| |
| |||||||
Log-Analyse und Auswertung: Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
04.08.2012, 17:47
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=rYr4iRqPYrzD9-DDVx6rSQwn8Hk?q={searchTerms}
FF - user.js - File not found
O3 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:157E1AD3
:Files
C:\Users\Gogi\AppData\Roaming\mIRC\downloads
C:\Users\Gogi\AppData\Roaming\hwzypv.dat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.08.2012, 20:51
| #2 |
 | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Erledigt!
__________________ Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.
File C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Ausfüllformulare\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Unable to delete ADS C:\ProgramData\Temp:157E1AD3 .
========== FILES ==========
File\Folder C:\Users\Gogi\AppData\Roaming\mIRC\downloads not found.
File\Folder C:\Users\Gogi\AppData\Roaming\hwzypv.dat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gogi
->Temp folder emptied: 3113110087 bytes
->Temporary Internet Files folder emptied: 1862962555 bytes
->Java cache emptied: 104553 bytes
->FireFox cache emptied: 621368403 bytes
->Google Chrome cache emptied: 468910833 bytes
->Apple Safari cache emptied: 170294272 bytes
->Opera cache emptied: 2118076 bytes
->Flash cache emptied: 463136 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 293570871 bytes
RecycleBin emptied: 514044603 bytes
Total Files Cleaned = 6.720,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Gogi
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.1 log created on 08042012_212852
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.08.2012, 13:58
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
05.08.2012, 19:30
| #4 |
| | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" OK, hab alles geskippt. Hier das Log: Code:
ATTFilter 20:25:12.0752 6056 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:25:12.0939 6056 ============================================================
20:25:12.0939 6056 Current date / time: 2012/08/05 20:25:12.0939
20:25:12.0939 6056 SystemInfo:
20:25:12.0939 6056
20:25:12.0939 6056 OS Version: 6.0.6002 ServicePack: 2.0
20:25:12.0939 6056 Product type: Workstation
20:25:12.0939 6056 ComputerName: GOGI-PC
20:25:12.0939 6056 UserName: Gogi
20:25:12.0939 6056 Windows directory: C:\Windows
20:25:12.0939 6056 System windows directory: C:\Windows
20:25:12.0939 6056 Processor architecture: Intel x86
20:25:12.0939 6056 Number of processors: 4
20:25:12.0939 6056 Page size: 0x1000
20:25:12.0939 6056 Boot type: Normal boot
20:25:12.0939 6056 ============================================================
20:25:14.0702 6056 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:25:14.0796 6056 ============================================================
20:25:14.0796 6056 \Device\Harddisk0\DR0:
20:25:14.0796 6056 MBR partitions:
20:25:14.0796 6056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x18A31800
20:25:14.0796 6056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19BC6000, BlocksNum 0x30C91AB0
20:25:14.0796 6056 ============================================================
20:25:14.0921 6056 C: <-> \Device\Harddisk0\DR0\Partition0
20:25:14.0983 6056 D: <-> \Device\Harddisk0\DR0\Partition1
20:25:15.0014 6056 ============================================================
20:25:15.0014 6056 Initialize success
20:25:15.0014 6056 ============================================================
20:26:14.0453 6788 ============================================================
20:26:14.0453 6788 Scan started
20:26:14.0453 6788 Mode: Manual; SigCheck; TDLFS;
20:26:14.0453 6788 ============================================================
20:26:17.0635 6788 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:26:17.0791 6788 ACPI - ok
20:26:17.0979 6788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:18.0010 6788 AdobeARMservice - ok
20:26:18.0696 6788 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:18.0712 6788 AdobeFlashPlayerUpdateSvc - ok
20:26:18.0774 6788 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:26:18.0806 6788 adp94xx - ok
20:26:18.0868 6788 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:26:18.0899 6788 adpahci - ok
20:26:18.0915 6788 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:26:18.0930 6788 adpu160m - ok
20:26:18.0962 6788 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:26:18.0977 6788 adpu320 - ok
20:26:19.0008 6788 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:26:19.0071 6788 AeLookupSvc - ok
20:26:19.0133 6788 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:26:19.0196 6788 AFD - ok
20:26:19.0258 6788 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:26:19.0274 6788 agp440 - ok
20:26:19.0383 6788 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
20:26:19.0398 6788 ahcix86s - ok
20:26:19.0445 6788 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:26:19.0461 6788 aic78xx - ok
20:26:19.0476 6788 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:26:19.0586 6788 ALG - ok
20:26:19.0601 6788 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:26:19.0617 6788 aliide - ok
20:26:19.0648 6788 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:26:19.0664 6788 amdagp - ok
20:26:19.0679 6788 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:26:19.0679 6788 amdide - ok
20:26:19.0710 6788 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:26:19.0757 6788 AmdK7 - ok
20:26:19.0773 6788 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:26:19.0820 6788 AmdK8 - ok
20:26:20.0007 6788 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:26:20.0038 6788 AntiVirSchedulerService - ok
20:26:20.0085 6788 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:26:20.0101 6788 AntiVirService - ok
20:26:20.0147 6788 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:26:20.0194 6788 Appinfo - ok
20:26:20.0288 6788 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:20.0303 6788 Apple Mobile Device - ok
