox_5.0.4\debian_fritzbox\usr\share\man\man8\pam_cracklib.8.gz
c:\users\allan\desktop\neuer ordner (6)\lol\heropak_client\data\particles\groundcrack.dds
c:\users\allan\desktop\neuer ordner (6)\lol\particles\groundcrack.dds
hosts # 127.0.0.1 localhost
hosts # 127.0.0.1 localhost
127.0.0.1 localhost
scanner sequence 3.ZZ.11.BUAPGB
----- EOF -----
|
|
18.06.2012, 08:05
| #4 | |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall < >. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color] Schritt 1: Software deinstallieren
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.06.2012, 13:16
| #5 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Fehler beim Schritt 2 "avast! Antirootkit funktioniert nicht mehr" |
|
18.06.2012, 13:18
| #6 |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Starte aswMBR erneut, wähle im Menü Quickscan und drücke den Scan-Button!
__________________ --> immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
|
18.06.2012, 13:22
| #7 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 immernoch der gleiche Fehler.. |
|
18.06.2012, 13:41
| #8 |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Dann versuchs mal im abgesicherten Modus!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.06.2012, 14:04
| #9 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Habs grad eben versucht.. wiederrum das gleiche problem.. also das letzte was der gescannt hat war. C:\Windows\assembly\gac_msl\microsoft.visualstudio.tools.application |
|
18.06.2012, 14:12
| #10 |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Lass aswMBR weg, scanne mit TDSS-Killer
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.06.2012, 14:17
| #11 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 TDSKILLER  bitte schönCode:
ATTFilter 15:14:16.0872 0584 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:14:17.0091 0584 ============================================================
15:14:17.0091 0584 Current date / time: 2012/06/18 15:14:17.0091
15:14:17.0091 0584 SystemInfo:
15:14:17.0091 0584
15:14:17.0091 0584 OS Version: 6.1.7600 ServicePack: 0.0
15:14:17.0091 0584 Product type: Workstation
15:14:17.0091 0584 ComputerName: STEVIKU
15:14:17.0092 0584 UserName: Allan
15:14:17.0092 0584 Windows directory: C:\Windows
15:14:17.0092 0584 System windows directory: C:\Windows
15:14:17.0092 0584 Running under WOW64
15:14:17.0092 0584 Processor architecture: Intel x64
15:14:17.0092 0584 Number of processors: 4
15:14:17.0092 0584 Page size: 0x1000
15:14:17.0092 0584 Boot type: Normal boot
15:14:17.0092 0584 ============================================================
15:14:18.0354 0584 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:14:18.0354 0584 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:14:18.0375 0584 ============================================================
15:14:18.0375 0584 \Device\Harddisk0\DR0:
15:14:18.0376 0584 MBR partitions:
15:14:18.0376 0584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61D64C1E
15:14:18.0376 0584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x73506000, BlocksNum 0x1200000
15:14:18.0408 0584 \Device\Harddisk1\DR1:
15:14:18.0408 0584 MBR partitions:
15:14:18.0408 0584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2E00800, BlocksNum 0x32000
15:14:18.0408 0584 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2E32800, BlocksNum 0x40B93800
15:14:18.0409 0584 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x439C6800, BlocksNum 0x30D3F800
15:14:18.0409 0584 ============================================================
15:14:18.0451 0584 C: <-> \Device\Harddisk0\DR0\Partition0
15:14:18.0498 0584 D: <-> \Device\Harddisk0\DR0\Partition1
15:14:18.0977 0584 F: <-> \Device\Harddisk1\DR1\Partition0
15:14:19.0004 0584 G: <-> \Device\Harddisk1\DR1\Partition2
15:14:19.0031 0584 H: <-> \Device\Harddisk1\DR1\Partition1
15:14:19.0031 0584 ============================================================
15:14:19.0031 0584 Initialize success
15:14:19.0031 0584 ============================================================
15:14:47.0144 1896 ============================================================
15:14:47.0144 1896 Scan started
15:14:47.0144 1896 Mode: Manual; TDLFS;
15:14:47.0144 1896 ============================================================
15:14:49.0951 1896 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:14:49.0956 1896 1394ohci - ok
15:14:49.0999 1896 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:14:50.0006 1896 ACPI - ok
15:14:50.0028 1896 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:14:50.0037 1896 AcpiPmi - ok
15:14:50.0158 1896 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:14:50.0163 1896 AdobeFlashPlayerUpdateSvc - ok
15:14:50.0217 1896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:14:50.0229 1896 adp94xx - ok
15:14:50.0257 1896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:14:50.0267 1896 adpahci - ok
15:14:50.0277 1896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:14:50.0284 1896 adpu320 - ok
15:14:50.0315 1896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:14:50.0316 1896 AeLookupSvc - ok
15:14:50.0391 1896 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:14:50.0423 1896 AFD - ok
15:14:50.0442 1896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:14:50.0447 1896 agp440 - ok
15:14:50.0820 1896 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
15:14:50.0820 1896 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
15:14:50.0825 1896 Akamai ( HiddenFile.Multi.Generic ) - warning
15:14:50.0825 1896 Akamai - detected HiddenFile.Multi.Generic (1)
15:14:50.0900 1896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:14:50.0914 1896 ALG - ok
15:14:50.0958 1896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:14:50.0967 1896 aliide - ok
15:14:50.0979 1896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:14:50.0988 1896 amdide - ok
15:14:51.0034 1896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:14:51.0047 1896 AmdK8 - ok
15:14:51.0073 1896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:14:51.0075 1896 AmdPPM - ok
15:14:51.0127 1896 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:14:51.0140 1896 amdsata - ok
15:14:51.0174 1896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:51.0184 1896 amdsbs - ok
15:14:51.0225 1896 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:14:51.0229 1896 amdxata - ok
15:14:51.0302 1896 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:14:51.0305 1896 AntiVirSchedulerService - ok
15:14:51.0337 1896 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:14:51.0359 1896 AntiVirService - ok
15:14:51.0407 1896 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:14:51.0412 1896 AppID - ok
15:14:51.0436 1896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:14:51.0440 1896 AppIDSvc - ok
15:14:51.0450 1896 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:14:51.0450 1896 Appinfo - ok
15:14:51.0539 1896 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:14:51.0551 1896 Apple Mobile Device - ok
15:14:51.0578 1896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:14:51.0592 1896 arc - ok
15:14:51.0610 1896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:14:51.0625 1896 arcsas - ok
15:14:51.0815 1896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:14:51.0829 1896 aspnet_state - ok
15:14:51.0861 1896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:51.0869 1896 AsyncMac - ok
15:14:51.0882 1896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:14:51.0883 1896 atapi - ok
15:14:51.0924 1896 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:14:51.0930 1896 AudioEndpointBuilder - ok
15:14:51.0936 1896 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:14:51.0940 1896 AudioSrv - ok
15:14:51.0966 1896 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:14:51.0971 1896 avgntflt - ok
15:14:51.0988 1896 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:14:51.0994 1896 avipbb - ok
15:14:52.0007 1896 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:14:52.0013 1896 AxInstSV - ok
