| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner in Quarantäne verschiebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.06.2012, 18:47
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verschlüsselungstrojaner in Quarantäne verschieben So ein Mist... Bitte mal eine OTLPE-CD erstellen und den Rechner dann von dieser CD booten ( Wie boote ich von einer CD? ) Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.06.2012, 14:13
| #2 |
 | Verschlüsselungstrojaner in Quarantäne verschieben Habs durchgeführt wie beschrieben. Es hat nur eine otl Datei erstellt.
__________________ |
|
23.06.2012, 14:15
| #3 |
| | Verschlüsselungstrojaner in Quarantäne verschieben OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 6/23/2012 3:26:41 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.91 Gb Total Space | 46.27 Gb Free Space | 33.07% Space Free | Partition Type: NTFS
Drive D: | 1.55 Gb Total Space | 0.01 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/03/26 11:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/18 14:06:54 | 000,204,883 | ---- | M] () [Auto] -- C:\Program Files\Samsung\Samsung Networking Wizard\ICM_Service.exe -- (ICM_UpdaterService)
SRV - [2011/01/02 15:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2009/02/23 06:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/08/27 09:11:26 | 000,442,880 | ---- | M] (Hauppauge Computer Works) [Auto] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 05:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - [2012/06/23 08:00:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/20 14:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/02/24 19:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/04/29 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/02/03 11:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/25 13:56:18 | 000,132,224 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/09/25 10:16:40 | 000,559,616 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/04 00:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 00:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 00:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/23 04:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/02/08 13:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2007/02/02 12:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/01 19:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/30 07:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\HP-User_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\HP-User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP-User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 15:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/12/06 15:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/12/06 15:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/11/21 00:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 21:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 21:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 21:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 21:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKU\HP-User_ON_C\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [EPGServiceTool] C:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [] File not found
O4 - HKU\Administrator_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\HP-User_ON_C..\Run: [] File not found
O4 - HKU\HP-User_ON_C..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\HP-User_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\ojhqjj\setup.exe) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/23 08:04:07 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\HP-User\Desktop\OTLPENet.exe
[2012/06/23 08:00:50 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/06/23 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/06/23 08:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/06/23 07:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/23 07:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/23 07:59:22 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Users\HP-User\Documents\IsoBurner-Setup.exe
[2012/06/19 09:06:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 09:06:48 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 09:06:28 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 09:06:28 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 09:06:28 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 09:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/19 09:06:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 09:06:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 13:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/18 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/06/16 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\HP-User\Desktop\verschobene Dateien fertig
[2012/06/16 17:27:00 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\www.shadowexplorer.com
[2012/06/16 17:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012/06/16 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012/06/16 14:56:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\HP-User\Desktop\OTL.exe
[2012/06/16 07:31:48 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\Malwarebytes
[2012/06/15 17:00:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2012/06/14 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/14 16:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 16:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 16:29:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/14 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/13 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2012/06/13 15:34:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/06/13 13:44:15 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\Ffptne
[2012/05/31 11:12:08 | 000,000,000 | ---D | C] -- C:\Users\HP-User\Documents\OneNote-Notizbücher
[2012/05/29 13:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2012/05/29 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike Source
[2012/05/29 12:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/05/29 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/29 10:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/05/29 10:18:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[4 C:\Users\HP-User\Documents\*.tmp files -> C:\Users\HP-User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/23 08:14:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 08:14:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 08:14:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 08:14:10 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/23 08:12:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job
[2012/06/23 08:04:08 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\HP-User\Desktop\OTLPENet.exe
[2012/06/23 08:00:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/06/23 07:58:52 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Users\HP-User\Documents\IsoBurner-Setup.exe
[2012/06/23 07:58:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 03:59:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 03:58:43 | 2012,536,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 10:30:18 | 000,001,356 | ---- | M] () -- C:\Users\HP-User\AppData\Local\d3d9caps.dat
[2012/06/19 10:08:52 | 000,001,145 | ---- | M] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/18 13:57:27 | 000,016,697 | ---- | M] () -- C:\Users\HP-User\Desktop\Desktop.zip
[2012/06/18 13:56:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/17 13:09:19 | 000,001,186 | ---- | M] () -- C:\Users\HP-User\Desktop\Dropbox.lnk
[2012/06/16 20:23:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/06/16 19:06:48 | 000,055,296 | ---- | M] () -- C:\Users\HP-User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/16 17:51:26 | 000,002,587 | ---- | M] () -- C:\Users\HP-User\Desktop\Networking Wizard.lnk
[2012/06/16 17:26:47 | 000,001,682 | ---- | M] () -- C:\Users\HP-User\Desktop\ShadowExplorer.lnk
[2012/06/16 17:26:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012/06/16 15:28:25 | 000,302,592 | ---- | M] () -- C:\Users\HP-User\Desktop\bd1veuvo.exe
[2012/06/16 14:56:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HP-User\Desktop\OTL.exe
[2012/06/16 14:54:28 | 000,050,477 | ---- | M] () -- C:\Users\HP-User\Desktop\Defogger.exe
[2012/06/15 15:15:49 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/14 16:30:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/14 16:30:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/13 14:08:13 | 000,441,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 13:59:16 | 000,698,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/13 13:59:16 | 000,653,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 13:59:16 | 000,155,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/13 13:59:16 | 000,126,560 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/10 13:35:57 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000830.LCS
[2012/06/05 08:44:42 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/02 04:35:42 | 000,000,953 | ---- | M] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/29 13:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2012/05/29 12:35:04 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/05/29 12:34:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/05/29 10:28:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/28 14:48:04 | 000,000,000 | ---- | M] () -- C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg
[4 C:\Users\HP-User\Documents\*.tmp files -> C:\Users\HP-User\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 10:32:34 | 2012,536,832 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/18 13:57:27 | 000,016,697 | ---- | C] () -- C:\Users\HP-User\Desktop\Desktop.zip
[2012/06/17 13:09:19 | 000,001,186 | ---- | C] () -- C:\Users\HP-User\Desktop\Dropbox.lnk
[2012/06/16 17:26:47 | 000,001,682 | ---- | C] () -- C:\Users\HP-User\Desktop\ShadowExplorer.lnk
[2012/06/16 15:28:21 | 000,302,592 | ---- | C] () -- C:\Users\HP-User\Desktop\bd1veuvo.exe
[2012/06/16 14:54:28 | 000,050,477 | ---- | C] () -- C:\Users\HP-User\Desktop\Defogger.exe
[2012/06/15 15:15:49 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/14 16:30:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/31 11:12:16 | 000,001,145 | ---- | C] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/05/29 12:35:04 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/04/19 11:07:29 | 000,159,482 | ---- | C] () -- C:\Windows\RTL Racing Team Manager Patch 1.05 Uninstaller.exe
[2012/04/17 10:04:41 | 000,242,023 | ---- | C] () -- C:\Windows\RTL Racing Team Manager Uninstaller.exe
[2011/11/29 11:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 11:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 11:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 11:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/09/08 14:46:10 | 000,000,556 | ---- | C] () -- C:\Windows\eReg.dat
[2011/09/05 16:51:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/30 11:11:10 | 000,000,120 | ---- | C] () -- C:\Users\HP-User\AppData\Local\Groxucu.dat
[2011/07/30 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\Pwilo.bin
[2010/07/31 18:53:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/31 14:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/31 14:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/06 16:29:05 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg
[2010/04/09 08:05:09 | 000,001,356 | ---- | C] () -- C:\Users\HP-User\AppData\Local\d3d9caps.dat
[2010/03/10 14:48:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/05 12:10:36 | 000,055,296 | ---- | C] () -- C:\Users\HP-User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/05 10:18:44 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2010/03/05 10:18:40 | 000,000,053 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010/03/05 10:18:37 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010/03/05 10:18:08 | 000,033,117 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/05 10:17:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2010/03/05 10:17:23 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/05 10:17:23 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/05 10:17:20 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2010/03/05 10:16:46 | 000,002,628 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu
[2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX
[2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA
[2010/03/03 10:26:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/03/03 10:26:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/03/03 10:26:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/03/03 10:26:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/03/03 10:26:27 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/03/03 10:26:27 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/03/29 07:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/02 12:01:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/02 11:38:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/01/30 08:21:34 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/09 12:42:33 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/02 11:38:05 | 000,698,096 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:38:05 | 000,155,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,441,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,653,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,126,560 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
========== LOP Check ==========
[2011/09/08 17:18:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/11/03 14:05:46 | 000,000,000 | ---D | M] -- C:\ProgramData\DesktopIcons
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/03/10 14:23:26 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/10/15 16:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2012/06/13 08:36:23 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/05/20 09:56:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/06/23 07:59:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/18 14:08:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/23 11:33:09 | 000,000,000 | ---D | M] -- C:\ProgramData\www.rene-zeidler.de
[2011/12/18 13:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2007/06/30 01:46:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2012/06/23 08:14:10 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/23 08:12:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job
========== Purity Check ==========
< End of report >
|
|
24.06.2012, 16:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\ojhqjj\setup.exe) - File not found
:Files
C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu
C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX
C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA
C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 08:31
| #5 |
| | Verschlüsselungstrojaner in Quarantäne verschieben Soll ich also wieder von der CD booten? oder einfach Otlpe starten? |
|
25.06.2012, 14:05
| #6 |
| | Verschlüsselungstrojaner in Quarantäne verschieben Hier ist die otl log vom fixen Code:
ATTFilter ========== OTL ==========
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\TEMP\ojhqjj\setup.exe deleted successfully.
========== FILES ==========
C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu moved successfully.
C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX moved successfully.
C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA moved successfully.