20:26:20.0366 6788 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:26:20.0381 6788 arc - ok
20:26:20.0444 6788 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:26:20.0459 6788 arcsas - ok
20:26:20.0569 6788 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:26:20.0584 6788 aspnet_state - ok
20:26:20.0600 6788 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:20.0647 6788 AsyncMac - ok
20:26:20.0678 6788 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:26:20.0693 6788 atapi - ok
20:26:20.0787 6788 Ati External Event Utility (86fb6b8ddbcb6e025ce8a90f77af1ff1) C:\Windows\system32\Ati2evxx.exe
20:26:20.0896 6788 Ati External Event Utility - ok
20:26:22.0722 6788 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:26:22.0909 6788 atikmdag - ok
20:26:23.0580 6788 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0627 6788 AudioEndpointBuilder - ok
20:26:23.0627 6788 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0658 6788 Audiosrv - ok
20:26:23.0751 6788 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:23.0751 6788 avgntflt - ok
20:26:23.0814 6788 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:26:23.0829 6788 avipbb - ok
20:26:23.0861 6788 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:23.0876 6788 avkmgr - ok
20:26:23.0954 6788 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:26:24.0017 6788 Beep - ok
20:26:24.0064 6788 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:26:24.0142 6788 BFE - ok
20:26:24.0360 6788 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:26:24.0469 6788 BITS - ok
20:26:24.0532 6788 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:26:24.0547 6788 blbdrive - ok
20:26:25.0218 6788 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:26:25.0249 6788 Bonjour Service - ok
20:26:25.0281 6788 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:26:25.0327 6788 bowser - ok
20:26:25.0359 6788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:26:25.0405 6788 BrFiltLo - ok
20:26:25.0421 6788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:26:25.0468 6788 BrFiltUp - ok
20:26:25.0561 6788 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:26:25.0593 6788 Browser - ok
20:26:25.0639 6788 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:26:25.0780 6788 Brserid - ok
20:26:25.0795 6788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:26:25.0858 6788 BrSerWdm - ok
20:26:25.0873 6788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:26:25.0936 6788 BrUsbMdm - ok
20:26:25.0951 6788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:26:26.0014 6788 BrUsbSer - ok
20:26:26.0045 6788 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:26:26.0107 6788 BTHMODEM - ok
20:26:26.0217 6788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:26.0248 6788 cdfs - ok
20:26:26.0295 6788 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:26.0326 6788 cdrom - ok
20:26:26.0388 6788 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:26.0419 6788 CertPropSvc - ok
20:26:26.0451 6788 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:26:26.0497 6788 circlass - ok
20:26:26.0747 6788 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:26:26.0763 6788 CLFS - ok
20:26:26.0841 6788 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:26.0856 6788 clr_optimization_v2.0.50727_32 - ok
20:26:27.0168 6788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:27.0184 6788 clr_optimization_v4.0.30319_32 - ok
20:26:27.0231 6788 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:26:27.0246 6788 cmdide - ok
20:26:27.0278 6788 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:26:27.0278 6788 Compbatt - ok
20:26:27.0309 6788 COMSysApp - ok
20:26:27.0324 6788 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:26:27.0340 6788 crcdisk - ok
20:26:27.0356 6788 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:26:27.0402 6788 Crusoe - ok
20:26:27.0449 6788 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:26:27.0496 6788 CryptSvc - ok
20:26:27.0590 6788 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:27.0652 6788 DcomLaunch - ok
20:26:27.0668 6788 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:26:27.0714 6788 DfsC - ok
20:26:29.0134 6788 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:26:29.0322 6788 DFSR - ok
20:26:29.0446 6788 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:26:29.0509 6788 Dhcp - ok
20:26:29.0587 6788 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:26:29.0602 6788 disk - ok
20:26:29.0618 6788 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:26:29.0651 6788 Dnscache - ok
20:26:29.0706 6788 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:26:29.0742 6788 dot3svc - ok
20:26:29.0811 6788 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:26:29.0850 6788 DPS - ok
20:26:29.0913 6788 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:26:29.0955 6788 drmkaud - ok
20:26:30.0348 6788 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:30.0527 6788 DXGKrnl - ok
20:26:30.0635 6788 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:26:30.0772 6788 E1G60 - ok
20:26:30.0928 6788 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:26:30.0975 6788 EapHost - ok
20:26:31.0178 6788 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:26:31.0193 6788 Ecache - ok
20:26:31.0318 6788 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:26:31.0365 6788 ehRecvr - ok
20:26:31.0381 6788 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:26:31.0427 6788 ehSched - ok
20:26:31.0443 6788 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:26:31.0459 6788 ehstart - ok
20:26:31.0521 6788 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:26:31.0583 6788 elxstor - ok
20:26:31.0818 6788 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:26:31.0864 6788 EMDMgmt - ok
20:26:31.0927 6788 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:26:31.0958 6788 ErrDev - ok
20:26:32.0145 6788 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:26:32.0192 6788 EventSystem - ok