15:14:52.0058 1896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:14:52.0068 1896 b06bdrv - ok
15:14:52.0107 1896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:14:52.0125 1896 b57nd60a - ok
15:14:52.0253 1896 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:14:52.0262 1896 BBSvc - ok
15:14:52.0323 1896 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:14:52.0344 1896 BBUpdate - ok
15:14:52.0361 1896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:14:52.0367 1896 BDESVC - ok
15:14:52.0390 1896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:14:52.0392 1896 Beep - ok
15:14:52.0461 1896 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:14:52.0479 1896 BITS - ok
15:14:52.0496 1896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:14:52.0501 1896 blbdrive - ok
15:14:52.0611 1896 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:14:52.0617 1896 Bonjour Service - ok
15:14:52.0679 1896 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:14:52.0684 1896 bowser - ok
15:14:52.0699 1896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:14:52.0699 1896 BrFiltLo - ok
15:14:52.0716 1896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:14:52.0718 1896 BrFiltUp - ok
15:14:52.0745 1896 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:14:52.0746 1896 Browser - ok
15:14:52.0772 1896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:14:52.0797 1896 Brserid - ok
15:14:52.0814 1896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:52.0819 1896 BrSerWdm - ok
15:14:52.0822 1896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:52.0825 1896 BrUsbMdm - ok
15:14:52.0851 1896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:52.0854 1896 BrUsbSer - ok
15:14:52.0871 1896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:52.0876 1896 BTHMODEM - ok
15:14:52.0892 1896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:14:52.0898 1896 bthserv - ok
15:14:52.0914 1896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:14:52.0920 1896 cdfs - ok
15:14:52.0951 1896 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:14:52.0958 1896 cdrom - ok
15:14:53.0111 1896 CEDRIVER60 (c5e6bbd327d29e543618f41c02e36db4) C:\Program Files (x86)\Cheat Engine 6.1\dbk64.sys
15:14:53.0121 1896 CEDRIVER60 - ok
15:14:53.0165 1896 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:14:53.0167 1896 CertPropSvc - ok
15:14:53.0191 1896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:14:53.0203 1896 circlass - ok
15:14:53.0241 1896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:14:53.0255 1896 CLFS - ok
15:14:53.0308 1896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:53.0324 1896 clr_optimization_v2.0.50727_32 - ok
15:14:53.0371 1896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:53.0386 1896 clr_optimization_v2.0.50727_64 - ok
15:14:53.0516 1896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:53.0520 1896 clr_optimization_v4.0.30319_32 - ok
15:14:53.0617 1896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:53.0621 1896 clr_optimization_v4.0.30319_64 - ok
15:14:53.0663 1896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:53.0669 1896 CmBatt - ok
15:14:53.0674 1896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:14:53.0677 1896 cmdide - ok
15:14:53.0744 1896 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:14:53.0771 1896 CNG - ok
15:14:53.0786 1896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:14:53.0792 1896 Compbatt - ok
15:14:53.0814 1896 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:14:53.0819 1896 CompositeBus - ok
15:14:53.0832 1896 COMSysApp - ok
15:14:53.0845 1896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:53.0850 1896 crcdisk - ok
15:14:53.0886 1896 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:14:53.0887 1896 CryptSvc - ok
15:14:53.0938 1896 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:14:53.0944 1896 DcomLaunch - ok
15:14:53.0981 1896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:14:53.0992 1896 defragsvc - ok
15:14:54.0040 1896 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:14:54.0052 1896 DfsC - ok
15:14:54.0117 1896 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
15:14:54.0129 1896 dg_ssudbus - ok
15:14:54.0177 1896 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:14:54.0183 1896 Dhcp - ok
15:14:54.0199 1896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:14:54.0208 1896 discache - ok
15:14:54.0237 1896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:14:54.0243 1896 Disk - ok
15:14:54.0301 1896 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:14:54.0305 1896 Dnscache - ok
15:14:54.0351 1896 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:14:54.0370 1896 dot3svc - ok
15:14:54.0407 1896 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:14:54.0411 1896 DPS - ok
15:14:54.0440 1896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:14:54.0442 1896 drmkaud - ok
15:14:54.0556 1896 dump_wmimmc - ok
15:14:54.0665 1896 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:14:54.0690 1896 DXGKrnl - ok
15:14:54.0731 1896 EagleX64 - ok
15:14:54.0748 1896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:14:54.0749 1896 EapHost - ok
15:14:54.0935 1896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:14:54.0975 1896 ebdrv - ok
15:14:55.0078 1896 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:14:55.0080 1896 EFS - ok
15:14:55.0181 1896 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:14:55.0214 1896 ehRecvr - ok
15:14:55.0247 1896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:14:55.0265 1896 ehSched - ok
15:14:55.0321 1896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:14:55.0345 1896 elxstor - ok
15:14:55.0364 1896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:14:55.0372 1896 ErrDev - ok
15:14:55.0471 1896 ES lite Service (dcd7487d00aa4dffaeb4c8b086af1134) C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:14:55.0490 1896 ES lite Service - ok
15:14:55.0572 1896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:14:55.0576 1896 EventSystem - ok
15:14:55.0600 1896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:14:55.0608 1896 exfat - ok
15:14:55.0704 1896 Fabs - ok
15:14:55.0735 1896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:14:55.0742 1896 fastfat - ok
15:14:55.0791 1896 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:14:55.0798 1896 Fax - ok
15:14:55.0812 1896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:14:55.0816 1896 fdc - ok
15:14:55.0834 1896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:14:55.0835 1896 fdPHost - ok
15:14:55.0849 1896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:14:55.0850 1896 FDResPub - ok
15:14:55.0866 1896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:14:55.0872 1896 FileInfo - ok
15:14:55.0884 1896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:14:55.0888 1896 Filetrace - ok
15:14:56.0097 1896 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:14:56.0144 1896 FirebirdServerMAGIXInstance - ok
15:14:56.0222 1896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:56.0230 1896 flpydisk - ok
15:14:56.0260 1896 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:14:56.0283 1896 FltMgr - ok
15:14:56.0385 1896 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:14:56.0396 1896 FontCache - ok
15:14:56.0447 1896 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:56.0459 1896 FontCache3.0.0.0 - ok
15:14:56.0477 1896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:14:56.0489 1896 FsDepends - ok
15:14:56.0540 1896 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:14:56.0551 1896 fssfltr - ok
15:14:56.0967 1896 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:14:56.0995 1896 fsssvc - ok
15:14:57.0104 1896 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:14:57.0112 1896 Fs_Rec - ok
15:14:57.0192 1896 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:14:57.0218 1896 fvevol - ok
15:14:57.0239 1896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:57.0251 1896 gagp30kx - ok
15:14:57.0294 1896 gdrv (46e2828bca26b31fa5a1dd4d84df633d) C:\Windows\gdrv.sys