C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 06252012_175430
das hochladen war erfolgreich Danke für die Hilfe |
|
25.06.2012, 11:03
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Ja warum machen wir denn das ganze mit OTLPE?  Mit dem normal installierte Windows funktioniert doch der Fix nicht!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 14:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 15:01
| #9 |
| | Verschlüsselungstrojaner in Quarantäne verschieben hier ist der log: Code:
ATTFilter 15:57:29.0791 0012 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:57:29.0851 0012 ============================================================
15:57:29.0851 0012 Current date / time: 2012/06/25 15:57:29.0851
15:57:29.0851 0012 SystemInfo:
15:57:29.0851 0012
15:57:29.0851 0012 OS Version: 6.0.6002 ServicePack: 2.0
15:57:29.0851 0012 Product type: Workstation
15:57:29.0851 0012 ComputerName: HP-LAPTOP
15:57:29.0852 0012 UserName: HP-User
15:57:29.0852 0012 Windows directory: C:\Windows
15:57:29.0852 0012 System windows directory: C:\Windows
15:57:29.0852 0012 Processor architecture: Intel x86
15:57:29.0852 0012 Number of processors: 2
15:57:29.0852 0012 Page size: 0x1000
15:57:29.0852 0012 Boot type: Normal boot
15:57:29.0852 0012 ============================================================
15:57:31.0766 0012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:57:31.0775 0012 Drive \Device\Harddisk1\DR1 - Size: 0x77400000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:57:31.0776 0012 ============================================================
15:57:31.0776 0012 \Device\Harddisk0\DR0:
15:57:31.0780 0012 MBR partitions:
15:57:31.0780 0012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117D07C1
15:57:31.0780 0012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x126FF000, BlocksNum 0x31A000
15:57:31.0780 0012 \Device\Harddisk1\DR1:
15:57:31.0781 0012 MBR partitions:
15:57:31.0781 0012 ============================================================
15:57:31.0783 0012 C: <-> \Device\Harddisk0\DR0\Partition0
15:57:31.0837 0012 E: <-> \Device\Harddisk0\DR0\Partition1
15:57:31.0837 0012 ============================================================
15:57:31.0837 0012 Initialize success
15:57:31.0837 0012 ============================================================
15:57:54.0317 2660 ============================================================
15:57:54.0317 2660 Scan started
15:57:54.0317 2660 Mode: Manual; SigCheck; TDLFS;
15:57:54.0317 2660 ============================================================
15:57:55.0144 2660 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
15:57:55.0433 2660 acedrv11 - ok
15:57:55.0495 2660 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:57:55.0519 2660 ACPI - ok
15:57:55.0570 2660 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
15:57:55.0647 2660 ADIHdAudAddService - ok
15:57:55.0713 2660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:57:55.0756 2660 adp94xx - ok
15:57:55.0798 2660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:57:55.0822 2660 adpahci - ok
15:57:55.0846 2660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:57:55.0864 2660 adpu160m - ok
15:57:55.0879 2660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:57:55.0900 2660 adpu320 - ok
15:57:55.0932 2660 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
15:57:55.0991 2660 AEADIFilters - ok
15:57:56.0010 2660 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:57:56.0129 2660 AeLookupSvc - ok
15:57:56.0202 2660 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:57:56.0252 2660 AFD - ok
15:57:56.0286 2660 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
15:57:56.0356 2660 AgereModemAudio - ok
15:57:56.0646 2660 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
15:57:56.0889 2660 AgereSoftModem - ok
15:57:57.0037 2660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:57:57.0067 2660 agp440 - ok
15:57:57.0099 2660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:57:57.0118 2660 aic78xx - ok
15:57:57.0157 2660 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:57:57.0280 2660 ALG - ok
15:57:57.0291 2660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:57:57.0307 2660 aliide - ok
15:57:57.0333 2660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:57:57.0351 2660 amdagp - ok
15:57:57.0371 2660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:57:57.0387 2660 amdide - ok
15:57:57.0407 2660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:57:57.0525 2660 AmdK7 - ok
15:57:57.0555 2660 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
15:57:57.0613 2660 AmdK8 - ok
15:57:57.0661 2660 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:57:57.0726 2660 Appinfo - ok
15:57:57.0775 2660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:57:57.0813 2660 arc - ok
15:57:57.0844 2660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:57:57.0874 2660 arcsas - ok
15:57:57.0964 2660 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
15:57:57.0978 2660 ASBroker ( UnsignedFile.Multi.Generic ) - warning
15:57:57.0978 2660 ASBroker - detected UnsignedFile.Multi.Generic (1)
15:57:58.0003 2660 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
15:57:58.0028 2660 ASChannel ( UnsignedFile.Multi.Generic ) - warning
15:57:58.0028 2660 ASChannel - detected UnsignedFile.Multi.Generic (1)
15:57:58.0073 2660 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:58.0141 2660 AsyncMac - ok
15:57:58.0174 2660 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:57:58.0189 2660 atapi - ok
15:57:58.0253 2660 Ati External Event Utility (3481d12334f065bba19c16399c9cb171) C:\Windows\system32\Ati2evxx.exe
15:57:58.0325 2660 Ati External Event Utility - ok
15:57:58.0369 2660 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:57:58.0413 2660 AtiPcie - ok
15:57:58.0461 2660 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:57:58.0483 2660 ATSWPDRV - ok
15:57:58.0552 2660 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:57:58.0608 2660 AudioEndpointBuilder - ok
15:57:58.0618 2660 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:57:58.0651 2660 Audiosrv - ok
15:57:58.0686 2660 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:57:58.0739 2660 b57nd60x - ok
15:57:58.0800 2660 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:57:58.0887 2660 BCM43XV - ok
15:57:58.0906 2660 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:57:58.0933 2660 BCM43XX - ok
15:57:59.0031 2660 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:57:59.0053 2660 BcmSqlStartupSvc - ok
15:57:59.0097 2660 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:57:59.0179 2660 Beep - ok
15:57:59.0283 2660 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:57:59.0370 2660 BFE - ok
15:57:59.0481 2660 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:57:59.0551 2660 BITS - ok
15:57:59.0557 2660 blbdrive - ok
15:57:59.0580 2660 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:57:59.0621 2660 bowser - ok
15:57:59.0659 2660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:57:59.0698 2660 BrFiltLo - ok
15:57:59.0718 2660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:57:59.0752 2660 BrFiltUp - ok
15:57:59.0793 2660 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:57:59.0836 2660 Browser - ok
15:57:59.0872 2660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:57:59.0928 2660 Brserid - ok
15:57:59.0946 2660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:58:00.0002 2660 BrSerWdm - ok
15:58:00.0050 2660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:58:00.0188 2660 BrUsbMdm - ok
15:58:00.0214 2660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:58:00.0288 2660 BrUsbSer - ok
15:58:00.0326 2660 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:58:00.0375 2660 BthEnum - ok
15:58:00.0422 2660 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
15:58:00.0447 2660 BTHMODEM - ok
15:58:00.0491 2660 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:58:00.0539 2660 BthPan - ok
15:58:00.0605 2660 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
15:58:00.0710 2660 BTHPORT - ok
15:58:00.0762 2660 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
15:58:00.0835 2660 BthServ - ok
15:58:00.0875 2660 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
15:58:00.0929 2660 BTHUSB - ok
15:58:01.0016 2660 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
15:58:01.0031 2660 btwaudio - ok
15:58:01.0057 2660 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
15:58:01.0072 2660 btwavdt - ok
15:58:01.0102 2660 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
15:58:01.0115 2660 btwrchid - ok
15:58:01.0154 2660 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:01.0199 2660 cdfs - ok
15:58:01.0252 2660 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:01.0299 2660 cdrom - ok
15:58:01.0354 2660 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:58:01.0401 2660 CertPropSvc - ok
15:58:01.0470 2660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:58:01.0539 2660 circlass - ok
15:58:01.0766 2660 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:58:01.0799 2660 CLFS - ok
15:58:01.0886 2660 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:01.0921 2660 clr_optimization_v2.0.50727_32 - ok
15:58:01.0988 2660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:02.0005 2660 clr_optimization_v4.0.30319_32 - ok
15:58:02.0068 2660 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:02.0114 2660 CmBatt - ok
15:58:02.0146 2660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:58:02.0160 2660 cmdide - ok
15:58:02.0283 2660 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:58:02.0304 2660 Com4QLBEx - ok
15:58:02.0326 2660 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:02.0343 2660 Compbatt - ok
15:58:02.0349 2660 COMSysApp - ok
15:58:02.0360 2660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:58:02.0376 2660 crcdisk - ok
15:58:02.0394 2660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:58:02.0465 2660 Crusoe - ok
15:58:02.0515 2660 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:58:02.0562 2660 CryptSvc - ok
15:58:02.0649 2660 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:58:02.0734 2660 DcomLaunch - ok
15:58:02.0774 2660 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:58:02.0805 2660 DfsC - ok
15:58:02.0943 2660 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:58:03.0154 2660 DFSR - ok
15:58:03.0330 2660 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:58:03.0378 2660 Dhcp - ok
15:58:03.0437 2660 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:58:03.0456 2660 disk - ok
15:58:03.0485 2660 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:58:03.0533 2660 Dnscache - ok
15:58:03.0571 2660 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:58:03.0615 2660 dot3svc - ok
15:58:03.0670 2660 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:58:03.0725 2660 DPS - ok
15:58:03.0767 2660 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:58:03.0810 2660 drmkaud - ok
15:58:03.0890 2660 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:03.0945 2660 DXGKrnl - ok
15:58:03.0993 2660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:58:04.0079 2660 E1G60 - ok
15:58:04.0111 2660 EagleNT - ok
15:58:04.0138 2660 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:58:04.0184 2660 EapHost - ok
15:58:04.0264 2660 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:58:04.0287 2660 Ecache - ok
15:58:04.0338 2660 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:58:04.0355 2660 ElbyCDIO - ok
15:58:04.0411 2660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:58:04.0451 2660 elxstor - ok
15:58:04.0524 2660 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:58:04.0635 2660 EMDMgmt - ok
15:58:04.0740 2660 EPGService (05aabf9eebc1850728e1e89516a8170d) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
15:58:04.0941 2660 EPGService ( UnsignedFile.Multi.Generic ) - warning
15:58:04.0941 2660 EPGService - detected UnsignedFile.Multi.Generic (1)
15:58:04.0984 2660 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:58:05.0027 2660 EventSystem - ok
15:58:05.0116 2660 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:58:05.0134 2660 exfat - ok
15:58:05.0182 2660 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:58:05.0228 2660 fastfat - ok
15:58:05.0263 2660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:58:05.0338 2660 fdc - ok
15:58:05.0382 2660 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:58:05.0415 2660 fdPHost - ok
15:58:05.0445 2660 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:58:05.0520 2660 FDResPub - ok
15:58:05.0560 2660 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:58:05.0578 2660 FileInfo - ok
15:58:05.0597 2660 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:58:05.0650 2660 Filetrace - ok
15:58:05.0679 2660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:58:05.0748 2660 flpydisk - ok
15:58:05.0792 2660 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:58:05.0813 2660 FltMgr - ok
15:58:05.0902 2660 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:58:05.0973 2660 FontCache - ok
15:58:06.0055 2660 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:58:06.0072 2660 FontCache3.0.0.0 - ok
15:58:06.0107 2660 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:06.0169 2660 Fs_Rec - ok
15:58:06.0215 2660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:58:06.0232 2660 gagp30kx - ok
15:58:06.0303 2660 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:58:06.0362 2660 gpsvc - ok
15:58:06.0415 2660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:58:06.0434 2660 gupdate - ok
15:58:06.0441 2660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:58:06.0457 2660 gupdatem - ok
15:58:06.0513 2660 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:58:06.0532 2660 gusvc - ok
15:58:06.0565 2660 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
15:58:06.0586 2660 HBtnKey - ok
15:58:06.0620 2660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:58:06.0695 2660 HdAudAddService - ok
15:58:06.0930 2660 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:07.0012 2660 HDAudBus - ok
15:58:07.0037 2660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:58:07.0115 2660 HidBth - ok
15:58:07.0144 2660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:58:07.0203 2660 HidIr - ok