20:26:32.0239 6788 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:26:32.0286 6788 exfat - ok
20:26:32.0332 6788 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:26:32.0348 6788 fastfat - ok
20:26:32.0379 6788 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:26:32.0410 6788 fdc - ok
20:26:32.0442 6788 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:26:32.0473 6788 fdPHost - ok
20:26:32.0473 6788 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:26:32.0535 6788 FDResPub - ok
20:26:32.0566 6788 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:26:32.0582 6788 FileInfo - ok
20:26:32.0598 6788 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:26:32.0629 6788 Filetrace - ok
20:26:32.0644 6788 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:32.0691 6788 flpydisk - ok
20:26:32.0722 6788 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:26:32.0754 6788 FltMgr - ok
20:26:32.0832 6788 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:26:32.0894 6788 FontCache - ok
20:26:33.0035 6788 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:26:33.0050 6788 FontCache3.0.0.0 - ok
20:26:33.0050 6788 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:33.0097 6788 Fs_Rec - ok
20:26:33.0113 6788 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:26:33.0128 6788 gagp30kx - ok
20:26:33.0144 6788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:33.0159 6788 GEARAspiWDM - ok
20:26:33.0269 6788 GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:26:33.0284 6788 GoogleDesktopManager-110309-193829 - ok
20:26:33.0315 6788 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:26:33.0409 6788 gpsvc - ok
20:26:33.0487 6788 gupdate1ca08a3ac5dc7e8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0503 6788 gupdate1ca08a3ac5dc7e8 - ok
20:26:33.0518 6788 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0534 6788 gupdatem - ok
20:26:33.0581 6788 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:26:33.0643 6788 HdAudAddService - ok
20:26:33.0705 6788 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:33.0768 6788 HDAudBus - ok
20:26:33.0830 6788 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:26:33.0877 6788 HidBth - ok
20:26:33.0908 6788 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:26:33.0955 6788 HidIr - ok
20:26:33.0986 6788 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:26:34.0033 6788 hidserv - ok
20:26:34.0049 6788 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:34.0064 6788 HidUsb - ok
20:26:34.0080 6788 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:26:34.0111 6788 hkmsvc - ok
20:26:34.0142 6788 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:26:34.0142 6788 HpCISSs - ok
20:26:34.0205 6788 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:26:34.0283 6788 HTTP - ok
20:26:34.0314 6788 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:26:34.0330 6788 i2omp - ok
20:26:34.0361 6788 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:34.0392 6788 i8042prt - ok
20:26:34.0439 6788 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
20:26:34.0454 6788 iaStor - ok
20:26:34.0657 6788 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:26:34.0673 6788 iaStorV - ok
20:26:34.0876 6788 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:26:34.0922 6788 idsvc - ok
20:26:34.0938 6788 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:26:34.0938 6788 iirsp - ok
20:26:35.0000 6788 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:26:35.0063 6788 IKEEXT - ok
20:26:35.0843 6788 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
20:26:36.0015 6788 IntcAzAudAddService - ok
20:26:37.0403 6788 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:26:37.0419 6788 intelide - ok
20:26:37.0466 6788 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:37.0512 6788 intelppm - ok
20:26:37.0590 6788 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:26:37.0637 6788 IPBusEnum - ok
20:26:37.0668 6788 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:37.0700 6788 IpFilterDriver - ok
20:26:37.0762 6788 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:26:37.0809 6788 iphlpsvc - ok
20:26:37.0809 6788 IpInIp - ok
20:26:37.0824 6788 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:26:37.0871 6788 IPMIDRV - ok
20:26:37.0887 6788 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:26:37.0918 6788 IPNAT - ok
20:26:38.0948 6788 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:26:39.0010 6788 iPod Service - ok
20:26:39.0026 6788 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:26:39.0057 6788 IRENUM - ok
20:26:39.0088 6788 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:26:39.0104 6788 isapnp - ok
20:26:39.0151 6788 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:26:39.0182 6788 iScsiPrt - ok
20:26:39.0213 6788 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:26:39.0229 6788 iteatapi - ok
20:26:39.0260 6788 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:26:39.0275 6788 iteraid - ok
20:26:39.0307 6788 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
20:26:39.0431 6788 JRAID - ok
20:26:39.0447 6788 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:39.0463 6788 kbdclass - ok
20:26:39.0494 6788 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:26:39.0541 6788 kbdhid - ok
20:26:39.0572 6788 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:39.0619 6788 KeyIso - ok
20:26:40.0321 6788 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:26:40.0352 6788 KSecDD - ok
20:26:40.0399 6788 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:26:40.0477 6788 KtmRm - ok
20:26:40.0726 6788 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:26:40.0789 6788 LanmanServer - ok
20:26:40.0836 6788 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:26:40.0898 6788 LanmanWorkstation - ok
20:26:40.0960 6788 Lbd - ok
20:26:40.0992 6788 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:26:41.0023 6788 lltdio - ok
20:26:41.0054 6788 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:26:41.0101 6788 lltdsvc - ok
