|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner in Quarantäne verschiebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.06.2012, 18:47 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben So ein Mist... Bitte mal eine OTLPE-CD erstellen und den Rechner dann von dieser CD booten ( Wie boote ich von einer CD? ) Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.06.2012, 14:13 | #17 |
| Verschlüsselungstrojaner in Quarantäne verschieben Habs durchgeführt wie beschrieben. Es hat nur eine otl Datei erstellt.
__________________ |
23.06.2012, 14:15 | #18 |
| Verschlüsselungstrojaner in Quarantäne verschieben OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 6/23/2012 3:26:41 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.91 Gb Total Space | 46.27 Gb Free Space | 33.07% Space Free | Partition Type: NTFS Drive D: | 1.55 Gb Total Space | 0.01 Gb Free Space | 0.57% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/03/26 11:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/03/18 14:06:54 | 000,204,883 | ---- | M] () [Auto] -- C:\Program Files\Samsung\Samsung Networking Wizard\ICM_Service.exe -- (ICM_UpdaterService) SRV - [2011/01/02 15:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2009/02/23 06:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008/08/27 09:11:26 | 000,442,880 | ---- | M] (Hauppauge Computer Works) [Auto] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007/02/06 05:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (UIUSys) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (EagleNT) DRV - [2012/06/23 08:00:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd) DRV - [2012/03/20 14:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/02/24 19:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009/04/29 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/02/03 11:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/09/25 13:56:18 | 000,132,224 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2008/09/25 10:16:40 | 000,559,616 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2008/09/04 00:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/09/04 00:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/09/04 00:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/01/23 04:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/02/08 13:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2007/02/02 12:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM) DRV - [2006/11/01 19:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006/10/30 07:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\HP-User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\HP-User_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\HP-User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\HP-User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 15:44:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/06 15:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions [2011/12/06 15:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/11/21 00:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/20 21:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/11/20 21:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/20 21:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/20 21:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/20 21:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/20 21:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKU\HP-User_ON_C\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [EPGServiceTool] C:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [] File not found O4 - HKU\Administrator_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\HP-User_ON_C..\Run: [] File not found O4 - HKU\HP-User_ON_C..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\HP-User_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\ojhqjj\setup.exe) - File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/23 08:04:07 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\HP-User\Desktop\OTLPENet.exe [2012/06/23 08:00:50 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys [2012/06/23 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies [2012/06/23 08:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2012/06/23 07:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012/06/23 07:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/06/23 07:59:22 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Users\HP-User\Documents\IsoBurner-Setup.exe [2012/06/19 09:06:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/19 09:06:48 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/19 09:06:28 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/19 09:06:28 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/19 09:06:28 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/19 09:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/19 09:06:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/19 09:06:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/18 13:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/06/18 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012/06/16 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\HP-User\Desktop\verschobene Dateien fertig [2012/06/16 17:27:00 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\www.shadowexplorer.com [2012/06/16 17:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012/06/16 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer [2012/06/16 14:56:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\HP-User\Desktop\OTL.exe [2012/06/16 07:31:48 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\Malwarebytes [2012/06/15 17:00:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games [2012/06/14 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012/06/14 16:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/14 16:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/14 16:29:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/14 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/13 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google [2012/06/13 15:34:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2012/06/13 13:44:15 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/06/13 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\HP-User\AppData\Roaming\Ffptne [2012/05/31 11:12:08 | 000,000,000 | ---D | C] -- C:\Users\HP-User\Documents\OneNote-Notizbücher [2012/05/29 13:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source [2012/05/29 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike Source [2012/05/29 12:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2012/05/29 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012/05/29 10:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012/05/29 10:18:34 | 000,000,000 | RH-D | C] -- C:\MSOCache [4 C:\Users\HP-User\Documents\*.tmp files -> C:\Users\HP-User\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/23 08:14:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/23 08:14:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/23 08:14:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/23 08:14:10 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/06/23 08:12:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job [2012/06/23 08:04:08 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\HP-User\Desktop\OTLPENet.exe [2012/06/23 08:00:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2012/06/23 07:58:52 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Users\HP-User\Documents\IsoBurner-Setup.exe [2012/06/23 07:58:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/23 03:59:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/23 03:58:43 | 2012,536,832 | -HS- | M] () -- C:\hiberfil.sys [2012/06/21 10:30:18 | 000,001,356 | ---- | M] () -- C:\Users\HP-User\AppData\Local\d3d9caps.dat [2012/06/19 10:08:52 | 000,001,145 | ---- | M] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/06/18 13:57:27 | 000,016,697 | ---- | M] () -- C:\Users\HP-User\Desktop\Desktop.zip [2012/06/18 13:56:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/06/17 13:09:19 | 000,001,186 | ---- | M] () -- C:\Users\HP-User\Desktop\Dropbox.lnk [2012/06/16 20:23:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2012/06/16 19:06:48 | 000,055,296 | ---- | M] () -- C:\Users\HP-User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/16 17:51:26 | 000,002,587 | ---- | M] () -- C:\Users\HP-User\Desktop\Networking Wizard.lnk [2012/06/16 17:26:47 | 000,001,682 | ---- | M] () -- C:\Users\HP-User\Desktop\ShadowExplorer.lnk [2012/06/16 17:26:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012/06/16 15:28:25 | 000,302,592 | ---- | M] () -- C:\Users\HP-User\Desktop\bd1veuvo.exe [2012/06/16 14:56:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HP-User\Desktop\OTL.exe [2012/06/16 14:54:28 | 000,050,477 | ---- | M] () -- C:\Users\HP-User\Desktop\Defogger.exe [2012/06/15 15:15:49 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/06/14 16:30:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/14 16:30:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/13 14:08:13 | 000,441,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/13 13:59:16 | 000,698,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/06/13 13:59:16 | 000,653,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/13 13:59:16 | 000,155,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/06/13 13:59:16 | 000,126,560 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/10 13:35:57 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000830.LCS [2012/06/05 08:44:42 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/02 04:35:42 | 000,000,953 | ---- | M] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/05/29 13:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source [2012/05/29 12:35:04 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012/05/29 12:34:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2012/05/29 10:28:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/05/28 14:48:04 | 000,000,000 | ---- | M] () -- C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg [4 C:\Users\HP-User\Documents\*.tmp files -> C:\Users\HP-User\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 10:32:34 | 2012,536,832 | -HS- | C] () -- C:\hiberfil.sys [2012/06/18 13:57:27 | 000,016,697 | ---- | C] () -- C:\Users\HP-User\Desktop\Desktop.zip [2012/06/17 13:09:19 | 000,001,186 | ---- | C] () -- C:\Users\HP-User\Desktop\Dropbox.lnk [2012/06/16 17:26:47 | 000,001,682 | ---- | C] () -- C:\Users\HP-User\Desktop\ShadowExplorer.lnk [2012/06/16 15:28:21 | 000,302,592 | ---- | C] () -- C:\Users\HP-User\Desktop\bd1veuvo.exe [2012/06/16 14:54:28 | 000,050,477 | ---- | C] () -- C:\Users\HP-User\Desktop\Defogger.exe [2012/06/15 15:15:49 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/06/14 16:30:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/05/31 11:12:16 | 000,001,145 | ---- | C] () -- C:\Users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/05/29 12:35:04 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012/04/19 11:07:29 | 000,159,482 | ---- | C] () -- C:\Windows\RTL Racing Team Manager Patch 1.05 Uninstaller.exe [2012/04/17 10:04:41 | 000,242,023 | ---- | C] () -- C:\Windows\RTL Racing Team Manager Uninstaller.exe [2011/11/29 11:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/11/29 11:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/11/29 11:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/11/29 11:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011/09/08 14:46:10 | 000,000,556 | ---- | C] () -- C:\Windows\eReg.dat [2011/09/05 16:51:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/07/30 11:11:10 | 000,000,120 | ---- | C] () -- C:\Users\HP-User\AppData\Local\Groxucu.dat [2011/07/30 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\Pwilo.bin [2010/07/31 18:53:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/07/31 14:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/07/31 14:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/07/06 16:29:05 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg [2010/04/09 08:05:09 | 000,001,356 | ---- | C] () -- C:\Users\HP-User\AppData\Local\d3d9caps.dat [2010/03/10 14:48:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/03/05 12:10:36 | 000,055,296 | ---- | C] () -- C:\Users\HP-User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/05 10:18:44 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2010/03/05 10:18:40 | 000,000,053 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2010/03/05 10:18:37 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2010/03/05 10:18:08 | 000,033,117 | ---- | C] () -- C:\Windows\Irremote.ini [2010/03/05 10:17:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2010/03/05 10:17:23 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI [2010/03/05 10:17:23 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/03/05 10:17:20 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2010/03/05 10:16:46 | 000,002,628 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu [2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX [2010/03/03 10:37:42 | 000,000,000 | ---- | C] () -- C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA [2010/03/03 10:26:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2010/03/03 10:26:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2010/03/03 10:26:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2010/03/03 10:26:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2010/03/03 10:26:27 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2010/03/03 10:26:27 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007/03/29 07:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007/02/02 12:01:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/02/02 11:38:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007/01/30 08:21:34 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/09 12:42:33 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006/11/02 11:38:05 | 000,698,096 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 11:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 11:38:05 | 000,155,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 11:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:44:53 | 000,441,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:33:01 | 000,653,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,126,560 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2011/09/08 17:18:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3 [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2011/11/03 14:05:46 | 000,000,000 | ---D | M] -- C:\ProgramData\DesktopIcons [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2010/03/10 14:23:26 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2010/10/15 16:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2012/06/13 08:36:23 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution [2012/05/20 09:56:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2012/06/23 07:59:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/12/18 14:08:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012/04/23 11:33:09 | 000,000,000 | ---D | M] -- C:\ProgramData\www.rene-zeidler.de [2011/12/18 13:52:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2007/06/30 01:46:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2012/06/23 08:14:10 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/23 08:12:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job ========== Purity Check ========== < End of report > |
24.06.2012, 16:23 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\ojhqjj\setup.exe) - File not found :Files C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
25.06.2012, 08:31 | #20 |
| Verschlüsselungstrojaner in Quarantäne verschieben Soll ich also wieder von der CD booten? oder einfach Otlpe starten? |
25.06.2012, 11:03 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Ja warum machen wir denn das ganze mit OTLPE? Mit dem normal installierte Windows funktioniert doch der Fix nicht!