15:14:57.0302 1896 gdrv - ok
15:14:57.0376 1896 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:14:57.0389 1896 gpsvc - ok
15:14:57.0463 1896 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:57.0466 1896 gupdate - ok
15:14:57.0485 1896 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:57.0487 1896 gupdatem - ok
15:14:57.0544 1896 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
15:14:57.0552 1896 hamachi - ok
15:14:57.0773 1896 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:14:57.0795 1896 Hamachi2Svc - ok
15:14:57.0902 1896 hcmon (01766d1cb46adac26182b28ac9e3c300) C:\Windows\system32\drivers\hcmon.sys
15:14:57.0911 1896 hcmon - ok
15:14:57.0933 1896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:14:57.0938 1896 hcw85cir - ok
15:14:57.0985 1896 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:14:57.0997 1896 HdAudAddService - ok
15:14:58.0028 1896 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:14:58.0029 1896 HDAudBus - ok
15:14:58.0033 1896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:58.0037 1896 HidBatt - ok
15:14:58.0054 1896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:14:58.0060 1896 HidBth - ok
15:14:58.0072 1896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:14:58.0077 1896 HidIr - ok
15:14:58.0095 1896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:14:58.0096 1896 hidserv - ok
15:14:58.0124 1896 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:14:58.0128 1896 HidUsb - ok
15:14:58.0153 1896 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:14:58.0154 1896 hkmsvc - ok
15:14:58.0173 1896 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:14:58.0175 1896 HomeGroupListener - ok
15:14:58.0211 1896 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:14:58.0213 1896 HomeGroupProvider - ok
15:14:58.0219 1896 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:14:58.0226 1896 HpSAMD - ok
15:14:58.0286 1896 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:14:58.0320 1896 HTTP - ok
15:14:58.0336 1896 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:14:58.0340 1896 hwpolicy - ok
15:14:58.0356 1896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:14:58.0363 1896 i8042prt - ok
15:14:58.0434 1896 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:14:58.0454 1896 iaStorV - ok
15:14:58.0589 1896 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:58.0630 1896 idsvc - ok
15:14:58.0781 1896 IGDCTRL (62dd2f604dd1571c4e32d480db2ab99a) C:\Program Files (x86)\1&1\IGDCTRL.EXE
15:14:58.0797 1896 IGDCTRL - ok
15:14:58.0912 1896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:14:58.0917 1896 iirsp - ok
15:14:59.0003 1896 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:14:59.0020 1896 IKEEXT - ok
15:14:59.0176 1896 IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
15:14:59.0201 1896 IntcAzAudAddService - ok
15:14:59.0291 1896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:14:59.0300 1896 intelide - ok
15:14:59.0352 1896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:14:59.0366 1896 intelppm - ok
15:14:59.0407 1896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:14:59.0410 1896 IPBusEnum - ok
15:14:59.0432 1896 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:59.0433 1896 IpFilterDriver - ok
15:14:59.0439 1896 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:14:59.0446 1896 IPMIDRV - ok
15:14:59.0453 1896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:14:59.0459 1896 IPNAT - ok
15:14:59.0482 1896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:14:59.0486 1896 IRENUM - ok
15:14:59.0519 1896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:14:59.0529 1896 isapnp - ok
15:14:59.0561 1896 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:14:59.0583 1896 iScsiPrt - ok
15:14:59.0613 1896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:14:59.0624 1896 kbdclass - ok
15:14:59.0643 1896 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:14:59.0652 1896 kbdhid - ok
15:14:59.0701 1896 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:14:59.0703 1896 KeyIso - ok
15:14:59.0731 1896 KMService - ok
15:14:59.0758 1896 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:14:59.0772 1896 KSecDD - ok
15:14:59.0791 1896 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:14:59.0810 1896 KSecPkg - ok
15:14:59.0828 1896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:14:59.0835 1896 ksthunk - ok
15:14:59.0912 1896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:14:59.0936 1896 KtmRm - ok
15:14:59.0990 1896 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:14:59.0996 1896 LanmanServer - ok
15:15:00.0037 1896 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:15:00.0042 1896 LanmanWorkstation - ok
15:15:00.0113 1896 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
15:15:00.0122 1896 LGBusEnum - ok
15:15:00.0175 1896 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
15:15:00.0176 1896 LGVirHid - ok
15:15:00.0362 1896 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:15:00.0375 1896 LightScribeService - ok
15:15:00.0413 1896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:00.0418 1896 lltdio - ok
15:15:00.0458 1896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:15:00.0467 1896 lltdsvc - ok
15:15:00.0487 1896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:15:00.0488 1896 lmhosts - ok
15:15:00.0518 1896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:00.0522 1896 LSI_FC - ok
15:15:00.0529 1896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:00.0534 1896 LSI_SAS - ok
15:15:00.0538 1896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:00.0542 1896 LSI_SAS2 - ok
15:15:00.0549 1896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:00.0554 1896 LSI_SCSI - ok
15:15:00.0572 1896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:00.0577 1896 luafv - ok
15:15:00.0614 1896 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:15:00.0619 1896 Mcx2Svc - ok
15:15:00.0641 1896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:15:00.0652 1896 megasas - ok
15:15:00.0678 1896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:00.0692 1896 MegaSR - ok
15:15:00.0779 1896 Microsoft SharePoint Workspace Audit Service - ok
15:15:00.0829 1896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:00.0832 1896 MMCSS - ok
15:15:00.0840 1896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:00.0849 1896 Modem - ok
15:15:00.0878 1896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:00.0879 1896 monitor - ok
15:15:00.0896 1896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:15:00.0901 1896 mouclass - ok
15:15:00.0919 1896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:00.0923 1896 mouhid - ok
15:15:00.0930 1896 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:15:00.0936 1896 mountmgr - ok
15:15:01.0023 1896 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:15:01.0041 1896 MozillaMaintenance - ok
15:15:01.0056 1896 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:15:01.0075 1896 mpio - ok
15:15:01.0099 1896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:01.0110 1896 mpsdrv - ok
15:15:01.0125 1896 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:15:01.0139 1896 MRxDAV - ok
15:15:01.0188 1896 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:01.0195 1896 mrxsmb - ok
15:15:01.0258 1896 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:01.0278 1896 mrxsmb10 - ok
15:15:01.0328 1896 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:01.0343 1896 mrxsmb20 - ok
15:15:01.0363 1896 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:15:01.0372 1896 msahci - ok
15:15:01.0387 1896 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:15:01.0404 1896 msdsm - ok
15:15:01.0438 1896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:15:01.0446 1896 MSDTC - ok
15:15:01.0468 1896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:01.0472 1896 Msfs - ok
15:15:01.0480 1896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:01.0483 1896 mshidkmdf - ok