15:58:07.0244 2660 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:58:07.0284 2660 hidserv - ok
15:58:07.0330 2660 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:07.0394 2660 HidUsb - ok
15:58:07.0428 2660 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:58:07.0467 2660 hkmsvc - ok
15:58:07.0535 2660 HP Health Check Service (2ceeb349216febd91a907013d4abcff7) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:58:07.0551 2660 HP Health Check Service - ok
15:58:07.0573 2660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:58:07.0591 2660 HpCISSs - ok
15:58:07.0620 2660 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:58:07.0661 2660 HpqKbFiltr - ok
15:58:07.0705 2660 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:58:07.0727 2660 hpqwmiex - ok
15:58:07.0769 2660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:58:07.0811 2660 HSFHWAZL - ok
15:58:07.0889 2660 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:58:08.0047 2660 HSF_DPV - ok
15:58:08.0105 2660 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
15:58:08.0183 2660 HTTP - ok
15:58:08.0231 2660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:58:08.0249 2660 i2omp - ok
15:58:08.0290 2660 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:58:08.0345 2660 i8042prt - ok
15:58:08.0390 2660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:58:08.0415 2660 iaStorV - ok
15:58:08.0539 2660 ICM_UpdaterService (99730c456c8ff7a544d23445c7eeda4a) C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe
15:58:08.0667 2660 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning
15:58:08.0667 2660 ICM_UpdaterService - detected UnsignedFile.Multi.Generic (1)
15:58:08.0758 2660 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:58:08.0799 2660 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:58:08.0799 2660 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:58:08.0913 2660 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:58:08.0975 2660 idsvc - ok
15:58:09.0078 2660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:58:09.0096 2660 iirsp - ok
15:58:09.0157 2660 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:58:09.0238 2660 IKEEXT - ok
15:58:09.0265 2660 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
15:58:09.0282 2660 intelide - ok
15:58:09.0306 2660 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:09.0363 2660 intelppm - ok
15:58:09.0396 2660 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:58:09.0439 2660 IPBusEnum - ok
15:58:09.0470 2660 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:09.0512 2660 IpFilterDriver - ok
15:58:09.0543 2660 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:58:09.0581 2660 iphlpsvc - ok
15:58:09.0586 2660 IpInIp - ok
15:58:09.0613 2660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:58:09.0678 2660 IPMIDRV - ok
15:58:09.0715 2660 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:58:09.0764 2660 IPNAT - ok
15:58:09.0791 2660 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:58:09.0848 2660 IRENUM - ok
15:58:09.0897 2660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:58:09.0914 2660 isapnp - ok
15:58:09.0968 2660 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:09.0988 2660 iScsiPrt - ok
15:58:10.0001 2660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:58:10.0018 2660 iteatapi - ok
15:58:10.0036 2660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:58:10.0054 2660 iteraid - ok
15:58:10.0125 2660 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:58:10.0142 2660 IviRegMgr - ok
15:58:10.0165 2660 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:10.0184 2660 kbdclass - ok
15:58:10.0220 2660 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:10.0262 2660 kbdhid - ok
15:58:10.0302 2660 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:58:10.0355 2660 KeyIso - ok
15:58:10.0403 2660 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:58:10.0448 2660 KSecDD - ok
15:58:10.0531 2660 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:58:10.0610 2660 KtmRm - ok
15:58:10.0656 2660 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:58:10.0712 2660 LanmanServer - ok
15:58:10.0772 2660 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:58:10.0826 2660 LanmanWorkstation - ok
15:58:10.0898 2660 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:58:10.0915 2660 LightScribeService - ok
15:58:10.0965 2660 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:11.0008 2660 lltdio - ok
15:58:11.0051 2660 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:58:11.0102 2660 lltdsvc - ok
15:58:11.0129 2660 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:58:11.0211 2660 lmhosts - ok
15:58:11.0258 2660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:58:11.0277 2660 LSI_FC - ok
15:58:11.0295 2660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:58:11.0313 2660 LSI_SAS - ok
15:58:11.0344 2660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:58:11.0364 2660 LSI_SCSI - ok
15:58:11.0408 2660 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:58:11.0465 2660 luafv - ok
15:58:11.0493 2660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:58:11.0512 2660 megasas - ok
15:58:11.0535 2660 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:58:11.0573 2660 MMCSS - ok
15:58:11.0604 2660 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:58:11.0642 2660 Modem - ok
15:58:11.0683 2660 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:58:11.0721 2660 monitor - ok
15:58:11.0747 2660 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:11.0766 2660 mouclass - ok
15:58:11.0794 2660 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:11.0847 2660 mouhid - ok
15:58:11.0891 2660 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:58:11.0907 2660 MountMgr - ok
15:58:11.0990 2660 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:58:12.0012 2660 MpFilter - ok
15:58:12.0066 2660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:58:12.0083 2660 mpio - ok
15:58:12.0202 2660 MpKslaf58ca6a (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C86AFC25-061D-42A7-957F-0005FDD3416F}\MpKslaf58ca6a.sys
15:58:12.0215 2660 MpKslaf58ca6a - ok
15:58:12.0260 2660 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:58:12.0302 2660 mpsdrv - ok
15:58:12.0367 2660 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:58:12.0461 2660 MpsSvc - ok
15:58:12.0501 2660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:58:12.0516 2660 Mraid35x - ok
15:58:12.0560 2660 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:58:12.0588 2660 MRxDAV - ok
15:58:12.0639 2660 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:12.0669 2660 mrxsmb - ok
15:58:12.0704 2660 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:12.0740 2660 mrxsmb10 - ok
15:58:12.0773 2660 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:12.0803 2660 mrxsmb20 - ok
15:58:12.0823 2660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:58:12.0841 2660 msahci - ok
15:58:12.0855 2660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:58:12.0875 2660 msdsm - ok
15:58:12.0911 2660 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:58:12.0954 2660 MSDTC - ok
15:58:12.0989 2660 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:58:13.0036 2660 Msfs - ok
15:58:13.0084 2660 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:58:13.0099 2660 msisadrv - ok
15:58:13.0135 2660 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:58:13.0182 2660 MSiSCSI - ok
15:58:13.0198 2660 msiserver - ok
15:58:13.0225 2660 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:13.0271 2660 MSKSSRV - ok
15:58:13.0347 2660 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:58:13.0361 2660 MsMpSvc - ok
15:58:13.0376 2660 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:13.0429 2660 MSPCLOCK - ok
15:58:13.0474 2660 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:58:13.0526 2660 MSPQM - ok
15:58:13.0573 2660 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:58:13.0593 2660 MsRPC - ok
15:58:13.0615 2660 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:13.0630 2660 mssmbios - ok
15:58:13.0664 2660 MSSQL$MSSMLBIZ - ok
15:58:13.0730 2660 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:58:13.0745 2660 MSSQLServerADHelper - ok
15:58:13.0771 2660 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:58:13.0825 2660 MSTEE - ok
15:58:13.0858 2660 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:58:13.0876 2660 Mup - ok
15:58:13.0927 2660 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:58:13.0985 2660 napagent - ok
15:58:14.0057 2660 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:14.0082 2660 NativeWifiP - ok
15:58:14.0168 2660 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:58:14.0211 2660 NDIS - ok
15:58:14.0246 2660 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:14.0289 2660 NdisTapi - ok
15:58:14.0325 2660 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:14.0357 2660 Ndisuio - ok
15:58:14.0403 2660 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:14.0447 2660 NdisWan - ok
15:58:14.0481 2660 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:58:14.0537 2660 NDProxy - ok
15:58:14.0568 2660 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:58:14.0626 2660 NetBIOS - ok
15:58:14.0662 2660 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:58:14.0708 2660 netbt - ok
15:58:14.0743 2660 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:58:14.0758 2660 Netlogon - ok
15:58:14.0796 2660 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:58:14.0835 2660 Netman - ok
15:58:14.0874 2660 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:58:14.0927 2660 netprofm - ok
15:58:14.0987 2660 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:58:15.0006 2660 NetTcpPortSharing - ok
15:58:15.0056 2660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:58:15.0073 2660 nfrd960 - ok
15:58:15.0145 2660 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:58:15.0162 2660 NisDrv - ok
15:58:15.0270 2660 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:58:15.0292 2660 NisSrv - ok
15:58:15.0337 2660 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:58:15.0372 2660 NlaSvc - ok
15:58:15.0405 2660 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:58:15.0429 2660 Npfs - ok
15:58:15.0447 2660 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:58:15.0490 2660 nsi - ok
15:58:15.0517 2660 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:58:15.0562 2660 nsiproxy - ok
15:58:15.0662 2660 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:58:15.0732 2660 Ntfs - ok
15:58:15.0790 2660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:58:15.0868 2660 ntrigdigi - ok
15:58:15.0905 2660 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:58:15.0946 2660 Null - ok
15:58:15.0969 2660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:58:15.0989 2660 nvraid - ok
15:58:16.0013 2660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:58:16.0032 2660 nvstor - ok
15:58:16.0060 2660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:58:16.0084 2660 nv_agp - ok
15:58:16.0101 2660 NwlnkFlt - ok
15:58:16.0119 2660 NwlnkFwd - ok
15:58:16.0160 2660 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:58:16.0223 2660 ohci1394 - ok
15:58:16.0308 2660 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:16.0329 2660 ose - ok
15:58:16.0625 2660 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:58:17.0342 2660 osppsvc - ok
15:58:17.0512 2660 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:58:17.0608 2660 p2pimsvc - ok
15:58:17.0621 2660 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:58:17.0655 2660 p2psvc - ok
15:58:17.0706 2660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
15:58:17.0782 2660 Parport - ok
15:58:17.0824 2660 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:58:17.0841 2660 partmgr - ok
15:58:17.0878 2660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
15:58:17.0956 2660 Parvdm - ok
15:58:17.0977 2660 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:58:18.0032 2660 PcaSvc - ok
15:58:18.0071 2660 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:58:18.0094 2660 pci - ok
15:58:18.0122 2660 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:58:18.0138 2660 pciide - ok
15:58:18.0200 2660 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:58:18.0221 2660 pcmcia - ok
15:58:18.0262 2660 pdfcDispatcher - ok
15:58:18.0358 2660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:58:18.0459 2660 PEAUTH - ok
15:58:18.0600 2660 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:58:18.0750 2660 pla - ok
15:58:18.0874 2660 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:58:18.0911 2660 PlugPlay - ok
15:58:18.0990 2660 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:58:19.0024 2660 PNRPAutoReg - ok
15:58:19.0037 2660 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:58:19.0073 2660 PNRPsvc - ok
15:58:19.0132 2660 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:58:19.0174 2660 PolicyAgent - ok
15:58:19.0219 2660 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:19.0259 2660 PptpMiniport - ok
15:58:19.0309 2660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:58:19.0392 2660 Processor - ok
15:58:19.0428 2660 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:58:19.0481 2660 ProfSvc - ok
15:58:19.0509 2660 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:58:19.0543 2660 ProtectedStorage - ok
15:58:19.0591 2660 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:58:19.0620 2660 PSched - ok
15:58:19.0646 2660 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
15:58:19.0710 2660 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:58:19.0710 2660 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:58:19.0785 2660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:58:19.0847 2660 ql2300 - ok
15:58:19.0908 2660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:58:19.0927 2660 ql40xx - ok
15:58:19.0971 2660 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:58:20.0016 2660 QWAVE - ok
15:58:20.0043 2660 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:58:20.0063 2660 QWAVEdrv - ok
15:58:20.0233 2660 R300 (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys
15:58:20.0343 2660 R300 - ok