__________________ --> Verschlüsselungstrojaner in Quarantäne verschieben |
25.06.2012, 14:05 | #22 |
| Verschlüsselungstrojaner in Quarantäne verschieben Hier ist die otl log vom fixen Code:
ATTFilter ========== OTL ========== Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\TEMP\ojhqjj\setup.exe deleted successfully. ========== FILES ========== C:\Users\HP-User\AppData\Local\xyGeJdqgsnUpgtnupAsDu moved successfully. C:\Users\HP-User\AppData\Local\sjtvaVjeJEfOeGopgyGuX moved successfully. C:\Users\HP-User\AppData\Local\LTLdsvsLgejtXgVA moved successfully. C:\Users\HP-User\AppData\Local\DNDEVTrxovTqGeJUyg moved successfully. ========== COMMANDS ========== HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 06252012_175430 das hochladen war erfolgreich Danke für die Hilfe |
25.06.2012, 14:51 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.06.2012, 15:01 | #24 |
| Verschlüsselungstrojaner in Quarantäne verschieben hier ist der log: Code:
ATTFilter 15:57:29.0791 0012 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 15:57:29.0851 0012 ============================================================ 15:57:29.0851 0012 Current date / time: 2012/06/25 15:57:29.0851 15:57:29.0851 0012 SystemInfo: 15:57:29.0851 0012 15:57:29.0851 0012 OS Version: 6.0.6002 ServicePack: 2.0 15:57:29.0851 0012 Product type: Workstation 15:57:29.0851 0012 ComputerName: HP-LAPTOP 15:57:29.0852 0012 UserName: HP-User 15:57:29.0852 0012 Windows directory: C:\Windows 15:57:29.0852 0012 System windows directory: C:\Windows 15:57:29.0852 0012 Processor architecture: Intel x86 15:57:29.0852 0012 Number of processors: 2 15:57:29.0852 0012 Page size: 0x1000 15:57:29.0852 0012 Boot type: Normal boot 15:57:29.0852 0012 ============================================================ 15:57:31.0766 0012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:57:31.0775 0012 Drive \Device\Harddisk1\DR1 - Size: 0x77400000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:57:31.0776 0012 ============================================================ 15:57:31.0776 0012 \Device\Harddisk0\DR0: 15:57:31.0780 0012 MBR partitions: 15:57:31.0780 0012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117D07C1 15:57:31.0780 0012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x126FF000, BlocksNum 0x31A000 15:57:31.0780 0012 \Device\Harddisk1\DR1: 15:57:31.0781 0012 MBR partitions: 15:57:31.0781 0012 ============================================================ 15:57:31.0783 0012 C: <-> \Device\Harddisk0\DR0\Partition0 15:57:31.0837 0012 E: <-> \Device\Harddisk0\DR0\Partition1 15:57:31.0837 0012 ============================================================ 15:57:31.0837 0012 Initialize success 15:57:31.0837 0012 ============================================================ 15:57:54.0317 2660 ============================================================ 15:57:54.0317 2660 Scan started 15:57:54.0317 2660 Mode: Manual; SigCheck; TDLFS; 15:57:54.0317 2660 ============================================================ 15:57:55.0144 2660 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys 15:57:55.0433 2660 acedrv11 - ok 15:57:55.0495 2660 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 15:57:55.0519 2660 ACPI - ok 15:57:55.0570 2660 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys 15:57:55.0647 2660 ADIHdAudAddService - ok 15:57:55.0713 2660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 15:57:55.0756 2660 adp94xx - ok 15:57:55.0798 2660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 15:57:55.0822 2660 adpahci - ok 15:57:55.0846 2660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 15:57:55.0864 2660 adpu160m - ok 15:57:55.0879 2660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 15:57:55.0900 2660 adpu320 - ok 15:57:55.0932 2660 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE 15:57:55.0991 2660 AEADIFilters - ok 15:57:56.0010 2660 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 15:57:56.0129 2660 AeLookupSvc - ok 15:57:56.0202 2660 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 15:57:56.0252 2660 AFD - ok 15:57:56.0286 2660 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe 15:57:56.0356 2660 AgereModemAudio - ok 15:57:56.0646 2660 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys 15:57:56.0889 2660 AgereSoftModem - ok 15:57:57.0037 2660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 15:57:57.0067 2660 agp440 - ok 15:57:57.0099 2660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 15:57:57.0118 2660 aic78xx - ok 15:57:57.0157 2660 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 15:57:57.0280 2660 ALG - ok 15:57:57.0291 2660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 15:57:57.0307 2660 aliide - ok 15:57:57.0333 2660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 15:57:57.0351 2660 amdagp - ok 15:57:57.0371 2660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 15:57:57.0387 2660 amdide - ok 15:57:57.0407 2660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 15:57:57.0525 2660 AmdK7 - ok 15:57:57.0555 2660 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 15:57:57.0613 2660 AmdK8 - ok 15:57:57.0661 2660 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 15:57:57.0726 2660 Appinfo - ok 15:57:57.0775 2660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 15:57:57.0813 2660 arc - ok 15:57:57.0844 2660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 15:57:57.0874 2660 arcsas - ok 15:57:57.0964 2660 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll 15:57:57.0978 2660 ASBroker ( UnsignedFile.Multi.Generic ) - warning 15:57:57.0978 2660 ASBroker - detected UnsignedFile.Multi.Generic (1) 15:57:58.0003 2660 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll 15:57:58.0028 2660 ASChannel ( UnsignedFile.Multi.Generic ) - warning 15:57:58.0028 2660 ASChannel - detected UnsignedFile.Multi.Generic (1) 15:57:58.0073 2660 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 15:57:58.0141 2660 AsyncMac - ok 15:57:58.0174 2660 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 15:57:58.0189 2660 atapi - ok 15:57:58.0253 2660 Ati External Event Utility (3481d12334f065bba19c16399c9cb171) C:\Windows\system32\Ati2evxx.exe 15:57:58.0325 2660 Ati External Event Utility - ok 15:57:58.0369 2660 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys 15:57:58.0413 2660 AtiPcie - ok 15:57:58.0461 2660 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 15:57:58.0483 2660 ATSWPDRV - ok 15:57:58.0552 2660 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:57:58.0608 2660 AudioEndpointBuilder - ok 15:57:58.0618 2660 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:57:58.0651 2660 Audiosrv - ok 15:57:58.0686 2660 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:57:58.0739 2660 b57nd60x - ok 15:57:58.0800 2660 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys 15:57:58.0887 2660 BCM43XV - ok 15:57:58.0906 2660 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys 15:57:58.0933 2660 BCM43XX - ok 15:57:59.0031 2660 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 15:57:59.0053 2660 BcmSqlStartupSvc - ok 15:57:59.0097 2660 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 15:57:59.0179 2660 Beep - ok 15:57:59.0283 2660 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 15:57:59.0370 2660 BFE - ok 15:57:59.0481 2660 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 15:57:59.0551 2660 BITS - ok 15:57:59.0557 2660 blbdrive - ok 15:57:59.0580 2660 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 15:57:59.0621 2660 bowser - ok 15:57:59.0659 2660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 15:57:59.0698 2660 BrFiltLo - ok 15:57:59.0718 2660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 15:57:59.0752 2660 BrFiltUp - ok 15:57:59.0793 2660 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 15:57:59.0836 2660 Browser - ok 15:57:59.0872 2660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 15:57:59.0928 2660 Brserid - ok 15:57:59.0946 2660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 15:58:00.0002 2660 BrSerWdm - ok 15:58:00.0050 2660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 15:58:00.0188 2660 BrUsbMdm - ok 15:58:00.0214 2660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 15:58:00.0288 2660 BrUsbSer - ok 15:58:00.0326 2660 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 15:58:00.0375 2660 BthEnum - ok 15:58:00.0422 2660 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 15:58:00.0447 2660 BTHMODEM - ok 15:58:00.0491 2660 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 15:58:00.0539 2660 BthPan - ok 15:58:00.0605 2660 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 15:58:00.0710 2660 BTHPORT - ok 15:58:00.0762 2660 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll 15:58:00.0835 2660 BthServ - ok 15:58:00.0875 2660 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 15:58:00.0929 2660 BTHUSB - ok 15:58:01.0016 2660 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 15:58:01.0031 2660 btwaudio - ok 15:58:01.0057 2660 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 15:58:01.0072 2660 btwavdt - ok 15:58:01.0102 2660 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 15:58:01.0115 2660 btwrchid - ok 15:58:01.0154 2660 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 15:58:01.0199 2660 cdfs - ok 15:58:01.0252 2660 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 15:58:01.0299 2660 cdrom - ok 15:58:01.0354 2660 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:58:01.0401 2660 CertPropSvc - ok 15:58:01.0470 2660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 15:58:01.0539 2660 circlass - ok 15:58:01.0766 2660 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 15:58:01.0799 2660 CLFS - ok 15:58:01.0886 2660 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:58:01.0921 2660 clr_optimization_v2.0.50727_32 - ok 15:58:01.0988 2660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:58:02.0005 2660 clr_optimization_v4.0.30319_32 - ok 15:58:02.0068 2660 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 15:58:02.0114 2660 CmBatt - ok 15:58:02.0146 2660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 15:58:02.0160 2660 cmdide - ok 15:58:02.0283 2660 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 15:58:02.0304 2660 Com4QLBEx - ok 15:58:02.0326 2660 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 15:58:02.0343 2660 Compbatt - ok 15:58:02.0349 2660 COMSysApp - ok 15:58:02.0360 2660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 15:58:02.0376 2660 crcdisk - ok 15:58:02.0394 2660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 15:58:02.0465 2660 Crusoe - ok 15:58:02.0515 2660 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 15:58:02.0562 2660 CryptSvc - ok 15:58:02.0649 2660 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:58:02.0734 2660 DcomLaunch - ok 15:58:02.0774 2660 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 15:58:02.0805 2660 DfsC - ok 15:58:02.0943 2660 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 15:58:03.0154 2660 DFSR - ok 15:58:03.0330 2660 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 15:58:03.0378 2660 Dhcp - ok 15:58:03.0437 2660 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 15:58:03.0456 2660 disk - ok 15:58:03.0485 2660 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 15:58:03.0533 2660 Dnscache - ok 15:58:03.0571 2660 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 15:58:03.0615 2660 dot3svc - ok 15:58:03.0670 2660 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 15:58:03.0725 2660 DPS - ok 15:58:03.0767 2660 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 15:58:03.0810 2660 drmkaud - ok 15:58:03.0890 2660 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 15:58:03.0945 2660 DXGKrnl - ok 15:58:03.0993 2660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:58:04.0079 2660 E1G60 - ok 15:58:04.0111 2660 EagleNT - ok 15:58:04.0138 2660 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 15:58:04.0184 2660 EapHost - ok 15:58:04.0264 2660 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 15:58:04.0287 2660 Ecache - ok 15:58:04.0338 2660 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 15:58:04.0355 2660 ElbyCDIO - ok 15:58:04.0411 2660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 15:58:04.0451 2660 elxstor - ok 15:58:04.0524 2660 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 15:58:04.0635 2660 EMDMgmt - ok 15:58:04.0740 2660 EPGService (05aabf9eebc1850728e1e89516a8170d) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe 15:58:04.0941 2660 EPGService ( UnsignedFile.Multi.Generic ) - warning 15:58:04.0941 2660 EPGService - detected UnsignedFile.Multi.Generic (1) 15:58:04.0984 2660 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 15:58:05.0027 2660 EventSystem - ok 15:58:05.0116 2660 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 15:58:05.0134 2660 exfat - ok 15:58:05.0182 2660 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 15:58:05.0228 2660 fastfat - ok 15:58:05.0263 2660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 15:58:05.0338 2660 fdc - ok 15:58:05.0382 2660 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 15:58:05.0415 2660 fdPHost - ok 15:58:05.0445 2660 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 15:58:05.0520 2660 FDResPub - ok 15:58:05.0560 2660 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 15:58:05.0578 2660 FileInfo - ok 15:58:05.0597 2660 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 15:58:05.0650 2660 Filetrace - ok 15:58:05.0679 2660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 15:58:05.0748 2660 flpydisk - ok 15:58:05.0792 2660 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 15:58:05.0813 2660 FltMgr - ok 15:58:05.0902 2660 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 15:58:05.0973 2660 FontCache - ok 15:58:06.0055 2660 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:58:06.0072 2660 FontCache3.0.0.0 - ok 15:58:06.0107 2660 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 15:58:06.0169 2660 Fs_Rec - ok 15:58:06.0215 2660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 15:58:06.0232 2660 gagp30kx - ok 15:58:06.0303 2660 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 15:58:06.0362 2660 gpsvc - ok 15:58:06.0415 2660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:58:06.0434 2660 gupdate - ok 15:58:06.0441 2660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:58:06.0457 2660 gupdatem - ok 15:58:06.0513 2660 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:58:06.0532 2660 gusvc - ok 15:58:06.0565 2660 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys 15:58:06.0586 2660 HBtnKey - ok 15:58:06.0620 2660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 15:58:06.0695 2660 HdAudAddService - ok 15:58:06.0930 2660 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:58:07.0012 2660 HDAudBus - ok 