| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
26.07.2012, 21:40
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\..\SearchScopes\{65BA7062-55D7-4444-A17D-436DE624FF9D}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - user.js - File not found
[2012.05.27 22:24:03 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3201387291-1446790065-2731534718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.07 15:29:48 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\Shell - "" = AutoRun
O33 - MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\Shell\AutoRun\command - "" = L:\start.exe /checksection
O33 - MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\Shell - "" = AutoRun
O33 - MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007.05.07 15:29:48 | 000,073,224 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2012, 22:19
| #2 |
 | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne,
__________________habe den Fix gemacht. System wurde danach neu gestartet. Logdatei: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\Software\Microsoft\Internet Explorer\SearchScopes\{65BA7062-55D7-4444-A17D-436DE624FF9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65BA7062-55D7-4444-A17D-436DE624FF9D}\ not found.
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: pdfforge@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.7 removed from extensions.enabledItems
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\Folger\AppData\Roaming\mozilla\Firefox\Profiles\k6ftdilp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201387291-1446790065-2731534718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efda3e9-e5ac-11df-ac3b-406186996cf4}\ not found.
File L:\start.exe /checksection not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d688c972-7d23-11df-9f96-406186996cf4}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Folger
->Temp folder emptied: 8205652 bytes
->Temporary Internet Files folder emptied: 28699132 bytes
->Java cache emptied: 4559802 bytes
->FireFox cache emptied: 562437066 bytes
->Flash cache emptied: 3334 bytes
User: Gast
->Temp folder emptied: 588364222 bytes
->Temporary Internet Files folder emptied: 4356895 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89047723 bytes
->Flash cache emptied: 5136 bytes
User: Public
User: yanstolko
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119769485 bytes
RecycleBin emptied: 42325157051 bytes
Total Files Cleaned = 41.705,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Folger
->Flash cache emptied: 0 bytes
User: Gast
->Flash cache emptied: 0 bytes
User: Public
User: yanstolko
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.1 log created on 07262012_231216
Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Setup.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2007.05.07 15:29:48 | 000,000,046 | R--- | M] () F:\autorun.inf : MD5=64F409024277631A689B2714C8070273
[2007.05.07 15:29:48 | 000,073,224 | R--- | M] () F:\Setup.exe : MD5=6BFE243798C3E805BADBD333E89D7B77
Registry entries deleted on Reboot...
|
|
26.07.2012, 23:13
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
27.07.2012, 07:08
| #4 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.Code:
ATTFilter 08:02:12.0971 6264 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:02:13.0085 6264 ============================================================
08:02:13.0085 6264 Current date / time: 2012/07/27 08:02:13.0085
08:02:13.0085 6264 SystemInfo:
08:02:13.0085 6264
08:02:13.0085 6264 OS Version: 6.1.7601 ServicePack: 1.0
08:02:13.0085 6264 Product type: Workstation
08:02:13.0085 6264 ComputerName: FOLGER-PC
08:02:13.0085 6264 UserName: Folger
08:02:13.0085 6264 Windows directory: C:\Windows
08:02:13.0085 6264 System windows directory: C:\Windows
08:02:13.0085 6264 Processor architecture: Intel x86
08:02:13.0085 6264 Number of processors: 4
08:02:13.0085 6264 Page size: 0x1000
08:02:13.0085 6264 Boot type: Normal boot
08:02:13.0085 6264 ============================================================
08:02:14.0621 6264 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:21.0443 6264 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:21.0451 6264 ============================================================
08:02:21.0451 6264 \Device\Harddisk0\DR0:
08:02:21.0451 6264 MBR partitions:
08:02:21.0451 6264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:02:21.0451 6264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC053000
08:02:21.0451 6264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAC086000, BlocksNum 0x2800000
08:02:21.0451 6264 \Device\Harddisk1\DR1:
08:02:21.0452 6264 MBR partitions:
08:02:21.0452 6264 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
08:02:21.0452 6264 ============================================================
08:02:21.0483 6264 C: <-> \Device\Harddisk0\DR0\Partition1
08:02:21.0497 6264 D: <-> \Device\Harddisk1\DR1\Partition0
08:02:21.0542 6264 E: <-> \Device\Harddisk0\DR0\Partition2
08:02:21.0543 6264 ============================================================
08:02:21.0543 6264 Initialize success
08:02:21.0543 6264 ============================================================
08:03:28.0402 8540 ============================================================
08:03:28.0402 8540 Scan started
08:03:28.0402 8540 Mode: Manual; SigCheck; TDLFS;
08:03:28.0402 8540 ============================================================
08:03:29.0429 8540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:03:29.0519 8540 1394ohci - ok
08:03:29.0557 8540 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
08:03:29.0643 8540 61883 - ok
08:03:29.0697 8540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:03:29.0710 8540 ACPI - ok
08:03:29.0737 8540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:03:29.0815 8540 AcpiPmi - ok
08:03:29.0925 8540 Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
08:03:29.0948 8540 Ad-Aware Service - ok
08:03:30.0055 8540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:03:30.0065 8540 AdobeARMservice - ok
08:03:30.0171 8540 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:03:30.0181 8540 AdobeFlashPlayerUpdateSvc - ok
08:03:30.0221 8540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:03:30.0257 8540 adp94xx - ok
08:03:30.0295 8540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:03:30.0330 8540 adpahci - ok
08:03:30.0359 8540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:03:30.0372 8540 adpu320 - ok
08:03:30.0394 8540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
08:03:30.0439 8540 AeLookupSvc - ok
08:03:30.0504 8540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:03:30.0585 8540 AFD - ok
08:03:30.0604 8540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:03:30.0618 8540 agp440 - ok
08:03:30.0648 8540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:03:30.0678 8540 aic78xx - ok
08:03:30.0709 8540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
08:03:30.0761 8540 ALG - ok
08:03:30.0769 8540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:03:30.0789 8540 aliide - ok
08:03:30.0815 8540 AMD External Events Utility (48f5be5035e6a49cf9287e0d857e7f6c) C:\Windows\system32\atiesrxx.exe
08:03:30.0857 8540 AMD External Events Utility - ok
08:03:30.0884 8540 AMD FUEL Service - ok
08:03:30.0893 8540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:03:30.0913 8540 amdagp - ok
08:03:30.0952 8540 amdide (211fce336502911ec03fc15a91344c98) C:\Windows\system32\DRIVERS\amdide.sys
08:03:30.0976 8540 amdide - ok
08:03:30.0996 8540 amdiox86 - ok
08:03:31.0015 8540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:03:31.0051 8540 AmdK8 - ok
08:03:31.0249 8540 amdkmdag (22a83ed0b7823237bdc28fce014d294b) C:\Windows\system32\DRIVERS\atipmdag.sys
08:03:31.0401 8540 amdkmdag - ok
08:03:31.0498 8540 amdkmdap (b75ef4747cad1bfa5653ffcd768901aa) C:\Windows\system32\DRIVERS\atikmpag.sys
08:03:31.0512 8540 amdkmdap - ok
08:03:31.0537 8540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:03:31.0565 8540 AmdPPM - ok
08:03:31.0584 8540 amdsata (6f64c768a9a48fab7c6d6cee1b30f97f) C:\Windows\system32\DRIVERS\amdsata.sys
08:03:31.0607 8540 amdsata - ok
08:03:31.0645 8540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:03:31.0659 8540 amdsbs - ok
08:03:31.0668 8540 amdxata (e27866684780606bcce640a57937d88a) C:\Windows\system32\DRIVERS\amdxata.sys
08:03:31.0678 8540 amdxata - ok
08:03:31.0760 8540 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:03:31.0771 8540 AntiVirSchedulerService - ok
08:03:31.0826 8540 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:03:31.0835 8540 AntiVirService - ok
08:03:31.0873 8540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:03:31.0954 8540 AppID - ok
08:03:31.0976 8540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
08:03:32.0032 8540 AppIDSvc - ok
08:03:32.0057 8540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
08:03:32.0092 8540 Appinfo - ok
08:03:32.0145 8540 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:03:32.0169 8540 Apple Mobile Device - ok
08:03:32.0203 8540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:03:32.0229 8540 arc - ok
08:03:32.0250 8540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:03:32.0275 8540 arcsas - ok
08:03:32.0345 8540 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
08:03:32.0379 8540 ASPI ( UnsignedFile.Multi.Generic ) - warning
08:03:32.0379 8540 ASPI - detected UnsignedFile.Multi.Generic (1)
08:03:32.0463 8540 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:03:32.0524 8540 aspnet_state - ok
08:03:32.0558 8540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:32.0652 8540 AsyncMac - ok
08:03:32.0692 8540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:03:32.0702 8540 atapi - ok
08:03:32.0754 8540 AtiHdmiService (430449d04b05348879244c9090d405b4) C:\Windows\system32\drivers\AtiHdmi.sys
08:03:32.0773 8540 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
08:03:32.0773 8540 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
08:03:32.0802 8540 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:03:32.0827 8540 AtiPcie - ok
08:03:32.0870 8540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:03:32.0908 8540 AudioEndpointBuilder - ok
08:03:32.0912 8540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
08:03:32.0936 8540 Audiosrv - ok
08:03:32.0973 8540 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
08:03:33.0001 8540 Avc - ok
08:03:33.0037 8540 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
08:03:33.0050 8540 avgntflt - ok
08:03:33.0081 8540 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
08:03:33.0106 8540 avipbb - ok