15:58:20.0450 2660 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:20.0488 2660 RasAcd - ok
15:58:20.0512 2660 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:58:20.0565 2660 RasAuto - ok
15:58:20.0607 2660 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:20.0660 2660 Rasl2tp - ok
15:58:20.0706 2660 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:58:20.0742 2660 RasMan - ok
15:58:20.0785 2660 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:20.0814 2660 RasPppoe - ok
15:58:20.0866 2660 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:20.0904 2660 RasSstp - ok
15:58:20.0961 2660 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:21.0016 2660 rdbss - ok
15:58:21.0051 2660 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:21.0108 2660 RDPCDD - ok
15:58:21.0166 2660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:58:21.0236 2660 rdpdr - ok
15:58:21.0245 2660 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:58:21.0283 2660 RDPENCDD - ok
15:58:21.0322 2660 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:58:21.0371 2660 RDPWD - ok
15:58:21.0415 2660 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:58:21.0448 2660 RemoteAccess - ok
15:58:21.0495 2660 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:58:21.0551 2660 RemoteRegistry - ok
15:58:21.0584 2660 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:58:21.0612 2660 RFCOMM - ok
15:58:21.0772 2660 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:58:21.0829 2660 RoxMediaDB9 - ok
15:58:21.0875 2660 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:58:21.0937 2660 RpcLocator - ok
15:58:22.0014 2660 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:58:22.0073 2660 RpcSs - ok
15:58:22.0131 2660 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:22.0185 2660 rspndr - ok
15:58:22.0246 2660 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:58:22.0266 2660 SamSs - ok
15:58:22.0419 2660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:58:22.0506 2660 sbp2port - ok
15:58:22.0590 2660 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:58:22.0662 2660 SCardSvr - ok
15:58:22.0736 2660 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:58:22.0820 2660 Schedule - ok
15:58:22.0850 2660 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:58:22.0879 2660 SCPolicySvc - ok
15:58:22.0915 2660 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
15:58:22.0982 2660 sdbus - ok
15:58:23.0021 2660 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:58:23.0074 2660 SDRSVC - ok
15:58:23.0101 2660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:58:23.0195 2660 secdrv - ok
15:58:23.0248 2660 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:58:23.0282 2660 seclogon - ok
15:58:23.0319 2660 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:58:23.0352 2660 SENS - ok
15:58:23.0384 2660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:58:23.0452 2660 Serenum - ok
15:58:23.0473 2660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:58:23.0527 2660 Serial - ok
15:58:23.0572 2660 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:58:23.0602 2660 sermouse - ok
15:58:23.0651 2660 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:58:23.0709 2660 SessionEnv - ok
15:58:23.0803 2660 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
15:58:23.0866 2660 sesvc ( UnsignedFile.Multi.Generic ) - warning
15:58:23.0866 2660 sesvc - detected UnsignedFile.Multi.Generic (1)
15:58:23.0903 2660 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
15:58:23.0984 2660 sfdrv01 - ok
15:58:24.0023 2660 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:58:24.0081 2660 sffdisk - ok
15:58:24.0100 2660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:58:24.0178 2660 sffp_mmc - ok
15:58:24.0198 2660 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:58:24.0257 2660 sffp_sd - ok
15:58:24.0293 2660 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
15:58:24.0329 2660 sfhlp02 - ok
15:58:24.0358 2660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:58:24.0423 2660 sfloppy - ok
15:58:24.0482 2660 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
15:58:24.0543 2660 sfvfs02 - ok
15:58:24.0568 2660 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:58:24.0631 2660 SharedAccess - ok
15:58:24.0686 2660 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:58:24.0746 2660 ShellHWDetection - ok
15:58:24.0795 2660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:58:24.0812 2660 sisagp - ok
15:58:24.0828 2660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:58:24.0845 2660 SiSRaid2 - ok
15:58:24.0864 2660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:58:24.0882 2660 SiSRaid4 - ok
15:58:25.0107 2660 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:58:25.0315 2660 slsvc - ok
15:58:25.0448 2660 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:58:25.0514 2660 SLUINotify - ok
15:58:25.0570 2660 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:58:25.0616 2660 Smb - ok
15:58:25.0651 2660 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:58:25.0672 2660 SNMPTRAP - ok
15:58:25.0687 2660 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:58:25.0708 2660 spldr - ok
15:58:25.0745 2660 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:58:25.0804 2660 Spooler - ok
15:58:25.0892 2660 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
15:58:25.0893 2660 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
15:58:25.0896 2660 sptd ( LockedFile.Multi.Generic ) - warning
15:58:25.0897 2660 sptd - detected LockedFile.Multi.Generic (1)
15:58:25.0991 2660 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:58:26.0013 2660 SQLBrowser - ok
15:58:26.0064 2660 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:58:26.0082 2660 SQLWriter - ok
15:58:26.0126 2660 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:58:26.0160 2660 srv - ok
15:58:26.0211 2660 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:58:26.0242 2660 srv2 - ok
15:58:26.0272 2660 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:26.0292 2660 srvnet - ok
15:58:26.0329 2660 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:58:26.0385 2660 SSDPSRV - ok
15:58:26.0435 2660 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:58:26.0476 2660 SstpSvc - ok
15:58:26.0542 2660 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:58:26.0609 2660 stisvc - ok
15:58:26.0739 2660 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:58:26.0750 2660 stllssvr ( UnsignedFile.Multi.Generic ) - warning
15:58:26.0750 2660 stllssvr - detected UnsignedFile.Multi.Generic (1)
15:58:26.0791 2660 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:58:26.0809 2660 swenum - ok
15:58:26.0870 2660 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:58:26.0922 2660 swprv - ok
15:58:26.0974 2660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:58:26.0991 2660 Symc8xx - ok
15:58:27.0019 2660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:58:27.0037 2660 Sym_hi - ok
15:58:27.0061 2660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:58:27.0080 2660 Sym_u3 - ok
15:58:27.0187 2660 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
15:58:27.0311 2660 SynTP - ok
15:58:27.0478 2660 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:58:27.0573 2660 SysMain - ok
15:58:27.0709 2660 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:58:27.0732 2660 TabletInputService - ok
15:58:27.0792 2660 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:58:27.0839 2660 TapiSrv - ok
15:58:27.0882 2660 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:58:27.0921 2660 TBS - ok
15:58:28.0000 2660 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
15:58:28.0057 2660 Tcpip - ok
15:58:28.0072 2660 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:28.0110 2660 Tcpip6 - ok
15:58:28.0155 2660 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
15:58:28.0198 2660 tcpipreg - ok
15:58:28.0231 2660 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:58:28.0264 2660 TDPIPE - ok
15:58:28.0310 2660 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:58:28.0358 2660 TDTCP - ok
15:58:28.0401 2660 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:58:28.0443 2660 tdx - ok
15:58:28.0479 2660 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:58:28.0497 2660 TermDD - ok
15:58:28.0562 2660 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:58:28.0613 2660 TermService - ok
15:58:28.0663 2660 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:58:28.0688 2660 Themes - ok
15:58:28.0711 2660 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:58:28.0750 2660 THREADORDER - ok
15:58:28.0787 2660 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
15:58:28.0804 2660 TPM - ok
15:58:28.0833 2660 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:58:28.0874 2660 TrkWks - ok
15:58:28.0920 2660 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:58:28.0949 2660 TrustedInstaller - ok
15:58:29.0004 2660 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:29.0040 2660 tssecsrv - ok
15:58:29.0083 2660 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:58:29.0120 2660 tunmp - ok
15:58:29.0142 2660 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:29.0161 2660 tunnel - ok
15:58:29.0189 2660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:58:29.0208 2660 uagp35 - ok
15:58:29.0240 2660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:58:29.0273 2660 udfs - ok
15:58:29.0309 2660 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:58:29.0362 2660 UI0Detect - ok
15:58:29.0369 2660 UIUSys - ok
15:58:29.0427 2660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:58:29.0446 2660 uliagpkx - ok
15:58:29.0482 2660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:58:29.0506 2660 uliahci - ok
15:58:29.0536 2660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:58:29.0555 2660 UlSata - ok
15:58:29.0584 2660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:58:29.0603 2660 ulsata2 - ok
15:58:29.0636 2660 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:58:29.0692 2660 umbus - ok
15:58:29.0735 2660 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:58:29.0801 2660 upnphost - ok
15:58:29.0891 2660 USB28xxBGA (94c4efca2786491e1d7de335356b3e78) C:\Windows\system32\DRIVERS\emBDA.sys
15:58:29.0972 2660 USB28xxBGA - ok
15:58:29.0985 2660 USB28xxOEM (c1743b02161ed76e15028f0591f6c753) C:\Windows\system32\DRIVERS\emOEM.sys
15:58:30.0018 2660 USB28xxOEM - ok
15:58:30.0054 2660 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys
15:58:30.0070 2660 usbbus - ok
15:58:30.0120 2660 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
15:58:30.0174 2660 usbccgp - ok
15:58:30.0195 2660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:58:30.0267 2660 usbcir - ok
15:58:30.0324 2660 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
15:58:30.0356 2660 UsbDiag - ok
15:58:30.0399 2660 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:58:30.0435 2660 usbehci - ok
15:58:30.0469 2660 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:30.0516 2660 usbhub - ok
15:58:30.0544 2660 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys
15:58:30.0560 2660 USBModem - ok
15:58:30.0574 2660 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
15:58:30.0602 2660 usbohci - ok
15:58:30.0639 2660 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:58:30.0695 2660 usbprint - ok
15:58:30.0725 2660 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:30.0759 2660 USBSTOR - ok
15:58:30.0785 2660 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:30.0837 2660 usbuhci - ok
15:58:30.0878 2660 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:58:30.0904 2660 UxSms - ok
15:58:30.0948 2660 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
15:58:31.0006 2660 VClone - ok
15:58:31.0070 2660 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:58:31.0154 2660 vds - ok
15:58:31.0198 2660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:31.0256 2660 vga - ok
15:58:31.0293 2660 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:58:31.0353 2660 VgaSave - ok
15:58:31.0379 2660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:58:31.0394 2660 viaagp - ok
15:58:31.0418 2660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:58:31.0484 2660 ViaC7 - ok
15:58:31.0500 2660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:58:31.0513 2660 viaide - ok
15:58:31.0546 2660 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:58:31.0563 2660 volmgr - ok
15:58:31.0617 2660 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:58:31.0639 2660 volmgrx - ok
15:58:31.0678 2660 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:58:31.0703 2660 volsnap - ok
15:58:31.0739 2660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:58:31.0756 2660 vsmraid - ok
15:58:31.0850 2660 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:58:31.0926 2660 VSS - ok
15:58:32.0003 2660 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:58:32.0058 2660 W32Time - ok
15:58:32.0113 2660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:58:32.0181 2660 WacomPen - ok
15:58:32.0231 2660 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:32.0273 2660 Wanarp - ok
15:58:32.0281 2660 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:32.0307 2660 Wanarpv6 - ok
15:58:32.0347 2660 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:58:32.0398 2660 wcncsvc - ok
15:58:32.0425 2660 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:58:32.0453 2660 WcsPlugInService - ok
15:58:32.0488 2660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:58:32.0503 2660 Wd - ok
15:58:32.0561 2660 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:58:32.0602 2660 Wdf01000 - ok
15:58:32.0639 2660 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:58:32.0699 2660 WdiServiceHost - ok
15:58:32.0705 2660 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:58:32.0745 2660 WdiSystemHost - ok
15:58:32.0796 2660 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:58:32.0829 2660 WebClient - ok
15:58:32.0874 2660 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:58:32.0900 2660 Wecsvc - ok
15:58:32.0928 2660 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:58:32.0974 2660 wercplsupport - ok
15:58:33.0023 2660 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:58:33.0062 2660 WerSvc - ok
15:58:33.0103 2660 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