15:58:07.0037 2660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 15:58:07.0115 2660 HidBth - ok 15:58:07.0144 2660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 15:58:07.0203 2660 HidIr - ok 15:58:07.0244 2660 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 15:58:07.0284 2660 hidserv - ok 15:58:07.0330 2660 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 15:58:07.0394 2660 HidUsb - ok 15:58:07.0428 2660 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 15:58:07.0467 2660 hkmsvc - ok 15:58:07.0535 2660 HP Health Check Service (2ceeb349216febd91a907013d4abcff7) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 15:58:07.0551 2660 HP Health Check Service - ok 15:58:07.0573 2660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 15:58:07.0591 2660 HpCISSs - ok 15:58:07.0620 2660 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 15:58:07.0661 2660 HpqKbFiltr - ok 15:58:07.0705 2660 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 15:58:07.0727 2660 hpqwmiex - ok 15:58:07.0769 2660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:58:07.0811 2660 HSFHWAZL - ok 15:58:07.0889 2660 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 15:58:08.0047 2660 HSF_DPV - ok 15:58:08.0105 2660 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys 15:58:08.0183 2660 HTTP - ok 15:58:08.0231 2660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 15:58:08.0249 2660 i2omp - ok 15:58:08.0290 2660 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 15:58:08.0345 2660 i8042prt - ok 15:58:08.0390 2660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 15:58:08.0415 2660 iaStorV - ok 15:58:08.0539 2660 ICM_UpdaterService (99730c456c8ff7a544d23445c7eeda4a) C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe 15:58:08.0667 2660 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning 15:58:08.0667 2660 ICM_UpdaterService - detected UnsignedFile.Multi.Generic (1) 15:58:08.0758 2660 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:58:08.0799 2660 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:58:08.0799 2660 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:58:08.0913 2660 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:58:08.0975 2660 idsvc - ok 15:58:09.0078 2660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 15:58:09.0096 2660 iirsp - ok 15:58:09.0157 2660 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 15:58:09.0238 2660 IKEEXT - ok 15:58:09.0265 2660 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 15:58:09.0282 2660 intelide - ok 15:58:09.0306 2660 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 15:58:09.0363 2660 intelppm - ok 15:58:09.0396 2660 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 15:58:09.0439 2660 IPBusEnum - ok 15:58:09.0470 2660 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:58:09.0512 2660 IpFilterDriver - ok 15:58:09.0543 2660 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 15:58:09.0581 2660 iphlpsvc - ok 15:58:09.0586 2660 IpInIp - ok 15:58:09.0613 2660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 15:58:09.0678 2660 IPMIDRV - ok 15:58:09.0715 2660 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 15:58:09.0764 2660 IPNAT - ok 15:58:09.0791 2660 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 15:58:09.0848 2660 IRENUM - ok 15:58:09.0897 2660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 15:58:09.0914 2660 isapnp - ok 15:58:09.0968 2660 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 15:58:09.0988 2660 iScsiPrt - ok 15:58:10.0001 2660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 15:58:10.0018 2660 iteatapi - ok 15:58:10.0036 2660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 15:58:10.0054 2660 iteraid - ok 15:58:10.0125 2660 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 15:58:10.0142 2660 IviRegMgr - ok 15:58:10.0165 2660 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:58:10.0184 2660 kbdclass - ok 15:58:10.0220 2660 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 15:58:10.0262 2660 kbdhid - ok 15:58:10.0302 2660 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:58:10.0355 2660 KeyIso - ok 15:58:10.0403 2660 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 15:58:10.0448 2660 KSecDD - ok 15:58:10.0531 2660 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 15:58:10.0610 2660 KtmRm - ok 15:58:10.0656 2660 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 15:58:10.0712 2660 LanmanServer - ok 15:58:10.0772 2660 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 15:58:10.0826 2660 LanmanWorkstation - ok 15:58:10.0898 2660 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:58:10.0915 2660 LightScribeService - ok 15:58:10.0965 2660 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 15:58:11.0008 2660 lltdio - ok 15:58:11.0051 2660 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 15:58:11.0102 2660 lltdsvc - ok 15:58:11.0129 2660 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 15:58:11.0211 2660 lmhosts - ok 15:58:11.0258 2660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 15:58:11.0277 2660 LSI_FC - ok 15:58:11.0295 2660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 15:58:11.0313 2660 LSI_SAS - ok 15:58:11.0344 2660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 15:58:11.0364 2660 LSI_SCSI - ok 15:58:11.0408 2660 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 15:58:11.0465 2660 luafv - ok 15:58:11.0493 2660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 15:58:11.0512 2660 megasas - ok 15:58:11.0535 2660 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:58:11.0573 2660 MMCSS - ok 15:58:11.0604 2660 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 15:58:11.0642 2660 Modem - ok 15:58:11.0683 2660 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 15:58:11.0721 2660 monitor - ok 15:58:11.0747 2660 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 15:58:11.0766 2660 mouclass - ok 15:58:11.0794 2660 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 15:58:11.0847 2660 mouhid - ok 15:58:11.0891 2660 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 15:58:11.0907 2660 MountMgr - ok 15:58:11.0990 2660 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 15:58:12.0012 2660 MpFilter - ok 15:58:12.0066 2660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 15:58:12.0083 2660 mpio - ok 15:58:12.0202 2660 MpKslaf58ca6a (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C86AFC25-061D-42A7-957F-0005FDD3416F}\MpKslaf58ca6a.sys 15:58:12.0215 2660 MpKslaf58ca6a - ok 15:58:12.0260 2660 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 15:58:12.0302 2660 mpsdrv - ok 15:58:12.0367 2660 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 15:58:12.0461 2660 MpsSvc - ok 15:58:12.0501 2660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 15:58:12.0516 2660 Mraid35x - ok 15:58:12.0560 2660 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 15:58:12.0588 2660 MRxDAV - ok 15:58:12.0639 2660 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:58:12.0669 2660 mrxsmb - ok 15:58:12.0704 2660 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:58:12.0740 2660 mrxsmb10 - ok 15:58:12.0773 2660 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:58:12.0803 2660 mrxsmb20 - ok 15:58:12.0823 2660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 15:58:12.0841 2660 msahci - ok 15:58:12.0855 2660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 15:58:12.0875 2660 msdsm - ok 15:58:12.0911 2660 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 15:58:12.0954 2660 MSDTC - ok 15:58:12.0989 2660 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 15:58:13.0036 2660 Msfs - ok 15:58:13.0084 2660 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 15:58:13.0099 2660 msisadrv - ok 15:58:13.0135 2660 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 15:58:13.0182 2660 MSiSCSI - ok 15:58:13.0198 2660 msiserver - ok 15:58:13.0225 2660 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 15:58:13.0271 2660 MSKSSRV - ok 15:58:13.0347 2660 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 15:58:13.0361 2660 MsMpSvc - ok 15:58:13.0376 2660 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 15:58:13.0429 2660 MSPCLOCK - ok 15:58:13.0474 2660 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 15:58:13.0526 2660 MSPQM - ok 15:58:13.0573 2660 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 15:58:13.0593 2660 MsRPC - ok 15:58:13.0615 2660 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 15:58:13.0630 2660 mssmbios - ok 15:58:13.0664 2660 MSSQL$MSSMLBIZ - ok 15:58:13.0730 2660 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 15:58:13.0745 2660 MSSQLServerADHelper - ok 15:58:13.0771 2660 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 15:58:13.0825 2660 MSTEE - ok 15:58:13.0858 2660 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 15:58:13.0876 2660 Mup - ok 15:58:13.0927 2660 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 15:58:13.0985 2660 napagent - ok 15:58:14.0057 2660 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 15:58:14.0082 2660 NativeWifiP - ok 15:58:14.0168 2660 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 15:58:14.0211 2660 NDIS - ok 15:58:14.0246 2660 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 15:58:14.0289 2660 NdisTapi - ok 15:58:14.0325 2660 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 15:58:14.0357 2660 Ndisuio - ok 15:58:14.0403 2660 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:58:14.0447 2660 NdisWan - ok 15:58:14.0481 2660 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 15:58:14.0537 2660 NDProxy - ok 15:58:14.0568 2660 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 15:58:14.0626 2660 NetBIOS - ok 15:58:14.0662 2660 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 15:58:14.0708 2660 netbt - ok 15:58:14.0743 2660 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:58:14.0758 2660 Netlogon - ok 15:58:14.0796 2660 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 15:58:14.0835 2660 Netman - ok 15:58:14.0874 2660 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 15:58:14.0927 2660 netprofm - ok 15:58:14.0987 2660 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:58:15.0006 2660 NetTcpPortSharing - ok 15:58:15.0056 2660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 15:58:15.0073 2660 nfrd960 - ok 15:58:15.0145 2660 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:58:15.0162 2660 NisDrv - ok 15:58:15.0270 2660 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe 15:58:15.0292 2660 NisSrv - ok 15:58:15.0337 2660 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 15:58:15.0372 2660 NlaSvc - ok 15:58:15.0405 2660 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 15:58:15.0429 2660 Npfs - ok 15:58:15.0447 2660 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 15:58:15.0490 2660 nsi - ok 15:58:15.0517 2660 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 15:58:15.0562 2660 nsiproxy - ok 15:58:15.0662 2660 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 15:58:15.0732 2660 Ntfs - ok 15:58:15.0790 2660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 15:58:15.0868 2660 ntrigdigi - ok 15:58:15.0905 2660 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 15:58:15.0946 2660 Null - ok 15:58:15.0969 2660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 15:58:15.0989 2660 nvraid - ok 15:58:16.0013 2660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 15:58:16.0032 2660 nvstor - ok 15:58:16.0060 2660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 15:58:16.0084 2660 nv_agp - ok 15:58:16.0101 2660 NwlnkFlt - ok 15:58:16.0119 2660 NwlnkFwd - ok 15:58:16.0160 2660 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 15:58:16.0223 2660 ohci1394 - ok 15:58:16.0308 2660 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:58:16.0329 2660 ose - ok 15:58:16.0625 2660 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:58:17.0342 2660 osppsvc - ok 15:58:17.0512 2660 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:58:17.0608 2660 p2pimsvc - ok 15:58:17.0621 2660 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:58:17.0655 2660 p2psvc - ok 15:58:17.0706 2660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys 15:58:17.0782 2660 Parport - ok 15:58:17.0824 2660 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 15:58:17.0841 2660 partmgr - ok 15:58:17.0878 2660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys 15:58:17.0956 2660 Parvdm - ok 15:58:17.0977 2660 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 15:58:18.0032 2660 PcaSvc - ok 15:58:18.0071 2660 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 15:58:18.0094 2660 pci - ok 15:58:18.0122 2660 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 15:58:18.0138 2660 pciide - ok 15:58:18.0200 2660 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 15:58:18.0221 2660 pcmcia - ok 15:58:18.0262 2660 pdfcDispatcher - ok 15:58:18.0358 2660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 15:58:18.0459 2660 PEAUTH - ok 15:58:18.0600 2660 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 15:58:18.0750 2660 pla - ok 15:58:18.0874 2660 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 15:58:18.0911 2660 PlugPlay - ok 15:58:18.0990 2660 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:58:19.0024 2660 PNRPAutoReg - ok 15:58:19.0037 2660 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:58:19.0073 2660 PNRPsvc - ok 15:58:19.0132 2660 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 15:58:19.0174 2660 PolicyAgent - ok 15:58:19.0219 2660 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 15:58:19.0259 2660 PptpMiniport - ok 15:58:19.0309 2660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 15:58:19.0392 2660 Processor - ok 15:58:19.0428 2660 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 15:58:19.0481 2660 ProfSvc - ok 15:58:19.0509 2660 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:58:19.0543 2660 ProtectedStorage - ok 15:58:19.0591 2660 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 15:58:19.0620 2660 PSched - ok 15:58:19.0646 2660 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys 15:58:19.0710 2660 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 15:58:19.0710 2660 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 15:58:19.0785 2660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 15:58:19.0847 2660 ql2300 - ok 15:58:19.0908 2660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 15:58:19.0927 2660 ql40xx - ok 15:58:19.0971 2660 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 15:58:20.0016 2660 QWAVE - ok 15:58:20.0043 2660 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 15:58:20.0063 2660 QWAVEdrv - ok 15:58:20.0233 2660 R300 (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys 15:58:20.0343 2660 R300 - ok 15:58:20.0450 2660 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 