08:03:33.0143 8540 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
08:03:33.0162 8540 avkmgr - ok
08:03:33.0185 8540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
08:03:33.0238 8540 AxInstSV - ok
08:03:33.0268 8540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:03:33.0322 8540 b06bdrv - ok
08:03:33.0345 8540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:03:33.0368 8540 b57nd60x - ok
08:03:33.0420 8540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
08:03:33.0443 8540 BDESVC - ok
08:03:33.0458 8540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:03:33.0512 8540 Beep - ok
08:03:33.0561 8540 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
08:03:33.0594 8540 BFE - ok
08:03:33.0638 8540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
08:03:33.0724 8540 BITS - ok
08:03:33.0727 8540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:03:33.0762 8540 blbdrive - ok
08:03:33.0873 8540 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:03:33.0884 8540 Bonjour Service - ok
08:03:33.0907 8540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:03:33.0958 8540 bowser - ok
08:03:33.0961 8540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:03:33.0987 8540 BrFiltLo - ok
08:03:34.0004 8540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:03:34.0033 8540 BrFiltUp - ok
08:03:34.0066 8540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
08:03:34.0087 8540 Browser - ok
08:03:34.0109 8540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:03:34.0150 8540 Brserid - ok
08:03:34.0158 8540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:34.0197 8540 BrSerWdm - ok
08:03:34.0225 8540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:34.0261 8540 BrUsbMdm - ok
08:03:34.0279 8540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:34.0311 8540 BrUsbSer - ok
08:03:34.0328 8540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:03:34.0357 8540 BTHMODEM - ok
08:03:34.0364 8540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
08:03:34.0398 8540 bthserv - ok
08:03:34.0425 8540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:03:34.0470 8540 cdfs - ok
08:03:34.0517 8540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:03:34.0563 8540 cdrom - ok
08:03:34.0604 8540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:03:34.0639 8540 CertPropSvc - ok
08:03:34.0651 8540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:03:34.0684 8540 circlass - ok
08:03:34.0722 8540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:03:34.0735 8540 CLFS - ok
08:03:34.0799 8540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:03:34.0825 8540 clr_optimization_v2.0.50727_32 - ok
08:03:34.0909 8540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:03:34.0945 8540 clr_optimization_v4.0.30319_32 - ok
08:03:34.0962 8540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:03:34.0975 8540 CmBatt - ok
08:03:35.0005 8540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:03:35.0017 8540 cmdide - ok
08:03:35.0051 8540 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
08:03:35.0075 8540 CNG - ok
08:03:35.0084 8540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:03:35.0094 8540 Compbatt - ok
08:03:35.0135 8540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:03:35.0151 8540 CompositeBus - ok
08:03:35.0154 8540 COMSysApp - ok
08:03:35.0162 8540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:03:35.0191 8540 crcdisk - ok
08:03:35.0239 8540 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
08:03:35.0278 8540 CryptSvc - ok
08:03:35.0318 8540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:03:35.0342 8540 DcomLaunch - ok
08:03:35.0352 8540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
08:03:35.0397 8540 defragsvc - ok
08:03:35.0427 8540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:03:35.0464 8540 DfsC - ok
08:03:35.0509 8540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
08:03:35.0532 8540 Dhcp - ok
08:03:35.0544 8540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:03:35.0567 8540 discache - ok
08:03:35.0598 8540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:03:35.0608 8540 Disk - ok
08:03:35.0643 8540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
08:03:35.0690 8540 Dnscache - ok
08:03:35.0715 8540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
08:03:35.0754 8540 dot3svc - ok
08:03:35.0798 8540 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
08:03:35.0814 8540 Dot4 - ok
08:03:35.0859 8540 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
08:03:35.0899 8540 Dot4Print - ok
08:03:35.0931 8540 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
08:03:35.0969 8540 dot4usb - ok
08:03:36.0003 8540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
08:03:36.0038 8540 DPS - ok
08:03:36.0063 8540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:03:36.0077 8540 drmkaud - ok
08:03:36.0134 8540 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
08:03:36.0332 8540 DSI_SiUSBXp_3_1 - ok
08:03:36.0390 8540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:03:36.0428 8540 DXGKrnl - ok
08:03:36.0445 8540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
08:03:36.0478 8540 EapHost - ok
08:03:36.0633 8540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:03:36.0759 8540 ebdrv - ok
08:03:36.0858 8540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
08:03:36.0875 8540 EFS - ok
08:03:36.0941 8540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
08:03:37.0003 8540 ehRecvr - ok
08:03:37.0029 8540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
08:03:37.0048 8540 ehSched - ok
08:03:37.0110 8540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:03:37.0130 8540 elxstor - ok
08:03:37.0157 8540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:03:37.0185 8540 ErrDev - ok
08:03:37.0232 8540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
08:03:37.0270 8540 EventSystem - ok
08:03:37.0293 8540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:03:37.0345 8540 exfat - ok
08:03:37.0360 8540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:03:37.0396 8540 fastfat - ok
08:03:37.0488 8540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
08:03:37.0533 8540 Fax - ok
08:03:37.0554 8540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:03:37.0579 8540 fdc - ok
08:03:37.0602 8540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
08:03:37.0655 8540 fdPHost - ok
08:03:37.0680 8540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
08:03:37.0716 8540 FDResPub - ok
08:03:37.0720 8540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:03:37.0733 8540 FileInfo - ok
08:03:37.0749 8540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:03:37.0783 8540 Filetrace - ok
08:03:37.0801 8540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:03:37.0825 8540 flpydisk - ok
08:03:37.0853 8540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:03:37.0886 8540 FltMgr - ok
08:03:37.0955 8540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
08:03:37.0986 8540 FontCache - ok
08:03:38.0034 8540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:03:38.0062 8540 FontCache3.0.0.0 - ok
08:03:38.0188 8540 Freemake Improver (565619f1b6da86e3c7ba75a1e60ecfcd) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
08:03:38.0193 8540 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
08:03:38.0193 8540 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
08:03:38.0214 8540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:03:38.0225 8540 FsDepends - ok
08:03:38.0253 8540 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
08:03:38.0265 8540 Fs_Rec - ok
08:03:38.0300 8540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:03:38.0317 8540 fvevol - ok
08:03:38.0352 8540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:03:38.0373 8540 gagp30kx - ok
08:03:38.0424 8540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:38.0434 8540 GEARAspiWDM - ok
08:03:38.0490 8540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
08:03:38.0532 8540 gpsvc - ok
08:03:38.0568 8540 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
08:03:38.0586 8540 grmnusb - ok
08:03:38.0668 8540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:03:38.0677 8540 gupdate - ok
08:03:38.0686 8540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:03:38.0695 8540 gupdatem - ok
08:03:38.0734 8540 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:03:38.0744 8540 gusvc - ok
08:03:38.0770 8540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:03:38.0823 8540 hcw85cir - ok
08:03:38.0863 8540 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
08:03:38.0902 8540 HdAudAddService - ok
08:03:38.0952 8540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:03:38.0982 8540 HDAudBus - ok
08:03:39.0003 8540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:03:39.0038 8540 HidBatt - ok
08:03:39.0083 8540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:03:39.0108 8540 HidBth - ok
08:03:39.0141 8540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:03:39.0173 8540 HidIr - ok
08:03:39.0191 8540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
08:03:39.0231 8540 hidserv - ok
08:03:39.0277 8540 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
08:03:39.0289 8540 HidUsb - ok
08:03:39.0320 8540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
08:03:39.0356 8540 hkmsvc - ok
08:03:39.0381 8540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
08:03:39.0420 8540 HomeGroupListener - ok
08:03:39.0465 8540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
08:03:39.0478 8540 HomeGroupProvider - ok
08:03:39.0576 8540 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:03:39.0596 8540 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0596 8540 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:03:39.0625 8540 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:03:39.0639 8540 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0639 8540 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
08:03:39.0656 8540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:03:39.0680 8540 HpSAMD - ok
08:03:39.0725 8540 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:03:39.0736 8540 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
08:03:39.0736 8540 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
08:03:39.0799 8540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:03:39.0830 8540 HTTP - ok
08:03:39.0856 8540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:03:39.0867 8540 hwpolicy - ok
08:03:39.0906 8540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:03:39.0926 8540 i8042prt - ok