20:26:41.0117 6788 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:26:41.0163 6788 lmhosts - ok
20:26:41.0210 6788 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:26:41.0226 6788 LSI_FC - ok
20:26:41.0257 6788 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:26:41.0273 6788 LSI_SAS - ok
20:26:41.0304 6788 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:26:41.0304 6788 LSI_SCSI - ok
20:26:41.0335 6788 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:26:41.0382 6788 luafv - ok
20:26:41.0413 6788 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:26:41.0429 6788 MBAMProtector - ok
20:26:41.0959 6788 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:26:42.0021 6788 MBAMService - ok
20:26:42.0053 6788 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:26:42.0084 6788 Mcx2Svc - ok
20:26:42.0162 6788 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:26:42.0162 6788 megasas - ok
20:26:42.0224 6788 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:26:42.0240 6788 MegaSR - ok
20:26:42.0333 6788 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:26:42.0380 6788 MMCSS - ok
20:26:42.0411 6788 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:26:42.0443 6788 Modem - ok
20:26:42.0474 6788 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:26:42.0505 6788 monitor - ok
20:26:42.0536 6788 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:26:42.0552 6788 mouclass - ok
20:26:42.0583 6788 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:26:42.0630 6788 mouhid - ok
20:26:42.0724 6788 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:26:42.0739 6788 MountMgr - ok
20:26:42.0942 6788 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:26:42.0958 6788 MozillaMaintenance - ok
20:26:42.0973 6788 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:26:42.0989 6788 mpio - ok
20:26:43.0004 6788 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:26:43.0051 6788 mpsdrv - ok
20:26:43.0098 6788 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:26:43.0160 6788 MpsSvc - ok
20:26:43.0176 6788 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:26:43.0192 6788 Mraid35x - ok
20:26:43.0207 6788 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:26:43.0238 6788 MRxDAV - ok
20:26:43.0270 6788 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:43.0316 6788 mrxsmb - ok
20:26:43.0332 6788 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:43.0394 6788 mrxsmb10 - ok
20:26:43.0410 6788 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:43.0441 6788 mrxsmb20 - ok
20:26:43.0457 6788 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:26:43.0472 6788 msahci - ok
20:26:43.0488 6788 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:26:43.0504 6788 msdsm - ok
20:26:43.0535 6788 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:26:43.0582 6788 MSDTC - ok
20:26:43.0628 6788 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:26:43.0660 6788 Msfs - ok
20:26:43.0675 6788 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:26:43.0691 6788 msisadrv - ok
20:26:43.0738 6788 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:26:43.0784 6788 MSiSCSI - ok
20:26:43.0800 6788 msiserver - ok
20:26:43.0816 6788 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:26:43.0847 6788 MSKSSRV - ok
20:26:43.0878 6788 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:43.0909 6788 MSPCLOCK - ok
20:26:43.0941 6788 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:26:43.0972 6788 MSPQM - ok
20:26:44.0003 6788 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:26:44.0019 6788 MsRPC - ok
20:26:44.0034 6788 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:26:44.0050 6788 mssmbios - ok
20:26:44.0050 6788 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:26:44.0081 6788 MSTEE - ok
20:26:44.0112 6788 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:26:44.0128 6788 Mup - ok
20:26:44.0159 6788 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:26:44.0206 6788 napagent - ok
20:26:44.0268 6788 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:26:44.0299 6788 NativeWifiP - ok
20:26:44.0549 6788 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:26:44.0565 6788 NDIS - ok
20:26:44.0596 6788 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:44.0627 6788 NdisTapi - ok
20:26:44.0658 6788 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:44.0674 6788 Ndisuio - ok
20:26:44.0721 6788 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:44.0752 6788 NdisWan - ok
20:26:44.0752 6788 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:26:44.0783 6788 NDProxy - ok
20:26:44.0783 6788 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:26:44.0830 6788 NetBIOS - ok
20:26:44.0861 6788 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:26:44.0923 6788 netbt - ok
20:26:44.0939 6788 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:44.0955 6788 Netlogon - ok
20:26:45.0001 6788 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:26:45.0048 6788 Netman - ok
20:26:45.0079 6788 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:26:45.0111 6788 netprofm - ok
20:26:45.0173 6788 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:45.0189 6788 NetTcpPortSharing - ok
20:26:45.0220 6788 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:26:45.0236 6788 nfrd960 - ok
20:26:45.0267 6788 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:26:45.0314 6788 NlaSvc - ok
20:26:45.0376 6788 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
20:26:45.0376 6788 NPF - ok
20:26:45.0392 6788 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:26:45.0438 6788 Npfs - ok
20:26:45.0470 6788 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:26:45.0501 6788 nsi - ok
20:26:45.0532 6788 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:26:45.0563 6788 nsiproxy - ok
20:26:47.0077 6788 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:26:47.0170 6788 Ntfs - ok
20:26:47.0248 6788 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:26:47.0279 6788 ntrigdigi - ok