15:58:20.0488 2660 RasAcd - ok 15:58:20.0512 2660 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 15:58:20.0565 2660 RasAuto - ok 15:58:20.0607 2660 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:58:20.0660 2660 Rasl2tp - ok 15:58:20.0706 2660 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 15:58:20.0742 2660 RasMan - ok 15:58:20.0785 2660 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 15:58:20.0814 2660 RasPppoe - ok 15:58:20.0866 2660 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 15:58:20.0904 2660 RasSstp - ok 15:58:20.0961 2660 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 15:58:21.0016 2660 rdbss - ok 15:58:21.0051 2660 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:58:21.0108 2660 RDPCDD - ok 15:58:21.0166 2660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 15:58:21.0236 2660 rdpdr - ok 15:58:21.0245 2660 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 15:58:21.0283 2660 RDPENCDD - ok 15:58:21.0322 2660 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 15:58:21.0371 2660 RDPWD - ok 15:58:21.0415 2660 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 15:58:21.0448 2660 RemoteAccess - ok 15:58:21.0495 2660 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 15:58:21.0551 2660 RemoteRegistry - ok 15:58:21.0584 2660 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 15:58:21.0612 2660 RFCOMM - ok 15:58:21.0772 2660 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 15:58:21.0829 2660 RoxMediaDB9 - ok 15:58:21.0875 2660 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 15:58:21.0937 2660 RpcLocator - ok 15:58:22.0014 2660 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:58:22.0073 2660 RpcSs - ok 15:58:22.0131 2660 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 15:58:22.0185 2660 rspndr - ok 15:58:22.0246 2660 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:58:22.0266 2660 SamSs - ok 15:58:22.0419 2660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 15:58:22.0506 2660 sbp2port - ok 15:58:22.0590 2660 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 15:58:22.0662 2660 SCardSvr - ok 15:58:22.0736 2660 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 15:58:22.0820 2660 Schedule - ok 15:58:22.0850 2660 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:58:22.0879 2660 SCPolicySvc - ok 15:58:22.0915 2660 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 15:58:22.0982 2660 sdbus - ok 15:58:23.0021 2660 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 15:58:23.0074 2660 SDRSVC - ok 15:58:23.0101 2660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:58:23.0195 2660 secdrv - ok 15:58:23.0248 2660 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 15:58:23.0282 2660 seclogon - ok 15:58:23.0319 2660 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 15:58:23.0352 2660 SENS - ok 15:58:23.0384 2660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 15:58:23.0452 2660 Serenum - ok 15:58:23.0473 2660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 15:58:23.0527 2660 Serial - ok 15:58:23.0572 2660 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 15:58:23.0602 2660 sermouse - ok 15:58:23.0651 2660 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 15:58:23.0709 2660 SessionEnv - ok 15:58:23.0803 2660 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe 15:58:23.0866 2660 sesvc ( UnsignedFile.Multi.Generic ) - warning 15:58:23.0866 2660 sesvc - detected UnsignedFile.Multi.Generic (1) 15:58:23.0903 2660 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys 15:58:23.0984 2660 sfdrv01 - ok 15:58:24.0023 2660 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 15:58:24.0081 2660 sffdisk - ok 15:58:24.0100 2660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 15:58:24.0178 2660 sffp_mmc - ok 15:58:24.0198 2660 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 15:58:24.0257 2660 sffp_sd - ok 15:58:24.0293 2660 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys 15:58:24.0329 2660 sfhlp02 - ok 15:58:24.0358 2660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 15:58:24.0423 2660 sfloppy - ok 15:58:24.0482 2660 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys 15:58:24.0543 2660 sfvfs02 - ok 15:58:24.0568 2660 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 15:58:24.0631 2660 SharedAccess - ok 15:58:24.0686 2660 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 15:58:24.0746 2660 ShellHWDetection - ok 15:58:24.0795 2660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 15:58:24.0812 2660 sisagp - ok 15:58:24.0828 2660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 15:58:24.0845 2660 SiSRaid2 - ok 15:58:24.0864 2660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 15:58:24.0882 2660 SiSRaid4 - ok 15:58:25.0107 2660 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 15:58:25.0315 2660 slsvc - ok 15:58:25.0448 2660 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 15:58:25.0514 2660 SLUINotify - ok 15:58:25.0570 2660 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 15:58:25.0616 2660 Smb - ok 15:58:25.0651 2660 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 15:58:25.0672 2660 SNMPTRAP - ok 15:58:25.0687 2660 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 15:58:25.0708 2660 spldr - ok 15:58:25.0745 2660 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 15:58:25.0804 2660 Spooler - ok 15:58:25.0892 2660 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 15:58:25.0893 2660 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 15:58:25.0896 2660 sptd ( LockedFile.Multi.Generic ) - warning 15:58:25.0897 2660 sptd - detected LockedFile.Multi.Generic (1) 15:58:25.0991 2660 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 15:58:26.0013 2660 SQLBrowser - ok 15:58:26.0064 2660 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 15:58:26.0082 2660 SQLWriter - ok 15:58:26.0126 2660 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 15:58:26.0160 2660 srv - ok 15:58:26.0211 2660 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 15:58:26.0242 2660 srv2 - ok 15:58:26.0272 2660 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 15:58:26.0292 2660 srvnet - ok 15:58:26.0329 2660 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 15:58:26.0385 2660 SSDPSRV - ok 15:58:26.0435 2660 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 15:58:26.0476 2660 SstpSvc - ok 15:58:26.0542 2660 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 15:58:26.0609 2660 stisvc - ok 15:58:26.0739 2660 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 15:58:26.0750 2660 stllssvr ( UnsignedFile.Multi.Generic ) - warning 15:58:26.0750 2660 stllssvr - detected UnsignedFile.Multi.Generic (1) 15:58:26.0791 2660 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 15:58:26.0809 2660 swenum - ok 15:58:26.0870 2660 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 15:58:26.0922 2660 swprv - ok 15:58:26.0974 2660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 15:58:26.0991 2660 Symc8xx - ok 15:58:27.0019 2660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 15:58:27.0037 2660 Sym_hi - ok 15:58:27.0061 2660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 15:58:27.0080 2660 Sym_u3 - ok 15:58:27.0187 2660 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys 15:58:27.0311 2660 SynTP - ok 15:58:27.0478 2660 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 15:58:27.0573 2660 SysMain - ok 15:58:27.0709 2660 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 15:58:27.0732 2660 TabletInputService - ok 15:58:27.0792 2660 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 15:58:27.0839 2660 TapiSrv - ok 15:58:27.0882 2660 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 15:58:27.0921 2660 TBS - ok 15:58:28.0000 2660 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys 15:58:28.0057 2660 Tcpip - ok 15:58:28.0072 2660 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys 15:58:28.0110 2660 Tcpip6 - ok 15:58:28.0155 2660 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys 15:58:28.0198 2660 tcpipreg - ok 15:58:28.0231 2660 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 15:58:28.0264 2660 TDPIPE - ok 15:58:28.0310 2660 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 15:58:28.0358 2660 TDTCP - ok 15:58:28.0401 2660 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 15:58:28.0443 2660 tdx - ok 15:58:28.0479 2660 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 15:58:28.0497 2660 TermDD - ok 15:58:28.0562 2660 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 15:58:28.0613 2660 TermService - ok 15:58:28.0663 2660 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 15:58:28.0688 2660 Themes - ok 15:58:28.0711 2660 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:58:28.0750 2660 THREADORDER - ok 15:58:28.0787 2660 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys 15:58:28.0804 2660 TPM - ok 15:58:28.0833 2660 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 15:58:28.0874 2660 TrkWks - ok 15:58:28.0920 2660 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 15:58:28.0949 2660 TrustedInstaller - ok 15:58:29.0004 2660 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:58:29.0040 2660 tssecsrv - ok 15:58:29.0083 2660 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 15:58:29.0120 2660 tunmp - ok 15:58:29.0142 2660 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 15:58:29.0161 2660 tunnel - ok 15:58:29.0189 2660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 15:58:29.0208 2660 uagp35 - ok 15:58:29.0240 2660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 15:58:29.0273 2660 udfs - ok 15:58:29.0309 2660 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 15:58:29.0362 2660 UI0Detect - ok 15:58:29.0369 2660 UIUSys - ok 15:58:29.0427 2660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 15:58:29.0446 2660 uliagpkx - ok 15:58:29.0482 2660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 15:58:29.0506 2660 uliahci - ok 15:58:29.0536 2660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 15:58:29.0555 2660 UlSata - ok 15:58:29.0584 2660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 15:58:29.0603 2660 ulsata2 - ok 15:58:29.0636 2660 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 15:58:29.0692 2660 umbus - ok 15:58:29.0735 2660 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 15:58:29.0801 2660 upnphost - ok 15:58:29.0891 2660 USB28xxBGA (94c4efca2786491e1d7de335356b3e78) C:\Windows\system32\DRIVERS\emBDA.sys 15:58:29.0972 2660 USB28xxBGA - ok 15:58:29.0985 2660 USB28xxOEM (c1743b02161ed76e15028f0591f6c753) C:\Windows\system32\DRIVERS\emOEM.sys 15:58:30.0018 2660 USB28xxOEM - ok 15:58:30.0054 2660 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys 15:58:30.0070 2660 usbbus - ok 15:58:30.0120 2660 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys 15:58:30.0174 2660 usbccgp - ok 15:58:30.0195 2660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 15:58:30.0267 2660 usbcir - ok 15:58:30.0324 2660 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys 15:58:30.0356 2660 UsbDiag - ok 15:58:30.0399 2660 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 15:58:30.0435 2660 usbehci - ok 15:58:30.0469 2660 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 15:58:30.0516 2660 usbhub - ok 15:58:30.0544 2660 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys 15:58:30.0560 2660 USBModem - ok 15:58:30.0574 2660 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 15:58:30.0602 2660 usbohci - ok 15:58:30.0639 2660 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 15:58:30.0695 2660 usbprint - ok 15:58:30.0725 2660 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:58:30.0759 2660 USBSTOR - ok 15:58:30.0785 2660 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 15:58:30.0837 2660 usbuhci - ok 15:58:30.0878 2660 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 15:58:30.0904 2660 UxSms - ok 15:58:30.0948 2660 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 15:58:31.0006 2660 VClone - ok 15:58:31.0070 2660 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 15:58:31.0154 2660 vds - ok 15:58:31.0198 2660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 15:58:31.0256 2660 vga - ok 15:58:31.0293 2660 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 15:58:31.0353 2660 VgaSave - ok 15:58:31.0379 2660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 15:58:31.0394 2660 viaagp - ok 15:58:31.0418 2660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 15:58:31.0484 2660 ViaC7 - ok 15:58:31.0500 2660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 15:58:31.0513 2660 viaide - ok 15:58:31.0546 2660 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 15:58:31.0563 2660 volmgr - ok 15:58:31.0617 2660 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 15:58:31.0639 2660 volmgrx - ok 15:58:31.0678 2660 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 15:58:31.0703 2660 volsnap - ok 15:58:31.0739 2660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 15:58:31.0756 2660 vsmraid - ok 15:58:31.0850 2660 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 15:58:31.0926 2660 VSS - ok 15:58:32.0003 2660 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 15:58:32.0058 2660 W32Time - ok 15:58:32.0113 2660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 15:58:32.0181 2660 WacomPen - ok 15:58:32.0231 2660 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:58:32.0273 2660 Wanarp - ok 15:58:32.0281 2660 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:58:32.0307 2660 Wanarpv6 - ok 15:58:32.0347 2660 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 15:58:32.0398 2660 wcncsvc - ok 15:58:32.0425 2660 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 15:58:32.0453 2660 WcsPlugInService - ok 15:58:32.0488 2660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 15:58:32.0503 2660 Wd - ok 15:58:32.0561 2660 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:58:32.0602 2660 Wdf01000 - ok 15:58:32.0639 2660 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:58:32.0699 2660 WdiServiceHost - ok 15:58:32.0705 2660 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:58:32.0745 2660 WdiSystemHost - ok 15:58:32.0796 2660 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 15:58:32.0829 2660 WebClient - ok 15:58:32.0874 2660 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 15:58:32.0900 2660 Wecsvc - ok 15:58:32.0928 2660 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 15:58:32.0974 2660 wercplsupport - ok 15:58:33.0023 2660 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 15:58:33.0062 2660 WerSvc - ok 15:58:33.0103 2660 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 15:58:33.0122 2660 WimFltr - ok 15:58:33.0201 2660 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 15:58:33.0292 2660 winachsf - ok 15:58:33.0374 2660 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 