08:03:39.0959 8540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:03:39.0990 8540 iaStorV - ok
08:03:40.0068 8540 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:03:40.0075 8540 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:03:40.0075 8540 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:03:40.0156 8540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:03:40.0207 8540 idsvc - ok
08:03:40.0288 8540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:03:40.0310 8540 iirsp - ok
08:03:40.0356 8540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
08:03:40.0383 8540 IKEEXT - ok
08:03:40.0529 8540 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
08:03:40.0634 8540 IntcAzAudAddService - ok
08:03:40.0695 8540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:03:40.0724 8540 intelide - ok
08:03:40.0755 8540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:03:40.0786 8540 intelppm - ok
08:03:40.0818 8540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
08:03:40.0857 8540 IPBusEnum - ok
08:03:40.0882 8540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:40.0928 8540 IpFilterDriver - ok
08:03:40.0978 8540 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
08:03:41.0003 8540 iphlpsvc - ok
08:03:41.0015 8540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:03:41.0059 8540 IPMIDRV - ok
08:03:41.0080 8540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:03:41.0127 8540 IPNAT - ok
08:03:41.0217 8540 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
08:03:41.0233 8540 iPod Service - ok
08:03:41.0253 8540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:03:41.0307 8540 IRENUM - ok
08:03:41.0339 8540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:03:41.0368 8540 isapnp - ok
08:03:41.0398 8540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:03:41.0427 8540 iScsiPrt - ok
08:03:41.0453 8540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:03:41.0482 8540 kbdclass - ok
08:03:41.0511 8540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:03:41.0533 8540 kbdhid - ok
08:03:41.0550 8540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:41.0561 8540 KeyIso - ok
08:03:41.0584 8540 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
08:03:41.0613 8540 KSecDD - ok
08:03:41.0662 8540 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
08:03:41.0688 8540 KSecPkg - ok
08:03:41.0737 8540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
08:03:41.0775 8540 KtmRm - ok
08:03:41.0805 8540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
08:03:41.0845 8540 LanmanServer - ok
08:03:41.0871 8540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
08:03:41.0909 8540 LanmanWorkstation - ok
08:03:41.0911 8540 Lbd - ok
08:03:41.0942 8540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:03:41.0981 8540 lltdio - ok
08:03:42.0018 8540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
08:03:42.0044 8540 lltdsvc - ok
08:03:42.0071 8540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
08:03:42.0093 8540 lmhosts - ok
08:03:42.0132 8540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:03:42.0159 8540 LSI_FC - ok
08:03:42.0184 8540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:03:42.0207 8540 LSI_SAS - ok
08:03:42.0240 8540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:03:42.0262 8540 LSI_SAS2 - ok
08:03:42.0297 8540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:03:42.0311 8540 LSI_SCSI - ok
08:03:42.0321 8540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:03:42.0363 8540 luafv - ok
08:03:42.0435 8540 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
08:03:42.0444 8540 MBAMProtector - ok
08:03:42.0495 8540 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:03:42.0510 8540 MBAMService - ok
08:03:42.0578 8540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
08:03:42.0593 8540 Mcx2Svc - ok
08:03:42.0605 8540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:03:42.0633 8540 megasas - ok
08:03:42.0661 8540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:03:42.0678 8540 MegaSR - ok
08:03:42.0749 8540 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:03:42.0760 8540 Microsoft Office Groove Audit Service - ok
08:03:42.0776 8540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:03:42.0809 8540 MMCSS - ok
08:03:42.0824 8540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:03:42.0864 8540 Modem - ok
08:03:42.0901 8540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:03:42.0929 8540 monitor - ok
08:03:42.0962 8540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:03:42.0983 8540 mouclass - ok
08:03:43.0008 8540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:03:43.0029 8540 mouhid - ok
08:03:43.0058 8540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:03:43.0080 8540 mountmgr - ok
08:03:43.0141 8540 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:03:43.0151 8540 MozillaMaintenance - ok
08:03:43.0174 8540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:03:43.0189 8540 mpio - ok
08:03:43.0198 8540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:03:43.0244 8540 mpsdrv - ok
08:03:43.0294 8540 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
08:03:43.0340 8540 MpsSvc - ok
08:03:43.0375 8540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:03:43.0406 8540 MRxDAV - ok
08:03:43.0445 8540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:43.0501 8540 mrxsmb - ok
08:03:43.0539 8540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:43.0572 8540 mrxsmb10 - ok
08:03:43.0606 8540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:43.0628 8540 mrxsmb20 - ok
08:03:43.0650 8540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\DRIVERS\msahci.sys
08:03:43.0673 8540 msahci - ok
08:03:43.0699 8540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:03:43.0726 8540 msdsm - ok
08:03:43.0760 8540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
08:03:43.0789 8540 MSDTC - ok
08:03:43.0835 8540 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
08:03:43.0867 8540 MSDV - ok
08:03:43.0880 8540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:03:43.0916 8540 Msfs - ok
08:03:43.0924 8540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:03:43.0967 8540 mshidkmdf - ok
08:03:43.0981 8540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:03:43.0990 8540 msisadrv - ok
08:03:44.0013 8540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
08:03:44.0036 8540 MSiSCSI - ok
08:03:44.0039 8540 msiserver - ok
08:03:44.0054 8540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:03:44.0094 8540 MSKSSRV - ok
08:03:44.0117 8540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:44.0165 8540 MSPCLOCK - ok
08:03:44.0179 8540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:03:44.0201 8540 MSPQM - ok
08:03:44.0221 8540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:03:44.0245 8540 MsRPC - ok
08:03:44.0265 8540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:03:44.0274 8540 mssmbios - ok
08:03:44.0277 8540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:03:44.0301 8540 MSTEE - ok
08:03:44.0321 8540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:03:44.0347 8540 MTConfig - ok
08:03:44.0364 8540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:03:44.0387 8540 Mup - ok
08:03:44.0413 8540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
08:03:44.0451 8540 napagent - ok
08:03:44.0489 8540 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:03:44.0526 8540 NativeWifiP - ok
08:03:44.0609 8540 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:03:44.0626 8540 NDIS - ok
08:03:44.0647 8540 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:44.0678 8540 NdisCap - ok
08:03:44.0698 8540 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:44.0728 8540 NdisTapi - ok
08:03:44.0781 8540 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:44.0804 8540 Ndisuio - ok
08:03:44.0831 8540 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:44.0864 8540 NdisWan - ok
08:03:44.0895 8540 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:03:44.0930 8540 NDProxy - ok
08:03:45.0067 8540 Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
08:03:45.0145 8540 Nero BackItUp Scheduler 3 - ok
08:03:45.0188 8540 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
08:03:45.0212 8540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:03:45.0212 8540 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:03:45.0224 8540 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:03:45.0248 8540 NetBIOS - ok
08:03:45.0293 8540 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:03:45.0341 8540 NetBT - ok
08:03:45.0366 8540 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:45.0377 8540 Netlogon - ok
08:03:45.0424 8540 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
08:03:45.0462 8540 Netman - ok
08:03:45.0542 8540 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0574 8540 NetMsmqActivator - ok
08:03:45.0590 8540 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0600 8540 NetPipeActivator - ok
08:03:45.0615 8540 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
08:03:45.0640 8540 netprofm - ok
08:03:45.0643 8540 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0652 8540 NetTcpActivator - ok
08:03:45.0655 8540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:03:45.0664 8540 NetTcpPortSharing - ok
08:03:45.0693 8540 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:03:45.0718 8540 nfrd960 - ok
08:03:45.0738 8540 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
08:03:45.0761 8540 NlaSvc - ok
08:03:45.0820 8540 NMIndexingService (6ef0506ce1f553e9bd085645933c8686) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
08:03:45.0855 8540 NMIndexingService - ok
08:03:45.0870 8540 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:03:45.0905 8540 Npfs - ok
08:03:45.0919 8540 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
08:03:45.0942 8540 nsi - ok
08:03:45.0956 8540 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:03:45.0992 8540 nsiproxy - ok
08:03:46.0070 8540 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:03:46.0134 8540 Ntfs - ok
08:03:46.0205 8540 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:03:46.0258 8540 Null - ok
08:03:46.0298 8540 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:03:46.0310 8540 nvraid - ok
08:03:46.0340 8540 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:03:46.0362 8540 nvstor - ok
08:03:46.0383 8540 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:03:46.0413 8540 nv_agp - ok
08:03:46.0476 8540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:03:46.0489 8540 odserv - ok
08:03:46.0526 8540 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:03:46.0561 8540 ohci1394 - ok