20:26:47.0311 6788 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:26:47.0342 6788 Null - ok
20:26:47.0389 6788 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:26:47.0404 6788 nvraid - ok
20:26:47.0420 6788 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:26:47.0435 6788 nvstor - ok
20:26:47.0467 6788 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:26:47.0482 6788 nv_agp - ok
20:26:47.0482 6788 NwlnkFlt - ok
20:26:47.0482 6788 NwlnkFwd - ok
20:26:47.0545 6788 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:26:47.0576 6788 ohci1394 - ok
20:26:47.0669 6788 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:26:47.0685 6788 ose - ok
20:26:47.0747 6788 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0857 6788 p2pimsvc - ok
20:26:47.0872 6788 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0935 6788 p2psvc - ok
20:26:47.0997 6788 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
20:26:48.0028 6788 Parport - ok
20:26:48.0138 6788 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:26:48.0169 6788 partmgr - ok
20:26:48.0200 6788 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
20:26:48.0231 6788 Parvdm - ok
20:26:48.0278 6788 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:26:48.0340 6788 PcaSvc - ok
20:26:48.0356 6788 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:26:48.0387 6788 pci - ok
20:26:48.0403 6788 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:26:48.0403 6788 pciide - ok
20:26:48.0450 6788 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:26:48.0465 6788 pcmcia - ok
20:26:48.0559 6788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:26:48.0637 6788 PEAUTH - ok
20:26:49.0589 6788 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:26:49.0698 6788 pla - ok
20:26:50.0197 6788 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:26:50.0244 6788 PlugPlay - ok
20:26:50.0291 6788 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0337 6788 PNRPAutoReg - ok
20:26:50.0353 6788 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0400 6788 PNRPsvc - ok
20:26:50.0962 6788 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:26:51.0024 6788 PolicyAgent - ok
20:26:51.0164 6788 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:51.0211 6788 PptpMiniport - ok
20:26:51.0242 6788 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:26:51.0274 6788 Processor - ok
20:26:51.0445 6788 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:26:51.0492 6788 ProfSvc - ok
20:26:51.0508 6788 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:51.0523 6788 ProtectedStorage - ok
20:26:51.0648 6788 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
20:26:51.0664 6788 ProtexisLicensing - ok
20:26:51.0695 6788 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:26:51.0742 6788 PSched - ok
20:26:51.0804 6788 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:26:51.0804 6788 PxHelp20 - ok
20:26:51.0913 6788 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:26:51.0976 6788 ql2300 - ok
20:26:52.0054 6788 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:26:52.0054 6788 ql40xx - ok
20:26:52.0101 6788 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:26:52.0132 6788 QWAVE - ok
20:26:52.0147 6788 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:26:52.0163 6788 QWAVEdrv - ok
20:26:52.0194 6788 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:52.0241 6788 RasAcd - ok
20:26:52.0272 6788 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:26:52.0319 6788 RasAuto - ok
20:26:52.0444 6788 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:52.0491 6788 Rasl2tp - ok
20:26:52.0522 6788 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:26:52.0569 6788 RasMan - ok
20:26:52.0662 6788 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:52.0693 6788 RasPppoe - ok
20:26:52.0725 6788 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:52.0740 6788 RasSstp - ok
20:26:52.0771 6788 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:52.0834 6788 rdbss - ok
20:26:52.0865 6788 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:52.0896 6788 RDPCDD - ok
20:26:52.0927 6788 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:26:52.0959 6788 rdpdr - ok
20:26:52.0959 6788 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:26:52.0990 6788 RDPENCDD - ok
20:26:53.0021 6788 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:26:53.0068 6788 RDPWD - ok
20:26:53.0115 6788 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:26:53.0161 6788 RemoteAccess - ok
20:26:53.0208 6788 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:26:53.0239 6788 RemoteRegistry - ok
20:26:53.0474 6788 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
20:26:53.0489 6788 rpcapd - ok
20:26:53.0520 6788 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:26:53.0552 6788 RpcLocator - ok
20:26:53.0598 6788 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:53.0630 6788 RpcSs - ok
20:26:53.0661 6788 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:53.0708 6788 rspndr - ok
20:26:53.0770 6788 RTHDMIAzAudService (1aa29238d4b14f4a20b2c4aaea6e0f6e) C:\Windows\system32\drivers\RtHDMIV.sys
20:26:53.0786 6788 RTHDMIAzAudService - ok
20:26:53.0848 6788 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:26:53.0879 6788 RTL8169 - ok
20:26:53.0879 6788 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:53.0895 6788 SamSs - ok
20:26:53.0910 6788 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:26:53.0926 6788 sbp2port - ok
20:26:53.0957 6788 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:26:53.0973 6788 SCardSvr - ok
20:26:54.0020 6788 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:26:54.0098 6788 Schedule - ok
20:26:54.0144 6788 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:54.0160 6788 SCPolicySvc - ok
20:26:54.0347 6788 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:26:54.0394 6788 SDRSVC - ok
20:26:54.0410 6788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:26:54.0472 6788 secdrv - ok
20:26:54.0503 6788 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:26:54.0534 6788 seclogon - ok