15:15:01.0489 1896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:15:01.0492 1896 msisadrv - ok
15:15:01.0526 1896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:15:01.0542 1896 MSiSCSI - ok
15:15:01.0549 1896 msiserver - ok
15:15:01.0585 1896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:01.0586 1896 MSKSSRV - ok
15:15:01.0605 1896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:01.0611 1896 MSPCLOCK - ok
15:15:01.0618 1896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:01.0618 1896 MSPQM - ok
15:15:01.0645 1896 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:15:01.0655 1896 MsRPC - ok
15:15:01.0668 1896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:15:01.0669 1896 mssmbios - ok
15:15:01.0684 1896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:01.0684 1896 MSTEE - ok
15:15:01.0698 1896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:01.0702 1896 MTConfig - ok
15:15:01.0719 1896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:01.0724 1896 Mup - ok
15:15:01.0767 1896 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:15:01.0777 1896 napagent - ok
15:15:01.0824 1896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:01.0844 1896 NativeWifiP - ok
15:15:01.0937 1896 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:15:01.0950 1896 NDIS - ok
15:15:01.0962 1896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:01.0966 1896 NdisCap - ok
15:15:01.0983 1896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:01.0987 1896 NdisTapi - ok
15:15:01.0999 1896 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:02.0004 1896 Ndisuio - ok
15:15:02.0025 1896 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:02.0033 1896 NdisWan - ok
15:15:02.0050 1896 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:15:02.0054 1896 NDProxy - ok
15:15:02.0059 1896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:02.0063 1896 NetBIOS - ok
15:15:02.0084 1896 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:15:02.0095 1896 NetBT - ok
15:15:02.0144 1896 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:15:02.0147 1896 Netlogon - ok
15:15:02.0195 1896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:15:02.0204 1896 Netman - ok
15:15:02.0401 1896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:02.0423 1896 NetMsmqActivator - ok
15:15:02.0429 1896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:02.0430 1896 NetPipeActivator - ok
15:15:02.0466 1896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:15:02.0470 1896 netprofm - ok
15:15:02.0478 1896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:02.0480 1896 NetTcpActivator - ok
15:15:02.0483 1896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:02.0484 1896 NetTcpPortSharing - ok
15:15:02.0529 1896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:15:02.0540 1896 nfrd960 - ok
15:15:02.0563 1896 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:15:02.0571 1896 NlaSvc - ok
15:15:02.0579 1896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:02.0583 1896 Npfs - ok
15:15:02.0617 1896 npggsvc - ok
15:15:02.0621 1896 NPPTNT2 - ok
15:15:02.0632 1896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:15:02.0633 1896 nsi - ok
15:15:02.0642 1896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:02.0646 1896 nsiproxy - ok
15:15:02.0793 1896 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:15:02.0832 1896 Ntfs - ok
15:15:02.0916 1896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:02.0919 1896 Null - ok
15:15:03.0634 1896 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:15:03.0695 1896 nvlddmkm - ok
15:15:03.0800 1896 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:15:03.0815 1896 nvraid - ok
15:15:03.0839 1896 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:15:03.0846 1896 nvstor - ok
15:15:03.0958 1896 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
15:15:03.0965 1896 nvsvc - ok
15:15:04.0242 1896 nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:15:04.0267 1896 nvUpdatusService - ok
15:15:04.0326 1896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:15:04.0341 1896 nv_agp - ok
15:15:04.0351 1896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:15:04.0357 1896 ohci1394 - ok
15:15:04.0432 1896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:04.0434 1896 ose - ok
15:15:04.0859 1896 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:15:04.0900 1896 osppsvc - ok
15:15:04.0965 1896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:04.0968 1896 p2pimsvc - ok
15:15:05.0018 1896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:15:05.0028 1896 p2psvc - ok
15:15:05.0078 1896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:15:05.0091 1896 Parport - ok
15:15:05.0129 1896 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
15:15:05.0142 1896 partmgr - ok
15:15:05.0171 1896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:15:05.0173 1896 PcaSvc - ok
15:15:05.0193 1896 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:15:05.0201 1896 pci - ok
15:15:05.0207 1896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:15:05.0210 1896 pciide - ok
15:15:05.0223 1896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:15:05.0232 1896 pcmcia - ok
15:15:05.0236 1896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:05.0241 1896 pcw - ok
15:15:05.0286 1896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:05.0322 1896 PEAUTH - ok
15:15:05.0405 1896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:15:05.0417 1896 PerfHost - ok
15:15:05.0569 1896 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:15:05.0611 1896 pla - ok
15:15:05.0721 1896 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:15:05.0731 1896 PlugPlay - ok
15:15:05.0762 1896 PnkBstrA - ok
15:15:05.0786 1896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:15:05.0798 1896 PNRPAutoReg - ok
15:15:05.0845 1896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:05.0852 1896 PNRPsvc - ok
15:15:05.0923 1896 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:15:05.0929 1896 PolicyAgent - ok
15:15:05.0955 1896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:15:05.0958 1896 Power - ok
15:15:06.0042 1896 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:06.0056 1896 PptpMiniport - ok
15:15:06.0076 1896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:15:06.0089 1896 Processor - ok
15:15:06.0115 1896 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:15:06.0122 1896 ProfSvc - ok
15:15:06.0171 1896 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:15:06.0174 1896 ProtectedStorage - ok
15:15:06.0204 1896 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:15:06.0207 1896 Psched - ok
15:15:06.0252 1896 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:15:06.0263 1896 PxHlpa64 - ok
15:15:06.0367 1896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:15:06.0389 1896 ql2300 - ok
15:15:06.0451 1896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:15:06.0460 1896 ql40xx - ok
15:15:06.0490 1896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:06.0499 1896 QWAVE - ok
15:15:06.0516 1896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:06.0521 1896 QWAVEdrv - ok
15:15:06.0553 1896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:06.0556 1896 RasAcd - ok
15:15:06.0599 1896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:06.0610 1896 RasAgileVpn - ok
15:15:06.0638 1896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:06.0653 1896 RasAuto - ok
15:15:06.0671 1896 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:06.0686 1896 Rasl2tp - ok
15:15:06.0722 1896 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:15:06.0745 1896 RasMan - ok
15:15:06.0757 1896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:06.0771 1896 RasPppoe - ok
15:15:06.0790 1896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:06.0795 1896 RasSstp - ok
15:15:06.0822 1896 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:06.0833 1896 rdbss - ok
15:15:06.0848 1896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:15:06.0852 1896 rdpbus - ok