08:03:46.0622 8540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:03:46.0649 8540 ose - ok
08:03:46.0690 8540 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:03:46.0752 8540 p2pimsvc - ok
08:03:46.0782 8540 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
08:03:46.0814 8540 p2psvc - ok
08:03:46.0840 8540 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:03:46.0868 8540 Parport - ok
08:03:46.0903 8540 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
08:03:46.0916 8540 partmgr - ok
08:03:46.0932 8540 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:03:46.0954 8540 Parvdm - ok
08:03:46.0980 8540 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
08:03:46.0995 8540 PcaSvc - ok
08:03:47.0007 8540 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:03:47.0018 8540 pci - ok
08:03:47.0040 8540 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
08:03:47.0049 8540 pciide - ok
08:03:47.0072 8540 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:03:47.0100 8540 pcmcia - ok
08:03:47.0161 8540 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:03:47.0174 8540 pcw - ok
08:03:47.0214 8540 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:03:47.0280 8540 PEAUTH - ok
08:03:47.0365 8540 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
08:03:47.0450 8540 pla - ok
08:03:47.0571 8540 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
08:03:47.0619 8540 PlugPlay - ok
08:03:47.0667 8540 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
08:03:47.0673 8540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:03:47.0673 8540 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:03:47.0706 8540 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
08:03:47.0734 8540 PNRPAutoReg - ok
08:03:47.0746 8540 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
08:03:47.0759 8540 PNRPsvc - ok
08:03:47.0807 8540 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
08:03:47.0848 8540 PolicyAgent - ok
08:03:47.0903 8540 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
08:03:47.0926 8540 Power - ok
08:03:47.0959 8540 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:48.0008 8540 PptpMiniport - ok
08:03:48.0039 8540 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:03:48.0077 8540 Processor - ok
08:03:48.0109 8540 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
08:03:48.0122 8540 ProfSvc - ok
08:03:48.0150 8540 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:48.0161 8540 ProtectedStorage - ok
08:03:48.0186 8540 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:03:48.0223 8540 Psched - ok
08:03:48.0296 8540 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
08:03:48.0308 8540 PSI_SVC_2 - ok
08:03:48.0399 8540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:03:48.0460 8540 ql2300 - ok
08:03:48.0533 8540 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:03:48.0555 8540 ql40xx - ok
08:03:48.0566 8540 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
08:03:48.0585 8540 QWAVE - ok
08:03:48.0605 8540 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:03:48.0632 8540 QWAVEdrv - ok
08:03:48.0723 8540 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
08:03:48.0751 8540 RapiMgr - ok
08:03:48.0764 8540 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:48.0798 8540 RasAcd - ok
08:03:48.0813 8540 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:48.0852 8540 RasAgileVpn - ok
08:03:48.0875 8540 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
08:03:48.0901 8540 RasAuto - ok
08:03:48.0916 8540 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:48.0958 8540 Rasl2tp - ok
08:03:48.0994 8540 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
08:03:49.0035 8540 RasMan - ok
08:03:49.0053 8540 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:49.0085 8540 RasPppoe - ok
08:03:49.0100 8540 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:49.0139 8540 RasSstp - ok
08:03:49.0171 8540 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:49.0198 8540 rdbss - ok
08:03:49.0215 8540 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:49.0230 8540 rdpbus - ok
08:03:49.0260 8540 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:49.0301 8540 RDPCDD - ok
08:03:49.0324 8540 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:03:49.0346 8540 RDPENCDD - ok
08:03:49.0357 8540 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:03:49.0378 8540 RDPREFMP - ok
08:03:49.0407 8540 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
08:03:49.0454 8540 RDPWD - ok
08:03:49.0476 8540 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:03:49.0501 8540 rdyboost - ok
08:03:49.0523 8540 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
08:03:49.0565 8540 RemoteAccess - ok
08:03:49.0610 8540 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
08:03:49.0646 8540 RemoteRegistry - ok
08:03:49.0668 8540 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
08:03:49.0693 8540 RpcEptMapper - ok
08:03:49.0711 8540 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
08:03:49.0739 8540 RpcLocator - ok
08:03:49.0778 8540 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
08:03:49.0802 8540 RpcSs - ok
08:03:49.0807 8540 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:49.0844 8540 rspndr - ok
08:03:49.0902 8540 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
08:03:49.0917 8540 RTL8167 - ok
08:03:49.0970 8540 RTL8192su (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys
08:03:50.0028 8540 RTL8192su - ok
08:03:50.0046 8540 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:50.0057 8540 SamSs - ok
08:03:50.0099 8540 SANDRA - ok
08:03:50.0274 8540 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
08:03:50.0326 8540 SBAMSvc - ok
08:03:50.0424 8540 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
08:03:50.0435 8540 sbapifs - ok
08:03:50.0485 8540 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
08:03:50.0513 8540 SbFw - ok
08:03:50.0533 8540 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
08:03:50.0541 8540 SBFWIMCL - ok
08:03:50.0544 8540 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
08:03:50.0553 8540 SBFWIMCLMP - ok
08:03:50.0571 8540 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
08:03:50.0583 8540 sbhips - ok
08:03:50.0634 8540 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:03:50.0660 8540 sbp2port - ok
08:03:50.0686 8540 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
08:03:50.0697 8540 SBRE - ok
08:03:50.0718 8540 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
08:03:50.0726 8540 sbwtis - ok
08:03:50.0762 8540 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
08:03:50.0795 8540 SCardSvr - ok
08:03:50.0823 8540 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:50.0867 8540 scfilter - ok
08:03:50.0926 8540 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
08:03:50.0983 8540 Schedule - ok
08:03:50.0998 8540 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
08:03:51.0019 8540 SCPolicySvc - ok
08:03:51.0047 8540 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
08:03:51.0092 8540 SDRSVC - ok
08:03:51.0147 8540 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:03:51.0162 8540 SeaPort - ok
08:03:51.0188 8540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:03:51.0212 8540 secdrv - ok
08:03:51.0219 8540 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
08:03:51.0265 8540 seclogon - ok
08:03:51.0298 8540 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
08:03:51.0339 8540 SENS - ok
08:03:51.0351 8540 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
08:03:51.0398 8540 SensrSvc - ok
08:03:51.0421 8540 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:03:51.0463 8540 Serenum - ok
08:03:51.0490 8540 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:03:51.0516 8540 Serial - ok
08:03:51.0536 8540 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:03:51.0570 8540 sermouse - ok
08:03:51.0598 8540 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
08:03:51.0630 8540 SessionEnv - ok
08:03:51.0654 8540 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:03:51.0685 8540 sffdisk - ok
08:03:51.0697 8540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:51.0720 8540 sffp_mmc - ok
08:03:51.0737 8540 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:03:51.0765 8540 sffp_sd - ok
08:03:51.0792 8540 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:03:51.0821 8540 sfloppy - ok
08:03:51.0868 8540 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
08:03:51.0898 8540 SharedAccess - ok
08:03:51.0921 8540 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
08:03:51.0946 8540 ShellHWDetection - ok
08:03:51.0965 8540 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:03:51.0985 8540 sisagp - ok
08:03:52.0022 8540 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:03:52.0046 8540 SiSRaid2 - ok
08:03:52.0078 8540 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:03:52.0106 8540 SiSRaid4 - ok
08:03:52.0139 8540 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:03:52.0179 8540 Smb - ok
08:03:52.0200 8540 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
08:03:52.0214 8540 SNMPTRAP - ok
08:03:52.0217 8540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:03:52.0228 8540 spldr - ok
08:03:52.0259 8540 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
08:03:52.0293 8540 Spooler - ok
08:03:52.0431 8540 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
08:03:52.0485 8540 sppsvc - ok
08:03:52.0579 8540 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
08:03:52.0615 8540 sppuinotify - ok
08:03:52.0705 8540 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
08:03:52.0713 8540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:03:52.0714 8540 sptd ( LockedFile.Multi.Generic ) - warning
08:03:52.0714 8540 sptd - detected LockedFile.Multi.Generic (1)
08:03:52.0789 8540 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:03:52.0832 8540 srv - ok
08:03:52.0860 8540 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:03:52.0900 8540 srv2 - ok
08:03:52.0926 8540 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:52.0952 8540 srvnet - ok
08:03:52.0979 8540 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
08:03:53.0021 8540 SSDPSRV - ok
08:03:53.0054 8540 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
08:03:53.0078 8540 ssmdrv - ok
08:03:53.0084 8540 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
08:03:53.0114 8540 SstpSvc - ok
08:03:53.0139 8540 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:03:53.0151 8540 stexstor - ok
08:03:53.0185 8540 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