20:26:54.0550 6788 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:26:54.0597 6788 SENS - ok
20:26:54.0628 6788 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:26:54.0659 6788 Serenum - ok
20:26:54.0706 6788 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:26:54.0753 6788 Serial - ok
20:26:54.0769 6788 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:26:54.0800 6788 sermouse - ok
20:26:54.0831 6788 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:26:54.0878 6788 SessionEnv - ok
20:26:54.0893 6788 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:26:54.0909 6788 sffdisk - ok
20:26:54.0925 6788 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:54.0956 6788 sffp_mmc - ok
20:26:54.0971 6788 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:26:55.0003 6788 sffp_sd - ok
20:26:55.0018 6788 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:26:55.0081 6788 sfloppy - ok
20:26:55.0533 6788 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:26:55.0564 6788 SharedAccess - ok
20:26:56.0017 6788 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:26:56.0064 6788 ShellHWDetection - ok
20:26:56.0079 6788 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:26:56.0095 6788 sisagp - ok
20:26:56.0126 6788 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:26:56.0142 6788 SiSRaid2 - ok
20:26:56.0157 6788 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:26:56.0173 6788 SiSRaid4 - ok
20:26:57.0312 6788 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:26:57.0468 6788 slsvc - ok
20:26:57.0764 6788 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:26:57.0795 6788 SLUINotify - ok
20:26:57.0842 6788 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:26:57.0873 6788 Smb - ok
20:26:57.0920 6788 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:26:57.0936 6788 SNMPTRAP - ok
20:26:57.0967 6788 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:26:57.0983 6788 spldr - ok
20:26:57.0998 6788 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:26:58.0061 6788 Spooler - ok
20:26:58.0092 6788 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:26:58.0139 6788 srv - ok
20:26:58.0170 6788 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:26:58.0185 6788 srv2 - ok
20:26:58.0217 6788 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:58.0232 6788 srvnet - ok
20:26:58.0248 6788 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:26:58.0295 6788 SSDPSRV - ok
20:26:58.0341 6788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:26:58.0357 6788 ssmdrv - ok
20:26:58.0388 6788 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:26:58.0419 6788 SstpSvc - ok
20:26:58.0466 6788 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
20:26:58.0482 6788 ss_bus - ok
20:26:58.0544 6788 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:26:58.0544 6788 ss_mdfl - ok
20:26:58.0575 6788 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
20:26:58.0591 6788 ss_mdm - ok
20:26:58.0622 6788 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:26:58.0653 6788 StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:26:58.0653 6788 StarOpen - detected UnsignedFile.Multi.Generic (1)
20:26:58.0700 6788 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:26:58.0763 6788 stisvc - ok
20:26:58.0794 6788 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:26:58.0794 6788 swenum - ok
20:26:58.0856 6788 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:26:58.0888 6788 swprv - ok
20:26:58.0919 6788 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:26:58.0934 6788 Symc8xx - ok
20:26:58.0950 6788 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:26:58.0966 6788 Sym_hi - ok
20:26:58.0997 6788 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:26:59.0012 6788 Sym_u3 - ok
20:26:59.0044 6788 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:26:59.0106 6788 SysMain - ok
20:26:59.0278 6788 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:26:59.0324 6788 TabletInputService - ok
20:26:59.0356 6788 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:26:59.0387 6788 TapiSrv - ok
20:26:59.0418 6788 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:26:59.0449 6788 TBS - ok
20:27:00.0105 6788 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:27:00.0167 6788 Tcpip - ok
20:27:00.0167 6788 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:00.0261 6788 Tcpip6 - ok
20:27:00.0307 6788 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:27:00.0339 6788 tcpipreg - ok
20:27:00.0354 6788 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:27:00.0385 6788 TDPIPE - ok
20:27:00.0401 6788 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:27:00.0417 6788 TDTCP - ok
20:27:00.0463 6788 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:27:00.0510 6788 tdx - ok
20:27:00.0541 6788 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:27:00.0557 6788 TermDD - ok
20:27:00.0619 6788 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:27:00.0666 6788 TermService - ok
20:27:01.0197 6788 TestHandler (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
20:27:01.0243 6788 TestHandler ( UnsignedFile.Multi.Generic ) - warning
20:27:01.0243 6788 TestHandler - detected UnsignedFile.Multi.Generic (1)
20:27:01.0275 6788 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:27:01.0290 6788 Themes - ok
20:27:01.0321 6788 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:27:01.0337 6788 THREADORDER - ok
20:27:01.0384 6788 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:27:01.0431 6788 TrkWks - ok
20:27:01.0556 6788 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:27:01.0602 6788 TrustedInstaller - ok
20:27:01.0634 6788 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:01.0665 6788 tssecsrv - ok
20:27:01.0696 6788 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:27:01.0727 6788 tunmp - ok
20:27:01.0758 6788 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:01.0774 6788 tunnel - ok
20:27:01.0852 6788 U6000ALL (8d05125fe197ce6e2440e82e433da4cc) C:\Windows\system32\DRIVERS\U6000ALL.sys