15:15:06.0860 1896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:06.0863 1896 RDPCDD - ok
15:15:06.0888 1896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:06.0891 1896 RDPENCDD - ok
15:15:06.0905 1896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:06.0907 1896 RDPREFMP - ok
15:15:07.0200 1896 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
15:15:07.0215 1896 RDPWD - ok
15:15:07.0267 1896 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:15:07.0286 1896 rdyboost - ok
15:15:07.0319 1896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:07.0323 1896 RemoteAccess - ok
15:15:07.0348 1896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:07.0366 1896 RemoteRegistry - ok
15:15:07.0402 1896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:07.0406 1896 RpcEptMapper - ok
15:15:07.0424 1896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:07.0432 1896 RpcLocator - ok
15:15:07.0483 1896 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:15:07.0494 1896 RpcSs - ok
15:15:07.0518 1896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:07.0523 1896 rspndr - ok
15:15:07.0572 1896 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:15:07.0578 1896 RTL8167 - ok
15:15:07.0631 1896 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:15:07.0634 1896 SamSs - ok
15:15:07.0657 1896 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:15:07.0672 1896 sbp2port - ok
15:15:07.0699 1896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:07.0717 1896 SCardSvr - ok
15:15:07.0736 1896 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:07.0746 1896 scfilter - ok
15:15:07.0852 1896 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:15:07.0864 1896 Schedule - ok
15:15:07.0885 1896 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:15:07.0886 1896 SCPolicySvc - ok
15:15:07.0905 1896 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:15:07.0915 1896 SDRSVC - ok
15:15:07.0961 1896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:07.0969 1896 secdrv - ok
15:15:07.0979 1896 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:15:07.0980 1896 seclogon - ok
15:15:07.0994 1896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:15:07.0996 1896 SENS - ok
15:15:08.0013 1896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:08.0018 1896 SensrSvc - ok
15:15:08.0032 1896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:15:08.0036 1896 Serenum - ok
15:15:08.0061 1896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:15:08.0067 1896 Serial - ok
15:15:08.0081 1896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:08.0085 1896 sermouse - ok
15:15:08.0114 1896 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:15:08.0116 1896 SessionEnv - ok
15:15:08.0126 1896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:15:08.0129 1896 sffdisk - ok
15:15:08.0144 1896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:15:08.0148 1896 sffp_mmc - ok
15:15:08.0154 1896 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:15:08.0157 1896 sffp_sd - ok
15:15:08.0172 1896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:15:08.0175 1896 sfloppy - ok
15:15:08.0213 1896 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:15:08.0216 1896 ShellHWDetection - ok
15:15:08.0229 1896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:08.0235 1896 SiSRaid2 - ok
15:15:08.0247 1896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:08.0253 1896 SiSRaid4 - ok
15:15:08.0329 1896 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:15:08.0330 1896 SkypeUpdate - ok
15:15:08.0370 1896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:08.0383 1896 Smb - ok
15:15:08.0411 1896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:08.0416 1896 SNMPTRAP - ok
15:15:09.0153 1896 SNP2STD (4d0589cffc681a3a22a2006654c4bf56) C:\Windows\system32\DRIVERS\snp2sxp.sys
15:15:09.0287 1896 SNP2STD - ok
15:15:09.0382 1896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:09.0391 1896 spldr - ok
15:15:09.0470 1896 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:15:09.0481 1896 Spooler - ok
15:15:09.0699 1896 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:15:09.0733 1896 sppsvc - ok
15:15:09.0770 1896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:09.0775 1896 sppuinotify - ok
15:15:09.0882 1896 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:15:09.0929 1896 sptd - ok
15:15:10.0017 1896 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:15:10.0026 1896 srv - ok
15:15:10.0108 1896 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:15:10.0136 1896 srv2 - ok
15:15:10.0154 1896 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:10.0162 1896 srvnet - ok
15:15:10.0196 1896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:10.0199 1896 SSDPSRV - ok
15:15:10.0214 1896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:10.0221 1896 SstpSvc - ok
15:15:10.0276 1896 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:15:10.0285 1896 ssudmdm - ok
15:15:10.0416 1896 Steam Client Service - ok
15:15:10.0604 1896 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:15:10.0628 1896 Stereo Service - ok
15:15:10.0674 1896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:10.0680 1896 stexstor - ok
15:15:10.0750 1896 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:15:10.0757 1896 stisvc - ok
15:15:10.0771 1896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:15:10.0775 1896 swenum - ok
15:15:10.0914 1896 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:15:10.0932 1896 SwitchBoard - ok
15:15:10.0970 1896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:10.0983 1896 swprv - ok
15:15:11.0115 1896 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:15:11.0149 1896 SysMain - ok
15:15:11.0232 1896 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:15:11.0247 1896 TabletInputService - ok
15:15:11.0276 1896 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:15:11.0299 1896 TapiSrv - ok
15:15:11.0321 1896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:11.0323 1896 TBS - ok
15:15:11.0511 1896 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
15:15:11.0565 1896 Tcpip - ok
15:15:11.0669 1896 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:11.0680 1896 TCPIP6 - ok
15:15:11.0728 1896 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:15:11.0738 1896 tcpipreg - ok
15:15:11.0766 1896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:11.0769 1896 TDPIPE - ok
15:15:11.0826 1896 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:15:11.0834 1896 TDTCP - ok
15:15:11.0862 1896 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:15:11.0874 1896 tdx - ok
15:15:11.0884 1896 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:15:11.0895 1896 TermDD - ok
15:15:11.0950 1896 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:15:11.0966 1896 TermService - ok
15:15:11.0976 1896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:11.0978 1896 Themes - ok
15:15:12.0010 1896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:12.0011 1896 THREADORDER - ok
15:15:12.0033 1896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:12.0035 1896 TrkWks - ok
15:15:12.0094 1896 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:15:12.0098 1896 TrustedInstaller - ok
15:15:12.0118 1896 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:12.0122 1896 tssecsrv - ok
15:15:12.0438 1896 TuneUp.Defrag (f2fdc1a3ff7f53f3815f375f9d7355c8) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
15:15:12.0470 1896 TuneUp.Defrag - ok
15:15:12.0593 1896 TuneUp.UtilitiesSvc (32b03a1be564f5583fc49eeac7076e96) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
15:15:12.0621 1896 TuneUp.UtilitiesSvc - ok
15:15:12.0651 1896 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
15:15:12.0655 1896 TuneUpUtilitiesDrv - ok
15:15:12.0763 1896 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:12.0778 1896 tunnel - ok
15:15:12.0826 1896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:12.0827 1896 uagp35 - ok
15:15:12.0852 1896 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:15:12.0863 1896 udfs - ok