08:03:53.0251 8540 StiSvc - ok
08:03:53.0265 8540 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:03:53.0294 8540 swenum - ok
08:03:53.0326 8540 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
08:03:53.0357 8540 swprv - ok
08:03:53.0392 8540 synasusb (af9a16163545685856ffd8b17aaa5e0b) C:\Windows\system32\Drivers\synasusb.sys
08:03:53.0407 8540 synasusb - ok
08:03:53.0486 8540 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
08:03:53.0510 8540 SysMain - ok
08:03:53.0530 8540 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
08:03:53.0557 8540 TabletInputService - ok
08:03:53.0584 8540 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
08:03:53.0607 8540 TapiSrv - ok
08:03:53.0662 8540 TASCAM_US122144 (be3d9cddd7f607b8990353cf06b0c0df) C:\Windows\system32\Drivers\tascusb2.sys
08:03:53.0781 8540 TASCAM_US122144 - ok
08:03:53.0797 8540 TASCAM_US144_MIDI (e606debbf2c7f59e043db01dc60f4299) C:\Windows\system32\drivers\tscusb2m.sys
08:03:53.0878 8540 TASCAM_US144_MIDI - ok
08:03:53.0899 8540 TASCAM_US144_WDM (b3e1e0b03d54900ed877cdf285079082) C:\Windows\system32\drivers\tscusb2a.sys
08:03:53.0990 8540 TASCAM_US144_WDM - ok
08:03:54.0018 8540 tbhsd (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
08:03:54.0041 8540 tbhsd - ok
08:03:54.0063 8540 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
08:03:54.0101 8540 TBS - ok
08:03:54.0169 8540 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
08:03:54.0216 8540 Tcpip - ok
08:03:54.0314 8540 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:54.0357 8540 TCPIP6 - ok
08:03:54.0431 8540 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:03:54.0487 8540 tcpipreg - ok
08:03:54.0514 8540 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:03:54.0568 8540 TDPIPE - ok
08:03:54.0605 8540 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
08:03:54.0617 8540 TDTCP - ok
08:03:54.0634 8540 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:03:54.0657 8540 tdx - ok
08:03:54.0672 8540 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:03:54.0684 8540 TermDD - ok
08:03:54.0727 8540 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
08:03:54.0753 8540 TermService - ok
08:03:54.0766 8540 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
08:03:54.0780 8540 Themes - ok
08:03:54.0799 8540 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
08:03:54.0821 8540 THREADORDER - ok
08:03:54.0836 8540 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
08:03:54.0878 8540 TrkWks - ok
08:03:54.0907 8540 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
08:03:54.0943 8540 TrustedInstaller - ok
08:03:54.0959 8540 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:54.0981 8540 tssecsrv - ok
08:03:55.0008 8540 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:03:55.0032 8540 TsUsbFlt - ok
08:03:55.0164 8540 TuneUp.UtilitiesSvc (af5f31156ee89d35ad6ec3179a805d23) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
08:03:55.0188 8540 TuneUp.UtilitiesSvc - ok
08:03:55.0213 8540 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
08:03:55.0233 8540 TuneUpUtilitiesDrv - ok
08:03:55.0294 8540 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:55.0329 8540 tunnel - ok
08:03:55.0359 8540 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:03:55.0382 8540 uagp35 - ok
08:03:55.0414 8540 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:03:55.0453 8540 udfs - ok
08:03:55.0470 8540 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
08:03:55.0499 8540 UI0Detect - ok
08:03:55.0520 8540 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:03:55.0545 8540 uliagpkx - ok
08:03:55.0575 8540 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:03:55.0589 8540 umbus - ok
08:03:55.0612 8540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:03:55.0635 8540 UmPass - ok
08:03:55.0678 8540 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
08:03:55.0702 8540 upnphost - ok
08:03:55.0727 8540 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
08:03:55.0778 8540 USBAAPL - ok
08:03:55.0809 8540 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:55.0839 8540 usbccgp - ok
08:03:55.0866 8540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:03:55.0905 8540 usbcir - ok
08:03:55.0932 8540 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:03:55.0972 8540 usbehci - ok
08:03:56.0013 8540 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:56.0030 8540 usbhub - ok
08:03:56.0057 8540 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
08:03:56.0086 8540 usbohci - ok
08:03:56.0132 8540 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:03:56.0162 8540 usbprint - ok
08:03:56.0197 8540 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:03:56.0219 8540 usbscan - ok
08:03:56.0243 8540 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:56.0275 8540 USBSTOR - ok
08:03:56.0297 8540 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
08:03:56.0326 8540 usbuhci - ok
08:03:56.0345 8540 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
08:03:56.0367 8540 UxSms - ok
08:03:56.0393 8540 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
08:03:56.0404 8540 VaultSvc - ok
08:03:56.0416 8540 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:03:56.0445 8540 vdrvroot - ok
08:03:56.0484 8540 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
08:03:56.0532 8540 vds - ok
08:03:56.0552 8540 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:56.0574 8540 vga - ok
08:03:56.0590 8540 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:03:56.0613 8540 VgaSave - ok
08:03:56.0633 8540 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:03:56.0648 8540 vhdmp - ok
08:03:56.0665 8540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:03:56.0678 8540 viaagp - ok
08:03:56.0690 8540 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:03:56.0720 8540 ViaC7 - ok
08:03:56.0735 8540 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:03:56.0765 8540 viaide - ok
08:03:56.0789 8540 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:03:56.0810 8540 volmgr - ok
08:03:56.0841 8540 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:03:56.0858 8540 volmgrx - ok
08:03:56.0920 8540 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:03:56.0932 8540 volsnap - ok
08:03:56.0955 8540 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:03:56.0969 8540 vsmraid - ok
08:03:57.0043 8540 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
08:03:57.0088 8540 VSS - ok
08:03:57.0099 8540 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:03:57.0121 8540 vwifibus - ok
08:03:57.0147 8540 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:03:57.0162 8540 vwififlt - ok
08:03:57.0179 8540 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
08:03:57.0192 8540 vwifimp - ok
08:03:57.0220 8540 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
08:03:57.0245 8540 W32Time - ok
08:03:57.0257 8540 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:03:57.0282 8540 WacomPen - ok
08:03:57.0310 8540 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:57.0362 8540 WANARP - ok
08:03:57.0364 8540 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:57.0384 8540 Wanarpv6 - ok
08:03:57.0505 8540 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
08:03:57.0559 8540 WatAdminSvc - ok
08:03:57.0683 8540 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
08:03:57.0763 8540 wbengine - ok
08:03:57.0799 8540 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
08:03:57.0836 8540 WbioSrvc - ok
08:03:57.0921 8540 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
08:03:57.0934 8540 WcesComm - ok
08:03:58.0009 8540 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
08:03:58.0038 8540 wcncsvc - ok
08:03:58.0059 8540 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
08:03:58.0115 8540 WcsPlugInService - ok
08:03:58.0140 8540 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:03:58.0152 8540 Wd - ok
08:03:58.0182 8540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:03:58.0203 8540 Wdf01000 - ok
08:03:58.0229 8540 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:03:58.0286 8540 WdiServiceHost - ok
08:03:58.0288 8540 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
08:03:58.0302 8540 WdiSystemHost - ok
08:03:58.0333 8540 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
08:03:58.0373 8540 WebClient - ok
08:03:58.0398 8540 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
08:03:58.0442 8540 Wecsvc - ok
08:03:58.0455 8540 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
08:03:58.0477 8540 wercplsupport - ok
08:03:58.0504 8540 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
08:03:58.0527 8540 WerSvc - ok
08:03:58.0552 8540 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:58.0575 8540 WfpLwf - ok
08:03:58.0581 8540 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:03:58.0593 8540 WIMMount - ok
08:03:58.0675 8540 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:03:58.0707 8540 WinDefend - ok
08:03:58.0713 8540 WinHttpAutoProxySvc - ok
08:03:58.0806 8540 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
08:03:58.0839 8540 Winmgmt - ok
08:03:58.0906 8540 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
08:03:58.0952 8540 WinRM - ok
08:03:59.0032 8540 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:59.0065 8540 WinUsb - ok
08:03:59.0110 8540 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
08:03:59.0132 8540 Wlansvc - ok
08:03:59.0268 8540 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:03:59.0300 8540 wlidsvc - ok
08:03:59.0383 8540 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:03:59.0407 8540 WmiAcpi - ok
08:03:59.0428 8540 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
08:03:59.0464 8540 wmiApSrv - ok
08:03:59.0537 8540 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:03:59.0582 8540 WMPNetworkSvc - ok
08:03:59.0628 8540 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
08:03:59.0666 8540 WPCSvc - ok
08:03:59.0707 8540 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
08:03:59.0736 8540 WPDBusEnum - ok
08:03:59.0749 8540 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:03:59.0785 8540 ws2ifsl - ok
08:03:59.0808 8540 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
08:03:59.0823 8540 wscsvc - ok
08:03:59.0826 8540 WSearch - ok
08:03:59.0927 8540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
08:03:59.0960 8540 wuauserv - ok
08:04:00.0020 8540 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:04:00.0056 8540 WudfPf - ok
08:04:00.0110 8540 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:00.0134 8540 WUDFRd - ok