15:58:33.0401 2660 WinDefend - ok 15:58:33.0414 2660 WinHttpAutoProxySvc - ok 15:58:33.0482 2660 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 15:58:33.0512 2660 Winmgmt - ok 15:58:33.0622 2660 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 15:58:33.0697 2660 WinRM - ok 15:58:33.0776 2660 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 15:58:33.0879 2660 Wlansvc - ok 15:58:33.0915 2660 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:58:33.0964 2660 WmiAcpi - ok 15:58:34.0042 2660 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 15:58:34.0119 2660 wmiApSrv - ok 15:58:34.0241 2660 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 15:58:34.0354 2660 WMPNetworkSvc - ok 15:58:34.0370 2660 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 15:58:34.0427 2660 WPCSvc - ok 15:58:34.0474 2660 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 15:58:34.0508 2660 WPDBusEnum - ok 15:58:34.0587 2660 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 15:58:34.0620 2660 WpdUsb - ok 15:58:34.0773 2660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:58:34.0831 2660 WPFFontCache_v0400 - ok 15:58:34.0890 2660 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 15:58:34.0958 2660 ws2ifsl - ok 15:58:34.0983 2660 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 15:58:35.0028 2660 wscsvc - ok 15:58:35.0035 2660 WSearch - ok 15:58:35.0186 2660 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 15:58:35.0332 2660 wuauserv - ok 15:58:35.0456 2660 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:58:35.0509 2660 WUDFRd - ok 15:58:35.0535 2660 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 15:58:35.0594 2660 wudfsvc - ok 15:58:35.0643 2660 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 15:58:36.0179 2660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:58:36.0179 2660 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:58:36.0190 2660 MBR (0x1B8) (3dad8cf86d30d5e14b2a967047c0bc13) \Device\Harddisk1\DR1 15:59:39.0977 2660 \Device\Harddisk1\DR1 - ok 15:59:40.0012 2660 Boot (0x1200) (43d6fe2d0345951f003c04f35f764cd4) \Device\Harddisk0\DR0\Partition0 15:59:40.0016 2660 \Device\Harddisk0\DR0\Partition0 - ok 15:59:40.0051 2660 Boot (0x1200) (af9948a19f419d53cb915043d0b5a139) \Device\Harddisk0\DR0\Partition1 15:59:40.0056 2660 \Device\Harddisk0\DR0\Partition1 - ok 15:59:40.0057 2660 ============================================================ 15:59:40.0057 2660 Scan finished 15:59:40.0057 2660 ============================================================ 15:59:40.0086 0752 Detected object count: 10 15:59:40.0086 0752 Actual detected object count: 10 15:59:56.0795 0752 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0795 0752 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0800 0752 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0800 0752 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0804 0752 EPGService ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0805 0752 EPGService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0809 0752 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0809 0752 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0814 0752 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0814 0752 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0819 0752 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0819 0752 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0823 0752 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0823 0752 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0829 0752 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:59:56.0830 0752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:59:56.0830 0752 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 15:59:56.0830 0752 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:59:56.0834 0752 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:59:56.0834 0752 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip |
25.06.2012, 15:04 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschiebenCode:
ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.06.2012, 16:26 | #26 |
| Verschlüsselungstrojaner in Quarantäne verschieben Wie kann ich das machen? also des fixen? |
25.06.2012, 19:33 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben TDSS-Killer nochmal starten und scannen lassen, wenn er die besagten Funde wieder hat, wählst du nur dieses TDSS File System aus und sagst delete, die anderen müssen auf skip stehen!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.06.2012, 11:06 | #28 |
| Verschlüsselungstrojaner in Quarantäne verschieben OK. Hier ist der neue log. Code:
ATTFilter 12:01:25.0545 1504 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 12:01:25.0600 1504 ============================================================ 12:01:25.0601 1504 Current date / time: 2012/06/26 12:01:25.0600 12:01:25.0601 1504 SystemInfo: 12:01:25.0601 1504 12:01:25.0601 1504 OS Version: 6.0.6002 ServicePack: 2.0 12:01:25.0601 1504 Product type: Workstation 12:01:25.0601 1504 ComputerName: HP-LAPTOP 12:01:25.0601 1504 UserName: HP-User 12:01:25.0601 1504 Windows directory: C:\Windows 12:01:25.0601 1504 System windows directory: C:\Windows 12:01:25.0601 1504 Processor architecture: Intel x86 12:01:25.0601 1504 Number of processors: 2 12:01:25.0601 1504 Page size: 0x1000 12:01:25.0601 1504 Boot type: Normal boot 12:01:25.0601 1504 ============================================================ 12:01:27.0074 1504 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:01:27.0076 1504 ============================================================ 12:01:27.0076 1504 \Device\Harddisk0\DR0: 12:01:27.0076 1504 MBR partitions: 12:01:27.0076 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117D07C1 12:01:27.0077 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x126FF000, BlocksNum 0x31A000 12:01:27.0077 1504 ============================================================ 12:01:27.0091 1504 C: <-> \Device\Harddisk0\DR0\Partition0 12:01:27.0138 1504 E: <-> \Device\Harddisk0\DR0\Partition1 12:01:27.0139 1504 ============================================================ 12:01:27.0139 1504 Initialize success 12:01:27.0139 1504 ============================================================ 12:01:33.0804 3352 ============================================================ 12:01:33.0804 3352 Scan started 12:01:33.0804 3352 Mode: Manual; SigCheck; TDLFS; 12:01:33.0805 3352 ============================================================ 12:01:37.0908 3352 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys 12:01:38.0060 3352 acedrv11 - ok 12:01:38.0789 3352 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 12:01:38.0813 3352 ACPI - ok 12:01:39.0392 3352 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys 12:01:39.0495 3352 ADIHdAudAddService - ok 12:01:40.0081 3352 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 12:01:40.0143 3352 adp94xx - ok 12:01:40.0722 3352 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 12:01:40.0742 3352 adpahci - ok 12:01:41.0024 3352 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 12:01:41.0041 3352 adpu160m - ok 12:01:41.0272 3352 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 12:01:41.0307 3352 adpu320 - ok 12:01:41.0464 3352 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE 12:01:41.0502 3352 AEADIFilters - ok 12:01:41.0556 3352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 12:01:41.0628 3352 AeLookupSvc - ok 12:01:42.0043 3352 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 12:01:42.0098 3352 AFD - ok 12:01:42.0200 3352 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe 12:01:42.0259 3352 AgereModemAudio - ok 12:01:43.0972 3352 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys 12:01:44.0176 3352 AgereSoftModem - ok 12:01:45.0239 3352 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 12:01:45.0277 3352 agp440 - ok 12:01:45.0438 3352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 12:01:45.0474 3352 aic78xx - ok 12:01:45.0788 3352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 12:01:45.0895 3352 ALG - ok 12:01:45.0951 3352 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 12:01:45.0964 3352 aliide - ok 12:01:46.0097 3352 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 12:01:46.0112 3352 amdagp - ok 12:01:46.0129 3352 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 12:01:46.0146 3352 amdide - ok 12:01:46.0229 3352 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 12:01:46.0319 3352 AmdK7 - ok 12:01:46.0408 3352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 12:01:46.0470 3352 AmdK8 - ok 12:01:46.0717 3352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 12:01:46.0734 3352 Appinfo - ok 12:01:46.0927 3352 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 12:01:46.0943 3352 arc - ok 12:01:47.0024 3352 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 12:01:47.0039 3352 arcsas - ok 12:01:47.0275 3352 ASBroker (2eeda27c19259c2340324ef7180d086b) C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll 12:01:47.0315 3352 ASBroker ( UnsignedFile.Multi.Generic ) - warning 12:01:47.0315 3352 ASBroker - detected UnsignedFile.Multi.Generic (1) 12:01:47.0466 3352 ASChannel (bb3c0521ecca4bb17ac55eb640df0fa5) C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll 12:01:47.0486 3352 ASChannel ( UnsignedFile.Multi.Generic ) - warning 12:01:47.0486 3352 ASChannel - detected UnsignedFile.Multi.Generic (1) 12:01:47.0578 3352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 12:01:47.0674 3352 AsyncMac - ok 12:01:47.0914 3352 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 12:01:47.0952 3352 atapi - ok 12:01:49.0123 3352 Ati External Event Utility (3481d12334f065bba19c16399c9cb171) C:\Windows\system32\Ati2evxx.exe 12:01:49.0185 3352 Ati External Event Utility - ok 12:01:49.0413 3352 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys 12:01:49.0440 3352 AtiPcie - ok 12:01:49.0660 3352 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 12:01:49.0678 3352 ATSWPDRV - ok 12:01:50.0002 3352 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 12:01:50.0053 3352 AudioEndpointBuilder - ok 12:01:50.0061 3352 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 12:01:50.0095 3352 Audiosrv - ok 12:01:50.0222 3352 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys 12:01:50.0276 3352 b57nd60x - ok 12:01:50.0915 3352 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys 12:01:51.0005 3352 BCM43XV - ok 12:01:51.0066 3352 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys 12:01:51.0174 3352 BCM43XX - ok 12:01:51.0494 3352 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 12:01:51.0527 3352 BcmSqlStartupSvc - ok 12:01:51.0621 3352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 12:01:51.0703 3352 Beep - ok 12:01:52.0177 3352 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 12:01:52.0273 3352 BFE - ok 12:01:53.0368 3352 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 12:01:53.0474 3352 BITS - ok 12:01:53.0479 3352 blbdrive - ok 12:01:53.0844 3352 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 12:01:53.0920 3352 bowser - ok 12:01:54.0037 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 12:01:54.0091 3352 BrFiltLo - ok 12:01:54.0134 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 12:01:54.0180 3352 BrFiltUp - ok 12:01:54.0352 3352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 12:01:54.0418 3352 Browser - ok 12:01:54.0613 3352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 12:01:54.0706 3352 Brserid - ok 12:01:54.0808 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 12:01:54.0872 3352 BrSerWdm - ok 12:01:54.0929 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 12:01:55.0016 3352 BrUsbMdm - ok 12:01:55.0044 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 12:01:55.0135 3352 BrUsbSer - ok 12:01:55.0214 3352 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 12:01:55.0255 3352 BthEnum - ok 12:01:55.0388 3352 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 12:01:55.0419 3352 BTHMODEM - ok 12:01:55.0600 3352 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 12:01:55.0700 3352 BthPan - ok 12:01:56.0417 3352 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 12:01:56.0678 3352 BTHPORT - ok 12:01:56.0777 3352 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll 12:01:56.0813 3352 BthServ - ok 12:01:56.0891 3352 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 12:01:56.0927 3352 BTHUSB - ok 12:01:57.0116 3352 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 12:01:57.0158 3352 btwaudio - ok 12:01:57.0300 3352 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 12:01:57.0318 3352 btwavdt - ok 12:01:57.0408 3352 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 12:01:57.0432 3352 btwrchid - ok 12:01:57.0608 3352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 12:01:57.0720 3352 cdfs - ok 12:01:57.0876 3352 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 12:01:57.0948 3352 cdrom - ok 12:01:58.0013 3352 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 12:01:58.0042 3352 CertPropSvc - ok 12:01:58.0124 3352 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 12:01:58.0192 3352 circlass - ok 12:01:58.0529 3352 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 12:01:58.0573 3352 CLFS - ok 12:01:58.0877 3352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:01:58.0910 3352 clr_optimization_v2.0.50727_32 - ok 12:01:59.0416 3352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:01:59.0480 3352 clr_optimization_v4.0.30319_32 - ok 12:01:59.0634 3352 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 12:01:59.0686 3352 CmBatt - ok 12:01:59.0745 3352 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 12:01:59.0761 3352 cmdide - ok 12:02:00.0490 3352 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 12:02:00.0546 3352 Com4QLBEx - ok 12:02:00.0626 3352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 12:02:00.0641 3352 Compbatt - ok 12:02:00.0647 3352 COMSysApp - ok 12:02:00.0711 3352 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 12:02:00.0728 3352 crcdisk - ok 12:02:00.0786 3352 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 12:02:00.0869 3352 Crusoe - ok 12:02:01.0102 3352 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 12:02:01.0171 3352 CryptSvc - ok 12:02:01.0909 3352 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 12:02:02.0032 3352 DcomLaunch - ok 12:02:02.0191 3352 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 12:02:02.0274 3352 DfsC - ok 12:02:04.0080 3352 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 12:02:05.0573 3352 DFSR - ok 12:02:07.0555 3352 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 12:02:07.0693 3352 Dhcp - ok 12:02:07.0946 3352 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 12:02:07.0965 3352 disk - ok 12:02:08.0138 3352 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 