15:15:12.0967 1896 ufad-ws60 (60217ba49d2796ea149ded4d030af728) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
15:15:13.0032 1896 ufad-ws60 - ok
15:15:13.0116 1896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:13.0121 1896 UI0Detect - ok
15:15:13.0134 1896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:15:13.0138 1896 uliagpkx - ok
15:15:13.0155 1896 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:15:13.0159 1896 umbus - ok
15:15:13.0170 1896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:13.0173 1896 UmPass - ok
15:15:13.0210 1896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:13.0220 1896 upnphost - ok
15:15:13.0296 1896 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:15:13.0307 1896 USBAAPL64 - ok
15:15:13.0340 1896 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:15:13.0354 1896 usbaudio - ok
15:15:13.0420 1896 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:13.0433 1896 usbccgp - ok
15:15:13.0456 1896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:15:13.0474 1896 usbcir - ok
15:15:13.0530 1896 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:15:13.0539 1896 usbehci - ok
15:15:13.0606 1896 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:13.0630 1896 usbhub - ok
15:15:13.0733 1896 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
15:15:13.0769 1896 usbohci - ok
15:15:13.0821 1896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:13.0825 1896 usbprint - ok
15:15:13.0871 1896 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:13.0884 1896 USBSTOR - ok
15:15:13.0951 1896 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
15:15:13.0960 1896 usbuhci - ok
15:15:13.0984 1896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:13.0988 1896 UxSms - ok
15:15:14.0021 1896 UxTuneUp (2759d3809f5228120318365cdfb0b979) C:\Windows\System32\uxtuneup.dll
15:15:14.0025 1896 UxTuneUp - ok
15:15:14.0079 1896 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:15:14.0081 1896 VaultSvc - ok
15:15:14.0108 1896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:15:14.0118 1896 vdrvroot - ok
15:15:14.0153 1896 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:15:14.0166 1896 vds - ok
15:15:14.0179 1896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:14.0183 1896 vga - ok
15:15:14.0194 1896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:14.0197 1896 VgaSave - ok
15:15:14.0210 1896 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:15:14.0220 1896 vhdmp - ok
15:15:14.0236 1896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:15:14.0240 1896 viaide - ok
15:15:14.0353 1896 VMAuthdService (fa9d2c2ebdb70440735da3e98a9d5c06) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
15:15:14.0356 1896 VMAuthdService - ok
15:15:14.0407 1896 vmci (ca2b8867757a614919a9ef48b6a60d7f) C:\Windows\system32\drivers\vmci.sys
15:15:14.0418 1896 vmci - ok
15:15:14.0450 1896 vmkbd (c0bf562ae9474e248e94a2fa9362c0be) C:\Windows\system32\drivers\VMkbd.sys
15:15:14.0458 1896 vmkbd - ok
15:15:14.0462 1896 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:15:14.0466 1896 VMnetAdapter - ok
15:15:14.0481 1896 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:15:14.0486 1896 VMnetBridge - ok
15:15:14.0501 1896 VMnetDHCP - ok
15:15:14.0513 1896 VMnetuserif (d6cda801fd991cce50c31f3adfa1f03e) C:\Windows\system32\drivers\vmnetuserif.sys
15:15:14.0517 1896 VMnetuserif - ok
15:15:14.0525 1896 VMware NAT Service - ok
15:15:14.0538 1896 vmx86 (cfd69616106fd2adb75a5284010adabb) C:\Windows\system32\drivers\vmx86.sys
15:15:14.0543 1896 vmx86 - ok
15:15:14.0549 1896 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:15:14.0554 1896 volmgr - ok
15:15:14.0573 1896 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:15:14.0585 1896 volmgrx - ok
15:15:14.0601 1896 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:15:14.0611 1896 volsnap - ok
15:15:14.0647 1896 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
15:15:14.0667 1896 vpcbus - ok
15:15:14.0709 1896 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:15:14.0714 1896 vpcnfltr - ok
15:15:14.0721 1896 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
15:15:14.0727 1896 vpcusb - ok
15:15:14.0745 1896 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
15:15:14.0747 1896 vpcvmm - ok
15:15:14.0766 1896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:14.0774 1896 vsmraid - ok
15:15:14.0892 1896 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:15:14.0925 1896 VSS - ok
15:15:15.0021 1896 vstor2-ws60 (4eeb681f3dee918742b39704649cc861) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
15:15:15.0028 1896 vstor2-ws60 - ok
15:15:15.0103 1896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:15:15.0112 1896 vwifibus - ok
15:15:15.0156 1896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:15.0166 1896 W32Time - ok
15:15:15.0192 1896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:15.0196 1896 WacomPen - ok
15:15:15.0219 1896 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:15.0225 1896 WANARP - ok
15:15:15.0236 1896 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:15.0236 1896 Wanarpv6 - ok
15:15:15.0328 1896 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:15:15.0351 1896 wbengine - ok
15:15:15.0399 1896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:15.0418 1896 WbioSrvc - ok
15:15:15.0477 1896 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:15:15.0500 1896 wcncsvc - ok
15:15:15.0520 1896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:15.0534 1896 WcsPlugInService - ok
15:15:15.0551 1896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:15.0561 1896 Wd - ok
15:15:15.0621 1896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:15.0650 1896 Wdf01000 - ok
15:15:15.0674 1896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:15.0679 1896 WdiServiceHost - ok
15:15:15.0687 1896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:15.0689 1896 WdiSystemHost - ok
15:15:15.0750 1896 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:15:15.0773 1896 WebClient - ok
15:15:15.0792 1896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:15.0812 1896 Wecsvc - ok
15:15:15.0830 1896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:15.0835 1896 wercplsupport - ok
15:15:15.0865 1896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:15.0869 1896 WerSvc - ok
15:15:15.0890 1896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:15.0896 1896 WfpLwf - ok
15:15:15.0916 1896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:15.0926 1896 WIMMount - ok
15:15:15.0939 1896 WinHttpAutoProxySvc - ok
15:15:15.0990 1896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:15.0992 1896 Winmgmt - ok
15:15:16.0132 1896 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:15:16.0156 1896 WinRM - ok
15:15:16.0313 1896 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:15:16.0326 1896 WinUsb - ok
15:15:16.0396 1896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:16.0429 1896 Wlansvc - ok
15:15:16.0663 1896 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:16.0687 1896 wlidsvc - ok
15:15:16.0749 1896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:15:16.0751 1896 WmiAcpi - ok
15:15:16.0827 1896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:16.0834 1896 wmiApSrv - ok
15:15:16.0847 1896 WMPNetworkSvc - ok
15:15:16.0866 1896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:15:16.0869 1896 WPCSvc - ok
15:15:16.0883 1896 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:15:16.0884 1896 WPDBusEnum - ok
15:15:16.0895 1896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:16.0897 1896 ws2ifsl - ok
15:15:16.0936 1896 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:15:16.0944 1896 WSDPrintDevice - ok
15:15:16.0970 1896 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
15:15:16.0973 1896 WSDScan - ok
15:15:16.0976 1896 WSearch - ok
15:15:17.0126 1896 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:15:17.0152 1896 wuauserv - ok
15:15:17.0193 1896 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:15:17.0199 1896 WudfPf - ok