15:58:33.0122 2660 WimFltr - ok
15:58:33.0201 2660 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:58:33.0292 2660 winachsf - ok
15:58:33.0374 2660 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:58:33.0401 2660 WinDefend - ok
15:58:33.0414 2660 WinHttpAutoProxySvc - ok
15:58:33.0482 2660 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:58:33.0512 2660 Winmgmt - ok
15:58:33.0622 2660 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:58:33.0697 2660 WinRM - ok
15:58:33.0776 2660 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:58:33.0879 2660 Wlansvc - ok
15:58:33.0915 2660 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:58:33.0964 2660 WmiAcpi - ok
15:58:34.0042 2660 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:58:34.0119 2660 wmiApSrv - ok
15:58:34.0241 2660 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:58:34.0354 2660 WMPNetworkSvc - ok
15:58:34.0370 2660 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:58:34.0427 2660 WPCSvc - ok
15:58:34.0474 2660 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:58:34.0508 2660 WPDBusEnum - ok
15:58:34.0587 2660 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:58:34.0620 2660 WpdUsb - ok
15:58:34.0773 2660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:58:34.0831 2660 WPFFontCache_v0400 - ok
15:58:34.0890 2660 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:34.0958 2660 ws2ifsl - ok
15:58:34.0983 2660 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:58:35.0028 2660 wscsvc - ok
15:58:35.0035 2660 WSearch - ok
15:58:35.0186 2660 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:58:35.0332 2660 wuauserv - ok
15:58:35.0456 2660 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:35.0509 2660 WUDFRd - ok
15:58:35.0535 2660 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:58:35.0594 2660 wudfsvc - ok
15:58:35.0643 2660 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:58:36.0179 2660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:58:36.0179 2660 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:58:36.0190 2660 MBR (0x1B8) (3dad8cf86d30d5e14b2a967047c0bc13) \Device\Harddisk1\DR1
15:59:39.0977 2660 \Device\Harddisk1\DR1 - ok
15:59:40.0012 2660 Boot (0x1200) (43d6fe2d0345951f003c04f35f764cd4) \Device\Harddisk0\DR0\Partition0
15:59:40.0016 2660 \Device\Harddisk0\DR0\Partition0 - ok
15:59:40.0051 2660 Boot (0x1200) (af9948a19f419d53cb915043d0b5a139) \Device\Harddisk0\DR0\Partition1
15:59:40.0056 2660 \Device\Harddisk0\DR0\Partition1 - ok
15:59:40.0057 2660 ============================================================
15:59:40.0057 2660 Scan finished
15:59:40.0057 2660 ============================================================
15:59:40.0086 0752 Detected object count: 10
15:59:40.0086 0752 Actual detected object count: 10
15:59:56.0795 0752 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0795 0752 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0800 0752 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0800 0752 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0804 0752 EPGService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0805 0752 EPGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0809 0752 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0809 0752 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0814 0752 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0814 0752 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0819 0752 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0819 0752 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0823 0752 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0823 0752 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0829 0752 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:59:56.0830 0752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:59:56.0830 0752 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:56.0830 0752 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:56.0834 0752 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:59:56.0834 0752 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
25.06.2012, 15:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschiebenCode:
ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 16:26
| #11 |
| | Verschlüsselungstrojaner in Quarantäne verschieben Wie kann ich das machen? also des fixen? |
|
25.06.2012, 19:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben TDSS-Killer nochmal starten und scannen lassen, wenn er die besagten Funde wieder hat, wählst du nur dieses TDSS File System aus und sagst delete, die anderen müssen auf skip stehen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 11:06
| #13 |
| | Verschlüsselungstrojaner in Quarantäne verschieben OK. Hier ist der neue log. Code:
ATTFilter 12:01:25.0545 1504 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:01:25.0600 1504 ============================================================
12:01:25.0601 1504 Current date / time: 2012/06/26 12:01:25.0600
12:01:25.0601 1504 SystemInfo:
12:01:25.0601 1504
12:01:25.0601 1504 OS Version: 6.0.6002 ServicePack: 2.0
12:01:25.0601 1504 Product type: Workstation
12:01:25.0601 1504 ComputerName: HP-LAPTOP
12:01:25.0601 1504 UserName: HP-User
12:01:25.0601 1504 Windows directory: C:\Windows
12:01:25.0601 1504 System windows directory: C:\Windows
12:01:25.0601 1504 Processor architecture: Intel x86
12:01:25.0601 1504 Number of processors: 2
12:01:25.0601 1504 Page size: 0x1000
12:01:25.0601 1504 Boot type: Normal boot
12:01:25.0601 1504 ============================================================
12:01:27.0074 1504 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:01:27.0076 1504 ============================================================
12:01:27.0076 1504 \Device\Harddisk0\DR0:
12:01:27.0076 1504 MBR partitions:
12:01:27.0076 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117D07C1
12:01:27.0077 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x126FF000, BlocksNum 0x31A000
12:01:27.0077 1504 ============================================================
12:01:27.0091 1504 C: <-> \Device\Harddisk0\DR0\Partition0
12:01:27.0138 1504 E: <-> \Device\Harddisk0\DR0\Partition1
12:01:27.0139 1504 ============================================================
12:01:27.0139 1504 Initialize success
12:01:27.0139 1504 ============================================================
12:01:33.0804 3352 ============================================================
12:01:33.0804 3352 Scan started
12:01:33.0804 3352 Mode: Manual; SigCheck; TDLFS;
12:01:33.0805 3352 ============================================================
12:01:37.0908 3352 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
12:01:38.0060 3352 acedrv11 - ok
12:01:38.0789 3352 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:01:38.0813 3352 ACPI - ok
12:01:39.0392 3352 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
12:01:39.0495 3352 ADIHdAudAddService - ok
12:01:40.0081 3352 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:01:40.0143 3352 adp94xx - ok
12:01:40.0722 3352 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:01:40.0742 3352 adpahci - ok
12:01:41.0024 3352 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:01:41.0041 3352 adpu160m - ok
12:01:41.0272 3352 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:01:41.0307 3352 adpu320 - ok
12:01:41.0464 3352 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
12:01:41.0502 3352 AEADIFilters - ok
12:01:41.0556 3352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:01:41.0628 3352 AeLookupSvc - ok
12:01:42.0043 3352 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:01:42.0098 3352 AFD - ok
12:01:42.0200 3352 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
12:01:42.0259 3352 AgereModemAudio - ok
12:01:43.0972 3352 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
12:01:44.0176 3352 AgereSoftModem - ok
12:01:45.0239 3352 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:01:45.0277 3352 agp440 - ok
12:01:45.0438 3352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:01:45.0474 3352 aic78xx - ok
12:01:45.0788 3352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:01:45.0895 3352 ALG - ok
12:01:45.0951 3352 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:01:45.0964 3352 aliide - ok
12:01:46.0097 3352 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:01:46.0112 3352 amdagp - ok
12:01:46.0129 3352 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:01:46.0146 3352 amdide - ok
12:01:46.0229 3352 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:01:46.0319 3352 AmdK7 - ok
12:01:46.0408 3352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:01:46.0470 3352 AmdK8 - ok
12:01:46.0717 3352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:01:46.0734 3352 Appinfo - ok
12:01:46.0927 3352 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:01:46.0943 3352 arc - ok
12:01:47.0024 3352 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:01:47.0039 3352 arcsas - ok
12:01:47.0275 3352 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
12:01:47.0315 3352 ASBroker ( UnsignedFile.Multi.Generic ) - warning
12:01:47.0315 3352 ASBroker - detected UnsignedFile.Multi.Generic (1)
12:01:47.0466 3352 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
12:01:47.0486 3352 ASChannel ( UnsignedFile.Multi.Generic ) - warning
12:01:47.0486 3352 ASChannel - detected UnsignedFile.Multi.Generic (1)
12:01:47.0578 3352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:47.0674 3352 AsyncMac - ok
12:01:47.0914 3352 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:01:47.0952 3352 atapi - ok
12:01:49.0123 3352 Ati External Event Utility (3481d12334f065bba19c16399c9cb171) C:\Windows\system32\Ati2evxx.exe
12:01:49.0185 3352 Ati External Event Utility - ok
12:01:49.0413 3352 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:01:49.0440 3352 AtiPcie - ok
12:01:49.0660 3352 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
12:01:49.0678 3352 ATSWPDRV - ok
12:01:50.0002 3352 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:01:50.0053 3352 AudioEndpointBuilder - ok
12:01:50.0061 3352 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:01:50.0095 3352 Audiosrv - ok
12:01:50.0222 3352 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:01:50.0276 3352 b57nd60x - ok
12:01:50.0915 3352 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:01:51.0005 3352 BCM43XV - ok
12:01:51.0066 3352 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:01:51.0174 3352 BCM43XX - ok
12:01:51.0494 3352 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:01:51.0527 3352 BcmSqlStartupSvc - ok
12:01:51.0621 3352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:01:51.0703 3352 Beep - ok
12:01:52.0177 3352 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:01:52.0273 3352 BFE - ok
12:01:53.0368 3352 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:01:53.0474 3352 BITS - ok
12:01:53.0479 3352 blbdrive - ok
12:01:53.0844 3352 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:01:53.0920 3352 bowser - ok
12:01:54.0037 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:01:54.0091 3352 BrFiltLo - ok
12:01:54.0134 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:01:54.0180 3352 BrFiltUp - ok
12:01:54.0352 3352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:01:54.0418 3352 Browser - ok
12:01:54.0613 3352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:01:54.0706 3352 Brserid - ok
12:01:54.0808 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:01:54.0872 3352 BrSerWdm - ok
12:01:54.0929 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:01:55.0016 3352 BrUsbMdm - ok
12:01:55.0044 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:01:55.0135 3352 BrUsbSer - ok
12:01:55.0214 3352 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:01:55.0255 3352 BthEnum - ok
12:01:55.0388 3352 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
12:01:55.0419 3352 BTHMODEM - ok
12:01:55.0600 3352 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:01:55.0700 3352 BthPan - ok
12:01:56.0417 3352 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
12:01:56.0678 3352 BTHPORT - ok
12:01:56.0777 3352 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
12:01:56.0813 3352 BthServ - ok
12:01:56.0891 3352 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
12:01:56.0927 3352 BTHUSB - ok
12:01:57.0116 3352 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
12:01:57.0158 3352 btwaudio - ok
12:01:57.0300 3352 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
12:01:57.0318 3352 btwavdt - ok
12:01:57.0408 3352 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
12:01:57.0432 3352 btwrchid - ok
12:01:57.0608 3352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:57.0720 3352 cdfs - ok
12:01:57.0876 3352 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:57.0948 3352 cdrom - ok
12:01:58.0013 3352 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:01:58.0042 3352 CertPropSvc - ok
12:01:58.0124 3352 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:01:58.0192 3352 circlass - ok
12:01:58.0529 3352 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:01:58.0573 3352 CLFS - ok
12:01:58.0877 3352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:58.0910 3352 clr_optimization_v2.0.50727_32 - ok
12:01:59.0416 3352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:59.0480 3352 clr_optimization_v4.0.30319_32 - ok
12:01:59.0634 3352 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:59.0686 3352 CmBatt - ok
12:01:59.0745 3352 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:01:59.0761 3352 cmdide - ok
12:02:00.0490 3352 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:02:00.0546 3352 Com4QLBEx - ok
12:02:00.0626 3352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:02:00.0641 3352 Compbatt - ok
12:02:00.0647 3352 COMSysApp - ok
12:02:00.0711 3352 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:02:00.0728 3352 crcdisk - ok
12:02:00.0786 3352 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:02:00.0869 3352 Crusoe - ok
12:02:01.0102 3352 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:02:01.0171 3352 CryptSvc - ok
12:02:01.0909 3352 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:02:02.0032 3352 DcomLaunch - ok