08:04:00.0168 8540 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
08:04:00.0200 8540 wudfsvc - ok
08:04:00.0221 8540 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
08:04:00.0281 8540 WwanSvc - ok
08:04:00.0299 8540 MBR (0x1B8) (6f053ce44510d4ba204afc85893bc5c5) \Device\Harddisk0\DR0
08:04:02.0780 8540 \Device\Harddisk0\DR0 - ok
08:04:02.0783 8540 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:04:02.0848 8540 \Device\Harddisk1\DR1 - ok
08:04:02.0851 8540 Boot (0x1200) (d54e6db3af62b6122077c9bcf9f40e05) \Device\Harddisk0\DR0\Partition0
08:04:02.0852 8540 \Device\Harddisk0\DR0\Partition0 - ok
08:04:02.0880 8540 Boot (0x1200) (118ef768e6a4e9cd7612bce8785179fb) \Device\Harddisk0\DR0\Partition1
08:04:02.0881 8540 \Device\Harddisk0\DR0\Partition1 - ok
08:04:02.0904 8540 Boot (0x1200) (e3d44a51b61605b1fb6375050a87cc54) \Device\Harddisk0\DR0\Partition2
08:04:02.0905 8540 \Device\Harddisk0\DR0\Partition2 - ok
08:04:02.0907 8540 Boot (0x1200) (f0c4719006c9477ee56985c359594e65) \Device\Harddisk1\DR1\Partition0
08:04:02.0908 8540 \Device\Harddisk1\DR1\Partition0 - ok
08:04:02.0909 8540 ============================================================
08:04:02.0909 8540 Scan finished
08:04:02.0909 8540 ============================================================
08:04:02.0916 8532 Detected object count: 10
08:04:02.0916 8532 Actual detected object count: 10
08:04:35.0006 8532 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0006 8532 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0007 8532 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0007 8532 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0008 8532 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0008 8532 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0009 8532 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0009 8532 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0010 8532 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0010 8532 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0011 8532 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0011 8532 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0012 8532 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0012 8532 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0013 8532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0013 8532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0014 8532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:35.0014 8532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:35.0015 8532 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:04:35.0015 8532 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
27.07.2012, 11:45
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 15:15
| #6 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne, nachstehend die Logdatei von ComboFix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.03 - Folger 27.07.2012 15:54:23.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3326.2129 [GMT 2:00]
ausgeführt von:: c:\users\Folger\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml3717.tmp
c:\programdata\xml388E.tmp
c:\programdata\xml3989.tmp
c:\windows\system32\rnaph.dll
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-27 bis 2012-07-27 ))))))))))))))))))))))))))))))
.
.
2012-07-27 09:20 . 2012-07-27 09:20 -------- d-----w- c:\users\Folger\AppData\Roaming\pdfforge
2012-07-26 21:12 . 2012-07-26 21:12 -------- d-----w- C:\_OTL
2012-07-24 15:46 . 2012-07-24 15:46 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-07-21 20:18 . 2012-07-24 15:24 -------- d-----w- C:\PoW24
2012-07-21 20:11 . 2012-07-21 20:11 -------- d-----w- c:\program files\Recuva
2012-07-21 18:24 . 2012-07-21 18:24 -------- d-----w- c:\users\Folger\AppData\Local\PictureConverter
2012-07-21 17:14 . 2012-07-21 17:14 -------- d-----w- c:\users\Folger\AppData\Roaming\inkscape
2012-07-21 17:06 . 2012-07-21 17:11 -------- d-----w- c:\program files\Inkscape
2012-07-20 20:17 . 2012-07-20 20:17 -------- d-----w- c:\program files\ESET
2012-07-19 19:53 . 2012-07-19 19:53 -------- d-----w- c:\users\Folger\AppData\Local\adaware
2012-07-19 19:53 . 2012-07-19 19:53 -------- d-----w- c:\windows\system32\drivers\VDD
2012-07-17 17:05 . 2012-07-17 17:05 -------- d-----w- c:\users\Folger\AppData\Roaming\Malwarebytes
2012-07-17 17:05 . 2012-07-17 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 17:05 . 2012-07-17 17:05 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 17:05 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 21:27 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 20:28 . 2012-07-05 11:02 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-09 20:28 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-09 20:28 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2012-07-09 20:28 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2012-07-09 20:28 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-09 20:28 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-08 20:19 . 2012-07-08 20:19 -------- d-----w- c:\program files\Bonjour Print Services
2012-07-07 19:22 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-07-07 19:22 . 2012-07-07 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-07-07 15:56 . 2012-07-14 14:53 -------- d-----w- c:\users\Folger\AppData\Roaming\vlc
2012-07-07 14:18 . 2012-05-29 11:09 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-07 14:18 . 2012-05-29 11:09 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-07-07 14:17 . 2012-07-07 14:18 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-07-07 14:16 . 2012-07-07 14:16 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-07 14:16 . 2012-07-07 14:16 -------- d--h--w- c:\programdata\Common Files
2012-07-07 14:00 . 2012-07-07 14:10 -------- d-----w- c:\users\Folger\AppData\Roaming\PerformerSoft
2012-07-07 13:55 . 2012-07-07 13:55 -------- d-----w- c:\program files\RegCleaner
2012-07-07 13:50 . 2012-07-07 13:50 -------- d-----w- c:\program files\CCleaner
2012-07-01 09:56 . 2012-07-01 09:56 -------- d-----w- c:\users\Folger\AppData\Roaming\Media Player Classic
2012-07-01 09:46 . 2012-07-06 20:12 -------- d-----w- c:\users\Folger\.DVDslideshowGUI
2012-07-01 09:02 . 2012-07-01 09:02 -------- d-----w- c:\users\Folger\AppData\Roaming\FastStone
2012-07-01 07:12 . 2012-07-01 07:12 -------- d-----w- c:\users\Folger\AppData\Roaming\simplitec
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:24 . 2012-04-02 16:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 18:24 . 2011-11-23 17:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 14:32 . 2012-05-28 17:02 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-02 22:19 . 2012-06-23 15:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 15:32 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 15:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 15:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 15:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 15:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 15:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 15:31 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 15:31 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-13 14:51 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-08 16:59 . 2012-02-10 14:01 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:59 . 2012-02-10 14:01 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 16:40 . 2012-05-26 17:59 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B899219C-7B85-4246-ADC2-BBAFE26F9A3D}\mpengine.dll
2012-05-01 04:44 . 2012-06-13 14:50 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-17 20:56 . 2011-12-08 21:31 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
"ZoomIt"="c:\users\Folger\Downloads\ZoomIt43\ZoomIt.exe" [2012-07-21 568432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Folger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
2011-11-07 15:16 14767976 ----a-w- c:\program files\Garmin\ANT Agent\ANT Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ANT Agent"=c:\program files\Garmin\ANT Agent\ANT Agent.exe
"MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
"Tele2 LiveUpdate"=c:\program files\Tele2\LiveUpdate\LiveupdateClient.exe
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 synasusb;eLicenser;c:\windows\system32\Drivers\synasusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [x]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [x]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:24]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 17:09]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 17:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Folger\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Folger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Folger\AppData\Roaming\Mozilla\Firefox\Profiles\k6ftdilp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27 16:10:26
ComboFix-quarantined-files.txt 2012-07-27 14:10
.
Vor Suchlauf: 13 Verzeichnis(se), 1.267.418.304.512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.267.076.005.888 Bytes frei
.
- - End Of File - - 414A89984C6249F6A31A32F2B592B6C5
Keine besonderen Vorkomnisse vor, während oder nach der Ausführung des Programms. Inzwischen wieder einmal vielen Dank für deine Mühe und dein Engagement!!!! LG Andreas |
|
27.07.2012, 15:34
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 12:25
| #8 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne, hat heut ein bisserl gedauert bis ich alles zusammen hatte. Zuerst der GMER-Log. Verlief alles problemlos. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-28 11:07:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD15EARS-00Z5B1 rev.80.00A80
Running: 3kiv5szq.exe; Driver: C:\Users\Folger\AppData\Local\Temp\uxriipod.sys
---- System - GMER 1.0.15 ----
SSDT 915F13CE ZwCreateSection
SSDT 915F13D8 ZwRequestWaitReplyPort
SSDT 915F13D3 ZwSetContextThread
SSDT 915F13DD ZwSetSecurityObject
SSDT 915F13E2 ZwSystemDebugControl
SSDT 915F136F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830403C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83079D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83080EAC 4 Bytes [CE, 13, 5F, 91] {INTO ; ADC EBX, [EDI-0x6f]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83081208 4 Bytes [D8, 13, 5F, 91] {FCOM DWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8308124C 4 Bytes [D3, 13, 5F, 91] {RCL DWORD [EBX], CL; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830812C8 4 Bytes [DD, 13, 5F, 91] {FST QWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8308131C 4 Bytes [E2, 13, 5F, 91] {LOOP 0x15; POP EDI; XCHG ECX, EAX}
.text ...