15:15:17.0217 1896 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:17.0225 1896 WUDFRd - ok
15:15:17.0240 1896 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:15:17.0242 1896 wudfsvc - ok
15:15:17.0259 1896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:15:17.0269 1896 WwanSvc - ok
15:15:17.0591 1896 X6va005 - ok
15:15:17.0647 1896 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
15:15:17.0742 1896 \Device\Harddisk0\DR0 - ok
15:15:17.0745 1896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:15:18.0459 1896 \Device\Harddisk1\DR1 - ok
15:15:18.0561 1896 Boot (0x1200) (4e44ff638bf9215310a65d59245ae414) \Device\Harddisk0\DR0\Partition0
15:15:18.0588 1896 \Device\Harddisk0\DR0\Partition0 - ok
15:15:18.0662 1896 Boot (0x1200) (aba0aaf606e2c99df4b5246f6b17d74b) \Device\Harddisk0\DR0\Partition1
15:15:18.0790 1896 \Device\Harddisk0\DR0\Partition1 - ok
15:15:18.0797 1896 Boot (0x1200) (1dc4b0aaa694c6ce6ed65b0a96727af5) \Device\Harddisk1\DR1\Partition0
15:15:18.0800 1896 \Device\Harddisk1\DR1\Partition0 - ok
15:15:18.0808 1896 Boot (0x1200) (085987109fd372148a7e5bdcaa9f1a0d) \Device\Harddisk1\DR1\Partition1
15:15:18.0810 1896 \Device\Harddisk1\DR1\Partition1 - ok
15:15:18.0818 1896 Boot (0x1200) (62e9dc9927b191f619277683ad087c46) \Device\Harddisk1\DR1\Partition2
15:15:18.0821 1896 \Device\Harddisk1\DR1\Partition2 - ok
15:15:18.0823 1896 ============================================================
15:15:18.0823 1896 Scan finished
15:15:18.0823 1896 ============================================================
15:15:18.0841 2312 Detected object count: 1
15:15:18.0841 2312 Actual detected object count: 1
15:15:33.0660 2312 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:15:33.0660 2312 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
|
|
19.06.2012, 22:05
| #12 | |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
20.06.2012, 16:31
| #13 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hier bitte von combofix.txt Code:
ATTFilter ComboFix 12-06-20.01 - Allan 20.06.2012 17:04:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8189.6324 [GMT 2:00]
ausgeführt von:: c:\users\Allan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\1&1
c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
c:\programdata\1&1\1&1 SoftPhone\que\notifyq.dqueue
c:\programdata\1&1\1&1 SoftPhone\que\notifyq.lqueue
c:\programdata\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\users\Allan\AppData\Local\._Revolution_
c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe
c:\users\Allan\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Allan\AppData\Roaming\1&1
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\CurrentLog.txt
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\QuickDial.xml
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.cdb
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.lck
c:\users\Allan\AppData\Roaming\1&1\Common\Contacts.cdb
c:\users\Allan\AppData\Roaming\1&1\Common\Contacts.lck
c:\users\Allan\AppData\Roaming\Help\coredb\storage
c:\windows\Installer\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6}\@
c:\windows\Installer\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6}\U\00000001.@
c:\windows\Installer\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6}\U\80000000.@
c:\windows\system\d3drm.dll
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\muzapp.exe
H:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-20 bis 2012-06-20 ))))))))))))))))))))))))))))))
.
.
2012-06-20 15:16 . 2012-06-20 15:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-20 15:16 . 2012-06-20 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 13:32 . 2012-06-14 13:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 13:32 . 2012-06-14 13:32 -------- d-----w- c:\windows\system32\Macromed
2012-06-10 10:58 . 2012-06-10 10:59 -------- d-----w- c:\program files (x86)\gravitysensation.com
2012-06-10 10:21 . 2012-06-10 10:21 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 10:21 . 2012-06-10 10:21 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 12:28 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45F659B5-DCDB-4982-9D19-226817CE0FA5}\mpengine.dll
2012-05-31 00:11 . 2012-05-31 00:11 -------- d-----w- c:\users\Allan\AppData\Roaming\Rainmeter
2012-05-31 00:11 . 2012-05-31 00:15 -------- d-----w- c:\program files\Rainmeter
2012-05-30 23:22 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2012-05-30 23:22 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2012-05-28 11:24 . 2012-05-28 11:25 -------- d-----w- c:\users\Allan\AppData\Local\LooksBuilder
2012-05-27 18:56 . 2012-05-27 18:56 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-05-25 20:57 . 2011-06-14 18:05 121344 --sha-r- c:\windows\SysWow64\TAKDSDecoder.ax
2012-05-25 20:57 . 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWow64\TAKDSDecoder.dll
2012-05-25 20:57 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2012-05-24 13:28 . 2012-05-24 13:28 -------- d-----w- c:\users\Allan\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 15:19 . 2010-07-08 19:56 23080 ----a-w- c:\windows\gdrv.sys
2012-06-14 13:35 . 2011-06-18 17:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 23:22 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-05-30 23:22 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-05-29 07:38 . 2011-11-29 15:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-05 10:51 . 2012-04-05 10:51 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-02 05:34 . 2012-05-10 12:25 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 12:25 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 12:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-10 12:25 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-10 12:25 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Octoshape Streaming Services"="c:\users\Allan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Akamai NetSession Interface"="c:\users\Allan\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"Facebook Update"="c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-17 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-03-26 64048]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BumpTop.lnk - c:\program files (x86)\BumpTop\BumpTop.exe [2012-1-13 7162184]
FILSHtray.lnk - c:\program files (x86)\FILSHtray\FILSHtray.exe [2012-4-18 594432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TrayServer"=c:\program files (x86)\MAGIX\Video_deluxe_16_Premium_Sonderedition_Download-Version\TrayServer.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.1\dbk64.sys [2011-06-12 50688]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 X6va005;X6va005;c:\users\Allan\AppData\Local\Temp\00540CA.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 13:35]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1488705766-21638833-2002515215-1001Core.job
- c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 20:40]
.
2012-06-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1488705766-21638833-2002515215-1001UA.job
- c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 20:40]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 15:08]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 15:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddr
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: In 1&&1 SoftPhone wählen - c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\nyfb52dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-SUPER © - c:\progra~2\ERIGHT~1\SUPER\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Allan\AppData\Local\Temp\00540CA.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1488705766-21638833-2002515215-1001\Software\SecuROM\License information*]
"datasecu"=hex:21,ab,1e,51,95,8c,e7,b8,c7,33,4f,e0,df,39,9b,f0,89,90,68,3e,f7,
a3,20,89,cb,b5,51,ac,9a,d6,3c,f5,ff,b5,12,e1,f7,08,de,c9,ef,60,98,a3,3c,c5,\
"rkeysecu"=hex:58,49,b7,de,83,f8,60,03,f9,29,53,d6,bd,65,47,40
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20 17:26:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-20 15:26
.