12:02:08.0245 3352 Dnscache - ok 12:02:08.0371 3352 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 12:02:08.0460 3352 dot3svc - ok 12:02:08.0699 3352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 12:02:08.0860 3352 DPS - ok 12:02:08.0997 3352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 12:02:09.0055 3352 drmkaud - ok 12:02:09.0747 3352 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 12:02:10.0070 3352 DXGKrnl - ok 12:02:10.0297 3352 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 12:02:10.0389 3352 E1G60 - ok 12:02:10.0489 3352 EagleNT - ok 12:02:10.0689 3352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 12:02:10.0768 3352 EapHost - ok 12:02:11.0104 3352 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 12:02:11.0177 3352 Ecache - ok 12:02:11.0364 3352 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 12:02:11.0385 3352 ElbyCDIO - ok 12:02:11.0724 3352 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 12:02:11.0851 3352 elxstor - ok 12:02:12.0856 3352 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 12:02:13.0033 3352 EMDMgmt - ok 12:02:13.0677 3352 EPGService (05aabf9eebc1850728e1e89516a8170d) C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe 12:02:13.0763 3352 EPGService ( UnsignedFile.Multi.Generic ) - warning 12:02:13.0763 3352 EPGService - detected UnsignedFile.Multi.Generic (1) 12:02:14.0060 3352 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 12:02:14.0168 3352 EventSystem - ok 12:02:14.0554 3352 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 12:02:14.0660 3352 exfat - ok 12:02:14.0755 3352 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 12:02:14.0792 3352 fastfat - ok 12:02:14.0863 3352 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 12:02:14.0937 3352 fdc - ok 12:02:14.0994 3352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 12:02:15.0038 3352 fdPHost - ok 12:02:15.0068 3352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 12:02:15.0164 3352 FDResPub - ok 12:02:15.0650 3352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 12:02:15.0728 3352 FileInfo - ok 12:02:15.0820 3352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 12:02:15.0877 3352 Filetrace - ok 12:02:15.0934 3352 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 12:02:16.0023 3352 flpydisk - ok 12:02:16.0342 3352 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 12:02:16.0415 3352 FltMgr - ok 12:02:17.0231 3352 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 12:02:17.0474 3352 FontCache - ok 12:02:17.0780 3352 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:02:17.0804 3352 FontCache3.0.0.0 - ok 12:02:17.0875 3352 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 12:02:17.0922 3352 Fs_Rec - ok 12:02:18.0026 3352 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 12:02:18.0050 3352 gagp30kx - ok 12:02:18.0788 3352 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 12:02:18.0967 3352 gpsvc - ok 12:02:19.0293 3352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 12:02:19.0557 3352 gupdate - ok 12:02:19.0565 3352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 12:02:19.0584 3352 gupdatem - ok 12:02:19.0968 3352 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 12:02:20.0036 3352 gusvc - ok 12:02:20.0109 3352 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys 12:02:20.0132 3352 HBtnKey - ok 12:02:20.0452 3352 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 12:02:20.0562 3352 HdAudAddService - ok 12:02:21.0327 3352 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 12:02:21.0440 3352 HDAudBus - ok 12:02:21.0513 3352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 12:02:21.0607 3352 HidBth - ok 12:02:21.0650 3352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 12:02:21.0716 3352 HidIr - ok 12:02:21.0803 3352 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 12:02:21.0884 3352 hidserv - ok 12:02:22.0060 3352 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 12:02:22.0143 3352 HidUsb - ok 12:02:22.0262 3352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 12:02:22.0316 3352 hkmsvc - ok 12:02:22.0588 3352 HP Health Check Service (2ceeb349216febd91a907013d4abcff7) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 12:02:22.0610 3352 HP Health Check Service - ok 12:02:22.0708 3352 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 12:02:22.0732 3352 HpCISSs - ok 12:02:22.0809 3352 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 12:02:22.0859 3352 HpqKbFiltr - ok 12:02:22.0911 3352 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 12:02:22.0956 3352 hpqwmiex - ok 12:02:23.0012 3352 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 12:02:23.0075 3352 HSFHWAZL - ok 12:02:23.0871 3352 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 12:02:24.0001 3352 HSF_DPV - ok 12:02:24.0539 3352 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys 12:02:24.0637 3352 HTTP - ok 12:02:24.0702 3352 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 12:02:24.0737 3352 i2omp - ok 12:02:24.0788 3352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 12:02:24.0827 3352 i8042prt - ok 12:02:24.0985 3352 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 12:02:25.0004 3352 iaStorV - ok 12:02:25.0381 3352 ICM_UpdaterService (99730c456c8ff7a544d23445c7eeda4a) C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe 12:02:25.0391 3352 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning 12:02:25.0391 3352 ICM_UpdaterService - detected UnsignedFile.Multi.Generic (1) 12:02:25.0600 3352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 12:02:25.0641 3352 IDriverT ( UnsignedFile.Multi.Generic ) - warning 12:02:25.0641 3352 IDriverT - detected UnsignedFile.Multi.Generic (1) 12:02:26.0650 3352 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:02:26.0938 3352 idsvc - ok 12:02:27.0502 3352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 12:02:27.0549 3352 iirsp - ok 12:02:27.0921 3352 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 12:02:28.0069 3352 IKEEXT - ok 12:02:28.0137 3352 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 12:02:28.0169 3352 intelide - ok 12:02:28.0276 3352 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 12:02:28.0377 3352 intelppm - ok 12:02:28.0433 3352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 12:02:28.0486 3352 IPBusEnum - ok 12:02:28.0525 3352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:02:28.0591 3352 IpFilterDriver - ok 12:02:28.0756 3352 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 12:02:28.0854 3352 iphlpsvc - ok 12:02:28.0869 3352 IpInIp - ok 12:02:28.0957 3352 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 12:02:29.0033 3352 IPMIDRV - ok 12:02:29.0103 3352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 12:02:29.0173 3352 IPNAT - ok 12:02:29.0223 3352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 12:02:29.0258 3352 IRENUM - ok 12:02:29.0337 3352 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 12:02:29.0352 3352 isapnp - ok 12:02:29.0489 3352 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 12:02:29.0551 3352 iScsiPrt - ok 12:02:29.0615 3352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 12:02:29.0647 3352 iteatapi - ok 12:02:29.0735 3352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 12:02:29.0753 3352 iteraid - ok 12:02:29.0934 3352 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 12:02:29.0950 3352 IviRegMgr - ok 12:02:29.0976 3352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 12:02:29.0994 3352 kbdclass - ok 12:02:30.0041 3352 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 12:02:30.0081 3352 kbdhid - ok 12:02:30.0182 3352 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 12:02:30.0219 3352 KeyIso - ok 12:02:30.0279 3352 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 12:02:30.0454 3352 KSecDD - ok 12:02:31.0042 3352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 12:02:31.0115 3352 KtmRm - ok 12:02:31.0225 3352 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 12:02:31.0250 3352 LanmanServer - ok 12:02:31.0837 3352 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 12:02:31.0946 3352 LanmanWorkstation - ok 12:02:32.0294 3352 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 12:02:32.0310 3352 LightScribeService - ok 12:02:32.0429 3352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 12:02:32.0472 3352 lltdio - ok 12:02:32.0586 3352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 12:02:32.0651 3352 lltdsvc - ok 12:02:32.0788 3352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 12:02:32.0870 3352 lmhosts - ok 12:02:32.0954 3352 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 12:02:32.0982 3352 LSI_FC - ok 12:02:33.0015 3352 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 12:02:33.0030 3352 LSI_SAS - ok 12:02:33.0074 3352 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 12:02:33.0088 3352 LSI_SCSI - ok 12:02:33.0413 3352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 12:02:33.0481 3352 luafv - ok 12:02:33.0800 3352 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 12:02:33.0834 3352 megasas - ok 12:02:33.0902 3352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 12:02:33.0993 3352 MMCSS - ok 12:02:34.0102 3352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 12:02:34.0159 3352 Modem - ok 12:02:34.0375 3352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 12:02:34.0409 3352 monitor - ok 12:02:34.0671 3352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 12:02:34.0688 3352 mouclass - ok 12:02:34.0800 3352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 12:02:34.0836 3352 mouhid - ok 12:02:35.0063 3352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 12:02:35.0097 3352 MountMgr - ok 12:02:35.0467 3352 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 12:02:35.0514 3352 MpFilter - ok 12:02:35.0575 3352 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 12:02:35.0592 3352 mpio - ok 12:02:36.0037 3352 MpKslc5caaba9 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FDE09B-F723-4696-9F0D-A1F3B558F807}\MpKslc5caaba9.sys 12:02:36.0065 3352 MpKslc5caaba9 - ok 12:02:36.0425 3352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 12:02:36.0534 3352 mpsdrv - ok 12:02:37.0687 3352 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 12:02:37.0817 3352 MpsSvc - ok 12:02:37.0908 3352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 12:02:37.0922 3352 Mraid35x - ok 12:02:37.0969 3352 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 12:02:37.0993 3352 MRxDAV - ok 12:02:38.0458 3352 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:02:38.0522 3352 mrxsmb - ok 12:02:38.0569 3352 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:02:38.0604 3352 mrxsmb10 - ok 12:02:38.0767 3352 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:02:38.0832 3352 mrxsmb20 - ok 12:02:38.0942 3352 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 12:02:38.0974 3352 msahci - ok 12:02:39.0051 3352 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 12:02:39.0074 3352 msdsm - ok 12:02:39.0196 3352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 12:02:39.0236 3352 MSDTC - ok 12:02:39.0290 3352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 12:02:39.0358 3352 Msfs - ok 12:02:39.0416 3352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 12:02:39.0432 3352 msisadrv - ok 12:02:39.0465 3352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 12:02:39.0550 3352 MSiSCSI - ok 12:02:39.0564 3352 msiserver - ok 12:02:39.0601 3352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 12:02:39.0657 3352 MSKSSRV - ok 12:02:39.0733 3352 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 12:02:39.0767 3352 MsMpSvc - ok 12:02:39.0854 3352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 12:02:39.0913 3352 MSPCLOCK - ok 12:02:39.0961 3352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 12:02:40.0015 3352 MSPQM - ok 12:02:40.0407 3352 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 12:02:40.0534 3352 MsRPC - ok 12:02:40.0780 3352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 12:02:40.0813 3352 mssmbios - ok 12:02:40.0907 3352 MSSQL$MSSMLBIZ - ok 12:02:41.0235 3352 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 12:02:41.0281 3352 MSSQLServerADHelper - ok 12:02:41.0386 3352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 12:02:41.0428 3352 MSTEE - ok 12:02:41.0477 3352 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 12:02:41.0493 3352 Mup - ok 12:02:42.0009 3352 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 12:02:42.0069 3352 napagent - ok 12:02:42.0599 3352 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 12:02:42.0641 3352 NativeWifiP - ok 12:02:42.0998 3352 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 12:02:43.0101 3352 NDIS - ok 12:02:43.0275 3352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 12:02:43.0337 3352 NdisTapi - ok 12:02:43.0575 3352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 12:02:43.0638 3352 Ndisuio - ok 12:02:44.0004 3352 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 12:02:44.0061 3352 NdisWan - ok 12:02:44.0125 3352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 12:02:44.0168 3352 NDProxy - ok 12:02:44.0199 3352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 12:02:44.0236 3352 NetBIOS - ok 12:02:44.0335 3352 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 12:02:44.0462 3352 netbt - ok 12:02:44.0496 3352 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 12:02:44.0516 3352 Netlogon - ok 12:02:44.0549 3352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 12:02:44.0598 3352 Netman - ok 12:02:44.0649 3352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 12:02:44.0709 3352 netprofm - ok 12:02:44.0948 3352 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:02:44.0995 3352 NetTcpPortSharing - ok 12:02:45.0046 3352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 12:02:45.0061 3352 nfrd960 - ok 12:02:45.0120 3352 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 12:02:45.0134 3352 NisDrv - ok 12:02:45.0218 3352 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe 12:02:45.0242 3352 NisSrv - ok 12:02:45.0290 3352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 12:02:45.0330 3352 NlaSvc - ok 12:02:45.0402 3352 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 12:02:45.0429 3352 Npfs - ok 12:02:45.0455 3352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 12:02:45.0492 3352 nsi - ok 12:02:45.0522 3352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 12:02:45.0573 3352 nsiproxy - ok 12:02:46.0028 3352 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 12:02:46.0141 3352 Ntfs - ok 12:02:46.0230 3352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 12:02:46.0293 3352 ntrigdigi - ok 12:02:46.0325 3352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 12:02:46.0360 3352 Null - ok 12:02:46.0389 