? System32\Drivers\spop.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x92605000, 0x2D1F8A, 0xE8000020]
.text USBPORT.SYS!DllUnload 91F46DB9 5 Bytes JMP 879D04E0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BE0C042] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BE0C6D6] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BE0C800] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BE0C13E] \SystemRoot\System32\Drivers\spop.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 868201F8
Device \FileSystem\fastfat \FatCdrom 87A20500
Device \Driver\volmgr \Device\VolMgrControl 8681A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E} 876E6500
Device \Driver\usbohci \Device\USBPDO-0 879D5500
Device \Driver\usbohci \Device\USBPDO-1 879D5500
Device \Driver\usbehci \Device\USBPDO-2 879DA500
Device \Driver\usbohci \Device\USBPDO-3 879D5500
Device \Driver\usbohci \Device\USBPDO-4 879D5500
AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
Device \Driver\usbehci \Device\USBPDO-5 879DA500
Device \Driver\usbohci \Device\USBPDO-6 879D5500
Device \Driver\volmgr \Device\HarddiskVolume1 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 876B21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort4 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort5 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort6 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort7 8681C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8681C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 8681C1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel2 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8681D1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 876E6500
Device \Driver\volmgr \Device\HarddiskVolume8 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{63BA4981-9B68-4EA4-A3D2-2693FBD1B57B} 876E6500
AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD1D9DD5-1A56-4FD4-98AA-6542B801A20A} 876E6500
Device \Driver\usbohci \Device\USBFDO-0 879D5500
Device \Driver\usbohci \Device\USBFDO-1 879D5500
Device \Driver\usbehci \Device\USBFDO-2 879DA500
Device \Driver\USBSTOR \Device\0000007c 88EBD500
Device \Driver\usbohci \Device\USBFDO-3 879D5500
Device \Driver\USBSTOR \Device\0000007d 88EBD500
Device \Driver\usbohci \Device\USBFDO-4 879D5500
Device \Driver\USBSTOR \Device\0000007e 88EBD500
Device \Driver\usbehci \Device\USBFDO-5 879DA500
Device \Driver\USBSTOR \Device\0000007f 88EBD500
Device \Driver\usbohci \Device\USBFDO-6 879D5500
Device \FileSystem\fastfat \Fat 87A20500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 88EC0500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}\Connection@Name isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{C5019702-769C-4E2B-B6B3-21D5A81EEE11}"?"{ACAF2497-EFB8-458B-97A7-7D5BA359D206}"?"{07F2250C-9B73-46F1-ABD8-24668488E31C}"?"{8B9CA000-082B-4E3A-863E-9763B6310D6C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\TCPIP6TUNNEL_{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\TCPIP6TUNNEL_{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\TCPIP6TUNNEL_{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@InterfaceName isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0xF0 0xC3 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0xF0 0xC3 0x33 ...
---- EOF - GMER 1.0.15 ----
OSAM brachte mir dann nachstehende Fehlermeldung: "Unfortunately there are some files that has not yet been alalyzed by our lab." Dabei handelt es sich offensichtlich um die Dateien "GrabPro.DLL", "orbitcth.DLL", "TuneUpUtilitiesService32.exe" und "ZoomIt.exe". Aber der Scan selbst verlief ebenfalls ohne Probleme. Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:21:59 on 28.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists "Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists Control Panel Objects %SystemRoot%\system32 "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\Windows\system32\FlashPlayerCPLApp.cpl File exists || "US-122_MKII_US-144_MKII.CPL" "TASCAM" C:\Windows\system32\US-122_MKII_US-144_MKII.CPL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL File exists |||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "Advanced SCSI Programming Interface Driver" (ASPI) C:\Windows\System32\DRIVERS\ASPI32.sys File exists "AMD IO Driver" (amdiox86) C:\Windows\System32\DRIVERS\amdiox86.sys File not found |||||| "amdide" (amdide) "Advanced Micro Devices Inc." C:\Windows\System32\DRIVERS\amdide.sys File exists |||||| "amdsata" (amdsata) "Advanced Micro Devices" C:\Windows\System32\DRIVERS\amdsata.sys File exists |||||| "amdxata" (amdxata) "Advanced Micro Devices" C:\Windows\System32\DRIVERS\amdxata.sys File exists |||||| "ATI Function Driver for High Definition Audio Service" (AtiHdmiService) "ATI Technologies, Inc." C:\Windows\System32\drivers\AtiHdmi.sys File exists "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists |||||| "avkmgr" (avkmgr) "Avira GmbH" C:\Windows\System32\DRIVERS\avkmgr.sys File exists "catchme" (catchme) C:\Users\Folger\AppData\Local\Temp\catchme.sys File not found "Lbd" (Lbd) C:\Windows\System32\DRIVERS\Lbd.sys File not found "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbam.sys File exists "SANDRA" (SANDRA) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys File not found "sbapifs" (sbapifs) "GFI Software" C:\Windows\System32\DRIVERS\sbapifs.sys File exists "SbFw" (SbFw) "GFI Software" C:\Windows\System32\drivers\SbFw.sys File exists "sbhips" (sbhips) "GFI Software" C:\Windows\System32\drivers\sbhips.sys File exists "SBRE" (SBRE) "GFI Software" C:\Windows\system32\drivers\SBREdrv.sys File exists "sbwtis" (sbwtis) "GFI Software" C:\Windows\System32\DRIVERS\sbwtis.sys File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys File exists "uxriipod" (uxriipod) C:\Users\Folger\AppData\Local\Temp\uxriipod.sys Hidden registry entry, rootkit activity | File not found Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File exists |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files\7-Zip\7-zip.dll File exists |||||| {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll File exists |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} "Icaros Thumbnail Provider" "Tabibito Technology" C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll File exists {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL File exists |||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL File exists {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll File exists {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists |||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists Internet Explorer HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars |||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "Grab Pro" C:\Program Files\Orbitdownloader\GrabPro.dll File exists ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_30.dll File exists || {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" file:///F:/components/wmvhdrating.ocx C:\Windows\Downloaded Program Files\wmvhdrating.ocx File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll File exists |||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists |||| {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists || "PokerStars" "PokerStars" C:\Program Files\PokerStars\PokerStarsUpdate.exe File exists || {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "Grab Pro" C:\Program Files\Orbitdownloader\GrabPro.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File exists |||| {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" "Orbitdownloader.com" C:\Program Files\Orbitdownloader\orbitcth.dll File exists || {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists LSA Providers HKLM\SYSTEM\CurrentControlSet\Control\Lsa |||||| "Security Packages" "Microsoft Corp." C:\Windows\system32\livessp.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ANT Agent" "GARMIN Corp." C:\Program Files\Garmin\ANT Agent\ANT Agent.exe File exists "ZoomIt" "Sysinternals - www.sysinternals.com" C:\Users\Folger\Downloads\ZoomIt43\ZoomIt.exe File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Ad-Aware Antivirus" "Lavasoft Limited" "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run File exists "Ad-Aware Browsing Protection" "Lavasoft" "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" File exists "AppleSyncNotifier" "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File exists "avgnt" "Avira Operations GmbH & Co. KG" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors "pdfcmon" "pdfforge GbR" C:\Windows\system32\pdfcmon.dll File exists |||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services "Ad-Aware" (SBAMSvc) "GFI Software" C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe File exists "Ad-Aware Service" (Ad-Aware Service) "Lavasoft Limited" C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe File exists || "Adobe Acrobat Update Service" (AdobeARMservice) "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe File exists "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists "AMD FUEL Service" (AMD FUEL Service) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService File not found "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe File exists "Avira Echtzeit Scanner" (AntiVirService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists "Avira Planer" (AntiVirSchedulerService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists "Freemake Improver" (Freemake Improver) "Freemake" C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "Google Update-Dienst (gupdatem)" (gupdatem) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "Google Updater Service" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists |||||| "HP Network Devices Support" (HPSLPSVC) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL File exists |||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists "Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File exists |||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe File exists |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists |||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists |||||| "Protexis Licensing V2" (PSI_SVC_2) "Protexis Inc." c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe File exists |||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe File exists |||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists |||||| "WindowsLive Local NSP" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists |||||| "WindowsLive NSP" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-28 12:44:39