Vor Suchlauf: 22 Verzeichnis(se), 62.126.927.872 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 69.300.563.968 Bytes frei
.
- - End Of File - - D6FC21004B8EE5DAF8FAC285B84489CD
|
|
21.06.2012, 08:55
| #14 |
| /// Malwareteam | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Combofix Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DIRLOOK::
c:\users\Allan\AppData\Local\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6}
Wichtig:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.06.2012, 11:02
| #15 |
| | immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 wieder das log file! Code:
ATTFilter ComboFix 12-06-21.01 - Allan 21.06.2012 11:40:07.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8189.6262 [GMT 2:00]
ausgeführt von:: c:\users\Allan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Allan\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allan\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Allan\AppData\Roaming\1&1
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\CurrentLog.txt
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\QuickDial.xml
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.cdb
c:\users\Allan\AppData\Roaming\1&1\1&1 SoftPhone\SipLog.lck
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-21 09:50 . 2012-06-21 09:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-21 09:50 . 2012-06-21 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 19:09 . 2012-06-20 19:10 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-06-20 16:13 . 2012-06-20 17:17 -------- d-----w- c:\users\Allan\.android
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\program files (x86)\Android
2012-06-14 13:32 . 2012-06-14 13:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 13:32 . 2012-06-14 13:32 -------- d-----w- c:\windows\system32\Macromed
2012-06-10 10:58 . 2012-06-10 10:59 -------- d-----w- c:\program files (x86)\gravitysensation.com
2012-06-10 10:21 . 2012-06-10 10:21 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 10:21 . 2012-06-10 10:21 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 00:11 . 2012-05-31 00:11 -------- d-----w- c:\users\Allan\AppData\Roaming\Rainmeter
2012-05-31 00:11 . 2012-05-31 00:15 -------- d-----w- c:\program files\Rainmeter
2012-05-30 23:22 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2012-05-30 23:22 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2012-05-28 11:24 . 2012-05-28 11:25 -------- d-----w- c:\users\Allan\AppData\Local\LooksBuilder
2012-05-27 18:56 . 2012-05-27 18:56 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-05-25 20:57 . 2011-06-14 18:05 121344 --sha-r- c:\windows\SysWow64\TAKDSDecoder.ax
2012-05-25 20:57 . 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWow64\TAKDSDecoder.dll
2012-05-25 20:57 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2012-05-24 13:28 . 2012-05-24 13:28 -------- d-----w- c:\users\Allan\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 09:52 . 2010-07-08 19:56 23080 ----a-w- c:\windows\gdrv.sys
2012-06-14 13:35 . 2011-06-18 17:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 23:22 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-05-30 23:22 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-05-29 07:38 . 2011-11-29 15:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-08 17:02 . 2012-06-08 12:28 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45F659B5-DCDB-4982-9D19-226817CE0FA5}\mpengine.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-05 10:51 . 2012-04-05 10:51 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-02 05:34 . 2012-05-10 12:25 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 12:25 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 12:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-10 12:25 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-10 12:25 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Allan\AppData\Local\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6} ----
.
2012-01-11 14:59 . 2012-06-14 13:58 2048 --sha-w- c:\users\Allan\AppData\Local\{d7379199-2eba-22fc-4cf7-4a7bfb3642d6}\@
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-20_15.20.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-02 14:09 . 2012-06-21 09:12 55720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-20 15:21 33300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 09:12 33300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-02 13:07 . 2012-06-21 09:12 17206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1488705766-21638833-2002515215-1001_UserData.bin
- 2012-06-20 15:18 . 2012-06-20 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-21 09:52 . 2012-06-21 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-20 15:18 . 2012-06-20 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 09:52 . 2012-06-21 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-05 18:38 . 2010-07-05 18:38 834544 c:\windows\system32\drivers\sptd.sys
+ 2010-07-05 18:38 . 2012-06-20 19:10 834544 c:\windows\system32\drivers\sptd.sys
- 2009-07-14 05:01 . 2012-06-20 15:17 535776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-21 09:50 535776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-02 13:04 . 2012-06-21 09:50 15333800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1488705766-21638833-2002515215-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Octoshape Streaming Services"="c:\users\Allan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Akamai NetSession Interface"="c:\users\Allan\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"Facebook Update"="c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-17 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-03-26 64048]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BumpTop.lnk - c:\program files (x86)\BumpTop\BumpTop.exe [2012-1-13 7162184]
FILSHtray.lnk - c:\program files (x86)\FILSHtray\FILSHtray.exe [2012-4-18 594432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TrayServer"=c:\program files (x86)\MAGIX\Video_deluxe_16_Premium_Sonderedition_Download-Version\TrayServer.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.1\dbk64.sys [2011-06-12 50688]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 X6va005;X6va005;c:\users\Allan\AppData\Local\Temp\00540CA.tmp [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 13:35]
.
2012-06-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1488705766-21638833-2002515215-1001Core.job
- c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 20:40]
.
2012-06-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1488705766-21638833-2002515215-1001UA.job
- c:\users\Allan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 20:40]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 15:08]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 15:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddr
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: In 1&&1 SoftPhone wählen - c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\nyfb52dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Allan\AppData\Local\Temp\00540CA.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1488705766-21638833-2002515215-1001\Software\SecuROM\License information*]
"datasecu"=hex:21,ab,1e,51,95,8c,e7,b8,c7,33,4f,e0,df,39,9b,f0,89,90,68,3e,f7,
a3,20,89,cb,b5,51,ac,9a,d6,3c,f5,ff,b5,12,e1,f7,08,de,c9,ef,60,98,a3,3c,c5,\
"rkeysecu"=hex:58,49,b7,de,83,f8,60,03,f9,29,53,d6,bd,65,47,40
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\BumpTop\TexHelper.exe
c:\program files (x86)\BumpTop\TexHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 11:59:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 09:59
.
Vor Suchlauf: 28 Verzeichnis(se), 65.927.782.400 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 65.630.973.952 Bytes frei
.
- - End Of File - - 9EA6F066A23FEDF6DBA16FF864579DE5
|
|
| Themen zu immer wiederkehrende TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
| antivirus, besuch, besucht, daten, fehler, festplatte, firefox, internet, kumpel, media, media player, neue, neuigkeiten, nichts, platte, player, programme, quarantäne, sache, seite, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojaner, wiederkehrende, windows, windows media player |