12:02:02.0191 3352 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:02:02.0274 3352 DfsC - ok
12:02:04.0080 3352 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:02:05.0573 3352 DFSR - ok
12:02:07.0555 3352 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:02:07.0693 3352 Dhcp - ok
12:02:07.0946 3352 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:02:07.0965 3352 disk - ok
12:02:08.0138 3352 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:02:08.0245 3352 Dnscache - ok
12:02:08.0371 3352 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:02:08.0460 3352 dot3svc - ok
12:02:08.0699 3352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:02:08.0860 3352 DPS - ok
12:02:08.0997 3352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:02:09.0055 3352 drmkaud - ok
12:02:09.0747 3352 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:02:10.0070 3352 DXGKrnl - ok
12:02:10.0297 3352 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:02:10.0389 3352 E1G60 - ok
12:02:10.0489 3352 EagleNT - ok
12:02:10.0689 3352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:02:10.0768 3352 EapHost - ok
12:02:11.0104 3352 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:02:11.0177 3352 Ecache - ok
12:02:11.0364 3352 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:02:11.0385 3352 ElbyCDIO - ok
12:02:11.0724 3352 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:02:11.0851 3352 elxstor - ok
12:02:12.0856 3352 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:02:13.0033 3352 EMDMgmt - ok
12:02:13.0677 3352 EPGService (05aabf9eebc1850728e1e89516a8170d) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
12:02:13.0763 3352 EPGService ( UnsignedFile.Multi.Generic ) - warning
12:02:13.0763 3352 EPGService - detected UnsignedFile.Multi.Generic (1)
12:02:14.0060 3352 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:02:14.0168 3352 EventSystem - ok
12:02:14.0554 3352 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:02:14.0660 3352 exfat - ok
12:02:14.0755 3352 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:02:14.0792 3352 fastfat - ok
12:02:14.0863 3352 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:02:14.0937 3352 fdc - ok
12:02:14.0994 3352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:02:15.0038 3352 fdPHost - ok
12:02:15.0068 3352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:02:15.0164 3352 FDResPub - ok
12:02:15.0650 3352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:02:15.0728 3352 FileInfo - ok
12:02:15.0820 3352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:02:15.0877 3352 Filetrace - ok
12:02:15.0934 3352 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:02:16.0023 3352 flpydisk - ok
12:02:16.0342 3352 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:02:16.0415 3352 FltMgr - ok
12:02:17.0231 3352 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:02:17.0474 3352 FontCache - ok
12:02:17.0780 3352 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:02:17.0804 3352 FontCache3.0.0.0 - ok
12:02:17.0875 3352 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:02:17.0922 3352 Fs_Rec - ok
12:02:18.0026 3352 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:02:18.0050 3352 gagp30kx - ok
12:02:18.0788 3352 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:02:18.0967 3352 gpsvc - ok
12:02:19.0293 3352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:19.0557 3352 gupdate - ok
12:02:19.0565 3352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:19.0584 3352 gupdatem - ok
12:02:19.0968 3352 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:02:20.0036 3352 gusvc - ok
12:02:20.0109 3352 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
12:02:20.0132 3352 HBtnKey - ok
12:02:20.0452 3352 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:02:20.0562 3352 HdAudAddService - ok
12:02:21.0327 3352 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:02:21.0440 3352 HDAudBus - ok
12:02:21.0513 3352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:02:21.0607 3352 HidBth - ok
12:02:21.0650 3352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:02:21.0716 3352 HidIr - ok
12:02:21.0803 3352 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:02:21.0884 3352 hidserv - ok
12:02:22.0060 3352 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:02:22.0143 3352 HidUsb - ok
12:02:22.0262 3352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:02:22.0316 3352 hkmsvc - ok
12:02:22.0588 3352 HP Health Check Service (2ceeb349216febd91a907013d4abcff7) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:02:22.0610 3352 HP Health Check Service - ok
12:02:22.0708 3352 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:02:22.0732 3352 HpCISSs - ok
12:02:22.0809 3352 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:02:22.0859 3352 HpqKbFiltr - ok
12:02:22.0911 3352 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:02:22.0956 3352 hpqwmiex - ok
12:02:23.0012 3352 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:02:23.0075 3352 HSFHWAZL - ok
12:02:23.0871 3352 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:02:24.0001 3352 HSF_DPV - ok
12:02:24.0539 3352 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
12:02:24.0637 3352 HTTP - ok
12:02:24.0702 3352 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:02:24.0737 3352 i2omp - ok
12:02:24.0788 3352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:02:24.0827 3352 i8042prt - ok
12:02:24.0985 3352 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:02:25.0004 3352 iaStorV - ok
12:02:25.0381 3352 ICM_UpdaterService (99730c456c8ff7a544d23445c7eeda4a) C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe
12:02:25.0391 3352 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning
12:02:25.0391 3352 ICM_UpdaterService - detected UnsignedFile.Multi.Generic (1)
12:02:25.0600 3352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:02:25.0641 3352 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:02:25.0641 3352 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:02:26.0650 3352 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:02:26.0938 3352 idsvc - ok
12:02:27.0502 3352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:02:27.0549 3352 iirsp - ok
12:02:27.0921 3352 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:02:28.0069 3352 IKEEXT - ok
12:02:28.0137 3352 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
12:02:28.0169 3352 intelide - ok
12:02:28.0276 3352 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:02:28.0377 3352 intelppm - ok
12:02:28.0433 3352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:02:28.0486 3352 IPBusEnum - ok
12:02:28.0525 3352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:02:28.0591 3352 IpFilterDriver - ok
12:02:28.0756 3352 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:02:28.0854 3352 iphlpsvc - ok
12:02:28.0869 3352 IpInIp - ok
12:02:28.0957 3352 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:02:29.0033 3352 IPMIDRV - ok
12:02:29.0103 3352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:02:29.0173 3352 IPNAT - ok
12:02:29.0223 3352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:02:29.0258 3352 IRENUM - ok
12:02:29.0337 3352 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:02:29.0352 3352 isapnp - ok
12:02:29.0489 3352 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:02:29.0551 3352 iScsiPrt - ok
12:02:29.0615 3352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:02:29.0647 3352 iteatapi - ok
12:02:29.0735 3352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:02:29.0753 3352 iteraid - ok
12:02:29.0934 3352 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:02:29.0950 3352 IviRegMgr - ok
12:02:29.0976 3352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:02:29.0994 3352 kbdclass - ok
12:02:30.0041 3352 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:02:30.0081 3352 kbdhid - ok
12:02:30.0182 3352 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:30.0219 3352 KeyIso - ok
12:02:30.0279 3352 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:02:30.0454 3352 KSecDD - ok
12:02:31.0042 3352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:02:31.0115 3352 KtmRm - ok
12:02:31.0225 3352 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:02:31.0250 3352 LanmanServer - ok
12:02:31.0837 3352 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:02:31.0946 3352 LanmanWorkstation - ok
12:02:32.0294 3352 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:02:32.0310 3352 LightScribeService - ok
12:02:32.0429 3352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:02:32.0472 3352 lltdio - ok
12:02:32.0586 3352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:02:32.0651 3352 lltdsvc - ok
12:02:32.0788 3352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:02:32.0870 3352 lmhosts - ok
12:02:32.0954 3352 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:02:32.0982 3352 LSI_FC - ok
12:02:33.0015 3352 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:02:33.0030 3352 LSI_SAS - ok
12:02:33.0074 3352 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:02:33.0088 3352 LSI_SCSI - ok
12:02:33.0413 3352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:02:33.0481 3352 luafv - ok
12:02:33.0800 3352 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:02:33.0834 3352 megasas - ok
12:02:33.0902 3352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:02:33.0993 3352 MMCSS - ok
12:02:34.0102 3352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:02:34.0159 3352 Modem - ok
12:02:34.0375 3352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:02:34.0409 3352 monitor - ok
12:02:34.0671 3352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:02:34.0688 3352 mouclass - ok
12:02:34.0800 3352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:02:34.0836 3352 mouhid - ok
12:02:35.0063 3352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:02:35.0097 3352 MountMgr - ok
12:02:35.0467 3352 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:02:35.0514 3352 MpFilter - ok
12:02:35.0575 3352 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:02:35.0592 3352 mpio - ok
12:02:36.0037 3352 MpKslc5caaba9 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FDE09B-F723-4696-9F0D-A1F3B558F807}\MpKslc5caaba9.sys
12:02:36.0065 3352 MpKslc5caaba9 - ok
12:02:36.0425 3352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:02:36.0534 3352 mpsdrv - ok
12:02:37.0687 3352 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:02:37.0817 3352 MpsSvc - ok
12:02:37.0908 3352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:02:37.0922 3352 Mraid35x - ok
12:02:37.0969 3352 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:02:37.0993 3352 MRxDAV - ok
12:02:38.0458 3352 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:38.0522 3352 mrxsmb - ok
12:02:38.0569 3352 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:38.0604 3352 mrxsmb10 - ok
12:02:38.0767 3352 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:38.0832 3352 mrxsmb20 - ok
12:02:38.0942 3352 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:02:38.0974 3352 msahci - ok
12:02:39.0051 3352 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:02:39.0074 3352 msdsm - ok
12:02:39.0196 3352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:02:39.0236 3352 MSDTC - ok
12:02:39.0290 3352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:02:39.0358 3352 Msfs - ok
12:02:39.0416 3352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:02:39.0432 3352 msisadrv - ok
12:02:39.0465 3352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:02:39.0550 3352 MSiSCSI - ok
12:02:39.0564 3352 msiserver - ok
12:02:39.0601 3352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:02:39.0657 3352 MSKSSRV - ok
12:02:39.0733 3352 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:02:39.0767 3352 MsMpSvc - ok
12:02:39.0854 3352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:39.0913 3352 MSPCLOCK - ok
12:02:39.0961 3352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:02:40.0015 3352 MSPQM - ok
12:02:40.0407 3352 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:02:40.0534 3352 MsRPC - ok
12:02:40.0780 3352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:02:40.0813 3352 mssmbios - ok
12:02:40.0907 3352 MSSQL$MSSMLBIZ - ok
12:02:41.0235 3352 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:02:41.0281 3352 MSSQLServerADHelper - ok
12:02:41.0386 3352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:02:41.0428 3352 MSTEE - ok
12:02:41.0477 3352 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:02:41.0493 3352 Mup - ok
12:02:42.0009 3352 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:02:42.0069 3352 napagent - ok
12:02:42.0599 3352 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:02:42.0641 3352 NativeWifiP - ok
12:02:42.0998 3352 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:02:43.0101 3352 NDIS - ok
12:02:43.0275 3352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:43.0337 3352 NdisTapi - ok
12:02:43.0575 3352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:43.0638 3352 Ndisuio - ok
12:02:44.0004 3352 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:44.0061 3352 NdisWan - ok
12:02:44.0125 3352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:02:44.0168 3352 NDProxy - ok
12:02:44.0199 3352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:02:44.0236 3352 NetBIOS - ok
12:02:44.0335 3352 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:02:44.0462 3352 netbt - ok
12:02:44.0496 3352 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:44.0516 3352 Netlogon - ok
12:02:44.0549 3352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:02:44.0598 3352 Netman - ok
12:02:44.0649 3352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:02:44.0709 3352 netprofm - ok
12:02:44.0948 3352 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:44.0995 3352 NetTcpPortSharing - ok
12:02:45.0046 3352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:02:45.0061 3352 nfrd960 - ok
12:02:45.0120 3352 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:02:45.0134 3352 NisDrv - ok
12:02:45.0218 3352 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:02:45.0242 3352 NisSrv - ok
12:02:45.0290 3352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:02:45.0330 3352 NlaSvc - ok