20:27:01.0946 6788 U6000ALL - ok
20:27:01.0961 6788 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:27:01.0977 6788 uagp35 - ok
20:27:02.0008 6788 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:27:02.0039 6788 udfs - ok
20:27:02.0117 6788 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:27:02.0180 6788 UI0Detect - ok
20:27:02.0180 6788 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:27:02.0195 6788 uliagpkx - ok
20:27:02.0226 6788 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:27:02.0258 6788 uliahci - ok
20:27:02.0273 6788 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:27:02.0304 6788 UlSata - ok
20:27:02.0336 6788 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:27:02.0351 6788 ulsata2 - ok
20:27:02.0367 6788 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:27:02.0398 6788 umbus - ok
20:27:02.0429 6788 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:27:02.0476 6788 upnphost - ok
20:27:02.0819 6788 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:27:02.0897 6788 UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:27:02.0897 6788 UPnPService - detected UnsignedFile.Multi.Generic (1)
20:27:02.0944 6788 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:27:02.0960 6788 USBAAPL - ok
20:27:03.0038 6788 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:27:03.0069 6788 usbaudio - ok
20:27:03.0147 6788 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:03.0163 6788 usbccgp - ok
20:27:03.0194 6788 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:27:03.0256 6788 usbcir - ok
20:27:03.0287 6788 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:03.0334 6788 usbehci - ok
20:27:03.0350 6788 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:03.0397 6788 usbhub - ok
20:27:03.0412 6788 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:27:03.0443 6788 usbohci - ok
20:27:03.0475 6788 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:03.0521 6788 usbprint - ok
20:27:03.0553 6788 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:27:03.0584 6788 usbscan - ok
20:27:03.0615 6788 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:03.0631 6788 USBSTOR - ok
20:27:03.0631 6788 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:03.0677 6788 usbuhci - ok
20:27:03.0693 6788 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:27:03.0724 6788 UxSms - ok
20:27:03.0771 6788 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:27:03.0833 6788 vds - ok
20:27:03.0833 6788 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:03.0865 6788 vga - ok
20:27:03.0880 6788 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:27:03.0927 6788 VgaSave - ok
20:27:03.0943 6788 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:27:03.0958 6788 viaagp - ok
20:27:03.0974 6788 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:27:04.0005 6788 ViaC7 - ok
20:27:04.0052 6788 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:27:04.0067 6788 viaide - ok
20:27:04.0067 6788 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:27:04.0083 6788 volmgr - ok
20:27:04.0114 6788 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:27:04.0161 6788 volmgrx - ok
20:27:04.0192 6788 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:27:04.0208 6788 volsnap - ok
20:27:04.0255 6788 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:27:04.0255 6788 vsmraid - ok
20:27:04.0348 6788 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:27:04.0473 6788 VSS - ok
20:27:04.0504 6788 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:27:04.0536 6788 W32Time - ok
20:27:04.0567 6788 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:27:04.0614 6788 WacomPen - ok
20:27:04.0629 6788 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0660 6788 Wanarp - ok
20:27:04.0660 6788 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0676 6788 Wanarpv6 - ok
20:27:04.0707 6788 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:27:04.0738 6788 wcncsvc - ok
20:27:04.0801 6788 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:27:04.0832 6788 WcsPlugInService - ok
20:27:04.0848 6788 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:27:04.0863 6788 Wd - ok
20:27:05.0378 6788 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:27:05.0409 6788 Wdf01000 - ok
20:27:05.0456 6788 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0503 6788 WdiServiceHost - ok
20:27:05.0503 6788 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0534 6788 WdiSystemHost - ok
20:27:05.0550 6788 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:27:05.0597 6788 WebClient - ok
20:27:05.0628 6788 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:27:05.0721 6788 Wecsvc - ok
20:27:05.0799 6788 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:27:05.0846 6788 wercplsupport - ok
20:27:05.0862 6788 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:27:05.0893 6788 WerSvc - ok
20:27:06.0283 6788 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:27:06.0299 6788 WinDefend - ok
20:27:06.0299 6788 WinHttpAutoProxySvc - ok
20:27:06.0751 6788 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:27:06.0782 6788 Winmgmt - ok
20:27:07.0828 6788 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:27:07.0921 6788 WinRM - ok
20:27:08.0296 6788 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:27:08.0374 6788 Wlansvc - ok
20:27:09.0872 6788 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:09.0950 6788 wlidsvc - ok
20:27:10.0168 6788 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:27:10.0199 6788 WmiAcpi - ok
20:27:10.0262 6788 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:27:10.0293 6788 wmiApSrv - ok
20:27:10.0480 6788 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:27:10.0558 6788 WMPNetworkSvc - ok
20:27:10.0589 6788 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:27:10.0652 6788 WPCSvc - ok
20:27:10.0667 6788 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:27:10.0698 6788 WPDBusEnum - ok