3352 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 12:02:46.0406 3352 nvraid - ok 12:02:46.0419 3352 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 12:02:46.0435 3352 nvstor - ok 12:02:46.0580 3352 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 12:02:46.0619 3352 nv_agp - ok 12:02:46.0647 3352 NwlnkFlt - ok 12:02:46.0667 3352 NwlnkFwd - ok 12:02:46.0723 3352 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 12:02:46.0795 3352 ohci1394 - ok 12:02:46.0871 3352 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:02:46.0886 3352 ose - ok 12:02:48.0243 3352 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:02:48.0578 3352 osppsvc - ok 12:02:49.0256 3352 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 12:02:49.0359 3352 p2pimsvc - ok 12:02:49.0372 3352 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 12:02:49.0406 3352 p2psvc - ok 12:02:49.0584 3352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys 12:02:49.0705 3352 Parport - ok 12:02:49.0798 3352 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 12:02:49.0814 3352 partmgr - ok 12:02:49.0866 3352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys 12:02:49.0936 3352 Parvdm - ok 12:02:49.0962 3352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 12:02:49.0980 3352 PcaSvc - ok 12:02:50.0033 3352 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 12:02:50.0053 3352 pci - ok 12:02:50.0074 3352 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 12:02:50.0089 3352 pciide - ok 12:02:50.0129 3352 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 12:02:50.0152 3352 pcmcia - ok 12:02:50.0192 3352 pdfcDispatcher - ok 12:02:51.0035 3352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 12:02:51.0253 3352 PEAUTH - ok 12:02:51.0820 3352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 12:02:51.0951 3352 pla - ok 12:02:52.0307 3352 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 12:02:52.0360 3352 PlugPlay - ok 12:02:52.0465 3352 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 12:02:52.0514 3352 PNRPAutoReg - ok 12:02:52.0525 3352 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 12:02:52.0552 3352 PNRPsvc - ok 12:02:52.0596 3352 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 12:02:52.0647 3352 PolicyAgent - ok 12:02:52.0693 3352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 12:02:52.0728 3352 PptpMiniport - ok 12:02:52.0772 3352 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 12:02:52.0829 3352 Processor - ok 12:02:52.0928 3352 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 12:02:52.0957 3352 ProfSvc - ok 12:02:52.0994 3352 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 12:02:53.0011 3352 ProtectedStorage - ok 12:02:53.0055 3352 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 12:02:53.0081 3352 PSched - ok 12:02:53.0108 3352 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys 12:02:53.0128 3352 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 12:02:53.0128 3352 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 12:02:53.0282 3352 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 12:02:53.0388 3352 ql2300 - ok 12:02:53.0504 3352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 12:02:53.0524 3352 ql40xx - ok 12:02:53.0611 3352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 12:02:53.0667 3352 QWAVE - ok 12:02:53.0695 3352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 12:02:53.0716 3352 QWAVEdrv - ok 12:02:54.0269 3352 R300 (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys 12:02:54.0425 3352 R300 - ok 12:02:54.0982 3352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 12:02:55.0020 3352 RasAcd - ok 12:02:55.0054 3352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 12:02:55.0086 3352 RasAuto - ok 12:02:55.0125 3352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:02:55.0154 3352 Rasl2tp - ok 12:02:55.0245 3352 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 12:02:55.0281 3352 RasMan - ok 12:02:55.0323 3352 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 12:02:55.0367 3352 RasPppoe - ok 12:02:55.0430 3352 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 12:02:55.0454 3352 RasSstp - ok 12:02:55.0612 3352 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 12:02:55.0642 3352 rdbss - ok 12:02:55.0658 3352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:02:55.0704 3352 RDPCDD - ok 12:02:55.0975 3352 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 12:02:56.0043 3352 rdpdr - ok 12:02:56.0054 3352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 12:02:56.0088 3352 RDPENCDD - ok 12:02:56.0343 3352 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 12:02:56.0412 3352 RDPWD - ok 12:02:56.0457 3352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 12:02:56.0535 3352 RemoteAccess - ok 12:02:56.0606 3352 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 12:02:56.0631 3352 RemoteRegistry - ok 12:02:56.0833 3352 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 12:02:56.0859 3352 RFCOMM - ok 12:02:57.0321 3352 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 12:02:57.0368 3352 RoxMediaDB9 - ok 12:02:57.0424 3352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 12:02:57.0440 3352 RpcLocator - ok 12:02:57.0548 3352 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 12:02:57.0602 3352 RpcSs - ok 12:02:57.0659 3352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 12:02:57.0695 3352 rspndr - ok 12:02:57.0838 3352 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 12:02:57.0871 3352 SamSs - ok 12:02:57.0951 3352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 12:02:57.0969 3352 sbp2port - ok 12:02:58.0025 3352 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 12:02:58.0054 3352 SCardSvr - ok 12:02:58.0395 3352 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 12:02:58.0494 3352 Schedule - ok 12:02:58.0525 3352 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 12:02:58.0560 3352 SCPolicySvc - ok 12:02:58.0589 3352 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 12:02:58.0640 3352 sdbus - ok 12:02:58.0672 3352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 12:02:58.0712 3352 SDRSVC - ok 12:02:58.0741 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 12:02:58.0792 3352 secdrv - ok 12:02:58.0810 3352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 12:02:58.0842 3352 seclogon - ok 12:02:58.0860 3352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 12:02:58.0892 3352 SENS - ok 12:02:58.0914 3352 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 12:02:58.0966 3352 Serenum - ok 12:02:59.0003 3352 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 12:02:59.0056 3352 Serial - ok 12:02:59.0102 3352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 12:02:59.0133 3352 sermouse - ok 12:02:59.0184 3352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 12:02:59.0220 3352 SessionEnv - ok 12:02:59.0321 3352 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe 12:02:59.0326 3352 sesvc ( UnsignedFile.Multi.Generic ) - warning 12:02:59.0326 3352 sesvc - detected UnsignedFile.Multi.Generic (1) 12:02:59.0356 3352 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys 12:02:59.0371 3352 sfdrv01 - ok 12:02:59.0397 3352 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 12:02:59.0461 3352 sffdisk - ok 12:02:59.0509 3352 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 12:02:59.0577 3352 sffp_mmc - ok 12:02:59.0607 3352 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 12:02:59.0697 3352 sffp_sd - ok 12:02:59.0734 3352 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys 12:02:59.0749 3352 sfhlp02 - ok 12:02:59.0798 3352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 12:02:59.0860 3352 sfloppy - ok 12:02:59.0911 3352 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys 12:02:59.0927 3352 sfvfs02 - ok 12:02:59.0955 3352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 12:03:00.0002 3352 SharedAccess - ok 12:03:00.0155 3352 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 12:03:00.0207 3352 ShellHWDetection - ok 12:03:00.0326 3352 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 12:03:00.0352 3352 sisagp - ok 12:03:00.0379 3352 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 12:03:00.0393 3352 SiSRaid2 - ok 12:03:00.0416 3352 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 12:03:00.0430 3352 SiSRaid4 - ok 12:03:01.0100 3352 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 12:03:01.0374 3352 slsvc - ok 12:03:02.0054 3352 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 12:03:02.0115 3352 SLUINotify - ok 12:03:02.0329 3352 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 12:03:02.0362 3352 Smb - ok 12:03:02.0405 3352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 12:03:02.0468 3352 SNMPTRAP - ok 12:03:02.0487 3352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 12:03:02.0502 3352 spldr - ok 12:03:02.0528 3352 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 12:03:02.0553 3352 Spooler - ok 12:03:02.0655 3352 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 12:03:02.0655 3352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 12:03:02.0658 3352 sptd ( LockedFile.Multi.Generic ) - warning 12:03:02.0658 3352 sptd - detected LockedFile.Multi.Generic (1) 12:03:02.0943 3352 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 12:03:02.0985 3352 SQLBrowser - ok 12:03:03.0049 3352 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 12:03:03.0066 3352 SQLWriter - ok 12:03:03.0350 3352 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 12:03:03.0466 3352 srv - ok 12:03:03.0649 3352 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 12:03:03.0704 3352 srv2 - ok 12:03:03.0745 3352 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 12:03:03.0785 3352 srvnet - ok 12:03:03.0825 3352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 12:03:03.0868 3352 SSDPSRV - ok 12:03:03.0906 3352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 12:03:03.0924 3352 SstpSvc - ok 12:03:03.0983 3352 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 12:03:04.0021 3352 stisvc - ok 12:03:04.0229 3352 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 12:03:04.0237 3352 stllssvr ( UnsignedFile.Multi.Generic ) - warning 12:03:04.0237 3352 stllssvr - detected UnsignedFile.Multi.Generic (1) 12:03:04.0266 3352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 12:03:04.0281 3352 swenum - ok 12:03:04.0332 3352 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 12:03:04.0368 3352 swprv - ok 12:03:04.0429 3352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 12:03:04.0444 3352 Symc8xx - ok 12:03:04.0471 3352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 12:03:04.0486 3352 Sym_hi - ok 12:03:04.0513 3352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 12:03:04.0531 3352 Sym_u3 - ok 12:03:04.0843 3352 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys 12:03:04.0992 3352 SynTP - ok 12:03:05.0637 3352 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 12:03:05.0734 3352 SysMain - ok 12:03:05.0770 3352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 12:03:05.0801 3352 TabletInputService - ok 12:03:05.0976 3352 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 12:03:06.0004 3352 TapiSrv - ok 12:03:06.0044 3352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 12:03:06.0089 3352 TBS - ok 12:03:07.0017 3352 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys 12:03:07.0127 3352 Tcpip - ok 12:03:07.0168 3352 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys 12:03:07.0240 3352 Tcpip6 - ok 12:03:07.0332 3352 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys 12:03:07.0381 3352 tcpipreg - ok 12:03:07.0481 3352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 12:03:07.0530 3352 TDPIPE - ok 12:03:07.0604 3352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 12:03:07.0646 3352 TDTCP - ok 12:03:07.0829 3352 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 12:03:07.0870 3352 tdx - ok 12:03:07.0960 3352 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 12:03:08.0005 3352 TermDD - ok 12:03:08.0242 3352 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 12:03:08.0301 3352 TermService - ok 12:03:08.0348 3352 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 12:03:08.0378 3352 Themes - ok 12:03:08.0406 3352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 12:03:08.0438 3352 THREADORDER - ok 12:03:08.0538 3352 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys 12:03:08.0552 3352 TPM - ok 12:03:08.0572 3352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 12:03:08.0605 3352 TrkWks - ok 12:03:08.0739 3352 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 12:03:08.0784 3352 TrustedInstaller - ok 12:03:08.0888 3352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:03:08.0920 3352 tssecsrv - ok 12:03:08.0968 3352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 12:03:08.0983 3352 tunmp - ok 12:03:09.0017 3352 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 12:03:09.0032 3352 tunnel - ok 12:03:09.0074 3352 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 12:03:09.0090 3352 uagp35 - ok 12:03:09.0126 3352 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 12:03:09.0157 3352 udfs - ok 12:03:09.0194 3352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 12:03:09.0232 3352 UI0Detect - ok 12:03:09.0238 3352 UIUSys - ok 12:03:09.0268 3352 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 12:03:09.0284 3352 uliagpkx - ok 12:03:09.0322 3352 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 12:03:09.0341 3352 uliahci - ok 12:03:09.0365 3352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 12:03:09.0380 3352 UlSata - ok 12:03:09.0400 3352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 12:03:09.0415 3352 ulsata2 - ok 12:03:09.0454 3352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 12:03:09.0489 3352 umbus - ok 12:03:09.0530 3352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 12:03:09.0566 3352 upnphost - ok 12:03:09.0651 3352 USB28xxBGA (94c4efca2786491e1d7de335356b3e78) C:\Windows\system32\DRIVERS\emBDA.sys 12:03:09.0712 3352 USB28xxBGA - ok 12:03:09.0727 3352 USB28xxOEM (c1743b02161ed76e15028f0591f6c753) C:\Windows\system32\DRIVERS\emOEM.sys 12:03:09.0744 3352 USB28xxOEM - ok 12:03:09.0772 3352 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys 12:03:09.0787 3352 usbbus - ok 12:03:09.0838 3352 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys 12:03:09.0895 3352 usbccgp - ok 12:03:09.0913 3352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 12:03:09.0971 3352 usbcir - ok 12:03:10.0042 3352 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys 12:03:10.0056 3352 UsbDiag - ok 12:03:10.0096 3352 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 12:03:10.0122 3352 usbehci - ok 12:03:10.0154 3352 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 12:03:10.0185 3352 usbhub - ok 12:03:10.0191 3352 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys 12:03:10.0208 3352 USBModem - ok 12:03:10.0225 3352 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 12:03:10.0252 3352 usbohci - ok 12:03:10.0279 3352 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 12:03:10.0341 3352 usbprint - ok 12:03:10.0377 3352 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:03:10.0404 3352 USBSTOR - ok 12:03:10.0435 3352 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 12:03:10.0498 3352 usbuhci - ok 12:03:10.0583 3352 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 12:03:10.0622 3352 UxSms - ok 12:03:10.0732 3352 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 12:03:10.0768 3352 VClone - ok 12:03:10.0835 3352 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 12:03:10.0875 3352 vds - ok 12:03:10.0979 3352 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 12:03:11.0041 3352 vga - ok 12:03:11.0114 3352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 12:03:11.0173 3352 VgaSave - ok 12:03:11.0305 3352 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 12:03:11.0324 3352 viaagp - ok 12:03:11.0433 3352 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 12:03:11.0548 3352 ViaC7 - ok 12:03:11.0611 3352 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 12:03:11.0644 3352 viaide - ok 12:03:11.0676 3352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 12:03:11.0693 3352 volmgr - ok 12:03:12.0001 3352 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 12:03:12.0054 3352 volmgrx - ok 12:03:12.0403 3352 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 12:03:12.0433 3352 volsnap - ok 12:03:12.0591 3352 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 12:03:12.0611 3352 vsmraid - ok 12:03:12.0966 3352 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 12:03:13.0098 3352 VSS - ok 12:03:13.0612 3352 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 12:03:13.0650 3352 W32Time - ok 12:03:13.0850 3352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 12:03:13.0922 3352 WacomPen - ok 12:03:13.0986 3352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:03:14.0013 3352 Wanarp - ok 12:03:14.0019 3352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:03:14.0048 3352 Wanarpv6 - ok 12:03:14.0323 3352 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 12:03:14.0392 3352 wcncsvc - ok 12:03:14.0432 3352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 12:03:14.0467 3352 WcsPlugInService - ok 12:03:14.0531 3352 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 12:03:14.0550 3352 Wd - ok 12:03:14.0842 3352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 12:03:14.0916 3352 Wdf01000 - ok 12:03:14.0981 3352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 12:03:15.0058 3352 WdiServiceHost - ok 12:03:15.0072 3352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 12:03:15.0155 3352 WdiSystemHost - ok 12:03:15.0643 3352 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 12:03:15.0691 3352 WebClient - ok 12:03:15.0914 3352 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 12:03:15.0962 3352 Wecsvc - ok 12:03:16.0002 3352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 12:03:16.0031 3352 wercplsupport - ok 12:03:16.0135 3352 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 12:03:16.0195 3352 WerSvc - ok 12:03:16.0339 3352 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 12:03:16.0384 3352 WimFltr - ok 12:03:16.0667 3352 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 12:03:16.0784 3352 winachsf - ok 12:03:17.0005 3352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 12:03:17.0030 3352 WinDefend - ok 12:03:17.0040 3352 WinHttpAutoProxySvc - ok 12:03:17.0217 3352 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 12:03:17.0248 3352 Winmgmt - ok 12:03:17.0360 3352 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 12:03:17.0491 3352 WinRM - ok 12:03:17.0613 3352 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 12:03:17.0665 3352 Wlansvc - ok 12:03:17.0700 3352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 12:03:17.0726 3352 WmiAcpi - ok 12:03:17.0914 3352 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 12:03:17.0944 3352 wmiApSrv - ok 12:03:18.0271 3352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 12:03:18.0364 3352 WMPNetworkSvc - ok 12:03:18.0409 3352 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 12:03:18.0443 3352 WPCSvc - ok 12:03:18.0482 3352 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 12:03:18.0504 3352 WPDBusEnum - ok 12:03:18.0583 3352 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 12:03:18.0600 3352 WpdUsb - ok 12:03:18.0768 3352 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:03:18.0824 3352 WPFFontCache_v0400 - ok 12:03:18.0885 3352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 12:03:18.0920 3352 ws2ifsl - ok 12:03:19.0042 3352 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 12:03:19.0081 3352 wscsvc - ok 12:03:19.0099 3352 WSearch - ok 12:03:19.0264 3352 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 12:03:19.0384 3352 wuauserv - ok 12:03:19.0517 3352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:03:19.0550 3352 WUDFRd - ok 12:03:19.0585 3352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 12:03:19.0620 3352 wudfsvc - ok 12:03:19.0682 3352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 12:03:20.0242 3352 \Device\Harddisk0\DR0 - ok 12:03:20.0248 3352 Boot (0x1200) (43d6fe2d0345951f003c04f35f764cd4) \Device\Harddisk0\DR0\Partition0 12:03:20.0249 3352 \Device\Harddisk0\DR0\Partition0 - ok 12:03:20.0265 3352 Boot (0x1200) (af9948a19f419d53cb915043d0b5a139) \Device\Harddisk0\DR0\Partition1 12:03:20.0267 3352 \Device\Harddisk0\DR0\Partition1 - ok 12:03:20.0267 3352 ============================================================ 12:03:20.0267 3352 Scan finished 12:03:20.0267 3352 ============================================================ 12:03:20.0287 4500 Detected object count: 9 12:03:20.0287 4500 Actual detected object count: 9 12:03:30.0624 4500 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0624 4500 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0625 4500 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0625 4500 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0636 4500 EPGService ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0636 4500 EPGService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0644 4500 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0644 4500 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0648 4500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0648 4500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0655 4500 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0655 4500 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0656 4500 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0656 4500 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:03:30.0661 4500 sptd ( LockedFile.Multi.Generic ) - skipped by user 12:03:30.0662 4500 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 12:03:30.0666 4500 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 12:03:30.0666 4500 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip |
26.06.2012, 12:46 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner in Quarantäne verschieben Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.07.2012, 22:14 | #30 |
| Verschlüsselungstrojaner in Quarantäne verschieben Hey, hier ist das log. Entschuldigung, dass es so lange gedauert hat, ich habe übermorgen mein müdl. Abi und viel stress.. Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - HP-User 02.07.2012 22:43:55.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1919.1105 [GMT 2:00] ausgeführt von:: c:\users\HP-User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\newdnswatch c:\users\HP-User\4.0 c:\users\HP-User\AppData\Roaming\Adobe\plugs c:\users\HP-User\AppData\Roaming\Adobe\plugs\qrqylXUdOQoEpsGGJO c:\users\HP-User\AppData\Roaming\Adobe\plugs\VpVVgJooTessvrjAlTUd c:\users\HP-User\AppData\Roaming\Adobe\shed c:\users\HP-User\AppData\Roaming\Adobe\shed\EvoEasttJrjjDaddNu c:\users\HP-User\Documents\~WRL0003.tmp c:\users\HP-User\Documents\~WRL0152.tmp c:\users\HP-User\Documents\~WRL1002.tmp c:\users\HP-User\Documents\~WRL3735.tmp c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 )))))))))))))))))))))))))))))) . . 2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-02 20:51 . 2012-07-02 20:56 -------- d-----w- c:\users\HP-User\AppData\Local\temp 2012-07-02 20:51 . 2012-07-02 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 20:51 . 2012-07-02 20:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-02 18:40 . 2012-07-02 18:40 -------- d-----w- c:\program files\SmartPCFixer 2012-07-02 14:24 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FAC90B2-78E0-4705-A17F-B05E982C7E50}\mpengine.dll 2012-07-01 17:09 . 2012-07-01 17:09 -------- d-----w- c:\program files\Recuva 2012-07-01 11:31 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-26 09:50 . 2012-06-26 09:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 21:54 . 2012-06-25 13:08 -------- d-----w- C:\_OTL 2012-06-23 21:57 . 2012-06-23 21:57 -------- d-----w- c:\programdata\WindowsSearch 2012-06-23 12:00 . 2012-06-23 12:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-06-23 12:00 . 2012-06-23 12:00 -------- d-----w- c:\program files\LSoft Technologies 2012-06-23 11:59 . 2012-06-23 11:59 -------- d-----w- c:\program files\Yontoo 2012-06-23 11:59 . 2012-06-23 11:59 -------- d-----w- c:\programdata\Tarma Installer 2012-06-19 13:06 . 2012-06-19 13:06 -------- d-----w- c:\program files\ESET 2012-06-18 17:56 . 2012-06-18 17:56 -------- d-----w- c:\program files\7-Zip 2012-06-16 21:27 . 2012-06-16 21:27 -------- d-----w- c:\users\HP-User\AppData\Roaming\www.shadowexplorer.com 2012-06-16 21:26 . 2012-06-16 21:26 -------- d-----w- c:\program files\ShadowExplorer 2012-06-16 11:31 . 2012-06-16 11:31 -------- d-----w- c:\users\HP-User\AppData\Roaming\Malwarebytes 2012-06-15 21:00 . 2012-06-15 21:00 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Games 2012-06-14 20:30 . 2012-06-14 20:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes 2012-06-14 20:29 . 2012-06-14 20:29 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 20:29 . 2012-06-14 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 20:29 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 19:34 . 2012-06-13 19:34 -------- d-----w- c:\users\Administrator\AppData\Local\Google 2012-06-13 17:45 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 17:45 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 17:45 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 17:45 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:30 . 2012-06-16 11:11 -------- d-----w- c:\users\HP-User\AppData\Roaming\Ffptne 2012-06-13 11:13 . 2012-02-10 17:15 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBEE596-B4A0-4120-A9B1-3AE7011F29F0}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 22:19 . 2012-06-19 13:06 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 13:06 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 13:06 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 13:06 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-19 13:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-19 13:06 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-19 13:06 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 13:06 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-19 13:06 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-18 21:32 . 2010-10-22 17:16 744960 ----a-w- c:\windows\system32\IR41_32.DLL 2012-05-18 21:24 . 2010-10-22 17:19 744960 ----a-w- c:\windows\system32\ir41_32.sav 2012-05-15 19:51 . 2012-06-13 17:44 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-04-19 15:07 . 2012-04-19 15:07 159482 ----a-w- c:\windows\RTL Racing Team Manager Patch 1.05 Uninstaller.exe 2012-04-17 14:06 . 2012-04-17 14:04 242023 ----a-w- c:\windows\RTL Racing Team Manager Uninstaller.exe 2011-11-21 04:21 . 2011-12-06 19:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-05-23 3029344] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-18 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-08-05 688128] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168] . c:\users\HP-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\HP-User\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-3-5 110647] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-3-3 192512] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 14:26] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 14:26] . 2012-07-02 c:\windows\Tasks\User_Feed_Synchronization-{8AA463B7-C2EB-4DD3-A617-9C0817F50068}.job - c:\windows\system32\msfeedssync.exe [2011-10-12 21:29] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop uInternet Settings,ProxyOverride = <local> IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\HP-User\AppData\Roaming\Mozilla\Firefox\Profiles\1xgaqubj.default\ FF - user.js: extentions.y2layers.installId - 41d619c7-3979-4b07-afe0-aa21a2b226d6 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock, FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\HP-User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll HKLM_ActiveSetup-ccc-core-static - msiexec AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-Dropbox - c:\users\HP-User\AppData\Roaming\Dropbox\bin\Uninstall.exe . . . ************************************************************************** Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(636) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . - - - - - - - > 'Explorer.exe'(4924) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\AEADISRV.EXE c:\windows\system32\agrsmsvc.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\progra~1\WinTV\EPG Services\System\EPGService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\PDF Complete\pdfsvc.exe c:\program files\ShadowExplorer\sesvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\system32\conime.exe c:\windows\SMINST\scheduler.exe c:\program files\WinTV\EPG Services\System\EPGClient.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe c:\program files\Hewlett-Packard\Shared\hpqToaster.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-02 23:04:09 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-02 21:02 . Vor Suchlauf: 22 Verzeichnis(se), 49.525.272.576 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 49.342.357.504 Bytes frei . - - End Of File - - E70EFC6A1A723A54A4415CC5DF6C1D55 |
Themen zu Verschlüsselungstrojaner in Quarantäne verschieben |
dateisystem, gefunde, geschaft, heuristiks/extra, heuristiks/shuriken, laptop, malwarebytes, quarantäne, quarantäneverschieben, recycle.bin, schritte, verschieben, verschlüsselungs, verschlüsselungs trojaner, verschlüsselungstrojaner, zwei trojaner |