12:02:45.0402 3352 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:02:45.0429 3352 Npfs - ok
12:02:45.0455 3352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:02:45.0492 3352 nsi - ok
12:02:45.0522 3352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:02:45.0573 3352 nsiproxy - ok
12:02:46.0028 3352 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:02:46.0141 3352 Ntfs - ok
12:02:46.0230 3352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:02:46.0293 3352 ntrigdigi - ok
12:02:46.0325 3352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:02:46.0360 3352 Null - ok
12:02:46.0389 3352 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:02:46.0406 3352 nvraid - ok
12:02:46.0419 3352 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:02:46.0435 3352 nvstor - ok
12:02:46.0580 3352 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:02:46.0619 3352 nv_agp - ok
12:02:46.0647 3352 NwlnkFlt - ok
12:02:46.0667 3352 NwlnkFwd - ok
12:02:46.0723 3352 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
12:02:46.0795 3352 ohci1394 - ok
12:02:46.0871 3352 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:46.0886 3352 ose - ok
12:02:48.0243 3352 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:02:48.0578 3352 osppsvc - ok
12:02:49.0256 3352 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:49.0359 3352 p2pimsvc - ok
12:02:49.0372 3352 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:49.0406 3352 p2psvc - ok
12:02:49.0584 3352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
12:02:49.0705 3352 Parport - ok
12:02:49.0798 3352 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:02:49.0814 3352 partmgr - ok
12:02:49.0866 3352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
12:02:49.0936 3352 Parvdm - ok
12:02:49.0962 3352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:02:49.0980 3352 PcaSvc - ok
12:02:50.0033 3352 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:02:50.0053 3352 pci - ok
12:02:50.0074 3352 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:02:50.0089 3352 pciide - ok
12:02:50.0129 3352 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
12:02:50.0152 3352 pcmcia - ok
12:02:50.0192 3352 pdfcDispatcher - ok
12:02:51.0035 3352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:02:51.0253 3352 PEAUTH - ok
12:02:51.0820 3352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:02:51.0951 3352 pla - ok
12:02:52.0307 3352 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:02:52.0360 3352 PlugPlay - ok
12:02:52.0465 3352 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:52.0514 3352 PNRPAutoReg - ok
12:02:52.0525 3352 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:52.0552 3352 PNRPsvc - ok
12:02:52.0596 3352 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:02:52.0647 3352 PolicyAgent - ok
12:02:52.0693 3352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:02:52.0728 3352 PptpMiniport - ok
12:02:52.0772 3352 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:02:52.0829 3352 Processor - ok
12:02:52.0928 3352 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:02:52.0957 3352 ProfSvc - ok
12:02:52.0994 3352 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:53.0011 3352 ProtectedStorage - ok
12:02:53.0055 3352 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:02:53.0081 3352 PSched - ok
12:02:53.0108 3352 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
12:02:53.0128 3352 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:02:53.0128 3352 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:02:53.0282 3352 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:02:53.0388 3352 ql2300 - ok
12:02:53.0504 3352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:02:53.0524 3352 ql40xx - ok
12:02:53.0611 3352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:02:53.0667 3352 QWAVE - ok
12:02:53.0695 3352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:02:53.0716 3352 QWAVEdrv - ok
12:02:54.0269 3352 R300 (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys
12:02:54.0425 3352 R300 - ok
12:02:54.0982 3352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:02:55.0020 3352 RasAcd - ok
12:02:55.0054 3352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:02:55.0086 3352 RasAuto - ok
12:02:55.0125 3352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:55.0154 3352 Rasl2tp - ok
12:02:55.0245 3352 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:02:55.0281 3352 RasMan - ok
12:02:55.0323 3352 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:55.0367 3352 RasPppoe - ok
12:02:55.0430 3352 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:02:55.0454 3352 RasSstp - ok
12:02:55.0612 3352 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:02:55.0642 3352 rdbss - ok
12:02:55.0658 3352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:55.0704 3352 RDPCDD - ok
12:02:55.0975 3352 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:02:56.0043 3352 rdpdr - ok
12:02:56.0054 3352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:02:56.0088 3352 RDPENCDD - ok
12:02:56.0343 3352 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:02:56.0412 3352 RDPWD - ok
12:02:56.0457 3352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:02:56.0535 3352 RemoteAccess - ok
12:02:56.0606 3352 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:02:56.0631 3352 RemoteRegistry - ok
12:02:56.0833 3352 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:02:56.0859 3352 RFCOMM - ok
12:02:57.0321 3352 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:02:57.0368 3352 RoxMediaDB9 - ok
12:02:57.0424 3352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:02:57.0440 3352 RpcLocator - ok
12:02:57.0548 3352 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:02:57.0602 3352 RpcSs - ok
12:02:57.0659 3352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:02:57.0695 3352 rspndr - ok
12:02:57.0838 3352 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:57.0871 3352 SamSs - ok
12:02:57.0951 3352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:02:57.0969 3352 sbp2port - ok
12:02:58.0025 3352 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:02:58.0054 3352 SCardSvr - ok
12:02:58.0395 3352 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:02:58.0494 3352 Schedule - ok
12:02:58.0525 3352 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:02:58.0560 3352 SCPolicySvc - ok
12:02:58.0589 3352 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
12:02:58.0640 3352 sdbus - ok
12:02:58.0672 3352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:02:58.0712 3352 SDRSVC - ok
12:02:58.0741 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:02:58.0792 3352 secdrv - ok
12:02:58.0810 3352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:02:58.0842 3352 seclogon - ok
12:02:58.0860 3352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:02:58.0892 3352 SENS - ok
12:02:58.0914 3352 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:02:58.0966 3352 Serenum - ok
12:02:59.0003 3352 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:02:59.0056 3352 Serial - ok
12:02:59.0102 3352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:02:59.0133 3352 sermouse - ok
12:02:59.0184 3352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:02:59.0220 3352 SessionEnv - ok
12:02:59.0321 3352 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
12:02:59.0326 3352 sesvc ( UnsignedFile.Multi.Generic ) - warning
12:02:59.0326 3352 sesvc - detected UnsignedFile.Multi.Generic (1)
12:02:59.0356 3352 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
12:02:59.0371 3352 sfdrv01 - ok
12:02:59.0397 3352 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:02:59.0461 3352 sffdisk - ok
12:02:59.0509 3352 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:02:59.0577 3352 sffp_mmc - ok
12:02:59.0607 3352 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:02:59.0697 3352 sffp_sd - ok
12:02:59.0734 3352 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
12:02:59.0749 3352 sfhlp02 - ok
12:02:59.0798 3352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:02:59.0860 3352 sfloppy - ok
12:02:59.0911 3352 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
12:02:59.0927 3352 sfvfs02 - ok
12:02:59.0955 3352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:03:00.0002 3352 SharedAccess - ok
12:03:00.0155 3352 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:03:00.0207 3352 ShellHWDetection - ok
12:03:00.0326 3352 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:03:00.0352 3352 sisagp - ok
12:03:00.0379 3352 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:03:00.0393 3352 SiSRaid2 - ok
12:03:00.0416 3352 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:03:00.0430 3352 SiSRaid4 - ok
12:03:01.0100 3352 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:03:01.0374 3352 slsvc - ok
12:03:02.0054 3352 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:03:02.0115 3352 SLUINotify - ok
12:03:02.0329 3352 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:03:02.0362 3352 Smb - ok
12:03:02.0405 3352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:03:02.0468 3352 SNMPTRAP - ok
12:03:02.0487 3352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:03:02.0502 3352 spldr - ok
12:03:02.0528 3352 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:03:02.0553 3352 Spooler - ok
12:03:02.0655 3352 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
12:03:02.0655 3352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:03:02.0658 3352 sptd ( LockedFile.Multi.Generic ) - warning
12:03:02.0658 3352 sptd - detected LockedFile.Multi.Generic (1)
12:03:02.0943 3352 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:03:02.0985 3352 SQLBrowser - ok
12:03:03.0049 3352 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:03:03.0066 3352 SQLWriter - ok
12:03:03.0350 3352 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:03:03.0466 3352 srv - ok
12:03:03.0649 3352 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:03:03.0704 3352 srv2 - ok
12:03:03.0745 3352 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:03:03.0785 3352 srvnet - ok
12:03:03.0825 3352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:03:03.0868 3352 SSDPSRV - ok
12:03:03.0906 3352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:03:03.0924 3352 SstpSvc - ok
12:03:03.0983 3352 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:03:04.0021 3352 stisvc - ok
12:03:04.0229 3352 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:03:04.0237 3352 stllssvr ( UnsignedFile.Multi.Generic ) - warning
12:03:04.0237 3352 stllssvr - detected UnsignedFile.Multi.Generic (1)
12:03:04.0266 3352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:03:04.0281 3352 swenum - ok
12:03:04.0332 3352 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:03:04.0368 3352 swprv - ok
12:03:04.0429 3352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:03:04.0444 3352 Symc8xx - ok
12:03:04.0471 3352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:03:04.0486 3352 Sym_hi - ok
12:03:04.0513 3352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:03:04.0531 3352 Sym_u3 - ok
12:03:04.0843 3352 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
12:03:04.0992 3352 SynTP - ok
12:03:05.0637 3352 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:03:05.0734 3352 SysMain - ok
12:03:05.0770 3352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:03:05.0801 3352 TabletInputService - ok
12:03:05.0976 3352 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:03:06.0004 3352 TapiSrv - ok
12:03:06.0044 3352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:03:06.0089 3352 TBS - ok
12:03:07.0017 3352 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
12:03:07.0127 3352 Tcpip - ok
12:03:07.0168 3352 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
12:03:07.0240 3352 Tcpip6 - ok
12:03:07.0332 3352 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
12:03:07.0381 3352 tcpipreg - ok
12:03:07.0481 3352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:03:07.0530 3352 TDPIPE - ok
12:03:07.0604 3352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:03:07.0646 3352 TDTCP - ok
12:03:07.0829 3352 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:03:07.0870 3352 tdx - ok
12:03:07.0960 3352 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:03:08.0005 3352 TermDD - ok
12:03:08.0242 3352 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:03:08.0301 3352 TermService - ok
12:03:08.0348 3352 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:03:08.0378 3352 Themes - ok
12:03:08.0406 3352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:03:08.0438 3352 THREADORDER - ok
12:03:08.0538 3352 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
12:03:08.0552 3352 TPM - ok
12:03:08.0572 3352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:03:08.0605 3352 TrkWks - ok
12:03:08.0739 3352 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:03:08.0784 3352 TrustedInstaller - ok
12:03:08.0888 3352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:03:08.0920 3352 tssecsrv - ok
12:03:08.0968 3352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:03:08.0983 3352 tunmp - ok
12:03:09.0017 3352 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:03:09.0032 3352 tunnel - ok
12:03:09.0074 3352 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:03:09.0090 3352 uagp35 - ok
12:03:09.0126 3352 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:03:09.0157 3352 udfs - ok
12:03:09.0194 3352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:03:09.0232 3352 UI0Detect - ok
12:03:09.0238 3352 UIUSys - ok
12:03:09.0268 3352 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:03:09.0284 3352 uliagpkx - ok
12:03:09.0322 3352 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:03:09.0341 3352 uliahci - ok
12:03:09.0365 3352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:03:09.0380 3352 UlSata - ok
12:03:09.0400 3352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:03:09.0415 3352 ulsata2 - ok
12:03:09.0454 3352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:03:09.0489 3352 umbus - ok
12:03:09.0530 3352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:03:09.0566 3352 upnphost - ok
12:03:09.0651 3352 USB28xxBGA (94c4efca2786491e1d7de335356b3e78) C:\Windows\system32\DRIVERS\emBDA.sys
12:03:09.0712 3352 USB28xxBGA - ok