-----------------------------
12:44:39.668 OS Version: Windows 6.1.7601 Service Pack 1
12:44:39.669 Number of processors: 4 586 0x402
12:44:39.671 ComputerName: FOLGER-PC UserName: Folger
12:45:16.577 Initialize success
12:45:25.672 AVAST engine defs: 12072800
12:45:55.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:45:55.280 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 11
12:45:55.280 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
12:45:55.280 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
12:45:55.296 Disk 0 MBR read successfully
12:45:55.296 Disk 0 MBR scan
12:45:55.312 Disk 0 unknown MBR code
12:45:55.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:45:55.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1409190 MB offset 206848
12:45:55.343 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 2886230016
12:45:55.374 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 2928173056
12:45:55.374 Disk 0 scanning sectors +2930275120
12:45:55.421 Disk 0 scanning C:\Windows\system32\drivers
12:46:03.673 Service scanning
12:46:18.088 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:46:22.627 Modules scanning
12:46:26.153 Disk 0 trace - called modules:
12:46:26.184 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8681c1f8]<<
12:46:26.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a47030]
12:46:26.200 3 CLASSPNP.SYS[8c5a559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a0f030]
12:46:26.200 \Driver\atapi[0x86852c28] -> IRP_MJ_CREATE -> 0x8681c1f8
12:46:28.711 AVAST engine scan C:\Windows
12:46:32.830 AVAST engine scan C:\Windows\system32
12:48:53.620 AVAST engine scan C:\Windows\system32\drivers
12:49:04.400 AVAST engine scan C:\Users\Folger
13:03:09.469 AVAST engine scan C:\ProgramData
13:04:42.835 Scan finished successfully
13:12:18.762 Disk 0 MBR has been saved successfully to "C:\Users\Folger\Desktop\MBR.dat"
13:12:18.778 The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
|
|
28.07.2012, 23:52
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 19:07
| #10 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne, habe nach der Datensicherung einen MBR-Fix gemacht. Irgendwie war das System anschließend extrem langsam, kann aber sein, dass ich Programme gestartet habe, bevor der PC ganz hochgefahren war. Hier ist jedenfalls die aswMBR-Logdatei: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 18:48:18
-----------------------------
18:48:18.834 OS Version: Windows 6.1.7601 Service Pack 1
18:48:18.834 Number of processors: 4 586 0x402
18:48:18.834 ComputerName: FOLGER-PC UserName: Folger
18:48:20.799 Initialize success
18:48:27.289 AVAST engine defs: 12072800
18:48:32.234 The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 18:48:18
-----------------------------
18:48:18.834 OS Version: Windows 6.1.7601 Service Pack 1
18:48:18.834 Number of processors: 4 586 0x402
18:48:18.834 ComputerName: FOLGER-PC UserName: Folger
18:48:20.799 Initialize success
18:48:27.289 AVAST engine defs: 12072800
18:48:32.234 The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
18:48:57.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:48:57.031 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 11
18:48:57.047 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
18:48:57.047 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
18:48:57.094 Disk 0 MBR read successfully
18:48:57.094 Disk 0 MBR scan
18:48:57.094 Disk 0 Windows 7 default MBR code
18:48:57.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:48:57.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1409190 MB offset 206848
18:48:57.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 2886230016
18:48:57.172 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 2928173056
18:48:57.203 Disk 0 scanning sectors +2930275120
18:48:57.281 Disk 0 scanning C:\Windows\system32\drivers
18:49:11.149 Service scanning
18:49:23.598 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:49:28.200 Modules scanning
18:49:32.365 Disk 0 trace - called modules:
18:49:32.381 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868201f8]<<
18:49:32.381 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a2cac8]
18:49:32.397 3 CLASSPNP.SYS[8c64a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a0f908]
18:49:32.397 \Driver\atapi[0x86884ee8] -> IRP_MJ_CREATE -> 0x868201f8
18:49:34.799 AVAST engine scan C:\Windows
18:49:44.034 AVAST engine scan C:\Windows\system32
18:52:21.657 AVAST engine scan C:\Windows\system32\drivers
18:52:33.154 AVAST engine scan C:\Users\Folger
19:42:06.316 AVAST engine scan C:\ProgramData
19:49:47.858 Scan finished successfully
19:54:25.275 Disk 0 MBR has been saved successfully to "C:\Users\Folger\Desktop\MBR.dat"
19:54:25.275 The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
|
|
29.07.2012, 20:17
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 15:20
| #12 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne, einmal die Logdatei von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Folger :: FOLGER-PC [Administrator] Schutz: Aktiviert 29.07.2012 22:39:02 mbam-log-2012-07-29 (22-39-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 466438 Laufzeit: 56 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ... und die Logdatei von SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/30/2012 at 08:19 AM
Application Version : 5.5.1012
Core Rules Database Version : 8977
Trace Rules Database Version: 6789
Scan type : Complete Scan
Total Scan Time : 00:49:21
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 694
Memory threats detected : 0
Registry items scanned : 38493
Registry threats detected : 0
File items scanned : 68809
File threats detected : 45
Adware.Tracking Cookie
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\2WL4SDUX.txt [ /doubleclick.net ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\HOJDLL44.txt [ /apmebf.com ]
C:\USERS\FOLGER\Cookies\2WL4SDUX.txt [ Cookie:folger@doubleclick.net/ ]
.doubleclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GAST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V6FKJGZ7.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Small
D:\DOWNLOADS\MP3DC206.EXE
C:\USERS\FOLGER\DOWNLOADS\MP3DC206.EXE
|
|
30.07.2012, 19:36
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.Code:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 20:11
| #14 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Ich bilde mir zwar ein, ich hätte es als Admin gestartet - sieht aber eher nicht danach aus - mach ich gleich ;-). Hallo Arne, jetzt habe ich 100%ig als Admin gestartet und den gleichen Eintrag fabriziert  :Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/30/2012 at 10:22 PM
Application Version : 5.5.1012
Core Rules Database Version : 8981
Trace Rules Database Version: 6793
Scan type : Complete Scan
Total Scan Time : 01:09:26
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 734
Memory threats detected : 0
Registry items scanned : 38502
Registry threats detected : 0
File items scanned : 69044
File threats detected : 7
Adware.Tracking Cookie
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\B9RG49HL.txt [ /ad.zanox.com ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\MG1218CQ.txt [ /fastclick.net ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\GKRPCXW1.txt [ /zanox.com ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\7PR3235E.txt [ /mediaplex.com ]
C:\USERS\FOLGER\Cookies\MG1218CQ.txt [ Cookie:folger@fastclick.net/ ]
C:\USERS\FOLGER\Cookies\GKRPCXW1.txt [ Cookie:folger@zanox.com/ ]
C:\USERS\FOLGER\Cookies\7PR3235E.txt [ Cookie:folger@mediaplex.com/ ]
LG Hallo Arne. die Logdatei, nachdem ich das System neu gestartet habe und das Programm wiederum als Admin ausgeführt habe: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/31/2012 at 00:09 AM
Application Version : 5.5.1012
Core Rules Database Version : 8981
Trace Rules Database Version: 6793
Scan type : Complete Scan
Total Scan Time : 01:38:15
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 770
Memory threats detected : 0
Registry items scanned : 38613
Registry threats detected : 0
File items scanned : 69057
File threats detected : 7
Adware.Tracking Cookie
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\B9RG49HL.txt [ /ad.zanox.com ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\MG1218CQ.txt [ /fastclick.net ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\GKRPCXW1.txt [ /zanox.com ]
C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Cookies\7PR3235E.txt [ /mediaplex.com ]
C:\USERS\FOLGER\Cookies\MG1218CQ.txt [ Cookie:folger@fastclick.net/ ]
C:\USERS\FOLGER\Cookies\GKRPCXW1.txt [ Cookie:folger@zanox.com/ ]
C:\USERS\FOLGER\Cookies\7PR3235E.txt [ Cookie:folger@mediaplex.com/ ]
|
|
03.08.2012, 19:44
| #15 |
| | E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. Hallo Arne, sind wir jetzt durch? LG Andreas |
|
| Themen zu E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift. |
| abgebrochen, ad-aware, antivirus, besser, computer, dateien, e-mail, erhalte, fehler, forum, fund, heuristiks/extra, heuristiks/shuriken, infizierte, kein fund, laufzeit, löschen, malwarebytes, meldung, neustart, nichts, problem, programm, quarantäne, report, scan, scannt, unerwünschtes programm, was tun?, zip-datei |
Hybrid-Darstellung