20:27:10.0823 6788 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:27:10.0839 6788 WpdUsb - ok
20:27:11.0057 6788 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:27:11.0135 6788 WPFFontCache_v0400 - ok
20:27:11.0182 6788 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:11.0213 6788 ws2ifsl - ok
20:27:11.0260 6788 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:27:11.0307 6788 wscsvc - ok
20:27:11.0307 6788 WSearch - ok
20:27:12.0852 6788 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:27:12.0930 6788 wuauserv - ok
20:27:13.0273 6788 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:13.0304 6788 WUDFRd - ok
20:27:13.0320 6788 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:27:13.0382 6788 wudfsvc - ok
20:27:13.0398 6788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:27:15.0800 6788 \Device\Harddisk0\DR0 - ok
20:27:15.0847 6788 Boot (0x1200) (bc6fe28d5945db40d385f44ed9b4e835) \Device\Harddisk0\DR0\Partition0
20:27:15.0863 6788 \Device\Harddisk0\DR0\Partition0 - ok
20:27:15.0878 6788 Boot (0x1200) (9cc4818abe260c4037ea3dbd870f6038) \Device\Harddisk0\DR0\Partition1
20:27:15.0910 6788 \Device\Harddisk0\DR0\Partition1 - ok
20:27:15.0910 6788 ============================================================
20:27:15.0910 6788 Scan finished
20:27:15.0910 6788 ============================================================
20:27:15.0910 7800 Detected object count: 3
20:27:15.0910 7800 Actual detected object count: 3
20:28:22.0879 7800 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0879 7800 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:22.0881 7800 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0881 7800 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:22.0882 7800 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0883 7800 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.08.2012, 19:35
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 20:13
| #6 |
| | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Die Combofix-Auswertung: Code:
ATTFilter ComboFix 12-08-05.02 - Gogi 06.08.2012 20:54:55.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3327.2381 [GMT 2:00]
ausgeführt von:: c:\users\Gogi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EBD1821E4F.sys
c:\users\Gogi\AppData\Roaming\mIRC\logs\status.log
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 19:03 . 2012-08-06 19:03 -------- d-----w- c:\users\Gogi\AppData\Local\temp
2012-08-06 19:03 . 2012-08-06 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 17:15 . 2012-08-06 17:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\offreg.dll
2012-08-04 19:20 . 2012-08-04 19:20 -------- d-----w- C:\_OTL
2012-08-03 13:51 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\mpengine.dll
2012-07-31 18:34 . 2012-07-31 18:34 -------- d-----w- c:\program files\ESET
2012-07-23 21:50 . 2012-07-23 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-23 21:50 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 21:31 . 2012-07-23 21:31 -------- d-----w- c:\users\Gogi\AppData\Roaming\Malwarebytes
2012-07-23 21:31 . 2012-07-23 21:31 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 20:46 . 2012-07-14 20:45 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-11 23:44 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:33 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 21:33 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:33 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:33 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:33 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 21:33 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:09 . 2012-05-22 15:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 17:09 . 2012-05-22 15:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-14 20:45 . 2012-02-19 12:53 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 05:42 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:42 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:42 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:42 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:42 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-02 18:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 20:04 . 2012-04-08 10:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:04 . 2012-04-08 10:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-24 17:28 . 2012-02-26 03:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-17 21:46 . 2009-11-17 21:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Gogi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-17 21:46 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 08:27 136176 ----atw- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 17:09]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000Core.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000UA.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.161 83.169.184.225
FF - ProfilePath - c:\users\Gogi\AppData\Roaming\Mozilla\Firefox\Profiles\q40g44d4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-LifeChat - c:\program files\Microsoft LifeChat\LifeChat.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-Sprill - c:\progra~3\PURPLE~1\Sprill\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 21:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Gogi\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-06 21:05:34
ComboFix-quarantined-files.txt 2012-08-06 19:05
.
Vor Suchlauf: 20 Verzeichnis(se), 111.306.338.304 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 110.734.389.248 Bytes frei
.
- - End Of File - - 2812919A7020623DD495BB042018765B
|
|
07.08.2012, 14:42
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" |
| adblock, administrator, anti-malware, antivir, autostart, chat, code, dateien, entfernen, explorer, intranet, log, malwarebytes, meldung, neue, nodrives, ntdll.dll, plug-in, plötzlich, ratlos, safer networking, scan, searchscopes, security, seite, seiten, speicher, spotify web helper, staropen, test, trojaner, verweise, viren, vista |
Hybrid-Darstellung