12:03:09.0727 3352 USB28xxOEM (c1743b02161ed76e15028f0591f6c753) C:\Windows\system32\DRIVERS\emOEM.sys
12:03:09.0744 3352 USB28xxOEM - ok
12:03:09.0772 3352 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys
12:03:09.0787 3352 usbbus - ok
12:03:09.0838 3352 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
12:03:09.0895 3352 usbccgp - ok
12:03:09.0913 3352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:03:09.0971 3352 usbcir - ok
12:03:10.0042 3352 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:03:10.0056 3352 UsbDiag - ok
12:03:10.0096 3352 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:03:10.0122 3352 usbehci - ok
12:03:10.0154 3352 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:03:10.0185 3352 usbhub - ok
12:03:10.0191 3352 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:03:10.0208 3352 USBModem - ok
12:03:10.0225 3352 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:03:10.0252 3352 usbohci - ok
12:03:10.0279 3352 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:03:10.0341 3352 usbprint - ok
12:03:10.0377 3352 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:03:10.0404 3352 USBSTOR - ok
12:03:10.0435 3352 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:03:10.0498 3352 usbuhci - ok
12:03:10.0583 3352 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:03:10.0622 3352 UxSms - ok
12:03:10.0732 3352 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
12:03:10.0768 3352 VClone - ok
12:03:10.0835 3352 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:03:10.0875 3352 vds - ok
12:03:10.0979 3352 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:03:11.0041 3352 vga - ok
12:03:11.0114 3352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:03:11.0173 3352 VgaSave - ok
12:03:11.0305 3352 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:03:11.0324 3352 viaagp - ok
12:03:11.0433 3352 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:03:11.0548 3352 ViaC7 - ok
12:03:11.0611 3352 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:03:11.0644 3352 viaide - ok
12:03:11.0676 3352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:03:11.0693 3352 volmgr - ok
12:03:12.0001 3352 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:03:12.0054 3352 volmgrx - ok
12:03:12.0403 3352 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:03:12.0433 3352 volsnap - ok
12:03:12.0591 3352 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:03:12.0611 3352 vsmraid - ok
12:03:12.0966 3352 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:03:13.0098 3352 VSS - ok
12:03:13.0612 3352 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:03:13.0650 3352 W32Time - ok
12:03:13.0850 3352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:03:13.0922 3352 WacomPen - ok
12:03:13.0986 3352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:14.0013 3352 Wanarp - ok
12:03:14.0019 3352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:14.0048 3352 Wanarpv6 - ok
12:03:14.0323 3352 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:03:14.0392 3352 wcncsvc - ok
12:03:14.0432 3352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:03:14.0467 3352 WcsPlugInService - ok
12:03:14.0531 3352 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:03:14.0550 3352 Wd - ok
12:03:14.0842 3352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:03:14.0916 3352 Wdf01000 - ok
12:03:14.0981 3352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:03:15.0058 3352 WdiServiceHost - ok
12:03:15.0072 3352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:03:15.0155 3352 WdiSystemHost - ok
12:03:15.0643 3352 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:03:15.0691 3352 WebClient - ok
12:03:15.0914 3352 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:03:15.0962 3352 Wecsvc - ok
12:03:16.0002 3352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:03:16.0031 3352 wercplsupport - ok
12:03:16.0135 3352 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:03:16.0195 3352 WerSvc - ok
12:03:16.0339 3352 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
12:03:16.0384 3352 WimFltr - ok
12:03:16.0667 3352 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:03:16.0784 3352 winachsf - ok
12:03:17.0005 3352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:03:17.0030 3352 WinDefend - ok
12:03:17.0040 3352 WinHttpAutoProxySvc - ok
12:03:17.0217 3352 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:03:17.0248 3352 Winmgmt - ok
12:03:17.0360 3352 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:03:17.0491 3352 WinRM - ok
12:03:17.0613 3352 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:03:17.0665 3352 Wlansvc - ok
12:03:17.0700 3352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:03:17.0726 3352 WmiAcpi - ok
12:03:17.0914 3352 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:03:17.0944 3352 wmiApSrv - ok
12:03:18.0271 3352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:03:18.0364 3352 WMPNetworkSvc - ok
12:03:18.0409 3352 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:03:18.0443 3352 WPCSvc - ok
12:03:18.0482 3352 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:03:18.0504 3352 WPDBusEnum - ok
12:03:18.0583 3352 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:03:18.0600 3352 WpdUsb - ok
12:03:18.0768 3352 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:03:18.0824 3352 WPFFontCache_v0400 - ok
12:03:18.0885 3352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:03:18.0920 3352 ws2ifsl - ok
12:03:19.0042 3352 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:03:19.0081 3352 wscsvc - ok
12:03:19.0099 3352 WSearch - ok
12:03:19.0264 3352 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:03:19.0384 3352 wuauserv - ok
12:03:19.0517 3352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:03:19.0550 3352 WUDFRd - ok
12:03:19.0585 3352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:03:19.0620 3352 wudfsvc - ok
12:03:19.0682 3352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:03:20.0242 3352 \Device\Harddisk0\DR0 - ok
12:03:20.0248 3352 Boot (0x1200) (43d6fe2d0345951f003c04f35f764cd4) \Device\Harddisk0\DR0\Partition0
12:03:20.0249 3352 \Device\Harddisk0\DR0\Partition0 - ok
12:03:20.0265 3352 Boot (0x1200) (af9948a19f419d53cb915043d0b5a139) \Device\Harddisk0\DR0\Partition1
12:03:20.0267 3352 \Device\Harddisk0\DR0\Partition1 - ok
12:03:20.0267 3352 ============================================================
12:03:20.0267 3352 Scan finished
12:03:20.0267 3352 ============================================================
12:03:20.0287 4500 Detected object count: 9
12:03:20.0287 4500 Actual detected object count: 9
12:03:30.0624 4500 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0624 4500 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0625 4500 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0625 4500 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0636 4500 EPGService ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0636 4500 EPGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0644 4500 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0644 4500 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0648 4500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0648 4500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0655 4500 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0655 4500 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0656 4500 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0656 4500 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:30.0661 4500 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:03:30.0662 4500 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:03:30.0666 4500 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:30.0666 4500 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.06.2012, 12:46
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 22:14
| #15 |
| | Verschlüsselungstrojaner in Quarantäne verschieben Hey, hier ist das log. Entschuldigung, dass es so lange gedauert hat, ich habe übermorgen mein müdl. Abi und viel stress.. Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - HP-User 02.07.2012 22:43:55.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1919.1105 [GMT 2:00]
ausgeführt von:: c:\users\HP-User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\newdnswatch
c:\users\HP-User\4.0
c:\users\HP-User\AppData\Roaming\Adobe\plugs
c:\users\HP-User\AppData\Roaming\Adobe\plugs\qrqylXUdOQoEpsGGJO
c:\users\HP-User\AppData\Roaming\Adobe\plugs\VpVVgJooTessvrjAlTUd
c:\users\HP-User\AppData\Roaming\Adobe\shed
c:\users\HP-User\AppData\Roaming\Adobe\shed\EvoEasttJrjjDaddNu
c:\users\HP-User\Documents\~WRL0003.tmp
c:\users\HP-User\Documents\~WRL0152.tmp
c:\users\HP-User\Documents\~WRL1002.tmp
c:\users\HP-User\Documents\~WRL3735.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-02 20:51 . 2012-07-02 20:56 -------- d-----w- c:\users\HP-User\AppData\Local\temp
2012-07-02 20:51 . 2012-07-02 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 20:51 . 2012-07-02 20:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-02 18:40 . 2012-07-02 18:40 -------- d-----w- c:\program files\SmartPCFixer
2012-07-02 14:24 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FAC90B2-78E0-4705-A17F-B05E982C7E50}\mpengine.dll
2012-07-01 17:09 . 2012-07-01 17:09 -------- d-----w- c:\program files\Recuva
2012-07-01 11:31 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-26 09:50 . 2012-06-26 09:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 21:54 . 2012-06-25 13:08 -------- d-----w- C:\_OTL
2012-06-23 21:57 . 2012-06-23 21:57 -------- d-----w- c:\programdata\WindowsSearch
2012-06-23 12:00 . 2012-06-23 12:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-23 12:00 . 2012-06-23 12:00 -------- d-----w- c:\program files\LSoft Technologies
2012-06-23 11:59 . 2012-06-23 11:59 -------- d-----w- c:\program files\Yontoo
2012-06-23 11:59 . 2012-06-23 11:59 -------- d-----w- c:\programdata\Tarma Installer
2012-06-19 13:06 . 2012-06-19 13:06 -------- d-----w- c:\program files\ESET
2012-06-18 17:56 . 2012-06-18 17:56 -------- d-----w- c:\program files\7-Zip
2012-06-16 21:27 . 2012-06-16 21:27 -------- d-----w- c:\users\HP-User\AppData\Roaming\www.shadowexplorer.com
2012-06-16 21:26 . 2012-06-16 21:26 -------- d-----w- c:\program files\ShadowExplorer
2012-06-16 11:31 . 2012-06-16 11:31 -------- d-----w- c:\users\HP-User\AppData\Roaming\Malwarebytes
2012-06-15 21:00 . 2012-06-15 21:00 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Games
2012-06-14 20:30 . 2012-06-14 20:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-06-14 20:29 . 2012-06-14 20:29 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 20:29 . 2012-06-14 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 20:29 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 19:34 . 2012-06-13 19:34 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2012-06-13 17:45 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:45 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:45 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:45 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:30 . 2012-06-16 11:11 -------- d-----w- c:\users\HP-User\AppData\Roaming\Ffptne
2012-06-13 11:13 . 2012-02-10 17:15 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBEE596-B4A0-4120-A9B1-3AE7011F29F0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-19 13:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 13:06 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 13:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 13:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 13:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 13:06 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 13:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 13:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 13:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 21:32 . 2010-10-22 17:16 744960 ----a-w- c:\windows\system32\IR41_32.DLL
2012-05-18 21:24 . 2010-10-22 17:19 744960 ----a-w- c:\windows\system32\ir41_32.sav
2012-05-15 19:51 . 2012-06-13 17:44 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-04-19 15:07 . 2012-04-19 15:07 159482 ----a-w- c:\windows\RTL Racing Team Manager Patch 1.05 Uninstaller.exe
2012-04-17 14:06 . 2012-04-17 14:04 242023 ----a-w- c:\windows\RTL Racing Team Manager Uninstaller.exe
2011-11-21 04:21 . 2011-12-06 19:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-05-23 3029344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-18 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-08-05 688128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
.
c:\users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HP-User\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-3-5 110647]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-3-3 192512]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 14:26]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 14:26]
.
2012-07-02 c:\windows\Tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HP-User\AppData\Roaming\Mozilla\Firefox\Profiles\1xgaqubj.default\
FF - user.js: extentions.y2layers.installId - 41d619c7-3979-4b07-afe0-aa21a2b226d6
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-Dropbox - c:\users\HP-User\AppData\Roaming\Dropbox\bin\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(4924)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\progra~1\WinTV\EPG Services\System\EPGService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\ShadowExplorer\sesvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\scheduler.exe
c:\program files\WinTV\EPG Services\System\EPGClient.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02 23:04:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-02 21:02
.
Vor Suchlauf: 22 Verzeichnis(se), 49.525.272.576 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 49.342.357.504 Bytes frei
.
- - End Of File - - E70EFC6A1A723A54A4415CC5DF6C1D55
|
|
| Themen zu Verschlüsselungstrojaner in Quarantäne verschieben |
| dateisystem, gefunde, geschaft, heuristiks/extra, heuristiks/shuriken, laptop, malwarebytes, quarantäne, quarantäneverschieben, recycle.bin, schritte, verschieben, verschlüsselungs, verschlüsselungs trojaner, verschlüsselungstrojaner, zwei trojaner |
Hybrid-Darstellung
